Report - artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0

Report Overview

Visited public
2025-04-25 22:17:19
Tags
microsoft phishing suspicious tycoon
URL
artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0
Finishing URL
lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
IP / ASN
103.253.27.80
#6939 HURRICANE
Title
Safe Account Login
Phishing - Microsoft
Phishing - Generic phishing
Suspicious - Anti-debugging code
Phishing - Tycoon Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-04-23	937 B	97 kB	104.18.95.41
3tfnt.tjdneho.es	unknown	unknown	2025-04-25	2025-04-25	487 B	275 B	104.21.33.142
code.jquery.com	634	2005-12-10	2012-05-21	2025-04-23	1.3 kB	270 kB	151.101.194.137
github.com	1423	2007-10-09	2016-07-13	2025-04-23	474 B	15 kB	140.82.121.4
upload.wikimedia.org	2215	2003-03-16	2012-05-21	2025-04-24	1.1 kB	19 kB	185.15.59.240
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-04-23	909 B	11 kB	185.199.110.133
artisanglobaltour.com	unknown	2023-11-14	2025-04-24	2025-04-24	1.0 kB	1.3 kB	103.253.27.80
lyncutoroatingloardacentr.dbrchj.ru	unknown	2025-04-09	2025-04-24	2025-04-24	36 kB	5.5 MB	104.21.80.1
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-23	1.4 kB	148 kB	104.17.24.14
get.geojs.io	17418	2017-02-18	2017-03-30	2025-04-22	527 B	1.5 kB	104.26.1.100
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-04-22	2.1 kB	268 kB	3.167.2.64
fcg9ygmavjdzwhz8ykegl0wwmdbwgfblrexl97kp2sx2hcoacad4qc.iuhqpa.es	unknown	unknown	2025-04-25	2025-04-25	700 B	867 B	104.21.47.37

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-25 22:17:05	medium	Client IP	104.26.1.100	ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-25	medium	iuhqpa.es	Sinkholed

ThreatFox

No alerts detected

JavaScript (29)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:30 Times Seen205587 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	ScriptElement	770 B	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 29c5a213d854d34c644670d10662dd71 7fa06e81e359c9aeb4389101555f089bd278445c afa68fb70fdc3433087dbbd887ae1cacd15c67b435c0bab4aada3c55bfde2ed9 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:30 Times Seen92689 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	Eval	13 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash e8bbcd19ea6c45d543ec6c2f61911dcc c6cc78fe7403de83d8cdd0799768cbbc83d60502 2027f21c6d36b2f67a0ea704bf8324b8efdaefd75e7fce57791fcf25372d682f Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	ScriptElement	14 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 3fbc7431820b453e385b3982107094dc d30d0e14eb04e0b9dfc203f415202aa3f3dd4b82 ab1ab9cf7c627f7e129b75c3c343fc79e7377616cb1c7ba78026a1568800f0ef Loading...

	artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0	ScriptElement	221 B	2025-04-25	2025-04-27
Pretty URL artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0 IP 103.253.27.80 ASN #6939 HURRICANE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-25 20:47 Last Seen2025-04-27 19:36 Times Seen99 Hash aa0fa06dd585eeac1953ca0c3b593cec 95f47030d243242a2eb69fe2f43094c14a715ef2 d0bb4e4b2a2f5753e34cfd42bcfdb9ab0f40896e9cd7460310aa9dfdba733c44 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	ScriptElement	4.0 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 1ae1dbf2a412d7100c640637c624993e 513d1a86780944f98bae8644099cc9114789bc85 7f9f3b67d7bc53c6b1a8c8fbb27ce8f4bc1ccbeeca3404c7f076818e268db1cd Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:30 Times Seen205587 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	Eval	1.7 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 1215241d67b930c58a1b3c2d2314f691 1f16ece1141086bdbc9ce39a12b59c1115da1ad6 8b32e52a6ee0e5611923bba90911b4b10c62a2b9aa5252c99813436370839526 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	Eval	2.5 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash f7f14859fc5cc11c9035efce06f24d47 de469ed4ca55875b720861a7508ba5493fb1d9d9 21708ff98e7c2b2f1d10133061485f4c9b49a959d24294aa3a8abf7b3666f135 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	ScriptElement	2.1 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 6efc278745a831a8cbb86485cf5a0e86 a493b76af742fe874b6b1676f17bb42b1530453c b0b6f14bd28c87fd01eee0b158ccf97367c93f76e873101ba8212c494a246f91 Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-05-08
Pretty URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP 140.82.121.4 ASN #36459 GITHUB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 22:56 Last Seen2025-05-08 23:46 Times Seen18400 Hash 6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	Eval	197 kB	2025-03-19	2025-05-03
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-05-03 07:23 Times Seen3899 Hash 6c3e12f3c6adef6b7fd961c67dbe3da8 d009941f0f482ec59da4cd9676d51da21c52a5af aae52996a7f7c8d8777e467eeff0725581388f05ac914b823ac037a1d236e72a Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 03:30 Times Seen205587 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:30 Times Seen92689 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	Function	1.8 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 44ace31599bf5cbb8f5c41e43f7b19d7 baf8f50baacfeb4779be941cab596268fa42d42d 3c04e58b5f950aa8e63f382021b49dc977987b526a0be89f9558aa763ff3b3eb Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	ScriptElement	2.5 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 1120840d09bc69bdb6027be3a9a7ae02 92edbd10d27cda7d663ed228b8725a441b116910 c00c2c269b1448993ffe6e2ebf6b0c9e40ad75a4fc98f3c4e892f5180db19d8e Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	ScriptElement	2.4 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 62c48111d6db3626072e765074fbcae4 6d22115262f6e99fefb5acc69a08b8e74a727314 a1ac59a02405025a48fbe04554cdc128cb8ad92d86079b7b66b736ecc368328d Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	ScriptElement	19 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 8f92f45096cb589030dc9ad5ef2681db 3c8a6223787088f853b7e3318c36de4ef7306448 93c1611df676bff64c516dd808fcd34a7260e30ac806bbe2258ef362b1188e3b Loading...

	lyncutoroatingloardacentr.dbrchj.ru/56FF3D4Gm8v4X6l6GsNhz387ghddy41HZbocmrCq67102	ScriptElement	4.7 MB	2025-04-10	2025-05-03
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/56FF3D4Gm8v4X6l6GsNhz387ghddy41HZbocmrCq67102 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-10 22:15 Last Seen2025-05-03 07:23 Times Seen2221 Hash ca3ca7562ec5ea601ef4ac3e47292ab9 2bc20b77988d21cec0b74792084d970b9147ae1c ac9ee48c9540af0598df1fa9c26625d786fd203aca90cbff28d397d51d1e4594 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	ScriptElement	48 kB	2025-04-15	2025-04-29
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-15 18:27 Last Seen2025-04-29 19:54 Times Seen4232 Hash 3ed4ab6463fdabe2783a7a7828e94177 c80f67f86421dd2c071d5abc70337877db648266 91ce8bcef253fa49b7bbec10fa3c456261336414caa9da52e94988b6a44d1780 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	ScriptElement	4.4 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash b7e803f0e1810f518da408e11b0e17a9 2146c3278846ad7994f7da3890ecbcdba6925ddd 9cae041c66d42cd0f25ec206ef06c3d3b3930bb800b5a8d24ff6ebf7feca255f Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-09
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:30 Times Seen92689 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	ScriptElement	136 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 7ff23f2e93fac72545f2389411d233eb 7867a1b35b4ca7b5fcf711a4086fb4410583b39e 16bc108c3a5711e04eff46d45d1e7a18b43e5d910609230cab86d149831c29b1 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net	ScriptElement	39 kB	2025-04-25	2025-04-25
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 8944b94a5e095014aa2437cd0211f795 05a1037f7fc39c99f6f2aef0606051f005620fdc 513e2cd0f5de8f8be103e1f51022fdec9416cee3876ff8346c39d50f6316e9e2 Loading...

	lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL	Eval	148 kB	2025-03-19	2025-05-03
Pretty URL lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-05-03 07:23 Times Seen3889 Hash 8970b928fbfc88d2a9e4ec87364781b9 a377b962b64905bf923db1b1ec2661519991aca4 5b48fe8776491e5d298044f7bcbe5f875074fa22cda01bcbb9396ee2a3051cb1 Loading...

