Report - link.shoppermeet.net/deep-link?clickid=01H1RW78ZQF6QB5RM2RB5KGV69&geo=us&ip=66.249.66.3&merchantid=108994&propertyid=417896&publisherkey=0f210dc9-c1ef-4153-bd53-8fb98995be03&subid=01GWHNP35ZW7N25QKXMEA9EHVQ&url=https://58o4VTAE4LK0MxniWCyT.lumpnk.ru/vXsP8/%23%23kdanielsj@slurpmail.net

Report Overview

Visitedpublic

2025-02-15 07:57:55

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-02-12	1.4 kB	45 kB	104.17.25.14
code.jquery.com	634	2005-12-10	2012-05-21	2025-02-12	886 B	63 kB	151.101.130.137
58o4vtae4lk0mxniwcyt.lumpnk.ru	unknown	2024-11-18	2025-02-14	2025-02-14	33 kB	5.4 MB	104.21.17.177
dxakje.virbutr.ru	unknown	unknown	No data	No data	478 B	1.1 kB	104.21.48.1
github.com	1423	2007-10-09	2016-07-13	2025-02-12	467 B	4.3 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-02-12	902 B	11 kB	185.199.108.133
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-02-12	477 B	406 B	104.18.95.41
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-02-11	2.1 kB	268 kB	18.165.140.104
get.geojs.io	17418	2017-02-18	2017-03-30	2025-02-08	517 B	1.5 kB	172.67.70.233
nyaqgasajk7o31gl2oj4xeenamvmdoxk8i6mgjjudzpu1sf4blimgitlou.nexthorizonz.ru	unknown	2025-01-22	2025-02-15	2025-02-15	709 B	1.5 kB	104.21.68.248
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-02-11	459 B	1.7 kB	104.16.2.189

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-15 07:57:41	medium	Client IP	172.67.70.233	ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-15	medium	nexthorizonz.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-08-11
URL code.jquery.com/jquery-3.6.0.min.js IP / ASN 151.101.130.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Information First Seen 2023-03-07 Last Seen 2025-08-11 Times Seen 269579 Size 90 kB (89501 bytes) MD5 8fb8fee4fcc3cc86ff6c724154c49c42 SHA1 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 SHA256 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Format Code Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-08-11
URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP / ASN 140.82.121.3 #36459 GITHUB Introduced by ScriptElement Embedded false Resource Information First Seen 2024-05-30 Last Seen 2025-08-11 Times Seen 35946 Size 10 kB (10245 bytes) MD5 6c20a2be8ba900bc0a7118893a2b1072 SHA1 ff7766fde1f33882c6e1c481ceed6f6588ea764c SHA256 b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Format Code Loading...

	unknown	ScriptElement	2.2 kB	2025-02-15	2025-02-15
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Information First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 2.2 kB (2187 bytes) MD5 196759a63b629f061d3146fa03dc2612 SHA1 a542c5a27aaf29a7bb6c1559e6bb169e5801eb74 SHA256 900182e748ef2658a628dd345da9a2430699b16f67756117a9e30931317d7e5c Format Code Loading...

	58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW	ScriptElement	1.9 kB	2025-02-15	2025-02-15
URL 58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW IP / ASN 104.21.17.177 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Information First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 1.9 kB (1893 bytes) MD5 40135fd40f0cc98414d1ebd11a9e7904 SHA1 7964e61151c30fde5e558b408dba1a36c971f17e SHA256 8d8eb28fd6557be62d5092ac5c89f5cba25b963ff1916d8b3c596091cb9ccfe6 Format Code Loading...

	58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW	ScriptElement	140 kB	2025-02-15	2025-02-15
URL 58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW IP / ASN 104.21.17.177 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Information First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 140 kB (140010 bytes) MD5 3531351cd9f19539cc166c8fefed46d0 SHA1 b0eb03adf7293c888395a5fb844f5e04413c334b SHA256 da7ee14ae8939a675c7e49b75e3dc8c4f9746988b874f6d28ef9333a552bebd2 Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-08-11
URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP / ASN 104.17.25.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Information First Seen 2023-03-07 Last Seen 2025-08-11 Times Seen 137119 Size 48 kB (48316 bytes) MD5 2ca03ad87885ab983541092b87adb299 SHA1 1a17f60bf776a8c468a185c1e8e985c41a50dc27 SHA256 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Format Code Loading...

	unknown	ScriptElement	20 kB	2025-02-15	2025-02-15
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Information First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 20 kB (20056 bytes) MD5 8e4b834a90c3e0ef4927833181ca721c SHA1 bf0aaa704585cc2f4cdce3e444285767be6839f9 SHA256 2ab07809524c64c29dda0cdb7dbfee7f63adc2f1e0eded5415549acf0eda92df Format Code Loading...

	58o4vtae4lk0mxniwcyt.lumpnk.ru/56jWe9xX9EuBLgbg1CM8oijbZdcjE1lUnVT89110	ScriptElement	4.8 MB	2025-02-12	2025-02-28
URL 58o4vtae4lk0mxniwcyt.lumpnk.ru/56jWe9xX9EuBLgbg1CM8oijbZdcjE1lUnVT89110 IP / ASN 104.21.17.177 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Information First Seen 2025-02-12 Last Seen 2025-02-28 Times Seen 4941 Size 4.8 MB (4752044 bytes) MD5 1fcbe4aacbe30b67606277e365405928 SHA1 68443d074aeff59a5940e48a91c82268b2c3e30f SHA256 89feb7dcb6afb24066a555b39d94bbc817a16a597db8a0ca3bbba9eb3ced1f5b Format Code Loading...

	unknown	ScriptElement	746 B	2025-02-15	2025-02-15
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Information First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 746 B (746 bytes) MD5 bbbd61a3e84755cb69dca46881b1f349 SHA1 138ebdd142f694e70e2cc8427c9d10c28e8316f4 SHA256 442cf11a2d6cca3dd549c6d156f60ddabb9b161de4d0173a5ec82714089c1752 Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	75f401a32c2624ae61c865d9605de97f	DocumentWrite	104 kB	2025-02-15	2025-02-15
Introduced by DocumentWrite First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 104 kB (103513 bytes) MD5 75f401a32c2624ae61c865d9605de97f SHA1 34bad151d9525c3670daf1134bfae671f1eb179d SHA256 d033f2e5964a2db55bf2cfe8e23b37eebec0830678ae46cad7547b3edcc11e25 Format Code Loading...

	f92394789104c1e1f3b53c4eda2f3ed5	DocumentWrite	7.6 kB	2025-02-15	2025-02-15
Introduced by DocumentWrite First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 7.6 kB (7570 bytes) MD5 f92394789104c1e1f3b53c4eda2f3ed5 SHA1 f913eba3468de2c00e985659f54be5cfcb5e7eb3 SHA256 acb1107d1cb54cfd0afb19f1cfa67f766bdd218eda7252f2672bfe36a9e5076c Format Code Loading...

	2de1a806d23c54c489149e74de45c4fb	DocumentWrite	104 kB	2025-02-15	2025-02-15
Introduced by DocumentWrite First Seen 2025-02-15 Last Seen 2025-02-15 Times Seen 1 Size 104 kB (103520 bytes) MD5 2de1a806d23c54c489149e74de45c4fb SHA1 1bd0d3a2eb95847e6da527b8b31f73ca1e37eb2e SHA256 3a879bef5c94b0489dd7d4df3b40f9c7f65286e68fca52466d9637f6ce7f95e0 Format Code Loading...

HTTP Transactions (41)

URL IP Response Size

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.95.41

302 Found

0 B

URL HTTP

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byN/A

Resource Information

File typeN/A

First Seen0001-01-01

Last Seen2025-08-11

Times Seen5764723

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 15 Feb 2025 07:57:23 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/324d0dcf743c/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 9123bf2c998fb4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators

First Seen2023-03-07

Last Seen2025-08-11

Times Seen137119

Size14 kB (13972 bytes)

MD52ca03ad87885ab983541092b87adb299

SHA11a17f60bf776a8c468a185c1e8e985c41a50dc27

SHA2568e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Certificate Information

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32

ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Feb 2025 07:57:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11201
expires: Thu, 05 Feb 2026 07:57:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d91RwMBAxurdDJ%2F6ppToBsxB5Ydf%2BbcWDliVMREkppg36w9CxWjCuVaYipFP18I0g5aEcxhWDHIQbjhTIm2Qqkr0TRyDkiPzBPxzgNof7B3DsL6B0ZGS2OPy%2Ft2SQZGdmkvTQbwl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9123bf2cafacb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTPS

code.jquery.com/jquery-3.6.0.min.js

IP / ASN

151.101.130.137

#54113 FASTLY

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-11

Times Seen269579

Size31 kB (30875 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Information

IssuerSectigo Limited

Subject*.jquery.com

FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5

ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 15 Feb 2025 07:57:23 GMT
age: 3359778
x-served-by: cache-lga21931-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 202653
x-timer: S1739606243.326582,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

developers.cloudflare.com/favicon.png

104.16.2.189

200 OK

937 B

URL HTTP

developers.cloudflare.com/favicon.png

IP / ASN

104.16.2.189

#13335 CLOUDFLARENET

Requested byN/A

Resource Information

File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

First Seen2024-11-14

Last Seen2025-07-08

Times Seen18111

Size937 B (937 bytes)

