Report - secure.adnxs.com/clktrb?id=704169&redir=//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@slurpmail.net//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@landmarkproperties.com

Report Overview

Visitedpublic

2024-02-12 18:10:25

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
g5wvgxrx.7w92vj.ru	unknown	2024-02-05	2024-02-06 21:48:02	2024-02-11 01:38:24	23 kB	994 kB	188.114.96.1
adfs.heart.org	unknown	1995-01-12	2016-10-10 20:42:57	2024-02-12 11:40:15	438 B	6.9 kB	69.152.183.140
httpbin.org	352975	2011-06-12	2013-07-23 00:01:27	2024-02-12 07:34:11	466 B	277 B	54.224.28.82
aadcdn.msauthimages.net	4795	2018-11-12	2019-08-14 20:34:06	2024-02-12 05:13:16	1.1 kB	70 kB	152.199.21.175
secure.adnxs.com	396	2008-05-27	2012-05-22 18:37:37	2024-02-12 07:39:50	1.4 kB	2.3 kB	185.89.210.82
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-02-12 06:40:25	412 B	32 kB	151.101.130.137
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-02-12 05:10:03	3.6 kB	187 kB	104.17.3.184
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2024-02-12 05:47:31	1.5 kB	6.1 kB	152.199.23.37
logincdn.msauth.net	2330	2018-10-25	2019-04-23 03:13:28	2024-02-12 06:45:55	500 B	987 B	13.107.246.53
aadcdn.msauth.net	1421	2018-10-25	2018-11-19 11:50:03	2024-02-12 05:38:12	492 B	1.5 kB	13.107.246.53
cdn.socket.io	62068	2010-04-18	2015-03-23 23:14:03	2024-02-12 07:34:01	415 B	46 kB	143.204.55.77

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-08-08
URL code.jquery.com/jquery-3.6.0.min.js IP / ASN 151.101.130.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-08 Times Seen 268526 Size 90 kB (89501 bytes) MD5 8fb8fee4fcc3cc86ff6c724154c49c42 SHA1 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 SHA256 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Format Code Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	ScriptElement	39 kB	2024-02-07	2024-08-20
URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP / ASN 104.17.3.184 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-07 Last Seen 2024-08-20 Times Seen 4561 Size 39 kB (38992 bytes) MD5 1e5a2d024954a14a3025f684aaf44595 SHA1 94ddcc9dd65c22897e52bd4fd808dce4703fb275 SHA256 fb567040abfba5705ef438233da6ca0df44fc81ceacffe1b5d8e1f3ffabc33fb Format Code Loading...

	g5wvgxrx.7w92vj.ru/G0V8yl6z6/myscr561383.js	ScriptElement	74 kB	2024-02-12	2024-08-20
URL g5wvgxrx.7w92vj.ru/G0V8yl6z6/myscr561383.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-12 Last Seen 2024-08-20 Times Seen 118 Size 74 kB (73770 bytes) MD5 4b8a5083e15e8f80f8ee40dd0199d4ce SHA1 6aabe068a7695557f9e35eeae7e4c5f4e46a655b SHA256 e45d3643280702f6fd10566e4bec7bc782adaf1f76f752ba3f9fab78608f15e3 Format Code Loading...

	unknown	ScriptElement	444 B	2024-02-12	2024-08-20
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-12 Last Seen 2024-08-20 Times Seen 118 Size 444 B (444 bytes) MD5 156468e8172b22867f219c19a283a4a6 SHA1 61e645529d975f7a4949c2ae66e99385d49a7c73 SHA256 68f1ab9c5aa44312e71f0af14efc7eed62da6a36d4ca9b76061ac7ff6b6b5721 Format Code Loading...

	cdn.socket.io/4.6.0/socket.io.min.js	ScriptElement	46 kB	2023-04-05	2025-08-07
URL cdn.socket.io/4.6.0/socket.io.min.js IP / ASN 143.204.55.77 #16509 AMAZON-02 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-05 Last Seen 2025-08-07 Times Seen 38585 Size 46 kB (45806 bytes) MD5 80f5b8c6a9eeac15de93e5a112036a06 SHA1 f7174635137d37581b11937fc90e9cb325077bce SHA256 0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542 Format Code Loading...

	g5wvgxrx.7w92vj.ru/web6/assets/js/pages.min.js?cb=36	ScriptElement	103 kB	2024-02-06	2024-08-20
URL g5wvgxrx.7w92vj.ru/web6/assets/js/pages.min.js?cb=36 IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-06 Last Seen 2024-08-20 Times Seen 775 Size 103 kB (102962 bytes) MD5 183084543d3f8bd265a12607453be437 SHA1 43080c73185b72badf05b751589d169a5c20eb9b SHA256 b2d8c3fa549e7d10c8884bc4f7e5d4a1ccd69146d7ba59cab3beea855da75dd3 Format Code Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8546c9669bd90b45	ScriptElement	178 kB	2024-08-20	2024-08-20
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8546c9669bd90b45 IP / ASN 104.17.3.184 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 3 Size 178 kB (177487 bytes) MD5 d90a77b87e6ba9f038cebcf337b2bf0d SHA1 f851174ca29abb29d094407322c280283033a00b SHA256 97c3a290ae05aca5b05e4abcc92c921254f8c66a4c151a1668745159e0f60f9f Format Code Loading...

	g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-web.min.js?cb=36	ScriptElement	18 kB	2024-02-08	2024-08-20
URL g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-web.min.js?cb=36 IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-08 Last Seen 2024-08-20 Times Seen 1581 Size 18 kB (18368 bytes) MD5 7868bd3413a2c1f410e1a91a321e1a21 SHA1 f862e452e034c8aba8475cc05ce03f0ed4477323 SHA256 19d579be8fba42faa84899a6cf82bcb80c667eb42f43db16a7d7b0c7fc54ef19 Format Code Loading...

	g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-top-web.min.js?cb=1707761400000	ScriptElement	604 B	2024-02-08	2024-08-20
URL g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-top-web.min.js?cb=1707761400000 IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-08 Last Seen 2024-08-20 Times Seen 1582 Size 604 B (604 bytes) MD5 1954d0481da7791af7987f636d420ba8 SHA1 4362a037d5c00a8b104447a36c71c235c9eaaa41 SHA256 fe263d6fb4996f7a47af852d2fe3b925dbd1d9be3cdb599c9fb9ad0d60489b78 Format Code Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal	ScriptElement	3.1 kB	2024-08-20	2024-08-20
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal IP / ASN 104.17.3.184 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 3.1 kB (3084 bytes) MD5 d40dfc7f81fac2ffbdc7714087762960 SHA1 447ffa735224f63884ef49ff1d19420ab0df90f9 SHA256 8fd16dc0501ac8b592d2f1cabcbf8675dbc0d773ca0eedfb92eb41ad8f4cb5ad Format Code Loading...

	g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com	ScriptElement	0 B	0001-01-01	2025-08-08
URL g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-08 Times Seen 5720669 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	a5c8292859eb139043387adbd015c4cf	DocumentWrite	84 B	2024-02-12	2024-08-20
Introduced by DocumentWrite First Seen 2024-02-12 Last Seen 2024-08-20 Times Seen 118 Size 84 B (84 bytes) MD5 a5c8292859eb139043387adbd015c4cf SHA1 9bcd87b135b4d8043284cb29e3442ff4eef13a20 SHA256 7c8fc10f3fd491d6b6d18cd6bf3acb8378901db017e034945bcbf77150c9fa28 Format Code Loading...

	0fc29fdcc55a6f4cde9956907cedc357	DocumentWrite	4.2 kB	2024-08-20	2024-08-20
Introduced by DocumentWrite First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 4.2 kB (4249 bytes) MD5 0fc29fdcc55a6f4cde9956907cedc357 SHA1 29ee2d5097b9eeac936fde6b308216cc1e67cc66 SHA256 8e6cee74c02c302436da7e5046aa1815fa134141f60ec5f86337544c2e7d9ea1 Format Code Loading...

	c344c1c00a07e4c8174a3644103040c1	DocumentWrite	3.6 kB	2024-02-07	2024-08-20
Introduced by DocumentWrite First Seen 2024-02-07 Last Seen 2024-08-20 Times Seen 7088 Size 3.6 kB (3573 bytes) MD5 c344c1c00a07e4c8174a3644103040c1 SHA1 37cd81e236ec867dd84a1ef27eb86f3c049f379a SHA256 e1cc254ef310c5845fe401ab467d1db557ffd5dba828a9d0560ecc03ea0ce507 Format Code Loading...