		Size	First Seen	Last Seen
	#1 Write - a376a37c42be86576f742d824e4bb382	56 kB	2025-04-25 22:17	2025-04-25 22:17
Pretty Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash a376a37c42be86576f742d824e4bb382 6e576b8eb3b38f6bd3d36fe6beb0f70be0415c02 76befbab1cfb7448f7005995626403ee329ffe53566380da21ec9e48ba9a16f7 Loading...

	#2 Write - 8fd95c04f85ba1cdf0f318577342a2f9	7.0 kB	2025-04-25 22:17	2025-04-25 22:17
Pretty Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 8fd95c04f85ba1cdf0f318577342a2f9 f6fc7dbbf4ce59ab87362db211e987371fd84fb5 3744655c1630ea295e27200d9d10d08946f5448f3989e96b45adcb1c7112ef66 Loading...

	#3 Write - 3d01e7413ef193b2d4ab1459042389ef	100 kB	2025-04-25 22:17	2025-04-25 22:17
Pretty Observations First Seen2025-04-25 22:17 Last Seen2025-04-25 22:17 Times Seen1 Hash 3d01e7413ef193b2d4ab1459042389ef 8553473fd2238b2f480944c15fa1aa094d3f7a78 67c1577fb8895950471d79cbcdb27c0809ae5fa4dc709ff57419d9c2c152e18b Loading...

HTTP Transactions (49)

URL IP Response Size

3tfnt.tjdneho.es/chiriya!95mca

104.21.33.142

200 OK

1 B

URL GET
3tfnt.tjdneho.es/chiriya!95mca
IP
104.21.33.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjecttjdneho.es
FingerprintCA:FE:EA:B5:49:8A:45:2A:64:6E:D6:53:F1:6F:3D:E0:2A:ED:AB:BE
ValidityFri, 11 Apr 2025 23:12:18 GMT - Fri, 11 Jul 2025 00:10:03 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /chiriya!95mca HTTP/1.1
Host: 3tfnt.tjdneho.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Origin: https://lyncutoroatingloardacentr.dbrchj.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 22:17:00 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 9361353cbbc656a2-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/xylox4T06UANnpqJhixgh21

104.21.80.1

200 OK

36 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/xylox4T06UANnpqJhixgh21
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
ASCII text, with CRLF line terminators
Size
36 kB (35786 bytes)
Hash
38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /xylox4T06UANnpqJhixgh21 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9361354dcb33b4ed-OSL
server: cloudflare
content-disposition: inline; filename="xylox4T06UANnpqJhixgh21"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fNK%2Bk6YOH3XnS97AFVodMQP2iay93lzugeaunbr%2B4EO2kH8Q1Am4j%2BBkdoxLYoD%2FMDgr9M43rifIu%2FAabXOt6taepxbN4HaTcu3NfdHwMbCGaEbDp324h0pltzzi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=334&min_rtt=314&rtt_var=127&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2201&delivery_rate=8986666&cwnd=252&unsent_bytes=0&cid=03b32c844ac9fca1&ts=164&x=0", cfL4;desc="?proto=QUIC&rtt=1729&min_rtt=1070&rtt_var=582&sent=423&recv=143&lost=0&retrans=0&sent_bytes=373502&recv_bytes=30974&delivery_rate=18000&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13469&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-vf.woff2

104.21.80.1

200 OK

44 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-vf.woff2
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf.woff2"
cf-cache-status: HIT
age: 4347
last-modified: Fri, 25 Apr 2025 19:20:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7bGRwjV7yT8%2BM20VoT%2B8sixXB1B626seQwkVTxpykRIm27wRbqUQ1txhNGq5oMusWvPhG3pfqaHJmI6bRd0AiBfwGNSlynvmAiihFKHOzjPPHf8%2BZYIjkFhYuiM9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=268&min_rtt=256&rtt_var=120&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2268&delivery_rate=11488636&cwnd=252&unsent_bytes=0&cid=d971848bd4e78096&ts=15&x=0", cfL4;desc="?proto=QUIC&rtt=1930&min_rtt=1070&rtt_var=818&sent=280&recv=132&lost=0&retrans=0&sent_bytes=213570&recv_bytes=24802&delivery_rate=8264637&cwnd=96000&unsent_bytes=0&cid=a5ea826875ae9378&ts=13122&x=16"
cache-control: max-age=14400
cf-ray: 9361354ddb3bb4ed-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 9361354dcc617129-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1285932
expires: Wed, 15 Apr 2026 22:17:02 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sFEsKxwoPMUYkBo3DbC2p4tBAzoOkgeeSNxmX%2BNe12GP735nzH74rBk816bbhe4Qp4VzXHiPGXwk1HxZyDKKA9BV8Qn4lbPEGDTaaTR9Vc15IMiOrSrLBGDosz0LWUxYCxYCiA%2Bs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