MD5fc3b7bbe7970f47579127561139060e2

SHA13f7c5783fe1f4404cb16304a5a274778ea3abd25

SHA25685e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Feb 2025 07:57:23 GMT
content-type: image/png
content-length: 937
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=Rrvq6TIKmmmlOZljnDQKlAvdgzVQC1i4D0J_KInTF2c-1739606243-1.0.1.1-k1Ai3t4C4WlBuUNA3X6lG_Kkb6qnjAhgXFPxvv.pjUZyixWM9Kpp6kE4yb.2j.GVrSzXTuRE26303bKBZhRgnQ; path=/; expires=Sat, 15-Feb-25 08:27:23 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 9123bf2e4b4a7129-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

58o4vtae4lk0mxniwcyt.lumpnk.ru/vXsP8/

104.21.17.177

200 OK

38 kB

URL HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/vXsP8/

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byN/A

Resource Information

File typeHTML document, ASCII text, with very long lines (65262)

First Seen2025-02-15

Last Seen2025-02-15

Times Seen1

Size38 kB (38408 bytes)

MD5732daadbe20285c50729c8e038319a1e

SHA1c673686b6418bf4e3b52f20eb3dc7b82f2c58abc

SHA2565a6644694e101c882da6674b865b50ea6ccd6bf87472ec0e6a8c61b62bc4ce14

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /vXsP8/ HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://link.shoppermeet.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Feb 2025 07:57:23 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ookgoF3F%2F2%2FGhqWGjScDO548%2FLfrcXJGFfRPEaKfQB1BEUyaouHjJvLc5p0KB9GvE%2BdhG%2BP7yZzv5399tZBW8TdQ%2FPgtAXTF41Ub9EqjJP9YjrZx%2Ffi5yf4bRStSBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Ii9yRXNpWEl3SUV4UU1wSVl0Q3VleXc9PSIsInZhbHVlIjoiWkVmK1lDL0tCZHpZT1Bydll4aG5WbzhOYUlya0ZmVkVsdE9DVVZsdm5CMmdJRW9QVEpxVjljZDMzeGlJbTl2T1c1M2dnZjRrZEV0NS9ZV3hTWEJMRlZZalE2bjZETWhZZDNEVUxDVVZ5RzU0Qi9VSUhocXNqU1F6YUJZaXN6R0ciLCJtYWMiOiI1ZGE4MmJlMmZjNzNjODg0M2NjYzNiN2YxYjM2OTc5NmY1N2Q1ODE3MzdkZDE3NDdkMjE1ZjU4MjE1MDk5MDZlIiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:23 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjN6bDlnMWRCN0pLRWxaWHhQekxpdHc9PSIsInZhbHVlIjoiajlBS3VWSG5BSmM2dGUxSDdPSFk0aDYwZzFUUlFrOUNBQXhDWm5ocDBSNkxFbytMSURQcjlpTzdJWkx4UmVrV3NXN0Z6V0JObHRXdWNPaEZNZTFKWlRUSTdEUTN0bjZYdzBQbTBVaXRVMktrZVZGZERtd3l2MWRhZUtNVTZ2V0EiLCJtYWMiOiIzMmY3NGI1ZmM3Y2I1YjU2NzQ5YjNjNTQ0N2ZjZTRhYzU1YzVkZjY5YTc5MmU1M2U0OWVmNGU3NjgzYjkyN2RkIiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:23 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 9123bf299c015690-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1007&min_rtt=1001&rtt_var=389&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1449&delivery_rate=2745023&cwnd=251&unsent_bytes=0&cid=7578798c8e0903bf&ts=163&x=0", cfL4;desc="?proto=TCP&rtt=2078&min_rtt=519&rtt_var=1797&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3267&recv_bytes=1308&delivery_rate=6787500&cwnd=254&unsent_bytes=0&cid=40f42a6b957b8031&ts=272&x=0"
X-Firefox-Spdy: h2

dxakje.virbutr.ru/tarboz!lt6iz6lj

104.21.48.1

200 OK

286 B

URL HTTP

dxakje.virbutr.ru/tarboz!lt6iz6lj

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Information

File typevery short file (no magic)

First Seen2023-03-07

Last Seen2025-08-11

Times Seen55404

Size286 B (286 bytes)

MD5cfcd208495d565ef66e7dff9f98764da

SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /tarboz!lt6iz6lj HTTP/1.1
Host: dxakje.virbutr.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Origin: https://58o4vtae4lk0mxniwcyt.lumpnk.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Feb 2025 07:57:37 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xeV%2Fn5sQlZ%2FKhvmNiH44GGSgqmYYEPTscpGW1auqzk76Ik%2FHrShXlSM3lJEcIkIUL3tTIFWffH5iw6QYGC8DNbzLQEVrXp%2FvSIMkn4H49B78E8QnQ37FjTudhwY%2BafzS2Adglw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9123bf7d3df65684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5632&min_rtt=505&rtt_var=10257&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3269&recv_bytes=1248&delivery_rate=6755832&cwnd=246&unsent_bytes=0&cid=3e6299eb6a4a2b15&ts=835&x=0"
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators

First Seen2023-03-07

Last Seen2025-08-11

Times Seen137119

Size14 kB (13972 bytes)

MD52ca03ad87885ab983541092b87adb299

SHA11a17f60bf776a8c468a185c1e8e985c41a50dc27

SHA2568e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Certificate Information

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32

ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11215
expires: Thu, 05 Feb 2026 07:57:37 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5mtyHz9c351Js7BabIh49CROkw6qDTM5%2Bi6BoYKvKw2VEWeY3rav0VMt6IeW6bFuyFTaA9kbVZHrFq%2FXAXehEPb564ZP23ebpCV7NQZWq%2BNAs2dJL8KacT05cOlOelTFAawWaHFe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9123bf84ee73568b-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

58o4vtae4lk0mxniwcyt.lumpnk.ru/qyCvNjXFejJyeatyjAk3xSM9tsx3BeSyGn7v

104.21.17.177

200 OK

39 kB

URL HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/qyCvNjXFejJyeatyjAk3xSM9tsx3BeSyGn7v

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byN/A

Resource Information

File typeJSON text data

First Seen2023-03-13

Last Seen2025-08-11

Times Seen49958

Size39 kB (39421 bytes)

MD55820854f62a6eb3d38ba7ba0d1b3ea75

SHA1639df0b84fe699b4a290a713fd6b9a94bd4deb95

SHA256912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /qyCvNjXFejJyeatyjAk3xSM9tsx3BeSyGn7v HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/vXsP8/
Content-Type: multipart/form-data; boundary=---------------------------27588886817305554752572927018
Content-Length: 948
Origin: https://58o4vtae4lk0mxniwcyt.lumpnk.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ii9yRXNpWEl3SUV4UU1wSVl0Q3VleXc9PSIsInZhbHVlIjoiWkVmK1lDL0tCZHpZT1Bydll4aG5WbzhOYUlya0ZmVkVsdE9DVVZsdm5CMmdJRW9QVEpxVjljZDMzeGlJbTl2T1c1M2dnZjRrZEV0NS9ZV3hTWEJMRlZZalE2bjZETWhZZDNEVUxDVVZ5RzU0Qi9VSUhocXNqU1F6YUJZaXN6R0ciLCJtYWMiOiI1ZGE4MmJlMmZjNzNjODg0M2NjYzNiN2YxYjM2OTc5NmY1N2Q1ODE3MzdkZDE3NDdkMjE1ZjU4MjE1MDk5MDZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjN6bDlnMWRCN0pLRWxaWHhQekxpdHc9PSIsInZhbHVlIjoiajlBS3VWSG5BSmM2dGUxSDdPSFk0aDYwZzFUUlFrOUNBQXhDWm5ocDBSNkxFbytMSURQcjlpTzdJWkx4UmVrV3NXN0Z6V0JObHRXdWNPaEZNZTFKWlRUSTdEUTN0bjZYdzBQbTBVaXRVMktrZVZGZERtd3l2MWRhZUtNVTZ2V0EiLCJtYWMiOiIzMmY3NGI1ZmM3Y2I1YjU2NzQ5YjNjNTQ0N2ZjZTRhYzU1YzVkZjY5YTc5MmU1M2U0OWVmNGU3NjgzYjkyN2RkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:37 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2FM06Un09E%2BHht8beuZa9s40QNi9F1NZBCB6sOUL0MIanaEWxhIjDsvThRC%2BaPGpFor0TRa415jy%2FzyHpLbANIERoedCK1I3Mz7TgIJjUvkym6lMIimxmKtxCTerYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Inh5eUFyTk8wTkVYV05qNjdjdG9CMHc9PSIsInZhbHVlIjoicnBBdXFNV3JPNzFCL2hMblRJc1dzYkYwQTZ5R2NSalg2ajNUNnpOdHdrVXFrbUoveFlja2ZLV2JJQ0JZVnVoSkF1Snpua052Yk13MnFwUDBnSFZBR0pxS2U4cEVaQmFFKzE5Nit4K01MM2dwM1pKaEpZQ1plQVkyTUVybjEyUlAiLCJtYWMiOiI2NThjMTlmOWQ3OTM5Nzg1MmYyNWZmNjBjMDE4ZjkwNjI1MzVlNDY0NGQzNDY5NzA5MjU2MWY0ZWRhMTI1NDQ3IiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:37 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjlVcjkyTmtYR2ZSaXdHdlFHdDhzUkE9PSIsInZhbHVlIjoiYURZR0lrS3lVRkN4MGF1R2Q5c2JvbVJmUFBRSTRRS1V6Q2hMbGR2WEltaVhES2NjUER3K2VUeWc5MjJFUDczTWY2V3RXbE1iVWN6bnBUQXZleXFZbjRsYXFGNmd0bGQ5ZmV2S0hlclVibWxVNDVIMTZ1YWxXdGhPRGs2VVRtWnEiLCJtYWMiOiI2ZDZhYzNiMDAyNDNmOWJlZDUwOTVhMTE0ZjBhYTgwOWE2NGFlOWJjNzU2ZjM5MGU3NjA1M2IwMzZhYTdlMzViIiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:37 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf82b8cab523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1025&min_rtt=1013&rtt_var=309&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=3241&delivery_rate=2613718&cwnd=251&unsent_bytes=0&cid=f91ebd45e5397df1&ts=77&x=0", cfL4;desc="?proto=QUIC&rtt=6377&min_rtt=3004&rtt_var=3536&sent=13&recv=9&lost=0&retrans=0&sent_bytes=4109&recv_bytes=2912&delivery_rate=196051&cwnd=12000&unsent_bytes=0&cid=afb585a0ead0c19f&ts=14169&x=1", cfExtPri, cfHdrFlush;dur=0