HTTP Transactions (47)

URL IP Response Size

secure.adnxs.com/clktrb?id=704169&redir=//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@slurpmail.net//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@landmarkproperties.com

185.89.210.82

0 B

URL HTTP

secure.adnxs.com/clktrb?id=704169&redir=//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@slurpmail.net//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@landmarkproperties.com

IP / ASN

185.89.210.82

#29990 ASN-APPNEX

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720669

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /clktrb?id=704169&redir=//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@slurpmail.net//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@landmarkproperties.com HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
server: nginx/1.23.4
date: Mon, 12 Feb 2024 18:09:58 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
expires: Sat, 15 Nov 2008 16:00:00 GMT
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-xss-protection: 0
access-control-allow-credentials: true
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
location: https://secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3D%2F%2Fgaoyiwujin.com%2F.signature%2Frequested%2Fry4mhd%2Fwilliam.harvey%40slurpmail.net%2F%2Fgaoyiwujin.com%2F.signature%2Frequested%2Fry4mhd%2Fwilliam.harvey%40landmarkproperties.com
an-x-request-uuid: dc27eb93-1089-4662-ab11-a76ca0722359
set-cookie: uuid2=7358784988350356734; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 12-May-2024 18:09:58 GMT; Domain=.adnxs.com; Secure; HttpOnly
x-proxy-origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fclktrb%3Fid%3D704169%26redir%3D%2F%2Fgaoyiwujin.com%2F.signature%2Frequested%2Fry4mhd%2Fwilliam.harvey%40slurpmail.net%2F%2Fgaoyiwujin.com%2F.signature%2Frequested%2Fry4mhd%2Fwilliam.harvey%40landmarkproperties.com

185.89.210.82

0 B

URL HTTP

IP / ASN

185.89.210.82

#29990 ASN-APPNEX

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720669

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fclktrb%3Fid%3D704169%26redir%3D%2F%2Fgaoyiwujin.com%2F.signature%2Frequested%2Fry4mhd%2Fwilliam.harvey%40slurpmail.net%2F%2Fgaoyiwujin.com%2F.signature%2Frequested%2Fry4mhd%2Fwilliam.harvey%40landmarkproperties.com HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: uuid2=7358784988350356734
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx/1.23.4
date: Mon, 12 Feb 2024 18:09:58 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
expires: Sat, 15 Nov 2008 16:00:00 GMT
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-xss-protection: 0
access-control-allow-credentials: true
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
location: //gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@slurpmail.net//gaoyiwujin.com/.signature/requested/ry4mhd/william.harvey@landmarkproperties.com
an-x-request-uuid: 4c6fba16-c02d-42f8-b19a-6be7ba4d4a37
set-cookie: uuid2=7358784988350356734; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 12-May-2024 18:09:58 GMT; Domain=.adnxs.com; Secure; HttpOnly
x-proxy-origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTPS

code.jquery.com/jquery-3.6.0.min.js

IP / ASN

151.101.130.137

#54113 FASTLY

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-08

Times Seen268526

Size31 kB (30875 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D

ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 12 Feb 2024 18:10:00 GMT
age: 219018
x-served-by: cache-lga21931-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 30, 224763
x-timer: S1707761400.129389,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.17.3.184

302 Found

23 kB

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

IP / ASN

104.17.3.184

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typedata

First Seen2024-02-12

Last Seen2024-08-20

Times Seen4

Size23 kB (23282 bytes)

MD5f205e9f875c93d29e770eeb6f184b5ef

SHA12ff62e9c9bf2936371848eddf46be7524779559c

SHA256fcbecc2b46d24775e1754370671615e45b7a03311aa62c2c4eefbe755375447c

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 12 Feb 2024 18:10:00 GMT
cache-control: max-age=300, public
access-control-allow-origin: *
location: /turnstile/v0/b/a990e557/api.js?render=explicit
vary: accept-encoding
server: cloudflare
cf-ray: 8546c92eac6356b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-web.min.js?cb=36

188.114.96.1

200 OK

147 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-web.min.js?cb=36

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (18368), with no line terminators

First Seen2024-02-08

Last Seen2024-08-20

Times Seen1581

Size147 kB (147042 bytes)

MD57868bd3413a2c1f410e1a91a321e1a21

SHA1f862e452e034c8aba8475cc05ce03f0ed4477323

SHA25619d579be8fba42faa84899a6cf82bcb80c667eb42f43db16a7d7b0c7fc54ef19

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/js/pages-head-web.min.js?cb=36 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:00 GMT
content-type: text/javascript
last-modified: Thu, 08 Feb 2024 16:23:02 GMT
etag: W/"47c0-610e139b6c8e1-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
age: 27
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JY8ulGLB4Bkv2qUb4WQKqjijKB30FjV48m%2F9CGzepJ9eaPWIlisWUZFZyAoUR74EFpVSlpwinhqoAc4ygGBYDVTwfvGtXvpp%2BCcwmrwtjCWYRuPScZMgMa%2FHyzWmuzZbwkVk7OriRMwH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
server: cloudflare
cf-ray: 8546c9317dfcb517-OSL
content-encoding: br

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/708091766:1707757897:_iFXhJNhQ_4kmeKFf0bBkn_M4zbqZnUZvN5y2UsQ9ew/8546c931fea20b45/d5fc584f63deff2

104.17.3.184

21 kB

URL HTTPS

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/708091766:1707757897:_iFXhJNhQ_4kmeKFf0bBkn_M4zbqZnUZvN5y2UsQ9ew/8546c931fea20b45/d5fc584f63deff2

IP / ASN

104.17.3.184

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeASCII text, with very long lines (19032), with no line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size21 kB (21131 bytes)

MD5dc67053100a79d9e3323887dcc7890b2

SHA1323bf9757e3957b91c74b68a94b88536bec84e80

SHA2564d41c6561f12d6e17674b9ee26d18cde098cfe96496df5a1a2440ac95daef3a1

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/708091766:1707757897:_iFXhJNhQ_4kmeKFf0bBkn_M4zbqZnUZvN5y2UsQ9ew/8546c931fea20b45/d5fc584f63deff2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: d5fc584f63deff2
Content-Length: 25180
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:05 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: h0XIvhP3o+SQGWntQDqYF695Cf5Ch9vnZpBiALnqETrw/p59uh2VclpHOKwr7vLa$4kwtej6PDzeaQwFNiW0OgQ==
server: cloudflare
cf-ray: 8546c94fe85b0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-bold.woff2

188.114.96.1

200 OK

28 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-bold.woff2

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 28000, version 1.66

First Seen2023-04-09

Last Seen2025-08-08

Times Seen78451

Size28 kB (28000 bytes)

MD5a4bca6c95fed0d0c5cc46cf07710dcec

SHA173b56e33b82b42921db8702a33efd0f2b2ec9794

SHA2565a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/fonts/GDSherpa-bold.woff2 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: font/woff2
content-length: 28000
last-modified: Thu, 24 Aug 2023 19:00:16 GMT
etag: "6d60-603afd6abb000"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xwjs6TR2RNDj6XgIw1TeLY2pp%2BahYy1wQRRe37C3WfPPhPSmZhWQdktRMJSY2scOCwu7LfWg5Dd76l%2FXWzYB43K9qszgI8i9YI19dMX5BCR8q8RLzWA1iQzqaSU0QtmbstboVWwGgAZx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c9615d3eb517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-bold.woff

188.114.96.1

200 OK

36 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-bold.woff

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeWeb Open Font Format, TrueType, length 35970, version 1.0

First Seen2023-05-09

Last Seen2025-08-08

Times Seen75755

Size36 kB (35970 bytes)

MD5496b7bbde91c7dc7cf9bbabbb3921da8

SHA12bd3c406a715ab52dad84c803c55bf4a6e66a924

SHA256ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/fonts/GDSherpa-bold.woff HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: font/woff
content-length: 35970
last-modified: Thu, 24 Aug 2023 19:00:22 GMT
etag: "8c82-603afd7073d80"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a45%2Bt6j9NUjIvBpSFOZ1huOXX4w5ucF9QNNLfsmHpKlmuMtKK2hQQX%2FOXDHXzJblhvkPnki0uUxtLGaQ601764RXr8YhORpkcUPMZqz%2F3z75rc03jOUq08qf%2FOt9W4hbe2%2BzqfNz1YaF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c9615d41b517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-regular.woff2

188.114.96.1

200 OK

29 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-regular.woff2

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 28584, version 1.66

First Seen2023-04-09

Last Seen2025-08-08

Times Seen79349

Size29 kB (28584 bytes)

MD517081510f3a6f2f619ec8c6f244523c7

SHA187f34b2a1532c50f2a424c345d03fe028db35635

SHA2562c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/fonts/GDSherpa-regular.woff2 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: font/woff2
content-length: 28584
last-modified: Thu, 24 Aug 2023 19:00:24 GMT
etag: "6fa8-603afd725c200"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVmhau4rbJzD9%2FkLyix1f6EjVM6Hp5ifyrnWFDzSc9HLSN7RVS0Sv48tYx7bHnKLg%2BELg5fmQskCjDNfCYxEpQTQNKUu91ZWeioBhJliBtHMg9ryuPrO0%2FkVU%2BS133QvGO2CzxVD8UZU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c9615d45b517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-regular.woff

188.114.96.1

200 OK

37 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-regular.woff

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeWeb Open Font Format, TrueType, length 36696, version 1.0

First Seen2023-05-09

Last Seen2025-08-08

Times Seen75736

Size37 kB (36696 bytes)