lyncutoroatingloardacentr.dbrchj.ru/120kJQabYHm8920

104.21.80.1

200 OK

27 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/120kJQabYHm8920
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
ASCII text, with very long lines (26765), with no line terminators
Size
27 kB (26765 bytes)
Hash
1a862a89d5633fac83d763886726740d
e5ce3aa454c992a13fd406a9647d7afbf831051f
5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /120kJQabYHm8920 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9361354dcb32b4ed-OSL
server: cloudflare
content-disposition: inline; filename="120kJQabYHm8920"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HXDCXNsPd%2BWv7u9FNeIx23I4pnlXK%2BWndqmkuRdzGUmtNhTm8Vah%2FqnrF7J9hBLwBYD32XM5V4hzbwCgZWAuR4JSGhPHSktJZIQZ%2BcD60gEpDMwnePUyug7itqqG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=449&min_rtt=358&rtt_var=152&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2193&delivery_rate=8753246&cwnd=252&unsent_bytes=0&cid=3a28de7be6246f6e&ts=162&x=0", cfL4;desc="?proto=QUIC&rtt=1795&min_rtt=1070&rtt_var=602&sent=419&recv=142&lost=0&retrans=0&sent_bytes=369220&recv_bytes=30929&delivery_rate=8093517&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13376&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/mnjRpi8H7HVgKEIABZX8klPdyhpTMOF32YPuvgG390150

104.21.80.1

200 OK

270 B

URL GET
lyncutoroatingloardacentr.dbrchj.ru/mnjRpi8H7HVgKEIABZX8klPdyhpTMOF32YPuvgG390150
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /mnjRpi8H7HVgKEIABZX8klPdyhpTMOF32YPuvgG390150 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/svg+xml
cf-ray: 9361354dfb41b4ed-OSL
server: cloudflare
content-disposition: inline; filename="mnjRpi8H7HVgKEIABZX8klPdyhpTMOF32YPuvgG390150"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w5UlL2cxme1iPhKOS2hbNlY60%2BCnT72WYmXSfSeX4vbyy6s%2F10rq1SfgdGmD72XInEux%2BtwLNWlQF9QOksxIfzWBVuq6AJBcB7Mam7H88Cr2fw9ZP5n6121effH0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15457&min_rtt=15430&rtt_var=4355&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2230&delivery_rate=261561&cwnd=252&unsent_bytes=0&cid=251ab49a012b65e9&ts=198&x=0", cfL4;desc="?proto=QUIC&rtt=1486&min_rtt=1070&rtt_var=391&sent=452&recv=149&lost=0&retrans=0&sent_bytes=400320&recv_bytes=31246&delivery_rate=1471745&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13558&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 25 Apr 2025 22:17:01 GMT
age: 4288625
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1064775
x-timer: S1745619421.077392,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.4

302 Found

10 kB

URL GET
github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
140.82.121.4:443
ASN
#36459 GITHUB

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
10 kB (10245 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250425T221702Z&X-Amz-Expires=300&X-Amz-Signature=ededfcff81f0a7524472f327e4099661e857d4242faa1bede4079a6cd78b1c9e&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 8A0E:5788F:3AE14DD:3C4EF0F:680C09DE
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/klqdXNNe5IFWEaLLBmYOfxRxssAMg3cdM4LYKipzAQbszW156169