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTPS

code.jquery.com/jquery-3.6.0.min.js

IP / ASN

151.101.130.137

#54113 FASTLY

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-11

Times Seen269579

Size31 kB (30875 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Information

IssuerSectigo Limited

Subject*.jquery.com

FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5

ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 15 Feb 2025 07:57:38 GMT
age: 3359792
x-served-by: cache-lga21931-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 202664
x-timer: S1739606258.151366,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators

First Seen2023-03-07

Last Seen2025-08-11

Times Seen137119

Size14 kB (13972 bytes)

MD52ca03ad87885ab983541092b87adb299

SHA11a17f60bf776a8c468a185c1e8e985c41a50dc27

SHA2568e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Certificate Information

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32

ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 11216
expires: Thu, 05 Feb 2026 07:57:38 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqN%2Fd67eMH%2FfCXwCvfh1kZaQ1qWk%2FS53e9owUC5g09xA5fvz4q2zUR%2BWl%2Bc%2BNELVHGKDoNRae5zEUUhekrdq2zN2GJVtz8%2BU30x2J2agbILkwA%2FUXSFMqWGRa2FQ%2BTcL7wGChjbR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9123bf897a9d568b-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

18.165.140.104

200 OK

11 kB

URL GET HTTPS

ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

IP / ASN

18.165.140.104

#16509 AMAZON-02

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typePNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced

First Seen2023-05-04

Last Seen2025-08-11

Times Seen35505

Size11 kB (10796 bytes)

MD512bdacc832185d0367ecc23fd24c86ce

SHA14422f316eb4d8c8d160312bb695fd1d944cbff12

SHA256877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

Certificate Information

IssuerDigiCert Inc

Subject*.oktacdn.com

Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5

ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 10796
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 29 Jan 2025 00:59:17 GMT
expires: Thu, 29 Jan 2026 00:59:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 f046dddea42312c0568a651a5699d67e.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: QafMHSxe3dcEcEntJUQfcPoTpKKIzg6ZAUgB08olzcB8FsgZ53dmuQ==
age: 1493901
X-Firefox-Spdy: h2

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/qrkE0eT37vaYMnSIMErHQghFTCfTR05whPPTwI8MI7e67134

104.21.17.177

200 OK

892 B

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/qrkE0eT37vaYMnSIMErHQghFTCfTR05whPPTwI8MI7e67134

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeRIFF (little-endian) data, Web/P image

First Seen2025-01-27

Last Seen2025-08-11

Times Seen34146

Size892 B (892 bytes)

MD541d62ca205d54a78e4298367482b4e2b

SHA1839aae21ed8ecfc238fdc68b93ccb27431cd5393

SHA25620a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /qrkE0eT37vaYMnSIMErHQghFTCfTR05whPPTwI8MI7e67134 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="qrkE0eT37vaYMnSIMErHQghFTCfTR05whPPTwI8MI7e67134"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jmCwVMM3r2LmvxJJfYqYGXx9cmyC6h%2FYjPdbAMQG3fYsDGzU513MxApNd4M%2FOLv%2F6f85Ff0NijlmuE7OEVTTxaMVbBqmhv2WDsiFJo0IzcJVtnLxqVey0pza3g5VqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89de7db523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1110&min_rtt=1088&rtt_var=350&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2245&delivery_rate=2296590&cwnd=251&unsent_bytes=0&cid=95c04ad2f878a4fd&ts=76&x=0", cfL4;desc="?proto=QUIC&rtt=1738&min_rtt=951&rtt_var=998&sent=133&recv=50&lost=0&retrans=0&sent_bytes=103537&recv_bytes=25589&delivery_rate=544462&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15301&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/qrZhwdMu5TkwybnVIFq9gWmtS21xPINUtYEW2W4XCwIxB6DOwuv7zurD1f53Auci6KH9bKQ3Ycn3duV7C7cd240

104.21.17.177

200 OK

9.6 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/qrZhwdMu5TkwybnVIFq9gWmtS21xPINUtYEW2W4XCwIxB6DOwuv7zurD1f53Auci6KH9bKQ3Ycn3duV7C7cd240

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeRIFF (little-endian) data, Web/P image

First Seen2025-01-27

Last Seen2025-08-11

Times Seen34712

Size9.6 kB (9648 bytes)

MD54946eb373b18d178c93d473489673bb6

SHA116477acb73b63ca251d37401249e7e4515febd24

SHA256666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /qrZhwdMu5TkwybnVIFq9gWmtS21xPINUtYEW2W4XCwIxB6DOwuv7zurD1f53Auci6KH9bKQ3Ycn3duV7C7cd240 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="qrZhwdMu5TkwybnVIFq9gWmtS21xPINUtYEW2W4XCwIxB6DOwuv7zurD1f53Auci6KH9bKQ3Ycn3duV7C7cd240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Kcj%2FPvejktcjytpJneOQHyhBo1En1ECyQHtBbB%2Fn%2FxakIk8K%2B1LG21Vh8tXZ1BK%2F1SCfIyXFRtkHtFOXd5Nxy%2FB9aNhn46NJx1TsRNN9AzqhbHlAiSpIIs2T1yLRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89ee91b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=998&min_rtt=995&rtt_var=380&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2284&delivery_rate=2825365&cwnd=251&unsent_bytes=0&cid=4de09ea9d3a46a20&ts=74&x=0", cfL4;desc="?proto=QUIC&rtt=1648&min_rtt=951&rtt_var=929&sent=147&recv=51&lost=0&retrans=0&sent_bytes=119389&recv_bytes=25635&delivery_rate=940499&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15307&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-bold.woff2

104.21.17.177

200 OK

28 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-bold.woff2

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeWeb Open Font Format (Version 2), TrueType, length 28000, version 1.66

First Seen2023-04-09

Last Seen2025-08-11

Times Seen78597

Size28 kB (28000 bytes)

MD5a4bca6c95fed0d0c5cc46cf07710dcec

SHA173b56e33b82b42921db8702a33efd0f2b2ec9794

SHA2565a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="GDSherpa-bold.woff2"
cache-control: max-age=14400
last-modified: Sat, 15 Feb 2025 07:57:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNWs7kJakKftCPGtzmAC%2BMqpivO%2BKehP6v0MTCP3tplFjTFNkwK%2FZq4plsJ%2BmrBNJKRwcZUxhRzzuTslAGEN4DpNysSkAvfXPBJi7ubDoty%2F7XBvp1LnECEPoY9Hzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf898e46b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1119&min_rtt=1088&rtt_var=352&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2289&delivery_rate=2302066&cwnd=251&unsent_bytes=0&cid=2c8b417184d12430&ts=118&x=0", cfL4;desc="?proto=QUIC&rtt=1542&min_rtt=951&rtt_var=710&sent=159&recv=53&lost=0&retrans=0&sent_bytes=132813&recv_bytes=25726&delivery_rate=15017179&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15337&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/uvZWkKtW9KeyEx7pDqr7nE4yWVmrr1M7oefxt12130

104.21.17.177

200 OK

644 B

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/uvZWkKtW9KeyEx7pDqr7nE4yWVmrr1M7oefxt12130

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeRIFF (little-endian) data, Web/P image

First Seen2025-01-27

Last Seen2025-08-11

Times Seen34989

Size644 B (644 bytes)

MD5541b83c2195088043337e4353b6fd60d

SHA1f09630596b6713217984785a64f6ea83e91b49c5

SHA2562658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uvZWkKtW9KeyEx7pDqr7nE4yWVmrr1M7oefxt12130 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="uvZWkKtW9KeyEx7pDqr7nE4yWVmrr1M7oefxt12130"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=myTj9cTqZcl2f%2BWPEpZM5vbOCeZzYU7AZC6C4dMWyeqnGCDgAf78nw7WxuaaEghL3DniTAVwLDUh67x8gp%2FwcohT30blYKCzTSmRBpQAUFAjOywFT9qI43hoK%2BIf%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89de7bb523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1145&min_rtt=1135&rtt_var=337&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2239&delivery_rate=2448013&cwnd=251&unsent_bytes=0&cid=7a81254b08b61295&ts=124&x=0", cfL4;desc="?proto=QUIC&rtt=1497&min_rtt=951&rtt_var=489&sent=186&recv=55&lost=0&retrans=0&sent_bytes=164441&recv_bytes=25817&delivery_rate=9364566&cwnd=31200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15343&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/uv7NaNxPAbzlmZNnVn2rVLR8YAQ4mnPSRqKgpMI7SisEFCGE6Y3hu8S2rObgoqRef260