MD5a69e9ab8afdd7486ec0749c551051ff2

SHA1c34e6aa327b536fb48d1fe03577a47c7ee2231b8

SHA256fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/fonts/GDSherpa-regular.woff HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: font/woff
content-length: 36696
last-modified: Thu, 24 Aug 2023 19:00:28 GMT
etag: "8f58-603afd762cb00"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j4mS0bpxxZ5C%2FMNiFo52SQp6RZNOoekQLLOwMz4PLJZe32%2BWeY6kBN5H5KDDza9kTjh3TZQqNkGuU%2BJWpaVVHZt%2FUvu%2Fz9Tyuko2W0D8akKa67jNYGn56a5jO26iEwPtwmNeIHfG%2BByF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c9617d59b517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-vf.woff2

188.114.96.1

200 OK

44 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-vf.woff2

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 43596, version 1.0

First Seen2023-04-18

Last Seen2025-08-08

Times Seen77235

Size44 kB (43596 bytes)

MD52a05e9e5572abc320b2b7ea38a70dcc1

SHA1d5fa2a856d5632c2469e42436159375117ef3c35

SHA2563efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/fonts/GDSherpa-vf.woff2 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: font/woff2
content-length: 43596
last-modified: Thu, 24 Aug 2023 19:00:36 GMT
etag: "aa4c-603afd7dcdd00"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOMFzONXorJfMJFUt%2B%2FsLNb2SZWhgeCNi%2ByzT0VHz1btM7CqH4BqptHPiYy%2BoPBMZM7obROrZvbisX5BwQlSc9%2Fuj2d1dEiSdZHFE8sWBnv%2B0Z%2BqtG%2Fj3aScvYN2WWxOP5BR4ZQPRZpy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c9617d5ab517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/css/pages.min.css?cb=36

188.114.96.1

200 OK

98 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/css/pages.min.css?cb=36

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeASCII text, with very long lines (16996), with no line terminators

First Seen2024-02-09

Last Seen2024-08-20

Times Seen2219

Size98 kB (97456 bytes)

MD5e4e39ea7eb163a7d401286ed0de4b411

SHA1e08ad5db54f8b2e192ee1276d3f6856e752bc15f

SHA256354881575002cb9a143349bcefb8420081940ab9ba3aa816f1bb7aff7286a271

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/css/pages.min.css?cb=36 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: text/css
last-modified: Wed, 07 Feb 2024 19:41:51 GMT
etag: W/"4264-610cfe2ed8de8-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2sILuXnIw0T4gFrHquIa5whc7tRqDAn8IB3bxDc9dKmXgr%2BJIPR2%2BEdqKv3K%2BKvg0MTh2wHlCXGjtGFe2T%2FF0U87ETN2JdifoZHpBwTc8G8DGzU%2BNt%2Bp3aFcX5hUUxsOZQxeQ9F9KG3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
server: cloudflare
cf-ray: 8546c9614d2eb517-OSL
content-encoding: br

GET g5wvgxrx.7w92vj.ru/web6/assets/css/pages-godaddy.css?cb=36

188.114.96.1

200 OK

5.8 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/css/pages-godaddy.css?cb=36

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeASCII text, with very long lines (1437), with CRLF line terminators

First Seen2023-11-09

Last Seen2024-08-20

Times Seen23017

Size5.8 kB (5825 bytes)

MD50a40b289b9ecb589387f31cbd2807033

SHA1dbb02f7d438a952b55cab142749c648cd6417af5

SHA256c17e32e67edc46c2720b01a4a716996809ad8335c875f6980319a1440de6c245

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/css/pages-godaddy.css?cb=36 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: text/css
last-modified: Sun, 04 Feb 2024 19:24:48 GMT
etag: W/"954d-610934c622000-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GWFt4thGZtx9JV4ngKFp1RFDtpVVmUMDFOU95A54ZzWSx14TRFGWB44R1RT2UyEmtXne3y2Gif0lqk32bBhqSW2SpoV7W2R5uifXBEg2iJFlpPmt0Ecdq8cPh55nEGpelZFwSuPO3yz9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
server: cloudflare
cf-ray: 8546c9615d32b517-OSL
content-encoding: br

GET g5wvgxrx.7w92vj.ru/web6/assets/back.png

188.114.96.1

200 OK

231 B

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/back.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typePNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced

First Seen2023-07-01

Last Seen2025-08-07

Times Seen19269

Size231 B (231 bytes)

MD5547988bac5584b4608466d761e16f370

SHA1c11bb71049702528402a31027f200184910a7e23

SHA25670e32b2db3f079bb0295a85a0db15ed9e5926294dd947938d6cfa595f5ab18b4

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/back.png HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/png
content-length: 231
last-modified: Sun, 19 Mar 2023 06:20:16 GMT
etag: "e7-5f73acdc5a800"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eBgm0Np4qDOQhq1OmeriLUydHGKXpYeMqf2zk1DG13ljXlQtdhJz%2BjYbuGLEl9Yh1MEMr%2BnHTqYSWQlQLZDL8q6%2FEzsH2SS6%2FtPDFx9TncHMGRGDkIQL2Yr97QWsWMJIm8yv29VeOT9D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 27
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c966ab80b517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/key.png

188.114.96.1

200 OK

727 B

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/key.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

First Seen2023-07-01

Last Seen2025-08-07

Times Seen19374

Size727 B (727 bytes)

MD5839cb0f55c3d2d5c2f740bda95cb2878

SHA193f6fa3a2da8b7184d4b5c5f2065872793370c2e

SHA25640ecb8832f6a9a8aaa0cc6e1287e867a4fca38433d091d86c6cab1f28fbab652

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/key.png HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/png
content-length: 727
last-modified: Sun, 19 Mar 2023 06:20:16 GMT
etag: "2d7-5f73acdc5a800"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JL%2FZjN%2FQ%2BvMSGmkws70jY5AqHojbzM6v8KqWl3xu59AGNOvwZGtYGXWW5LLboVwwx1VdxYZu1JBFLmVoAZuuwoLcpZLih1y1kmAzTSmC33V%2BakpHkam40zMHKmUTMc0DMzyFfsCYrdA3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 26
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c966ab88b517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/godaddy-left.png

188.114.96.1

200 OK

30 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/godaddy-left.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typePNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced

First Seen2023-08-31

Last Seen2025-02-06

Times Seen22277

Size30 kB (29796 bytes)

MD5210433a8774859368f3a7b86d125a2a7

SHA1408bacddc39f12cad285579c102fe4a629862d88

SHA2569c6addfc339ce1c1d262290ab4cc2de8d38d4b54b11a8e85afd44fbb0acc2561

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/godaddy-left.png HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/png
content-length: 29796
last-modified: Thu, 24 Aug 2023 05:10:06 GMT
etag: "7464-603a43dc36780"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CtmvdDZ3enUUYj%2F9j38qmDZQN8qmo3qn9OO0ZtgydIWDU25unL1Bo2KKnQoJhK6jM5V27VOP%2FvAtZRL5W3jeXJV7od69MHUPKl7h9m9uZ4xF0V4XjsOiPwJHPRHUsPMR2n69%2BwH46asx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 26
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c966bb8fb517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/godaddy-logo.png

188.114.96.1

200 OK

50 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/godaddy-logo.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typePNG image data, 2160 x 443, 8-bit/color RGBA, non-interlaced

First Seen2023-08-31

Last Seen2024-09-19

Times Seen19259

Size50 kB (49602 bytes)

MD5db783743cd246ff4d77f4a3694285989

SHA1b9466716904457641b7831868b47162d8d378d41

SHA2565913b1ec0fc58ab2bec576804b9e9b566a584ea3d21a1bf74a7b40051a447fdc

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/godaddy-logo.png HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/png
content-length: 49602
last-modified: Thu, 24 Aug 2023 04:40:52 GMT
etag: "c1c2-603a3d5377d00"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PdEiVF%2BzDZZ%2BOg0SpzQTJis3ehwS0UlOIcY18mV%2ByyzhfOpmlMRFiXkcH6olzgC3r%2BhltA8sjbH2NKXztj819dB9XVsYBb6DZ22%2FKjobzS3efCgUwcy9PeG8stvZKLVPE39LZRaCNP2I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 26
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c966ab8db517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/godaddy-microsoftlogo.png

188.114.96.1

200 OK

71 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/godaddy-microsoftlogo.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typePNG image data, 2446 x 899, 8-bit/color RGBA, non-interlaced

First Seen2023-08-31

Last Seen2025-08-04

Times Seen19265

Size71 kB (70712 bytes)

MD5f70ff06d19498d80b130ec78176fd3ff

SHA19d8a3b74c5164ff7ae2c7930b6d7b14707b404fc

SHA256df6dbab5251e56b405e48aaf57d3cd4188f073ffba71131fa6cd26e6742923ae

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/godaddy-microsoftlogo.png HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/png
content-length: 70712
last-modified: Thu, 24 Aug 2023 03:58:16 GMT
etag: "11438-603a33cde0600"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dM2BZshOxXkFxkG0tQRsJcDwbMiLYNPWT0hc5Cer45QZpHgO453ZWAcCRt9khmgFllLXviw4dNMVS7gVxKftfDKe6BFW0aVb8oTjbZz72Cxo0vv30TsDLFv8KJPrsgFI0opGR5LP72rN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 26
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c966bb91b517-OSL

GET g5wvgxrx.7w92vj.ru/web6/assets/officelogo.png

188.114.96.1

200 OK

1.4 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/officelogo.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typePNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced

First Seen2023-07-01

Last Seen2025-08-07

Times Seen17684

Size1.4 kB (1400 bytes)

MD5333ee830e5ab72c41dd9126a27b4d878

SHA112d8d66ebb3076f3d6069e133c3212f97c8774e1

SHA2568702292cbc365e9f0488143e2b309b85efe09c61fd2e0a2e21c53735a309313c

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/officelogo.png HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/web6/assets/pages/tj3yC3c.css?cb=1707761400547
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/png
content-length: 1400
last-modified: Sun, 19 Mar 2023 06:20:16 GMT
etag: "578-5f73acdc5a800"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r4SXnJr63PzcHAWvoqKeSEEpFpx2n4ecW6LQuRoHAXtoa4xLpmYeAjXI8qT77AARJdqpmXXECcouPfbKYpuGPA9x8Sj0oMToAO5bCz1DWxA%2BwlzxqOdRBrr2eaZiFO1eItEio2EITp%2Br"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 26
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c966ebf1b517-OSL

GET aadcdn.msftauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg

152.199.23.37

200 OK

190 B

URL GET HTTPS

aadcdn.msftauth.net/shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-29

Last Seen2025-08-08

Times Seen35177

Size190 B (190 bytes)

MD540eb39126300b56bf66c20ee75b54093

SHA183678d94097257eb474713dec49e8094f49d2e2a

SHA256765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/close_790189870c9543725dc3f5a15fb25e46.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 22155642
cache-control: public, max-age=31536000
content-md5: rp+/fadJKxLUo+jgFmYTeQ==
content-type: image/svg+xml
date: Mon, 12 Feb 2024 18:10:09 GMT
etag: 0x8DB5C3F4721247A
last-modified: Wed, 24 May 2023 10:11:44 GMT
server: ECAcc (ska/F697)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cf4cbdca-101e-0042-0c5d-942f4a000000
x-ms-version: 2009-09-19
content-length: 190
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg

152.199.23.37

200 OK

2.4 kB

URL GET HTTPS

aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-19

Last Seen2025-08-08

Times Seen86216

Size2.4 kB (2407 bytes)

MD5b59c16ca9bf156438a8a96d45e33db64

SHA14e51b7d3477414b220f688adabd76d3ae6472ee3

SHA256a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 22162106
cache-control: public, max-age=31536000
content-md5: nTculR1Fom7eLci0F6rk+A==
content-type: image/svg+xml
date: Mon, 12 Feb 2024 18:10:09 GMT
etag: 0x8DB5C3F4ADC079A
last-modified: Wed, 24 May 2023 10:11:51 GMT
server: ECAcc (ska/F7B6)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9d35d246-701e-009b-604e-944da7000000
x-ms-version: 2009-09-19
content-length: 2407
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg

152.199.23.37

200 OK

1.2 kB

URL GET HTTPS

aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg

IP / ASN

152.199.23.37

#15133 EDGECAST

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-05-04

Last Seen2025-08-08

Times Seen82074

Size1.2 kB (1173 bytes)

MD5fe87496cc7a44412f7893a72099c120a

SHA1a0c1458c08a815df63d3cb0406d60be6607ca699

SHA25655ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msftauth.net

Fingerprint3C:9E:70:F5:B3:D1:80:80:8C:97:1C:7B:7E:A8:2C:D8:7B:94:95:0B

ValidityFri, 01 Dec 2023 00:00:00 GMT - Sun, 01 Dec 2024 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/picker_verify_call_c2616792e1950f83fdef6e72dab97293.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 21593301
cache-control: public, max-age=31536000
content-md5: XHrPYKKsqlxUvysuxtSE2A==
content-type: image/svg+xml
date: Mon, 12 Feb 2024 18:10:09 GMT
etag: 0x8DB5C3F4A98E9BB
last-modified: Wed, 24 May 2023 10:11:50 GMT
server: ECAcc (ska/F6F3)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3afb7c4b-e01e-0039-1e7a-99c6de000000
x-ms-version: 2009-09-19
content-length: 1173
X-Firefox-Spdy: h2

GET logincdn.msauth.net/shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg

13.107.246.53

200 OK

212 B

URL GET HTTPS

logincdn.msauth.net/shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-08-10

Last Seen2025-08-08

Times Seen35498

Size212 B (212 bytes)

MD559759b80e24a89c8cd029b14700e646d

SHA1651b1921c99e143d3c242de3faacfb9ad51dbb53

SHA256b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5

Certificate Info

IssuerMicrosoft Corporation

Subjectidentitycdn.msauth.net

Fingerprint15:1B:3E:26:F4:4A:EE:1C:C2:40:74:BB:BD:AE:20:E4:35:B0:40:40

ValidityWed, 17 Jan 2024 06:03:21 GMT - Sat, 11 Jan 2025 06:03:21 GMT

HTTP Headers

GET /shared/1.0/content/images/picker_verify_email_958962caa7cf6b75cd412e9e3b687b22.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/svg+xml
content-length: 212
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:22:52 GMT
etag: 0x8DB5C40D4C9EED2
x-ms-request-id: c35530d8-901e-001f-71b0-5bdca3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240212T181009Z-v90p7pm7w97hdefa5vtqu56dms00000003zg00000000g5zr
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

13.107.246.53

200 OK

673 B

URL GET HTTPS

aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg

IP / ASN

13.107.246.53

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-12

Last Seen2025-08-08

Times Seen86191

Size673 B (673 bytes)

MD5bc3d32a696895f78c19df6c717586a5d

SHA19191cb156a30a3ed79c44c0a16c95159e8ff689d

SHA2560e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Certificate Info

IssuerDigiCert Inc

Subjectaadcdn.msauth.net

FingerprintEB:7C:D1:4E:EF:B5:D4:72:25:0B:1A:AF:5F:10:3D:EA:13:80:5A:47

ValidityMon, 29 Jan 2024 00:00:00 GMT - Wed, 29 Jan 2025 23:59:59 GMT

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: da314feb-b01e-0031-2df4-59ef8d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20240212T181009Z-r2q9nwaga552d6xhb9v7h1tf2w0000000750000000004fmd
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET adfs.heart.org/adfs/portal/logo/logo.png

69.152.183.140

200 OK

6.4 kB

URL GET HTTPS

adfs.heart.org/adfs/portal/logo/logo.png

IP / ASN

69.152.183.140

#7018 ATT-INTERNET4

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typePNG image data, 260 x 32, 8-bit/color RGBA, non-interlaced

First Seen2023-08-31

Last Seen2024-08-21

Times Seen17474

Size6.4 kB (6428 bytes)

MD5d3f69be16baf7acef2e7f4dd03729866

SHA1e11aa0084b93253a24dd3ed57ddde66d27c84d2b

SHA2563a5eeea11e1041db96b81498ab69c050dd045d9e56c69e19bd98430ba752165f

Certificate Info

IssuerSectigo Limited

Subjectadfs.heart.org

Fingerprint11:D1:74:EB:5A:DF:CB:58:DE:8A:EE:06:70:FD:78:6D:A5:F4:22:58

ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

HTTP Headers

GET /adfs/portal/logo/logo.png HTTP/1.1
Host: adfs.heart.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 6428
Content-Type: image/png
Expires: Wed, 13 Mar 2024 17:10:09 GMT
ETag: 3A5EEEA11E1041DB96B81498AB69C050DD045D9E56C69E19BD98430BA752165F
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age = 31536000
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Date: Mon, 12 Feb 2024 18:10:09 GMT

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8546c9669bd90b45

104.17.3.184

200 OK

67 kB

URL GET HTTPS

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8546c9669bd90b45

IP / ASN

104.17.3.184

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen3

Size67 kB (66822 bytes)

MD5d90a77b87e6ba9f038cebcf337b2bf0d

SHA1f851174ca29abb29d094407322c280283033a00b

SHA25697c3a290ae05aca5b05e4abcc92c921254f8c66a4c151a1668745159e0f60f9f

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8546c9669bd90b45 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8546c968fea40b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

200 OK

6.5 kB

URL GET HTTPS

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

IP / ASN

104.17.3.184

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal

Resource Info

File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced

First Seen2024-02-12

Last Seen2024-08-20

Times Seen7

Size6.5 kB (6486 bytes)

MD5552a4acc6dbabae223c91b56f5831318

SHA1735739f0cc7e5c0db33419bcc160b11f49939f1b

SHA256dd449a2b126f5ad8b6a645aecf46a9ce018b19619b256ea87f22c8551c515118

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8546c968fea10b45-OSL
alt-svc: h3=":443"; ma=86400

GET httpbin.org/ip

54.224.28.82

200 OK

31 B

URL GET HTTPS

httpbin.org/ip

IP / ASN

54.224.28.82

#14618 AMAZON-AES

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeJSON text data

First Seen2023-04-19

Last Seen2025-06-23

Times Seen13859

Size31 B (31 bytes)