104.21.80.1

200 OK

7.4 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/klqdXNNe5IFWEaLLBmYOfxRxssAMg3cdM4LYKipzAQbszW156169
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7390 bytes)
Hash
b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /klqdXNNe5IFWEaLLBmYOfxRxssAMg3cdM4LYKipzAQbszW156169 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/svg+xml
cf-ray: 9361354dfb40b4ed-OSL
server: cloudflare
content-disposition: inline; filename="klqdXNNe5IFWEaLLBmYOfxRxssAMg3cdM4LYKipzAQbszW156169"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwRPWXPMtMnkUZUPGh1%2BMU%2FNUZvp9m93MI5Z4tqunioJCr5mXjkEdn16rGdQ2JqFbjl9SXt0zzr0tTDU%2Boypq1mvCPZAYUBcBr0iCp9SSLPR%2BgljRE1%2BR7br%2FIyw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=356&min_rtt=294&rtt_var=129&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2237&delivery_rate=12598130&cwnd=252&unsent_bytes=0&cid=46354821c81bd111&ts=168&x=0", cfL4;desc="?proto=QUIC&rtt=1651&min_rtt=1070&rtt_var=368&sent=438&recv=146&lost=0&retrans=0&sent_bytes=384689&recv_bytes=31110&delivery_rate=1786685&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13514&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

get.geojs.io/v1/ip/geo.json

104.26.1.100

200 OK

337 B

URL GET
get.geojs.io/v1/ip/geo.json
IP
104.26.1.100:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectgeojs.io
Fingerprint5C:2B:75:7A:49:73:C3:5B:60:4B:9B:92:F2:03:41:93:9B:39:98:55
ValidityFri, 28 Feb 2025 05:45:56 GMT - Thu, 29 May 2025 06:45:49 GMT

File type
JSON text data
Size
337 B (337 bytes)
Hash
5f90b89d9f2ca3150a4ff263f8f4a8ad
843c56fa74e42cfa51df07ec2c20fc2852fca0de
e27064b0c85c27cddbeec4bb3a88f1edde86df87f51c7c1be07776447b36287f

HTTP Headers

GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lyncutoroatingloardacentr.dbrchj.ru
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 22:17:05 GMT
content-type: application/json
x-request-id: 6be6bec59361223ea36b579b820def64-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xJpEsbltvcFg%2Fbhb86Ocv3J9hQalyzqj9HI3MF9%2BvNo8iUTrA5UOzDpsC2D7HdAkAxP9UeckL25gEiOSjJ65mR5gljR4pXZK%2FwhxE5USqAsHG1AjRWo6FkyLLLYlIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 93613561a8bf0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=543&min_rtt=477&rtt_var=145&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3263&recv_bytes=1274&delivery_rate=7400340&cwnd=254&unsent_bytes=0&cid=8e648c8337869bde&ts=148&x=0"
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/mnPNb3zz1heu6cAt5n1dpfNaCXSkl9w5MhTjuyfRr5E3MawrciSoGBVuv217

104.21.80.1

200 OK

1.9 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/mnPNb3zz1heu6cAt5n1dpfNaCXSkl9w5MhTjuyfRr5E3MawrciSoGBVuv217
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /mnPNb3zz1heu6cAt5n1dpfNaCXSkl9w5MhTjuyfRr5E3MawrciSoGBVuv217 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:03 GMT
content-type: image/svg+xml
cf-ray: 93613554bba8b4ed-OSL
server: cloudflare
content-disposition: inline; filename="mnPNb3zz1heu6cAt5n1dpfNaCXSkl9w5MhTjuyfRr5E3MawrciSoGBVuv217"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vaiwChRU6N4mrgqu1sNu%2B6YDvQT8mIZAGwwCugzsMRMmhJANKkW5C9xohZczUQYoj49cnXfnVqH1Pm4kzN8W83JKc8rrV8fvw%2Bal34pUocLbMauR%2FRR66OtT6aF5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=393&min_rtt=379&rtt_var=152&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2245&delivery_rate=10670184&cwnd=252&unsent_bytes=0&cid=cdbab86926564377&ts=177&x=0", cfL4;desc="?proto=QUIC&rtt=1454&min_rtt=772&rtt_var=578&sent=753&recv=183&lost=0&retrans=0&sent_bytes=734918&recv_bytes=34673&delivery_rate=13876832&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=14500&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

3.167.2.64

200 OK

20 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
3.167.2.64:443
ASN
#0

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Size
20 kB (20416 bytes)
Hash
d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lyncutoroatingloardacentr.dbrchj.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 07 Apr 2025 10:13:08 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 07 Apr 2026 10:13:08 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: ZMyK0Nr3slMHAP78T6kk5Vvb2oB8leqsQFWFSWm03qh38sCIE9h89A==
age: 1598635
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/thumb/e/e3/Docusign_Full_Color.svg/500px-Docusign_Full_Color.svg.png