104.21.17.177

200 OK

18 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/uv7NaNxPAbzlmZNnVn2rVLR8YAQ4mnPSRqKgpMI7SisEFCGE6Y3hu8S2rObgoqRef260

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeRIFF (little-endian) data, Web/P image

First Seen2025-01-27

Last Seen2025-08-11

Times Seen34630

Size18 kB (17842 bytes)

MD54b52ecdc33382c9dca874f551990e704

SHA18f3bf8e41cd4cdddb17836b261e73f827b84341b

SHA256cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uv7NaNxPAbzlmZNnVn2rVLR8YAQ4mnPSRqKgpMI7SisEFCGE6Y3hu8S2rObgoqRef260 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/webp
content-length: 17842
content-disposition: inline; filename="uv7NaNxPAbzlmZNnVn2rVLR8YAQ4mnPSRqKgpMI7SisEFCGE6Y3hu8S2rObgoqRef260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n7e%2BJLyhRd6MeX%2BEphe5qsUeR6%2B%2FLjZ7vdqkIOdIPSYbxemg8gIHvohyk%2Fn5Or7665bfL9vAoQfbsR6SJumAB5hRYI6UDOCUbuB0UZvWRT7olETk7uXocE78iofPwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89ee95b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1013&min_rtt=985&rtt_var=299&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2265&delivery_rate=2763358&cwnd=251&unsent_bytes=0&cid=05e9b77bc3515c0e&ts=72&x=0", cfL4;desc="?proto=QUIC&rtt=1648&min_rtt=951&rtt_var=929&sent=135&recv=51&lost=0&retrans=0&sent_bytes=105315&recv_bytes=25635&delivery_rate=940499&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15306&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/ghco5hpu0LH2cRJFc0o0aMYHgR5dFVtQjKlShiTmnwVewBj0W96d9rjpiTu7Oqef203

104.21.17.177

200 OK

25 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/ghco5hpu0LH2cRJFc0o0aMYHgR5dFVtQjKlShiTmnwVewBj0W96d9rjpiTu7Oqef203

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeRIFF (little-endian) data, Web/P image

First Seen2025-01-27

Last Seen2025-08-11

Times Seen34689

Size25 kB (25216 bytes)

MD5f9a795e2270664a7a169c73b6d84a575

SHA10fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8

SHA256d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ghco5hpu0LH2cRJFc0o0aMYHgR5dFVtQjKlShiTmnwVewBj0W96d9rjpiTu7Oqef203 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ghco5hpu0LH2cRJFc0o0aMYHgR5dFVtQjKlShiTmnwVewBj0W96d9rjpiTu7Oqef203"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MIXC02NB%2B9emk6OHMaPKNQxlioOyQ0RPPnLFX3Lm7B%2Bx%2F4Ebu9hfecf11DxAAlb3rddeiXlVknDQjN5l6VPuVMc%2FaP1hO0oaSyeuPWhK66uVicTij4od%2Ff4k2DJ2tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89ee90b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1196&min_rtt=1162&rtt_var=376&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2264&delivery_rate=2156366&cwnd=251&unsent_bytes=0&cid=91239caf39850715&ts=112&x=0", cfL4;desc="?proto=QUIC&rtt=1456&min_rtt=951&rtt_var=342&sent=193&recv=57&lost=0&retrans=0&sent_bytes=171072&recv_bytes=25909&delivery_rate=1932845&cwnd=31200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15346&x=1", cfExtPri, cfHdrFlush;dur=0

GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.3

302 Found

0 B

URL GET HTTPS

github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

IP / ASN

140.82.121.3

#36459 GITHUB

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeN/A

First Seen0001-01-01

Last Seen2025-08-11

Times Seen5764723

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Information

IssuerSectigo Limited

Subjectgithub.com

FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A

ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Sat, 15 Feb 2025 07:56:13 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250215T075613Z&X-Amz-Expires=300&X-Amz-Signature=776c2c9ad5451a779e96692143d22959ced4503d00eafda9d230c29ba068c9f1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 98DC:2EA297:615AD0:65D799:67B048F2
X-Firefox-Spdy: h2

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-bold.woff

104.21.17.177

200 OK

36 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-bold.woff

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeWeb Open Font Format, TrueType, length 35970, version 1.0

First Seen2023-05-09

Last Seen2025-08-11

Times Seen75897

Size36 kB (35970 bytes)

MD5496b7bbde91c7dc7cf9bbabbb3921da8

SHA12bd3c406a715ab52dad84c803c55bf4a6e66a924

SHA256ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="GDSherpa-bold.woff"
cache-control: max-age=14400
last-modified: Sat, 15 Feb 2025 07:57:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9tfyoJ31yyzDUvkXo2HNevYiTWcjTBvznEqItFPzbvdN6AF%2BsstMxfZAI%2Btcp0IawQKoazyDjA9O%2FLVImsIGP%2BH%2BScH4KKnuLPE0bAF7YUd%2B%2B8B8KQTJb0Xj6jSOjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf89ae62b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1095&min_rtt=1089&rtt_var=421&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2288&delivery_rate=2538124&cwnd=251&unsent_bytes=0&cid=e4c299f7618024e7&ts=160&x=0", cfL4;desc="?proto=QUIC&rtt=1208&min_rtt=795&rtt_var=371&sent=251&recv=62&lost=0&retrans=0&sent_bytes=234633&recv_bytes=26138&delivery_rate=10046994&cwnd=31200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15396&x=1", cfExtPri, cfHdrFlush;dur=2

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-regular.woff

104.21.17.177

200 OK

37 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-regular.woff

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeWeb Open Font Format, TrueType, length 36696, version 1.0

First Seen2023-05-09

Last Seen2025-08-11

Times Seen75877

Size37 kB (36696 bytes)

MD5a69e9ab8afdd7486ec0749c551051ff2

SHA1c34e6aa327b536fb48d1fe03577a47c7ee2231b8

SHA256fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
cache-control: max-age=14400
last-modified: Sat, 15 Feb 2025 07:57:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5b7quVXxjiYQJrHhPpKJ7Uhhl9XBEpFfTK605QvtHRbBFMDfxgOUFmbBzVOMPWSMrDVQSAZNgnMFR3%2FLcsXL7ghF5VLftnBOeVUJZORvcffctItJDSnCohCfRNp00w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf89be6bb523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1050&min_rtt=987&rtt_var=324&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2292&delivery_rate=2853201&cwnd=251&unsent_bytes=0&cid=6a9051bfb6d28f88&ts=157&x=0", cfL4;desc="?proto=QUIC&rtt=1208&min_rtt=795&rtt_var=371&sent=225&recv=62&lost=0&retrans=0&sent_bytes=203433&recv_bytes=26138&delivery_rate=10046994&cwnd=31200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15395&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-regular.woff2

104.21.17.177

200 OK

29 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-regular.woff2

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeWeb Open Font Format (Version 2), TrueType, length 28584, version 1.66

First Seen2023-04-09

Last Seen2025-08-11

Times Seen79509

Size29 kB (28584 bytes)

MD517081510f3a6f2f619ec8c6f244523c7

SHA187f34b2a1532c50f2a424c345d03fe028db35635

SHA2562c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
cache-control: max-age=14400
last-modified: Sat, 15 Feb 2025 07:57:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UkSBU0LcXs3qbOVpZ6EH7Lh%2BPq6ThdcnG9Y6IwV0HrSV6YHEbLUlG8GA9gmtGSH5XvasU1LD1J9dBRIEfc%2Bwd6agTXYdqyAXC3yoKBj28ZQ%2FTswR1%2BFTdxYtko6mXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf89be68b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1104&min_rtt=1101&rtt_var=420&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2292&delivery_rate=2565101&cwnd=251&unsent_bytes=0&cid=8b0eae4c0e08fe13&ts=160&x=0", cfL4;desc="?proto=QUIC&rtt=1311&min_rtt=795&rtt_var=484&sent=290&recv=63&lost=0&retrans=0&sent_bytes=279670&recv_bytes=26184&delivery_rate=3051963&cwnd=62400&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15399&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-vf.woff2

104.21.17.177

200 OK

44 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-vf.woff2

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeWeb Open Font Format (Version 2), TrueType, length 43596, version 1.0

First Seen2023-04-18

Last Seen2025-08-11

Times Seen77376

Size44 kB (43596 bytes)