MD5421fbb31f37428f936586985bd35b7ef

SHA1df617524b5cf0200e58b7ed3ce98c102fb952ca4

SHA256f0c09e029405dd8f7f6574163ea5018413c7e621b7a69e6fb2ee223efdc32ddf

Certificate Info

IssuerAmazon

Subjecthttpbin.org

Fingerprint14:0C:C7:A8:EC:FA:7F:9C:9D:D2:B8:7E:C9:B8:93:3A:A1:11:F6:01

ValidityThu, 21 Sep 2023 00:00:00 GMT - Fri, 18 Oct 2024 23:59:59 GMT

HTTP Headers

GET /ip HTTP/1.1
Host: httpbin.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://g5wvgxrx.7w92vj.ru
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 Feb 2024 18:10:12 GMT
content-type: application/json
content-length: 31
server: gunicorn/19.9.0
access-control-allow-origin: https://g5wvgxrx.7w92vj.ru
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal

104.17.3.184

200 OK

27 kB

URL GET HTTPS

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal

IP / ASN

104.17.3.184

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeHTML document, ASCII text, with very long lines (40811)

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size27 kB (27294 bytes)

MD5c427505e97b599c4f4698fb1c32e09ff

SHA138b235d992cdf3e62268f069f901b64e5ec80b20

SHA2568f0dec2a2ebe1929a055895c29be21daba2cffde0a472fdc7a627914b5c63653

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6ku78/0x4AAAAAAARYDRwH_4t64JAI/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 8546c9669bd90b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET g5wvgxrx.7w92vj.ru/web6/assets/cloudfavicon.ico

188.114.96.1

200 OK

64 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/cloudfavicon.ico

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeMS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

First Seen2023-05-08

Last Seen2025-08-04

Times Seen39820

Size64 kB (64345 bytes)

MD588415acda09a4cbd9d87543c3ba78180

SHA12dec4705e9ab399efdc6eef36e079aa31d1df8d9

SHA25620cccc47c1bac9d2ef36b6a1c58af58c5c169ad5ca084080f0392b86f949641c

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/cloudfavicon.ico HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 16 Aug 2023 06:22:46 GMT
etag: W/"86be-6030452e8b980"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
age: 35
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FX%2BAxRo7%2FukuQnAeE%2FWnAi2toOHI7y3mzO56TI9jgddVn2NFwFfsQScCH4Ha2fojiQg1%2FvVWjaYFAWFF8tkYIJTbLMlXUqTOtnMH35rCR2vCTh%2BvfFWULhF3mSNUei6ktnNJhskrTLnK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
server: cloudflare
cf-ray: 8546c9641894b517-OSL
content-encoding: br

GET aadcdn.msauthimages.net/dbd5a2dd-xdnza-5w9ebvgjmwtw6c4jjbut-m1faemyam4jlibgw/logintenantbranding/0/bannerlogo?ts=637857971779553600

152.199.21.175

200 OK

7.8 kB

URL GET HTTPS

aadcdn.msauthimages.net/dbd5a2dd-xdnza-5w9ebvgjmwtw6c4jjbut-m1faemyam4jlibgw/logintenantbranding/0/bannerlogo?ts=637857971779553600

IP / ASN

152.199.21.175

#15133 EDGECAST

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeJPEG image data, JFIF standard 1.01, resolution (DPCM), density 118x118, segment length 16, progressive, precision 8, 240x60, components 3

First Seen2023-11-16

Last Seen2024-08-20

Times Seen35

Size7.8 kB (7832 bytes)

MD57216c756ec0f2c7b089dcd25cce68c2e

SHA18c448c4e82d666087fabb3dd4b62fff102f18e50

SHA25602f58179e490895aa5b39b963ea031497518b07875d9960abfb9eca0e91cd37f

Certificate Info

IssuerMicrosoft Corporation

Subjectaadcdn.msauthimages.net

Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5

ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

HTTP Headers

GET /dbd5a2dd-xdnza-5w9ebvgjmwtw6c4jjbut-m1faemyam4jlibgw/logintenantbranding/0/bannerlogo?ts=637857971779553600 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 49137
cache-control: public, max-age=86400
content-md5: chbHVuwPLHsInc0lzOaMLg==
content-type: image/*
date: Mon, 12 Feb 2024 18:10:15 GMT
etag: 0x8DA2072212C9692
last-modified: Sun, 17 Apr 2022 12:59:38 GMT
server: ECAcc (ska/F794)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1cb95dc1-c01e-0071-236c-5da5c9000000
x-ms-version: 2009-09-19
content-length: 7832
X-Firefox-Spdy: h2

GET g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-vf2.woff2

188.114.96.1

200 OK

93 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/fonts/GDSherpa-vf2.woff2

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 93276, version 1.0

First Seen2023-05-01

Last Seen2025-08-08

Times Seen77142

Size93 kB (93276 bytes)

MD5bcd7983ea5aa57c55f6758b4977983cb

SHA1ef3a009e205229e07fb0ec8569e669b11c378ef1

SHA2566528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/fonts/GDSherpa-vf2.woff2 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: font/woff2
content-length: 93276
last-modified: Thu, 24 Aug 2023 19:00:32 GMT
etag: "16c5c-603afd79fd400"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TBWh33oM7r7uUCBlfn9PkUHWv3m1RqObXvcHTmsSXbZTTuj8O3%2F68%2BGMDtENq4F5Sf%2Bqq7hnxvs%2FkG5Nffv%2BSmhxb8%2Fhf66YnJiptGvohlbiEf2pV7p30LFZyY3vQ3RbQozH%2BwfkAfll"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 29
accept-ranges: bytes
server: cloudflare
cf-ray: 8546c9617d64b517-OSL

GET g5wvgxrx.7w92vj.ru/G0V8yl6z6/myscr561383.js

188.114.96.1

200 OK

74 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/G0V8yl6z6/myscr561383.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeASCII text

First Seen2024-02-12

Last Seen2024-08-20

Times Seen118

Size74 kB (73770 bytes)

MD54b8a5083e15e8f80f8ee40dd0199d4ce

SHA16aabe068a7695557f9e35eeae7e4c5f4e46a655b

SHA256e45d3643280702f6fd10566e4bec7bc782adaf1f76f752ba3f9fab78608f15e3

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /G0V8yl6z6/myscr561383.js HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:00 GMT
content-type: text/javascript
last-modified: Tue, 06 Feb 2024 16:12:06 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6529
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xQPQWKZGrzkUUs5NNCbANrYM4mwzYIlUHS90TANSM8bUNUJ3yt1nsQfQu%2FLyo8TNY084QdQk%2BQFOkYRgEQJSD691l486UkDSPfhcOUpS%2Bd87cc9yLFThqtjqlEUiTbfFCa%2BRvo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8546c92e2965b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.socket.io/4.6.0/socket.io.min.js

143.204.55.77

200 OK

46 kB

URL GET HTTPS

cdn.socket.io/4.6.0/socket.io.min.js

IP / ASN

143.204.55.77

#16509 AMAZON-02

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (45667)

First Seen2023-04-05

Last Seen2025-08-07

Times Seen38585

Size46 kB (45806 bytes)

MD580f5b8c6a9eeac15de93e5a112036a06

SHA1f7174635137d37581b11937fc90e9cb325077bce

SHA2560401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542

Certificate Info

IssuerAmazon

Subjectcdn.socket.io

FingerprintBB:7D:4E:26:70:F6:06:2A:12:E9:92:A8:F1:9F:CD:82:0B:BF:48:ED

ValiditySun, 22 Oct 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT

HTTP Headers

GET /4.6.0/socket.io.min.js HTTP/1.1
Host: cdn.socket.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
content-disposition: inline; filename="socket.io.min.js"
content-encoding: gzip
date: Mon, 15 Jan 2024 16:33:26 GMT
etag: W/"80f5b8c6a9eeac15de93e5a112036a06"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: fra1::gsg9m-1705336406533-adf1f7d78a76
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: C7bCC3kMzWLGxkCBumhmwb-2SYaEwypnfldZA03RVFQLOfd8ZNHaJg==
age: 2424994
X-Firefox-Spdy: h2

GET g5wvgxrx.7w92vj.ru/G0V8yl6z6/

188.114.96.1

200 OK

828 B

URL User Request GET HTTPS

g5wvgxrx.7w92vj.ru/G0V8yl6z6/

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (900), with no line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size828 B (828 bytes)

MD5b9d1e00dba3b8e2f5b8834dae95ed1c8

SHA1bc1a4232315e1ee707bfd90c1a5cb3d253ad8678

SHA256086f1fd4866cc7c5cc7bc0c7a764bd7eed6c56be4f8561ec96f40ffb9b967135

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /G0V8yl6z6/ HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 Feb 2024 18:09:59 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UETEEnbiSziS3%2FFjzqT3es%2FlpG9kmNVUKyLfhZ6hTm6JCShAGn3gjggL%2FNZ9puM1YARTB9aee0BvO%2FtX8SRpsOXyAjpQ07Hq2DCCjgkbmt3ko8szI0Re%2BHsAwuYpCoc4k2DX75g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8546c92c495bb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/b/a990e557/api.js?render=explicit

104.17.3.184

200 OK

39 kB

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/b/a990e557/api.js?render=explicit

IP / ASN

104.17.3.184

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (38991)

First Seen2024-02-07

Last Seen2024-08-20

Times Seen4561

Size39 kB (38992 bytes)

MD51e5a2d024954a14a3025f684aaf44595

SHA194ddcc9dd65c22897e52bd4fd808dce4703fb275

SHA256fb567040abfba5705ef438233da6ca0df44fc81ceacffe1b5d8e1f3ffabc33fb

Certificate Info

IssuerCloudflare, Inc.