185.15.59.240

200 OK

4.5 kB

URL GET
upload.wikimedia.org/wikipedia/commons/thumb/e/e3/Docusign_Full_Color.svg/500px-Docusign_Full_Color.svg.png
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint0B:3A:AB:D4:5E:55:A4:08:2B:F7:C1:DA:63:37:75:F1:EB:04:6E:A5
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 17 Oct 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
4.5 kB (4536 bytes)
Hash
40f2644490caa768ae8e0a09139a11e2
40e521f7196e7414561c8db66e05248505f1d279
893fc626a1e336badfc1b1d379a751eb8b5dc250b8d7fd22697b9146177de30c

HTTP Headers

GET /wikipedia/commons/thumb/e/e3/Docusign_Full_Color.svg/500px-Docusign_Full_Color.svg.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artisanglobaltour.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/webp
content-disposition: inline;filename*=UTF-8''Docusign_Full_Color.svg.webp
etag: 40f2644490caa768ae8e0a09139a11e2
last-modified: Thu, 13 Mar 2025 19:09:14 GMT
content-length: 4536
date: Fri, 25 Apr 2025 19:20:44 GMT
server: envoy
age: 10561
accept-ranges: bytes
x-cache: cp3078 miss, cp3078 hit/550
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93613545badc7129-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1285931
expires: Wed, 15 Apr 2026 22:17:01 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ff9M3%2BzJH%2BaMhQHro0OWWKYyJSKFg4m5z5Yrv5XjCb7mbUnXfq6wLqXC6QbRv5NQXK676ZaSLvKwcRlkAutE7x9MQev4PMx3HswvbXKpZvsSm3XOCPPOZcW01IzDSc2O6Aze869b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-regular.woff

104.21.80.1

200 OK

37 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-regular.woff
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff"
last-modified: Fri, 25 Apr 2025 21:04:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uERqXiyxHsul24cSxvCyDWGdarAuWdz8ArZH%2Bqu%2F%2Fm9WFsZn9Nvl8e%2FwzuP2DGGgjQQy3IbWTwTnhwmR1yZ1OgmA7yy64%2Fj1k69%2FlQlW1bPOvV2NB%2FBxVrJ58IqG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=15450&min_rtt=15369&rtt_var=5821&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2271&delivery_rate=263127&cwnd=234&unsent_bytes=0&cid=ba3773925424f497&ts=455&x=0", cfL4;desc="?proto=QUIC&rtt=1930&min_rtt=1070&rtt_var=818&sent=259&recv=132&lost=0&retrans=0&sent_bytes=188672&recv_bytes=24802&delivery_rate=8264637&cwnd=96000&unsent_bytes=0&cid=a5ea826875ae9378&ts=13122&x=16"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4347
accept-ranges: bytes
cf-ray: 9361354ddb3ab4ed-OSL
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/uolMj0zLDbKHB9zVDKyzKoYwM7m

104.21.80.1

200 OK

20 B

URL POST
lyncutoroatingloardacentr.dbrchj.ru/uolMj0zLDbKHB9zVDKyzKoYwM7m
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
JSON text data
Size
20 B (20 bytes)
Hash
5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