MD52a05e9e5572abc320b2b7ea38a70dcc1

SHA1d5fa2a856d5632c2469e42436159375117ef3c35

SHA2563efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
cache-control: max-age=14400
last-modified: Sat, 15 Feb 2025 07:57:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2F0dOSAh4vmRNzPL8REkV4xFj9baRYc9qWOAOYf3kuiWT3W%2BOc1%2Bqic%2BvRPG32BysQcuvCqu%2F3WcWtl8ClpP7LflXcmMfqaKoDkZNPl7n22NYUHQDQvRN%2Bhc2lmBUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf89ce70b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1016&min_rtt=974&rtt_var=302&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2287&delivery_rate=2781940&cwnd=251&unsent_bytes=0&cid=53f5b1a12e37e3fc&ts=195&x=0", cfL4;desc="?proto=QUIC&rtt=1247&min_rtt=795&rtt_var=480&sent=322&recv=67&lost=0&retrans=0&sent_bytes=315823&recv_bytes=26366&delivery_rate=2275514&cwnd=85200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15472&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-vf2.woff2

104.21.17.177

200 OK

93 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/GDSherpa-vf2.woff2

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeWeb Open Font Format (Version 2), TrueType, length 93276, version 1.0

First Seen2023-05-01

Last Seen2025-08-11

Times Seen77283

Size93 kB (93276 bytes)

MD5bcd7983ea5aa57c55f6758b4977983cb

SHA1ef3a009e205229e07fb0ec8569e669b11c378ef1

SHA2566528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cache-control: max-age=14400
last-modified: Sat, 15 Feb 2025 07:57:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yXXsNCeYKkBoYw%2BI4XOCaSpgr88EVd%2Btef3t56O8uaP2qIq912ZrFQp7ywM2OVhvcB4PUxPTqtAfGz9%2BHdNkPt75c0T2QmLd1jR%2FT34P4QbS0M1VRyqgzePIUvShLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf89ce72b523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1008&min_rtt=985&rtt_var=291&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2288&delivery_rate=2850393&cwnd=251&unsent_bytes=0&cid=cb892d50ca4a791a&ts=196&x=0", cfL4;desc="?proto=QUIC&rtt=1247&min_rtt=795&rtt_var=480&sent=369&recv=67&lost=0&retrans=0&sent_bytes=371903&recv_bytes=26366&delivery_rate=2275514&cwnd=85200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15476&x=1", cfExtPri, cfHdrFlush;dur=0

GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250215T075613Z&X-Amz-Expires=300&X-Amz-Signature=776c2c9ad5451a779e96692143d22959ced4503d00eafda9d230c29ba068c9f1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.108.133

200 OK

10 kB

URL GET HTTPS

objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250215T075613Z&X-Amz-Expires=300&X-Amz-Signature=776c2c9ad5451a779e96692143d22959ced4503d00eafda9d230c29ba068c9f1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

IP / ASN

185.199.108.133

#54113 FASTLY

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeJavaScript source, ASCII text, with very long lines (10017)

First Seen2024-05-30

Last Seen2025-08-11

Times Seen35946

Size10 kB (10245 bytes)

MD56c20a2be8ba900bc0a7118893a2b1072

SHA1ff7766fde1f33882c6e1c481ceed6f6588ea764c

SHA256b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

Certificate Information

IssuerDigiCert Inc

Subject*.github.io

Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28

ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250215T075613Z&X-Amz-Expires=300&X-Amz-Signature=776c2c9ad5451a779e96692143d22959ced4503d00eafda9d230c29ba068c9f1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Sat, 15 Feb 2025 07:57:38 GMT
age: 2039
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 7
x-timer: S1739606259.579159,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2

GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

18.165.140.104

200 OK

20 kB

URL GET HTTPS

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

IP / ASN

18.165.140.104

#16509 AMAZON-02

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeWeb Open Font Format (Version 2), TrueType, length 20416, version 2.197

First Seen2023-04-17

Last Seen2025-08-11

Times Seen33744

Size20 kB (20416 bytes)

MD5d99a7377dabb55772ca9f986b0a04b57

SHA12b5fcd8431953c44e410d0489899e74f6d2cfecc

SHA256affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

Certificate Information

IssuerDigiCert Inc

Subject*.oktacdn.com

Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5

ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://58o4vtae4lk0mxniwcyt.lumpnk.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 10 Feb 2025 01:49:35 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 10 Feb 2026 01:49:35 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 f046dddea42312c0568a651a5699d67e.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: 3dYat1AKfcHTAcjJN2MoJFS0HGrK3HmPPfm2nXj0-ycopF5C2T5EvA==
age: 454084
X-Firefox-Spdy: h2

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/kluQIbd6urxwgN1WWB9pdUvvBlwNqZjigjsk0QlimudDoAqrtlTTHcohq0U9DbQ385yz230

104.21.17.177

200 OK

1.3 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/kluQIbd6urxwgN1WWB9pdUvvBlwNqZjigjsk0QlimudDoAqrtlTTHcohq0U9DbQ385yz230

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeRIFF (little-endian) data, Web/P image

First Seen2025-01-27

Last Seen2025-08-11

Times Seen31112

Size1.3 kB (1298 bytes)

MD532ca2081553e969f9fdd4374134521ad

SHA17b09924c4c3d8b6e41fe38363e342da098be4173

SHA256216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /kluQIbd6urxwgN1WWB9pdUvvBlwNqZjigjsk0QlimudDoAqrtlTTHcohq0U9DbQ385yz230 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:39 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="kluQIbd6urxwgN1WWB9pdUvvBlwNqZjigjsk0QlimudDoAqrtlTTHcohq0U9DbQ385yz230"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2kzGacighEK6BIT4dsw%2FR6vUhU7ZlHhlRH%2FPAc0YxL2%2FQaQxMHNj6xl%2FAqp3BU0o5ZtIdXD%2F3b8d2yu8CuWJg0qaV6mpXjEPwu31cOaODBebFemYJx6YTqM81oU90Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf908d1cb523-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1309&min_rtt=1194&rtt_var=423&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2268&delivery_rate=2339256&cwnd=251&unsent_bytes=0&cid=8820a83472b121b9&ts=121&x=0", cfL4;desc="?proto=QUIC&rtt=1124&min_rtt=608&rtt_var=494&sent=875&recv=143&lost=0&retrans=0&sent_bytes=931655&recv_bytes=32825&delivery_rate=556496&cwnd=163200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=16398&x=1", cfExtPri, cfHdrFlush;dur=0

GET get.geojs.io/v1/ip/geo.json

172.67.70.233

200 OK

336 B

URL GET HTTPS

get.geojs.io/v1/ip/geo.json

IP / ASN

172.67.70.233

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typetroff or preprocessor input, ASCII text, with very long lines (394), with no line terminators

First Seen2025-02-14

Last Seen2025-02-15

Times Seen251

Size336 B (336 bytes)

MD5e56fb00463e2cebbacdcdf3aeb182b16

SHA10797d8abe9123e50fd0608df5989ccf8560c9486

SHA2561e727c510a4dbde7475146c30dac73f2da170ceb722770e3b7bab500a3705d65

Certificate Information

IssuerGoogle Trust Services

Subjectgeojs.io

Fingerprint55:74:AA:F3:7A:AF:02:8B:48:DB:6E:73:EB:A1:95:20:EC:13:2D:8E

ValidityTue, 31 Dec 2024 05:30:37 GMT - Mon, 31 Mar 2025 06:30:13 GMT

HTTP Headers

GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://58o4vtae4lk0mxniwcyt.lumpnk.ru
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Feb 2025 07:57:41 GMT
content-type: application/json
x-request-id: 1f87613dcc02f47c57a742ab8ad4552a-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELTu%2BcU0B3SIHxMG9amF%2Bf6Mty%2FQDHLuvRGEu0d5Il9WJ2zqBWtrM5PRhczodaosxNOfRuSyB0r1C0LB2HQ48jntzP7CkPUaWSvVJF3QozM4hNnzOHk5sUmOxl%2B2AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 9123bf9ceb8ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=566&min_rtt=476&rtt_var=162&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3190&recv_bytes=1143&delivery_rate=5116607&cwnd=254&unsent_bytes=0&cid=9472e0bcf8a9e884&ts=129&x=0"
X-Firefox-Spdy: h2

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/klbu4iFfRDj7h41t04tjEtIIP9j35c9NbWolOOwxDUd0P1Fih2wBAIA7LvZd4C78170

104.21.17.177

200 OK

7.4 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/klbu4iFfRDj7h41t04tjEtIIP9j35c9NbWolOOwxDUd0P1Fih2wBAIA7LvZd4C78170

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeSVG Scalable Vector Graphics image

First Seen2023-05-10

Last Seen2025-04-06

Times Seen21752

Size7.4 kB (7390 bytes)

MD5bca9b46fee32162356ba5b4783e614dc

SHA1cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5

SHA256fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /klbu4iFfRDj7h41t04tjEtIIP9j35c9NbWolOOwxDUd0P1Fih2wBAIA7LvZd4C78170 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/svg+xml
content-disposition: inline; filename="klbu4iFfRDj7h41t04tjEtIIP9j35c9NbWolOOwxDUd0P1Fih2wBAIA7LvZd4C78170"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2ES3%2F2et%2FliQOv9iAKtZ32zthcpN4vBWRERhfcyejDAt1CVrrGgdrhKavLPoOf%2Bpw2f%2BTFKYfqxt%2FCOa7QqSaOL8G0NjYCOc8YOzkrVY5iNO2icMPgUHAu1qU7Fgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89de80b523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1091&min_rtt=1081&rtt_var=324&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2264&delivery_rate=2511708&cwnd=251&unsent_bytes=0&cid=31cda451b20197ff&ts=71&x=0", cfL4;desc="?proto=QUIC&rtt=2042&min_rtt=951&rtt_var=1333&sent=125&recv=47&lost=0&retrans=0&sent_bytes=95324&recv_bytes=25453&delivery_rate=2416134&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15293&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/rs8R1KDe5RyAlskUB13jgaqBAXpEwYiXIighZ9jH6MToElJ1Kokgx1Q0goncd200