Subjectchallenges.cloudflare.com

Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E

ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

HTTP Headers

GET /turnstile/v0/b/a990e557/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://g5wvgxrx.7w92vj.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 12 Feb 2024 18:10:00 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 8546c92ecc9b56b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST g5wvgxrx.7w92vj.ru/web6/info

188.114.96.1

200 OK

20 B

URL POST HTTPS

g5wvgxrx.7w92vj.ru/web6/info

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typetroff or preprocessor input, ASCII text, with no line terminators

First Seen2023-04-05

Last Seen2025-04-06

Times Seen31862

Size20 B (20 bytes)

MD50b35866f4a3aa4d34ce5dda2d14c2cd8

SHA1d2b80911f09c3106fdf0df9920f983945d644083

SHA256493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /web6/info HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 32
Origin: https://g5wvgxrx.7w92vj.ru
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:12 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoGpmbJOKkeGExfY6pDGRkcEHy%2BvpsDvFlddsg5mwtcH0zZrH4cxBT3CpgiqewXdbON98cKxoaJ7N95n6e%2F7L603ZMeQ1We04mPdnOnW2XU0v0P1r9Stf1qTvpzaTCv8knhmm5sF6nKW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjNDaXlPMmgveTMrKzdqQ2hiREFmTmc9PSIsInZhbHVlIjoiNmlHUGhRSHNmNFdENG9mSU1oYUZSQjhibE4vb3BCRXpjcGQxeGRDMlV6TFZzWThGOEVpYmphREVqdE1EM1JUUFhyZHVSaGZVQVNEa2FGWWs0RVBpaVQwOHFoZHVobkZtNUhsN1BzNmducDJZWkFUejZURGIveUpKTDAwQTVrZFQiLCJtYWMiOiJmMDM5NDdlZGM2YzdiMDdjMThjYzM0MjhiNDBmYWUwNThhM2RiODBmYjNlNjdkNzg2YmNlYzYzYmJjNThjZTIxIiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:12 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6InI4MFRaK1hkR2VDWU5hb0lWSzlVQ2c9PSIsInZhbHVlIjoiWllycU90RitDN0tjQjFUYnBQcXZiQ3M5cEdnVHpncEFOZ2VxekNrQVlEM2xQN2pjaEFwcURVOUJNa0VMOTBHRWxrWDZobTMzS0dHOU55WG85UlQzcGJPN2xXUlUxVjB2OHpaNTZMcExNSHRXTnFsWVdtdCtCdm5jMm5kaWdBbjQiLCJtYWMiOiJjMzM2YWRiYmEwZTQzY2QzMzJmZGVmYmUwNzc3OTQyYWZlNDgyZGJiZjJkOGMwMmJmNzlhNmUzMzU0MjAzMTk3IiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:12 GMT; Max-Age=7200; path=/; httponly; samesite=lax
server: cloudflare
cf-ray: 8546c97a2e3db517-OSL
content-encoding: br

POST g5wvgxrx.7w92vj.ru/web6/info

188.114.96.1

200 OK

1 B

URL POST HTTPS

g5wvgxrx.7w92vj.ru/web6/info

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typevery short file (no magic)

First Seen2023-03-07

Last Seen2025-08-08

Times Seen67879

Size1 B (1 bytes)

MD5c4ca4238a0b923820dcc509a6f75849b

SHA1356a192b7913b04c54574d18c28d46e6395428ab

SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /web6/info HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 139
Origin: https://g5wvgxrx.7w92vj.ru
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6IjNDaXlPMmgveTMrKzdqQ2hiREFmTmc9PSIsInZhbHVlIjoiNmlHUGhRSHNmNFdENG9mSU1oYUZSQjhibE4vb3BCRXpjcGQxeGRDMlV6TFZzWThGOEVpYmphREVqdE1EM1JUUFhyZHVSaGZVQVNEa2FGWWs0RVBpaVQwOHFoZHVobkZtNUhsN1BzNmducDJZWkFUejZURGIveUpKTDAwQTVrZFQiLCJtYWMiOiJmMDM5NDdlZGM2YzdiMDdjMThjYzM0MjhiNDBmYWUwNThhM2RiODBmYjNlNjdkNzg2YmNlYzYzYmJjNThjZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InI4MFRaK1hkR2VDWU5hb0lWSzlVQ2c9PSIsInZhbHVlIjoiWllycU90RitDN0tjQjFUYnBQcXZiQ3M5cEdnVHpncEFOZ2VxekNrQVlEM2xQN2pjaEFwcURVOUJNa0VMOTBHRWxrWDZobTMzS0dHOU55WG85UlQzcGJPN2xXUlUxVjB2OHpaNTZMcExNSHRXTnFsWVdtdCtCdm5jMm5kaWdBbjQiLCJtYWMiOiJjMzM2YWRiYmEwZTQzY2QzMzJmZGVmYmUwNzc3OTQyYWZlNDgyZGJiZjJkOGMwMmJmNzlhNmUzMzU0MjAzMTk3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:15 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0%2FhB9GGWSC%2B94kQoD%2B%2Bu%2Bp7Xj3npOwJFCtLrxZ2R66pkwQkoCxvVoBBQJXTS3CbDyLwuA9J9mMoVKPVZP21%2FnItjLUl%2FmoTCjm8O2tW96WdpaoEGc0%2FSTNIj0JZFZufxARW7iUrg9%2Bc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6InJtNTFoMEk2eGpPT1VpWnYzYitFQ1E9PSIsInZhbHVlIjoiTk9SRWNtcXd4UGt1U3BjNEVoeGR0WWlpditkcHZ1MWNDM0lzRWhZeExKYXFCRjl4bTBWdlZ6NlloVmU1WTBvMXRrTHM3aGQ3TTdmemkwQjh0SThHc1E3QzlmTExiM1U2clhhN1pBUUN5MTJMbzlMaWNnbWRPL1BIcThkWmhZUDMiLCJtYWMiOiJmY2NhZmQxMTg2Mzc1ZTRlNjVhZGE4M2VjYTcwMWY5NTk1OWI1ZDFhYTZmMmVmZjQyM2EyNDQ0YTM1NzQ4NTg3IiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:15 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImR3bThCZUtEaS9EUUlWRmMwMS9jamc9PSIsInZhbHVlIjoiTldvMGhrUHczbm1TbFVNb1lNditPWWgydS9Nb3hCeTNOZHFLUzN1dk94K3JrdUREdmMxTU5KL1hMSUJ1Nk5TVkUrMTZveHBWaGxhcElsRUFrMXBteWJleWsxUlVjeWZtditsTlZoMDNtK2lGSmZiTjV3bXNVbzVwb3lwN2RFRDYiLCJtYWMiOiI3MDJiOGE1MTQwNDFkNTQ0NmNhNWQ0MDZhZDliZjIxODRlZDFiMzAxMGMwNmY3YjNhNGFkNDliMTM1MmZhYzhlIiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
server: cloudflare
cf-ray: 8546c98ceb4fb517-OSL
content-encoding: br

GET g5wvgxrx.7w92vj.ru//web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket

188.114.96.1

101 Switching Protocols

0 B

URL GET HTTPS

g5wvgxrx.7w92vj.ru//web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720669

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET //web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://g5wvgxrx.7w92vj.ru
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1/KdEsmlUKVfech3B+jdMA==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: XSRF-TOKEN=eyJpdiI6Ikx4STlVVHdjUmVhMlZpNEpEbytEU3c9PSIsInZhbHVlIjoiRkVJNzJTOHhCKzdNWlhieWxjQmlVeXJqdlFGK3VRZVZSNGs4Smt4MC9XeVErc2tzREErRndSTGRFbk92aUxZdFord3FFOEZzaFNkZzk5K2M0VDBRQVc2Q3VmbFMrMnl3aVhyNThrdFFZck13THRSdkEzOFFsM1NqWDNEK0d4NTMiLCJtYWMiOiJiYjdmZWZjYzEyYzM3MmFiZTNhZmUxNjVjYmQ4ZDcwMTliZDBlZGFkZTBiMGQ0MDdmMDYxZTM1YTJjNWQxMDQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBrKzV3NVVjSWw3N2NQdzd5NWpDQ2c9PSIsInZhbHVlIjoieVVHSFc3QUZmc3c2ZTJpUHFRMUxQaE1aMzdpTjBTRGc3VmYxNlQvbUw3anVNTGVSR0RZc0lnR1hEZUJUZXdwSG9zR3RqZlBhRU4yaXV6NDBIKzY4QXZVa3J1c29QOGRHbWRudkRRU2lmR2VxM0hRNE0xMURyNlZlUHArWjJuUU8iLCJtYWMiOiI5NGMxMDUxMDU5ZTUwYjRhMjJiNTEzN2YzNWE3NGNjNjk5YTBmNzZkYjY0M2U0MDA4ODA5YzUzNzYzNmVkZjBlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Mon, 12 Feb 2024 18:10:08 GMT
Connection: upgrade
Sec-WebSocket-Accept: SPf1qOw/RjIsn522ksABZ65C4ac=
Upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAMmOzuWQwHXP0KytgYGzANrfzxBSFyvVh%2BTc4hoco8n9N5OgQXkgWC9qx0QOXv0nj1%2BHxWHihLGCW5HK7iRbYYGOnECxsRb62d2JqpVHf8kr%2BWipDHBbZvta4F1%2FAvZOVwME9M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8546c964e9ef56c4-OSL
alt-svc: h3=":443"; ma=86400