POST /uolMj0zLDbKHB9zVDKyzKoYwM7m HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------4663077423303293783127488638
Content-Length: 939
Origin: https://lyncutoroatingloardacentr.dbrchj.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjJjUkVwVVFsWDlwMThSa2NNQkFUK1E9PSIsInZhbHVlIjoiVStLSHJ4OCtBeGZrWkl2WW1oZE1ZOGVIeG5ldGdOOXhUU2V0bE1HMlJUSmdYZHdXTlhmazZtQ2hqWmtSY3ZXdDBNaUp1YVRRQUcwS0M5TlowSkZoZWhha0xVNUNhZzg3Z2ZUUkptRGZ2Y2w1MTNsTXJpeHIwN2lQNlRlOWlUY2MiLCJtYWMiOiIxZTQ2ZTJmMzM2Y2NhMWFiODE0NzgyNjk0OWUyMzAxN2Q5MjdhZjc5ZmMzYzc0OTdkZWQyMTM2OTFjNTY5M2FiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVlTS93ZnhWd1JiRG9TOFRmaUFWclE9PSIsInZhbHVlIjoiUlpha0xHcFJUMStEY3dIRmlJTm9zYWtxZGxBdGdBY1czeUpXTGhZNzdLaEI5SklDZlQ0dHUyT3FpT0VRYVlTcG16UE9NZHdlUS8rOHZHRWRjZS82T3FGalB0L1IxTm1jMUl3YlZWUVhWajBtMEVlV2VtdkhJL0hTMjRtY0Q2aXMiLCJtYWMiOiJmMjdhZTkwNjAwYmQzMTg1YWIyMWZhMmM0NmUyNWJmNDgwNTJiMmNhNTM3YWZjYzMyMGZhOThlM2Q2MWFhMGQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:00 GMT
content-type: application/json
cf-ray: 93613540c9b4b4ed-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LOhynDOcx%2FW%2F5wL7UON5ifiYTXCSzAQrheTpgwLH%2BYJMaImlr2GOycc1MkHxv%2BFocmJUyOjO3Jyj3QVVUfCOUL960XcOSWXDL0B1OPyToKZZ%2F6Q1MYEUP5v0cT%2Bc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=308&min_rtt=291&rtt_var=144&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=3264&delivery_rate=9382830&cwnd=252&unsent_bytes=0&cid=16924bad3d987507&ts=187&x=0", cfL4;desc="?proto=QUIC&rtt=6218&min_rtt=3410&rtt_var=4112&sent=77&recv=97&lost=0&retrans=0&sent_bytes=7985&recv_bytes=8333&delivery_rate=2890&cwnd=12000&unsent_bytes=0&cid=a5ea826875ae9378&ts=11426&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6ImZUUGVleDlYS1ovbGFVMWVVMkkrcUE9PSIsInZhbHVlIjoiWlF3bXEyWkthVDVTaGtDbVJxMVk0ci9neGtiTXBtYlFpYXlnd2M2RUN3Qlc2RHYzWjYyUVA4UU9NbjFnenVmUmJpS0Y5M1lOZFNWSmtadDk2V2lsUXM1aWFsWThMUGVKcmdnQVBiU05CNGNGL2V3NGFiWjVGN29DenFLSThBdTEiLCJtYWMiOiIyMjZjYjk0MzE5YjU1YmFiOTZjYWI0NjVlMDVkYTM3ZWIxZjllMTZjMjdkYjBkNmM4MzIwOWFmZGE0NjlkNjNhIiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:00 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjdydlhyU0RCNzlvZ25JQVhZUmpJVkE9PSIsInZhbHVlIjoiMUdBQ2wxYjI2bk5yUGdCamlVUEJ3T2Y5NUhPYXpkZjRVMU1hWlp5MHh5a1Nua2kyMkNMWVlTaFVTYzhZQm1NZmRNSVgrZ3B6bC9xa2FvL09QcG1SdEZhWnArbDE0UXBkenNtNUhyUFQ0SVVqUTg4VkRoakV1cC9UQWt2Y25jRFUiLCJtYWMiOiJkYzlmNmZiZDk5OTkwZDE3NDI3ZDQ5M2Y4ZDNiNDhlYzBlNjI4MzZjY2YyMjYxZTA4NGUzMTIzYWU1MWIxNzI3IiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:00 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-bold.woff

104.21.80.1

200 OK

36 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-bold.woff
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-bold.woff HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: HIT
age: 4347
last-modified: Fri, 25 Apr 2025 20:38:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2PdfiPNsAHJG8N3LBObYHmS246maUjeWJ%2Bca01pT%2FgrDvlFG8UF049Aq67Swo56I%2FomB%2BoXIx7leAjSJzrKGq7epJ1RhU%2B1hZ88bnQ5DETMTXAlYuaJFNEvGufM0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=301&min_rtt=286&rtt_var=138&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2268&delivery_rate=9887530&cwnd=252&unsent_bytes=0&cid=fa5f5172ae91baa1&ts=14&x=0", cfL4;desc="?proto=QUIC&rtt=1945&min_rtt=1070&rtt_var=1193&sent=193&recv=126&lost=0&retrans=0&sent_bytes=115282&recv_bytes=20785&delivery_rate=19317695&cwnd=24000&unsent_bytes=0&cid=a5ea826875ae9378&ts=13112&x=16"
cache-control: max-age=14400
cf-ray: 9361354ddb35b4ed-OSL
alt-svc: h3=":443"; ma=86400

fcg9ygmavjdzwhz8ykegl0wwmdbwgfblrexl97kp2sx2hcoacad4qc.iuhqpa.es/wbknjriddgmnxbnysgjvhcKDDUUBOIGOSBNTVVTPZTFNPCBZQWGVXQDXRJTBXNWKZEREZMLJpqs25W4FLj12D8Psfwx39