104.21.17.177

200 OK

268 B

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/rs8R1KDe5RyAlskUB13jgaqBAXpEwYiXIighZ9jH6MToElJ1Kokgx1Q0goncd200

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeSVG Scalable Vector Graphics image

First Seen2023-09-01

Last Seen2025-04-05

Times Seen19072

Size268 B (268 bytes)

MD51318aafc1fb9ded0c623e5b9a557e6df

SHA10917cdd7633cd1642b02b2b785416ec7e5106dcc

SHA256d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /rs8R1KDe5RyAlskUB13jgaqBAXpEwYiXIighZ9jH6MToElJ1Kokgx1Q0goncd200 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/svg+xml
content-disposition: inline; filename="rs8R1KDe5RyAlskUB13jgaqBAXpEwYiXIighZ9jH6MToElJ1Kokgx1Q0goncd200"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzxHk0iGeX1xYYsZe2BYW9JbtA47gYQfPCadM%2FLlbJ%2Bz03keTBNVejUM%2FkQUVHR5g7m0%2Bx1t59Pe3bBGFhfOOIrYc1t%2F7L6Tm5UDmHOWukmr4hjHBKlXrUidKT1cNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89de89b523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1013&min_rtt=1009&rtt_var=292&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2261&delivery_rate=2784615&cwnd=251&unsent_bytes=0&cid=ed08b89a7acccc89&ts=74&x=0", cfL4;desc="?proto=QUIC&rtt=1800&min_rtt=951&rtt_var=1168&sent=132&recv=49&lost=0&retrans=0&sent_bytes=102472&recv_bytes=25543&delivery_rate=2692730&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15298&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/56IUnde9VNH7KAabpp0Fax8911

104.21.17.177

200 OK

27 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/56IUnde9VNH7KAabpp0Fax8911

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeASCII text, with very long lines (26765), with no line terminators

First Seen2025-02-05

Last Seen2025-05-03

Times Seen14904

Size27 kB (26765 bytes)

MD51a862a89d5633fac83d763886726740d

SHA1e5ce3aa454c992a13fd406a9647d7afbf831051f

SHA2565c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /56IUnde9VNH7KAabpp0Fax8911 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="56IUnde9VNH7KAabpp0Fax8911"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z2nvnD4LWwobHRmUEvYDfsW%2FpHLGirKB3ivHJPHfMfPGnBqIywL1xAAjTMIZlI%2BpPV0fO2mG%2FcmrChr7HKRIKIxo38vrA5ra2aENrTGp7%2BGukn%2BjhmqCyqMLFMwOnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 9123bf898e3bb523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=976&min_rtt=972&rtt_var=281&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2216&delivery_rate=2896000&cwnd=251&unsent_bytes=0&cid=f2a301742cac1a2b&ts=113&x=0", cfL4;desc="?proto=QUIC&rtt=2276&min_rtt=951&rtt_var=1644&sent=117&recv=45&lost=0&retrans=0&sent_bytes=86979&recv_bytes=25363&delivery_rate=3892808&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15253&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

104.21.17.177

200 OK

151 kB

URL User Request GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byN/A

Resource Information

File typeHTML document, ASCII text, with very long lines (52491), with CRLF line terminators

First Seen2025-02-15

Last Seen2025-02-15

Times Seen1

Size151 kB (151266 bytes)

MD59a80f39d1beccebd1ebf42105bbcdc44

SHA108db23ee0f6468fbd4b084aadd654d35425cefd1

SHA256fdd14cb90f9d8c1a5732da9166b81e7e9b74280445b92152e1011b6211c790e3

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/vXsP8/
Cookie: XSRF-TOKEN=eyJpdiI6Im1KREdENXovQ2ZxQVhHY1NKYnM5N1E9PSIsInZhbHVlIjoiNEpDaDdKU3B3RU9mWmQ2SnBlR1I4TWxUbW9oU2M2Y3Q1UGxpYjdCdy83OFlMb1FFRXl2V1F5NGk5VzNNWkxiWC9Gc2JVVlJycXp3NG5Pd1VGbGxhYmdTMXVsY1M3ZTFxRzBZTzVEVy9PUmczVTJ1WHliZ29uYnhiWVBPaXhFK3IiLCJtYWMiOiJiYmI2MTljNTlmMjQ4NTdiNjcwZGIwOGZjNjM0ZTQyMGI5NGFiY2MxMzAzYTg1MGZmYzkzYWYwNWNiMmM3Y2RmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkMrTkJLWEtjdjEyZjlpVXowbFJCeFE9PSIsInZhbHVlIjoiWTVESE5vYVk5T01vMkYvLzFkNlprTitCZjNvdjVxVk11YysyNlBwcHdhK2ZlOG42dlh3eFlHaldaZTFOVEN6anBZcWMyWm96VVR4YlQ0dmFNSEZVRm92K3pKTzFDNks0cFZoSWdra2txdUZYUm9jQmU2ckxRTEdCTjBHUitweXQiLCJtYWMiOiIwYTIyZmRkYTViNjNjNzA0ZWQyZWQ4MzRhOTAwNTMyYjc1MDZlMzRmZGY1ZTQyMjg5YjE3NTc0ZmFmYzM0NTZkIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yo%2FxJgJOpn0JQzyXfG2%2FNLB4hzPNzQnJqXLbMJfKmAjZG8PWOqsTT2RW%2FYE1I%2BBJCUJrT7V%2Fo2lTCDspLXBm476osdNnxS2Kb4X9jRjhQP6eUG5yBzZt6nO%2FR8hO%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:37 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:37 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 9123bf874c9db523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1007&min_rtt=994&rtt_var=289&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2297&delivery_rate=2847590&cwnd=251&unsent_bytes=0&cid=0595178dea53855e&ts=165&x=0", cfL4;desc="?proto=QUIC&rtt=4094&min_rtt=951&rtt_var=3528&sent=36&recv=19&lost=0&retrans=0&sent_bytes=18125&recv_bytes=7028&delivery_rate=4444&cwnd=12000&unsent_bytes=0&cid=afb585a0ead0c19f&ts=14952&x=1", cfExtPri, cfHdrFlush;dur=0

POST nyaqgasajk7o31gl2oj4xeenamvmdoxk8i6mgjjudzpu1sf4blimgitlou.nexthorizonz.ru/SGXFZqMGrhQcTKVCMjnXAWuKerTUQXHGJNETRARCXBKGKFAXFUGAPKFSOVHJNBHEPETEZVLNFVHMCPQAGrs01Zi5q15i9yz1buv36

104.21.68.248

200 OK

536 B

URL POST HTTPS

nyaqgasajk7o31gl2oj4xeenamvmdoxk8i6mgjjudzpu1sf4blimgitlou.nexthorizonz.ru/SGXFZqMGrhQcTKVCMjnXAWuKerTUQXHGJNETRARCXBKGKFAXFUGAPKFSOVHJNBHEPETEZVLNFVHMCPQAGrs01Zi5q15i9yz1buv36

IP / ASN

104.21.68.248

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeASCII text, with very long lines (536), with no line terminators

First Seen2025-01-27

Last Seen2025-08-11

Times Seen21975

Size536 B (536 bytes)

MD5b700a2408fff4601b18b91dd7b1adf0f

SHA1294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc

SHA25623731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6

Certificate Information

IssuerGoogle Trust Services

Subjectnexthorizonz.ru

Fingerprint9C:B2:D1:14:A9:D9:8F:E7:CB:00:FF:4C:D0:E6:92:32:FC:4C:61:13

ValidityThu, 23 Jan 2025 22:26:54 GMT - Wed, 23 Apr 2025 23:24:21 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /SGXFZqMGrhQcTKVCMjnXAWuKerTUQXHGJNETRARCXBKGKFAXFUGAPKFSOVHJNBHEPETEZVLNFVHMCPQAGrs01Zi5q15i9yz1buv36 HTTP/1.1
Host: nyaqgasajk7o31gl2oj4xeenamvmdoxk8i6mgjjudzpu1sf4blimgitlou.nexthorizonz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 103
Origin: https://58o4vtae4lk0mxniwcyt.lumpnk.ru
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Feb 2025 07:57:42 GMT
content-type: text/plain; charset=utf-8
vary: Origin
access-control-allow-origin: https://58o4vtae4lk0mxniwcyt.lumpnk.ru
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AG6QHV0hFh30Qd0%2BwIaMhkDl%2BV5ZjTr04JmZ1aFC6l%2FsKS29sqw%2BGZbfR300t8Y%2Bw1AaxqFdigHIzh%2Bt6XdaGbDJY41XFQdcYeH0LeLDqCt5K4f%2FCWpSEXd3HyO54oCEBmtkbHDeXKLcZttK4t6iQvyccILGzVhdPfek9AygTE%2BXAv%2B%2FF0XCrLeM3wG8SMEtEvcRb9LF4vgW5ONSgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9123bf9e5d8156c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=513&min_rtt=448&rtt_var=113&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3208&recv_bytes=1408&delivery_rate=7227953&cwnd=253&unsent_bytes=0&cid=2d1ad384b3c4fd1f&ts=767&x=0"
X-Firefox-Spdy: h2