GET g5wvgxrx.7w92vj.ru/web6/assets/js/pages.min.js?cb=36

188.114.96.1

200 OK

103 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/js/pages.min.js?cb=36

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720669

Size103 kB (102962 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/js/pages.min.js?cb=36 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: text/javascript
last-modified: Thu, 01 Feb 2024 01:31:52 GMT
etag: W/"19232-61047f5c03200-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uf05fW%2FpMr5wG6LLjYLwAcvsxeWmKUKvDoUm9P5UtRzlyew9P6NyyaM%2BFgX07Itg%2BBi63dxZ6o4K%2BJ3HMIenyf5CD53GgXDUgA1VEm0WiABXNrCKscd%2FwsY%2FpbIiIo4rxEd4UiB9hHHn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 26
server: cloudflare
cf-ray: 8546c966bb98b517-OSL
content-encoding: br

GET g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-top-web.min.js?cb=1707761400000

188.114.96.1

200 OK

604 B

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/js/pages-head-top-web.min.js?cb=1707761400000

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeASCII text, with very long lines (640), with no line terminators

First Seen2024-02-08

Last Seen2024-08-20

Times Seen1117

Size604 B (604 bytes)

MD5d5f0d0d0615fe9cd3217e838e5ca283c

SHA130f0085b6fe0c4fc2f861dfb27208d07ed7ed5c1

SHA2569329ddd97ad24ad9a165e8673435607b12a5d8fd1a164c1b734eb115ea4d3962

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/js/pages-head-top-web.min.js?cb=1707761400000 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:00 GMT
content-type: text/javascript
last-modified: Thu, 08 Feb 2024 16:24:11 GMT
etag: W/"25c-610e13dd7ccc3-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HK85H%2BltAOrgpohZMrusluoo2H99QCEtZ7r%2B8qIE3GhwoVopvJQWGXQG4wgQc%2FhBEPsLnDm2chwNtuakpQOmHPGxyuOosAjzu1H%2FhiKWxOuZ0QxYTFf9%2Fw%2FMhecSJKfz%2Fz0f77s3yQMz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 8546c92fcb8db517-OSL
content-encoding: br

GET g5wvgxrx.7w92vj.ru/web6/assets/microsoftfavicon.ico

188.114.96.1

200 OK

17 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/microsoftfavicon.ico

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors

First Seen2023-04-05

Last Seen2025-08-08

Times Seen156828

Size17 kB (17174 bytes)

MD512e3dac858061d088023b2bd48e2fa96

SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/microsoftfavicon.ico HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: image/vnd.microsoft.icon
last-modified: Sun, 19 Mar 2023 06:20:16 GMT
etag: W/"4316-5f73acdc5a800"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJwbVpgZRrzUWiOIr6%2B1Mp9%2BiZoF7kbk9a2TJOPVPcD5ySi%2FFWVusshnqSxL%2BGgndT8%2Bm7RM%2FVOBkZ8Q3WpzfhZ%2BZGKqEWs0QpRlg0EM3flw%2BnTNGMt%2B%2BdLy8MVSXtLMbQVQr6Nob%2Bsn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 26
server: cloudflare
cf-ray: 8546c9698eecb517-OSL
content-encoding: br

GET aadcdn.msauthimages.net/dbd5a2dd-xdnza-5w9ebvgjmwtw6c4jjbut-m1faemyam4jlibgw/logintenantbranding/0/illustration?ts=637857974127423744

152.199.21.175

200 OK

60 kB

URL GET HTTPS

aadcdn.msauthimages.net/dbd5a2dd-xdnza-5w9ebvgjmwtw6c4jjbut-m1faemyam4jlibgw/logintenantbranding/0/illustration?ts=637857974127423744

IP / ASN

152.199.21.175

#15133 EDGECAST

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, progressive, precision 8, 1128x1080, components 3

First Seen2023-11-16

Last Seen2024-08-20

Times Seen35

Size60 kB (60452 bytes)

MD593b4de73cd4580be478f87e251e7101c

SHA137e8c80ebcd38839555c65bac87e5662262201b4

SHA256b5f74563254dcb4f4e62a83134c9a0a3e677e6851d2a5c65b2f370a72bcd873a

Certificate Info

IssuerMicrosoft Corporation

Subjectaadcdn.msauthimages.net

Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5

ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

HTTP Headers

GET /dbd5a2dd-xdnza-5w9ebvgjmwtw6c4jjbut-m1faemyam4jlibgw/logintenantbranding/0/illustration?ts=637857974127423744 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 3
cache-control: public, max-age=86400
content-md5: k7Tec81FgL5Hj4fiUecQHA==
content-type: image/*
date: Mon, 12 Feb 2024 18:10:15 GMT
etag: 0x8DA2072AD2698CC
last-modified: Sun, 17 Apr 2022 13:03:32 GMT
server: ECAcc (ska/F6AE)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 664179e8-e01e-003b-7fde-5d0646000000
x-ms-version: 2009-09-19
content-length: 60452
X-Firefox-Spdy: h2

POST g5wvgxrx.7w92vj.ru/web6/validatecaptcha

188.114.96.1

200 OK

20 B

URL POST HTTPS

g5wvgxrx.7w92vj.ru/web6/validatecaptcha

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typetroff or preprocessor input, ASCII text, with no line terminators

First Seen2023-04-05

Last Seen2025-04-06

Times Seen31862

Size20 B (20 bytes)

MD50b35866f4a3aa4d34ce5dda2d14c2cd8

SHA1d2b80911f09c3106fdf0df9920f983945d644083

SHA256493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /web6/validatecaptcha HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 671
Origin: https://g5wvgxrx.7w92vj.ru
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KiB9J76SAh0XTYNHuSCCs55HlXPJsmnDCRcSCuSOWKogZYVzRX7CQwq8YQL8gMshf6dPVrz%2BOFf25KWQaRpWsmbjO3WenJxeAkaRfDqW4IcvLkjb%2FRKfyc6oHJ8Aofngw6iPefgMUmr3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Ikx4STlVVHdjUmVhMlZpNEpEbytEU3c9PSIsInZhbHVlIjoiRkVJNzJTOHhCKzdNWlhieWxjQmlVeXJqdlFGK3VRZVZSNGs4Smt4MC9XeVErc2tzREErRndSTGRFbk92aUxZdFord3FFOEZzaFNkZzk5K2M0VDBRQVc2Q3VmbFMrMnl3aVhyNThrdFFZck13THRSdkEzOFFsM1NqWDNEK0d4NTMiLCJtYWMiOiJiYjdmZWZjYzEyYzM3MmFiZTNhZmUxNjVjYmQ4ZDcwMTliZDBlZGFkZTBiMGQ0MDdmMDYxZTM1YTJjNWQxMDQzIiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:08 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IjBrKzV3NVVjSWw3N2NQdzd5NWpDQ2c9PSIsInZhbHVlIjoieVVHSFc3QUZmc3c2ZTJpUHFRMUxQaE1aMzdpTjBTRGc3VmYxNlQvbUw3anVNTGVSR0RZc0lnR1hEZUJUZXdwSG9zR3RqZlBhRU4yaXV6NDBIKzY4QXZVa3J1c29QOGRHbWRudkRRU2lmR2VxM0hRNE0xMURyNlZlUHArWjJuUU8iLCJtYWMiOiI5NGMxMDUxMDU5ZTUwYjRhMjJiNTEzN2YzNWE3NGNjNjk5YTBmNzZkYjY0M2U0MDA4ODA5YzUzNzYzNmVkZjBlIiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
server: cloudflare
cf-ray: 8546c9618d76b517-OSL
content-encoding: br

GET g5wvgxrx.7w92vj.ru/web6/assets/pages/tj3yC3c.css?cb=1707761400547

188.114.96.1

200 OK

1.1 kB

URL GET HTTPS

g5wvgxrx.7w92vj.ru/web6/assets/pages/tj3yC3c.css?cb=1707761400547

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeASCII text, with very long lines (1164), with no line terminators

First Seen2023-11-15

Last Seen2024-08-20

Times Seen12465

Size1.1 kB (1121 bytes)

MD565e0573b1d7b11f8cb2870e600055a80

SHA1a391668d136753e7f4d81e51f6d12cc1c61237dd

SHA2560f1934383ad7770ce8d632d793ac71875e1d1c23a3323495f6d1514df584e469

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /web6/assets/pages/tj3yC3c.css?cb=1707761400547 HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: text/css
last-modified: Fri, 09 Feb 2024 22:02:41 GMT
etag: W/"461-610fa164241e2-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7mC4sZdH5t28usVp4C5HANSoZyyBZliecu6G9VKxMXb9yLt2CsgQu5ZS91Yupt25cHHeullTKS4a0LlFy69p7lQG%2Bg5eLoVoQJiCCZxxArPN82tP4AxnJcUnXHoin3jq0qftRdH33px"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 8546c9614d27b517-OSL
content-encoding: br