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/abcx0EmxMxz5yrsxgh30

104.21.17.177

200 OK

36 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/abcx0EmxMxz5yrsxgh30

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeASCII text, with CRLF line terminators

First Seen2025-01-27

Last Seen2025-08-11

Times Seen34711

Size36 kB (35786 bytes)

MD538501e3fbbbd89b56aa5ba35de1a32fe

SHA1d9b31981b6f834e8480ba28fbc1cff1be772f589

SHA256a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /abcx0EmxMxz5yrsxgh30 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="abcx0EmxMxz5yrsxgh30"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbKlCw81S4gk5aWHlgk0%2BGbQWHuYIwHmB06ld%2F%2BDvIdQuuWSww1uU4XZwZZDenr7PkcQULcdDZ9yBmyOFc4ckWk2a%2BMYM%2FK4vPi5SnlRJgplRR%2F%2BJQg2cQKzThi6GA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 9123bf898e42b523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1042&min_rtt=978&rtt_var=325&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2210&delivery_rate=2590339&cwnd=251&unsent_bytes=0&cid=4ae621687274998c&ts=117&x=0", cfL4;desc="?proto=QUIC&rtt=2158&min_rtt=951&rtt_var=1470&sent=121&recv=46&lost=0&retrans=0&sent_bytes=91334&recv_bytes=25408&delivery_rate=28043&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15290&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/efy7VqR4EKUfTdVMB43juij4GQvDbIr94Ia8a8dI90150

104.21.17.177

200 OK

270 B

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/efy7VqR4EKUfTdVMB43juij4GQvDbIr94Ia8a8dI90150

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeSVG Scalable Vector Graphics image

First Seen2023-05-12

Last Seen2025-04-06

Times Seen19857

Size270 B (270 bytes)

MD50c09c5ea7c28d6feb4d124957dde0a0d

SHA11b9efde2d8f0e2a3d9d5315117e597c2d622fc5e

SHA256b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /efy7VqR4EKUfTdVMB43juij4GQvDbIr94Ia8a8dI90150 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/svg+xml
content-disposition: inline; filename="efy7VqR4EKUfTdVMB43juij4GQvDbIr94Ia8a8dI90150"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sqgF5acZnQBNN4ZjBwb%2B0DWs1ydtyXg%2BiGYXGTPyzx9LH1Px75x%2FVVUO7GT2hSm4vqKBVYbJ7f53O3KvW6816dZlE4e8vxHKXPyP1YLZ6ekiSo6ox3YgHw%2BkQjHT7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89de7fb523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1000&min_rtt=990&rtt_var=287&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2242&delivery_rate=2850393&cwnd=251&unsent_bytes=0&cid=3c7528bf381b8433&ts=73&x=0", cfL4;desc="?proto=QUIC&rtt=1909&min_rtt=951&rtt_var=1267&sent=131&recv=48&lost=0&retrans=0&sent_bytes=101432&recv_bytes=25498&delivery_rate=2423857&cwnd=28800&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15295&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/wxTxWk0oPKKLO1ylrSy2JJI7Jopl9FCfejbcq6wJ1m9heqc68h1fd7W90180

104.21.17.177

200 OK

2.9 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/wxTxWk0oPKKLO1ylrSy2JJI7Jopl9FCfejbcq6wJ1m9heqc68h1fd7W90180

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeSVG Scalable Vector Graphics image

First Seen2023-05-07

Last Seen2025-04-06

Times Seen22460

Size2.9 kB (2905 bytes)

MD5e924de0d471df54b6280f3dc8b187cb8

SHA1857f03226070b502a9e06b4249710ec10be4c9e9

SHA25624ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wxTxWk0oPKKLO1ylrSy2JJI7Jopl9FCfejbcq6wJ1m9heqc68h1fd7W90180 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: image/svg+xml
content-disposition: inline; filename="wxTxWk0oPKKLO1ylrSy2JJI7Jopl9FCfejbcq6wJ1m9heqc68h1fd7W90180"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lvTz2ovSppw1ShcdNttYryofnH%2FTCYE8VkWuYH2%2BubLNGnCzQi1Slioi8tGj%2Fzdz%2BCoNA0i7uZ%2FA6au7v%2FhRnGaBH5X9drG8m64OkYJbrtsf41lhWmRDt6YCSenm3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf89de87b523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1009&min_rtt=1005&rtt_var=386&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2257&delivery_rate=2773946&cwnd=251&unsent_bytes=0&cid=2f332e79713b291d&ts=117&x=0", cfL4;desc="?proto=QUIC&rtt=1497&min_rtt=951&rtt_var=489&sent=184&recv=55&lost=0&retrans=0&sent_bytes=162381&recv_bytes=25817&delivery_rate=9364566&cwnd=31200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15341&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/mnf1fNh3MxvlTl2BJanhrWrvzzqklyTTHrhZHcquqXaT9z4be7OD2bgk0uubYVJuv213

104.21.17.177

200 OK

1.9 kB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/mnf1fNh3MxvlTl2BJanhrWrvzzqklyTTHrhZHcquqXaT9z4be7OD2bgk0uubYVJuv213

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeSVG Scalable Vector Graphics image

First Seen2023-05-02

Last Seen2025-04-06

Times Seen21399

Size1.9 kB (1864 bytes)

MD54b5c228b4faba433d06ec569ed855b2d

SHA1a7d3882b93e332460e7c59510a6a811ef011983f

SHA256eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mnf1fNh3MxvlTl2BJanhrWrvzzqklyTTHrhZHcquqXaT9z4be7OD2bgk0uubYVJuv213 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:39 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mnf1fNh3MxvlTl2BJanhrWrvzzqklyTTHrhZHcquqXaT9z4be7OD2bgk0uubYVJuv213"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rsdQAYWp1JstdixjR1UFr2DpiENVVnUpOnDMcKyFqzbvIYXo81crmVgQL%2Fhb%2FX20nvnVWsAc4i%2B%2BtSZ0SsIZwvWzTfFgcFHDkKspiyIWn40J7lxuhsK4WckNIoLctg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 9123bf908d1ab523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1108&min_rtt=1101&rtt_var=324&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2265&delivery_rate=2496551&cwnd=251&unsent_bytes=0&cid=fc0b1ee93de4ee36&ts=77&x=0", cfL4;desc="?proto=QUIC&rtt=967&min_rtt=608&rtt_var=240&sent=873&recv=142&lost=0&retrans=0&sent_bytes=930074&recv_bytes=32779&delivery_rate=23716&cwnd=163200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=16346&x=1", cfExtPri, cfHdrFlush;dur=0

GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

18.165.140.104

200 OK

223 kB

URL GET HTTPS

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

IP / ASN

18.165.140.104

#16509 AMAZON-02

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeN/A

First Seen0001-01-01

Last Seen2025-08-11

Times Seen5764723

Size223 kB (222931 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Information

IssuerDigiCert Inc

Subject*.oktacdn.com

Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5

ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Wed, 29 Jan 2025 17:13:28 GMT
expires: Thu, 29 Jan 2026 17:13:28 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f046dddea42312c0568a651a5699d67e.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: G5VLlzGWhyAy2SXFz-RnXQzg8TBnpwKNRTwU5-TXoHdDHbBsEQ0Krg==
age: 1435450
X-Firefox-Spdy: h2

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/favicon.ico

104.21.17.177

404 Not Found

0 B

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/favicon.ico

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeN/A

First Seen0001-01-01

Last Seen2025-08-11

Times Seen5764723

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6IkNlbnoxNHQ3RndsdFlVSXNtejRDNXc9PSIsInZhbHVlIjoicGtWeDhKZXF4R0wveCtMeEhTcE1GRUtyMm9mRXdSMU95eGN5OWsxcjJ4dk5CTWhvRVhxbXVhUUw1S0hjNFltYnlRZWNBL013Q1pxenBRRU9adkpIbHBwb09jQ0wxNEo5MnYwN0lUU2JQWEZFcS9NaVBBU3FSbURUa0ZFMHNmc1ciLCJtYWMiOiI2MjExYzk5OTdhNmFmMTdmZGRiMjlhZTkxMDlkN2NjZjk5NzZkYjkxMzAxNDg4MDU4OTY4NWY4MzdhMjljOGJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktHelg2ZG00MGRkQ3FKME9CenN0dXc9PSIsInZhbHVlIjoiOUhyMS9Xak8wMlEzNlAzYTY3dXh0V2xHdlRFaW1Cc1pOV0FMS21CZHRNVGFEaUpvM3M1ZkpvQi9GckFCckhWMHpENDdqcGdQZjFCQUs2VExHNEw5cW1sM28zNEZsa0dtcE9pQ0pKbFJGVUhWNWJGNHRrVGFRSW9hTzlCY3p0dU0iLCJtYWMiOiI1MDIyOWM0ZDkzZjVlNzlmMTZkMmNkN2MzYWYxNjYwZTg4M2Q3MjMwYWMyYzU5MDM1NjdhODBjYmIxNDY0NDA3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 15 Feb 2025 07:57:40 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwIqdXh2z1IDp9jY4%2FLSJwIotZZeuPA9HcRQHqQdFWKs7uhCkO3VLpTSyL7TsXJrDoy9GnXHHrhehhU2KJwvUsmlCyuEnfGur4KB1QMUr4EPAmWQVPA%2BRwabthY%2FYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 3
priority: u=6,i=?0
server: cloudflare
cf-ray: 9123bf955978b523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1048&min_rtt=1039&rtt_var=310&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2123&delivery_rate=2632727&cwnd=251&unsent_bytes=0&cid=3072ce4e9b91a599&ts=115&x=0", cfL4;desc="?proto=QUIC&rtt=1114&min_rtt=608&rtt_var=390&sent=878&recv=145&lost=0&retrans=0&sent_bytes=933890&recv_bytes=33836&delivery_rate=1327376&cwnd=163200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=17003&x=1", cfExtPri, cfHdrFlush;dur=0

GET 58o4vtae4lk0mxniwcyt.lumpnk.ru/56jWe9xX9EuBLgbg1CM8oijbZdcjE1lUnVT89110

104.21.17.177

200 OK

4.8 MB

URL GET HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/56jWe9xX9EuBLgbg1CM8oijbZdcjE1lUnVT89110

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeN/A

First Seen0001-01-01

Last Seen2025-08-11

Times Seen5764723

Size4.8 MB (4756466 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

HTTP Headers

GET /56jWe9xX9EuBLgbg1CM8oijbZdcjE1lUnVT89110 HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:38 GMT
content-type: application/javascript
content-disposition: inline; filename="56jWe9xX9EuBLgbg1CM8oijbZdcjE1lUnVT89110"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=98jeBmbL3dDp1k5BuzDww8lXFttDHP8jqlbaD1fJtiVmQ16OClItpNlWKYyqFiXZIsKZYdD0RwFDJpOCCfwZizKnwt4jvgpogLJDjpgxtKMPE0iUAljCGEBaxh2w2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf89ee97b523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1037&min_rtt=1033&rtt_var=395&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2201&delivery_rate=2716697&cwnd=251&unsent_bytes=0&cid=648050f6df2f414a&ts=111&x=0", cfL4;desc="?proto=QUIC&rtt=1456&min_rtt=951&rtt_var=342&sent=205&recv=57&lost=0&retrans=0&sent_bytes=184574&recv_bytes=25909&delivery_rate=1932845&cwnd=31200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=15347&x=1", cfExtPri, cfHdrFlush;dur=0

POST 58o4vtae4lk0mxniwcyt.lumpnk.ru/gwcXTitdENnD8gVOs3yiHE0S4vTZ7PC7dnqJLl3Yxl9T7QAE1w

104.21.17.177

200 OK

2.8 kB

URL POST HTTPS

58o4vtae4lk0mxniwcyt.lumpnk.ru/gwcXTitdENnD8gVOs3yiHE0S4vTZ7PC7dnqJLl3Yxl9T7QAE1w

IP / ASN

104.21.17.177

#13335 CLOUDFLARENET

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typetroff or preprocessor input, ASCII text, with very long lines (2848), with no line terminators

First Seen2025-02-13

Last Seen2025-02-19

Times Seen251

Size2.8 kB (2835 bytes)

MD530edd40408b51029c5cf835c32db1990

SHA1eb9b897447719b5e073c400839ae65153cb56ad4

SHA2561748c9c983c310b0e3f1f2e7df53ada32aef4867b015a7607c1f2a28506939ea

Certificate Information

IssuerGoogle Trust Services

Subjectlumpnk.ru

Fingerprint8A:5D:29:76:89:6D:FB:90:14:A3:2F:87:70:15:30:DE:66:1F:44:FB

ValidityFri, 17 Jan 2025 17:08:07 GMT - Thu, 17 Apr 2025 18:06:38 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /gwcXTitdENnD8gVOs3yiHE0S4vTZ7PC7dnqJLl3Yxl9T7QAE1w HTTP/1.1
Host: 58o4vtae4lk0mxniwcyt.lumpnk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://58o4vtae4lk0mxniwcyt.lumpnk.ru
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5aXEvdWVQTkJINkZXQldkNHIxYkE9PSIsInZhbHVlIjoiOWRYekptNksrQWRhWDJjRG9yTjZLUXpLb3N6eG5ORHc3cDN1WURuSDkwQUNwNHJkVEMxdTFrcHIxZ3lYQnd0WStibGQrVUl4T3ltclZGcGliRDQ2YlFKdWNmYVlCMEpoRE43Uy9zbU5EalNRWXFzUWNhQUhDN3E4dHlKVkI2ZDYiLCJtYWMiOiIwODk3ODk3NTg0YzdjMTc2MzRjOTc4NGFkMTVkNzU4YmRkZDYxOTIxZjhlNTQ0YTVjNDEwMWE1YmFmNTlkM2VjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZuZDFvbTBEajQ2eGFtQ3lTNm5DRlE9PSIsInZhbHVlIjoiZ0phQUxuNCtGMHhXQ2NucnQvNmFRdU1JOStmbnN4eGYra3ZyRnpaWjZWTUd4VDZ0cmp4VVBVTmtBdHgwUDlYWG52RzNiRjM2MUxMM3hHUEExMXJERWQrcnB1bGdvaXBzN2xwcUdLWmh2VkdXNlZMTjdaVWlnWGh1V3JicVZNU2UiLCJtYWMiOiJlOGJlMjUxMGVkODU4ZWQwNDNhZTAzMWUzMTYxMzBjZGRhYzM2ZmNkMDA5MjUyZDNlZjE4NjQyMGEyYjY2MDgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Feb 2025 07:57:39 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n9vw6D2N6D%2BY%2FtmZsGGJffrNI3Kxm5o3LIdgdWSxD4OLlO8ctNx9y37uyXjPM5EfB3J1jJDX8X4%2Bdcxwp0Zyp6dO9EWI3H96PAWhdZdjEgmKiJxJMCvUB5wlIa2iYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkNlbnoxNHQ3RndsdFlVSXNtejRDNXc9PSIsInZhbHVlIjoicGtWeDhKZXF4R0wveCtMeEhTcE1GRUtyMm9mRXdSMU95eGN5OWsxcjJ4dk5CTWhvRVhxbXVhUUw1S0hjNFltYnlRZWNBL013Q1pxenBRRU9adkpIbHBwb09jQ0wxNEo5MnYwN0lUU2JQWEZFcS9NaVBBU3FSbURUa0ZFMHNmc1ciLCJtYWMiOiI2MjExYzk5OTdhNmFmMTdmZGRiMjlhZTkxMDlkN2NjZjk5NzZkYjkxMzAxNDg4MDU4OTY4NWY4MzdhMjljOGJjIiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:39 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IktHelg2ZG00MGRkQ3FKME9CenN0dXc9PSIsInZhbHVlIjoiOUhyMS9Xak8wMlEzNlAzYTY3dXh0V2xHdlRFaW1Cc1pOV0FMS21CZHRNVGFEaUpvM3M1ZkpvQi9GckFCckhWMHpENDdqcGdQZjFCQUs2VExHNEw5cW1sM28zNEZsa0dtcE9pQ0pKbFJGVUhWNWJGNHRrVGFRSW9hTzlCY3p0dU0iLCJtYWMiOiI1MDIyOWM0ZDkzZjVlNzlmMTZkMmNkN2MzYWYxNjYwZTg4M2Q3MjMwYWMyYzU5MDM1NjdhODBjYmIxNDY0NDA3IiwidGFnIjoiIn0%3D; expires=Sat, 15-Feb-2025 09:57:39 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 9123bf904ccdb523-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1209&min_rtt=1203&rtt_var=350&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2427&delivery_rate=2331723&cwnd=251&unsent_bytes=0&cid=474e4e175f420819&ts=77&x=0", cfL4;desc="?proto=QUIC&rtt=908&min_rtt=608&rtt_var=163&sent=869&recv=141&lost=0&retrans=0&sent_bytes=927165&recv_bytes=32733&delivery_rate=6921252&cwnd=163200&unsent_bytes=0&cid=afb585a0ead0c19f&ts=16302&x=1", cfExtPri, cfHdrFlush;dur=0

GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

18.165.140.104

200 OK

10 kB

URL GET HTTPS

ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

IP / ASN

18.165.140.104

#16509 AMAZON-02

Requested byhttps://58o4vtae4lk0mxniwcyt.lumpnk.ru/CRNOLQVJWXGWRHCOAETdwxrppwftgfvksjlmeybstwjMEWB6XIN58DO33VLOWUYNVB1?AZAKKWBHNAZKGQPGVILBVYRJW

Resource Information

File typeASCII text, with very long lines (10450)

First Seen2024-03-14

Last Seen2025-08-11

Times Seen34301

Size10 kB (10498 bytes)

MD5e0d37a504604ef874bad26435d62011f

SHA14301f0d2b729ae22adece657d79eccaa25f429b1

SHA256c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179

Certificate Information

IssuerDigiCert Inc

Subject*.oktacdn.com

Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5

ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

HTTP Headers

GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://58o4vtae4lk0mxniwcyt.lumpnk.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 31 Jan 2025 02:19:39 GMT
expires: Sat, 31 Jan 2026 02:19:39 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f046dddea42312c0568a651a5699d67e.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: TuvhPMMsKzZWij-hoFPNkZM05pJb0ueN9MtdpusTf4FaJdVqPe9kIw==
age: 1316279
X-Firefox-Spdy: h2