POST g5wvgxrx.7w92vj.ru/web6/info

188.114.96.1

200 OK

91 B

URL POST HTTPS

g5wvgxrx.7w92vj.ru/web6/info

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typetroff or preprocessor input, ASCII text, with no line terminators

First Seen2023-10-23

Last Seen2025-01-29

Times Seen6347

Size91 B (91 bytes)

MD5348478242d981ddc47795f90e6f89d2a

SHA18f862536625baf2d0eb45d44acc9802c71df79e1

SHA25699691950fad5cb4b6df0bab904cc60d404840fe839c3614ffb841898ecdb3ddb

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /web6/info HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 32
Origin: https://g5wvgxrx.7w92vj.ru
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6Ikx4STlVVHdjUmVhMlZpNEpEbytEU3c9PSIsInZhbHVlIjoiRkVJNzJTOHhCKzdNWlhieWxjQmlVeXJqdlFGK3VRZVZSNGs4Smt4MC9XeVErc2tzREErRndSTGRFbk92aUxZdFord3FFOEZzaFNkZzk5K2M0VDBRQVc2Q3VmbFMrMnl3aVhyNThrdFFZck13THRSdkEzOFFsM1NqWDNEK0d4NTMiLCJtYWMiOiJiYjdmZWZjYzEyYzM3MmFiZTNhZmUxNjVjYmQ4ZDcwMTliZDBlZGFkZTBiMGQ0MDdmMDYxZTM1YTJjNWQxMDQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBrKzV3NVVjSWw3N2NQdzd5NWpDQ2c9PSIsInZhbHVlIjoieVVHSFc3QUZmc3c2ZTJpUHFRMUxQaE1aMzdpTjBTRGc3VmYxNlQvbUw3anVNTGVSR0RZc0lnR1hEZUJUZXdwSG9zR3RqZlBhRU4yaXV6NDBIKzY4QXZVa3J1c29QOGRHbWRudkRRU2lmR2VxM0hRNE0xMURyNlZlUHArWjJuUU8iLCJtYWMiOiI5NGMxMDUxMDU5ZTUwYjRhMjJiNTEzN2YzNWE3NGNjNjk5YTBmNzZkYjY0M2U0MDA4ODA5YzUzNzYzNmVkZjBlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:08 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHFXHZSuOAc9mqf9TgplhGXNmlZph%2FePD%2BTzRMiYJoE404HzhgyWjVNI8zjj5Du%2FirXswSO9YHalWzV8eVgUqI1yo2FchIekGfwEWn4KjOOr9%2F9FrE9d2nuCvmEHIiZbT177QreO6KcR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkpIcWYzZXltdVlQTS91Tm5ob1N2Nnc9PSIsInZhbHVlIjoiSUdQWVhoRTAyZXIvK3VEazIrTUpvaEhrUlJoZjFmSnErZGJNV1k4dVhBM0pLZ2wyb2VyRXpsNzh1bXh5anZhL1l3S0xtTU85dzB6M1hkNzRxbWh3dWdsN2d5OEt6VVJNWU5sbEg1Z282WG1uR0dyZCtSVkp4SDNQRUxFVWdwcWwiLCJtYWMiOiIzNzZjMjRlM2U2NmY4NzIyZjdkMjY4NDRiYWMyNmNiMmIxYTE2NjhiMzQwNzMxMjM4ODYyYWYxMzk4NDJkOWI5IiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:08 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6Ii9MRnZGdEcxM2wwb1dyaHdOWk5LR0E9PSIsInZhbHVlIjoielV4Y3VySjlqTnI4Q1k1SzNFbGFqYkloeUFOaE44YU1mbmpPYit6K3A4UVAvbnJucnVvTlQ1UWQ2NisyQVIzQ3A4UEQyTytTekRwOWxZRnhMd0N0VVJnZFdTWTBMelVPNWtUUWJZNjAxa1RWYkJsVmJEcjRzbmRRMFFCNGtXeWUiLCJtYWMiOiJkODNhNjRiNWQ5ZmIyZmU4MzFkZDYwODZiMTllZDU3MDM0NTk2NjlmN2FjODRkZGYzMDY0NTlmZmFkMDdjZDY3IiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
server: cloudflare
cf-ray: 8546c964b938b517-OSL
content-encoding: br

POST g5wvgxrx.7w92vj.ru/web6/info

188.114.96.1

200 OK

36 kB

URL POST HTTPS

g5wvgxrx.7w92vj.ru/web6/info

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://g5wvgxrx.7w92vj.ru/G0V8yl6z6/#william.harvey@landmarkproperties.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720669

Size36 kB (36403 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subject7w92vj.ru

Fingerprint9C:9B:D3:AB:BD:6E:24:66:C3:8E:A5:1B:96:A0:82:7C:CB:5F:FC:6D

ValidityTue, 06 Feb 2024 00:29:56 GMT - Mon, 06 May 2024 00:29:55 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /web6/info HTTP/1.1
Host: g5wvgxrx.7w92vj.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://g5wvgxrx.7w92vj.ru
DNT: 1
Connection: keep-alive
Referer: https://g5wvgxrx.7w92vj.ru/G0V8yl6z6/
Cookie: XSRF-TOKEN=eyJpdiI6Ikx4STlVVHdjUmVhMlZpNEpEbytEU3c9PSIsInZhbHVlIjoiRkVJNzJTOHhCKzdNWlhieWxjQmlVeXJqdlFGK3VRZVZSNGs4Smt4MC9XeVErc2tzREErRndSTGRFbk92aUxZdFord3FFOEZzaFNkZzk5K2M0VDBRQVc2Q3VmbFMrMnl3aVhyNThrdFFZck13THRSdkEzOFFsM1NqWDNEK0d4NTMiLCJtYWMiOiJiYjdmZWZjYzEyYzM3MmFiZTNhZmUxNjVjYmQ4ZDcwMTliZDBlZGFkZTBiMGQ0MDdmMDYxZTM1YTJjNWQxMDQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBrKzV3NVVjSWw3N2NQdzd5NWpDQ2c9PSIsInZhbHVlIjoieVVHSFc3QUZmc3c2ZTJpUHFRMUxQaE1aMzdpTjBTRGc3VmYxNlQvbUw3anVNTGVSR0RZc0lnR1hEZUJUZXdwSG9zR3RqZlBhRU4yaXV6NDBIKzY4QXZVa3J1c29QOGRHbWRudkRRU2lmR2VxM0hRNE0xMURyNlZlUHArWjJuUU8iLCJtYWMiOiI5NGMxMDUxMDU5ZTUwYjRhMjJiNTEzN2YzNWE3NGNjNjk5YTBmNzZkYjY0M2U0MDA4ODA5YzUzNzYzNmVkZjBlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 12 Feb 2024 18:10:09 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxBNDUCN2lX6I1ydYGYkj6vj2bxO93TUfWvYa5i4OKpRbF8qGvZXj9oR0YOKUDe0GxECfvzUmRAo%2Bzw9pQC7nHhZ65Jtmp9d6O%2FQFUS4712Nm1Q2LJ1c8JkxsJPK6bNUEB0BFI59uZ47"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImlwSXpjV0cwTFlvNXlLVEozbWY0MVE9PSIsInZhbHVlIjoiZkZZYVBFSC9nLzdaQVRuYkZ4TUdJN0k2dU9SSk9TdUhMRHV2cWE1OUF3bGpPanErZ2xWUk5PVUNUTThTNTJnUE9NZ0FJRVBFM0oyNDk0REVLZEIzWnc5bWZNSDZ1L0VOV3BlZGd1cjMyWjcrRENKclpUS0dpVnJpOG5tQzBLLzkiLCJtYWMiOiIxMzFmNDUwZGRlYTUzMTViNDRkMGNhMzdlODdhY2IxM2M4OWY5ZTVmYTc2YjY0MTAxYWFiMDg1ODBiMjYzMGVhIiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:08 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IkR4Y0J0dzlFbW8zNmNGYmtTb2p1b0E9PSIsInZhbHVlIjoieDcxVXhkekM3UzBiK01rSlhaVjdiTGtaSHRaekZVajdpckduL3owSzRHS3JrMDlZdXkzQ3Jyck1NaENtbGk4VEYwaHNIem55QVY0VGpsakRaR2cwUGNxZDdDbUxRWTYvaGxnazg3Q1FOelZZNEhCa1pWK0VSY3p6SElWVW1iVmQiLCJtYWMiOiI0NzU4ZTdmNDMzNjE3YTQ2NDI0OGZmZjEyMDczNTIzMWQxNjIzNDE2ZTMyNTMyNjY2YTM1ODk4NWY3MTQzM2NjIiwidGFnIjoiIn0%3D; expires=Mon, 12-Feb-2024 20:10:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
server: cloudflare
cf-ray: 8546c964b93ab517-OSL
content-encoding: br