104.21.47.37

200 OK

536 B

URL POST
fcg9ygmavjdzwhz8ykegl0wwmdbwgfblrexl97kp2sx2hcoacad4qc.iuhqpa.es/wbknjriddgmnxbnysgjvhcKDDUUBOIGOSBNTVVTPZTFNPCBZQWGVXQDXRJTBXNWKZEREZMLJpqs25W4FLj12D8Psfwx39
IP
104.21.47.37:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectiuhqpa.es
FingerprintAA:B8:22:65:5C:62:32:A7:43:DB:FF:7A:B3:74:4F:6D:6C:32:2F:71
ValiditySat, 12 Apr 2025 23:18:03 GMT - Sat, 12 Jul 2025 00:16:28 GMT

File type
ASCII text, with very long lines (536), with no line terminators
Size
536 B (536 bytes)
Hash
b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wbknjriddgmnxbnysgjvhcKDDUUBOIGOSBNTVVTPZTFNPCBZQWGVXQDXRJTBXNWKZEREZMLJpqs25W4FLj12D8Psfwx39 HTTP/1.1
Host: fcg9ygmavjdzwhz8ykegl0wwmdbwgfblrexl97kp2sx2hcoacad4qc.iuhqpa.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 97
Origin: https://lyncutoroatingloardacentr.dbrchj.ru
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 22:17:06 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
vary: Origin
access-control-allow-origin: https://lyncutoroatingloardacentr.dbrchj.ru
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 936135631caa56a2-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 25 Apr 2025 22:16:49 GMT
age: 4288613
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1064765
x-timer: S1745619410.587576,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 25 Apr 2025 22:17:02 GMT
age: 4288626
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1064776
x-timer: S1745619422.345459,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

3.167.2.64

200 OK

11 kB

URL GET
ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
3.167.2.64:443
ASN
#0

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Size
11 kB (10796 bytes)
Hash
12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 10796
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri  https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
accept-ranges: bytes
date: Thu, 24 Apr 2025 21:36:23 GMT
expires: Fri, 24 Apr 2026 21:36:23 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: sJcL28NDgPs-biIOjVtTdZDxcPyZeS1ImcEBDHJQ7lqqE4jdQ_Oddw==
age: 88839
X-Firefox-Spdy: h2

artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0

103.253.27.80

200 OK

553 B

URL User Request GET
artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0
IP
103.253.27.80:443
ASN
#6939 HURRICANE

Certificate
IssuerLet's Encrypt
Subject*.artisanglobaltour.com
Fingerprint6D:72:09:FF:D7:0E:97:64:86:9F:11:21:54:3A:4E:5F:87:58:18:52
ValiditySun, 16 Mar 2025 09:38:54 GMT - Sat, 14 Jun 2025 09:38:53 GMT

File type
HTML document, ASCII text, with very long lines (309)
Size
553 B (553 bytes)
Hash
fa0a142fedb19d65fe30d0f0d2dd3337
e04b3addbe15b96c62b006e3ad713754e19ad189
a51987a6d1ee6a1b319d981ab43bfcc1254b66d962f69deb890f811049d57a7f

HTTP Headers

GET /fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0 HTTP/1.1
Host: artisanglobaltour.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 25 Apr 2025 22:16:45 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

lyncutoroatingloardacentr.dbrchj.ru/qrYHJMon3ygoaWQgiST88rpEWc6md9J812zuNIEcVIr4Zx2bLNRf4Yezxvwef240

104.21.80.1

200 OK

9.6 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/qrYHJMon3ygoaWQgiST88rpEWc6md9J812zuNIEcVIr4Zx2bLNRf4Yezxvwef240
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
RIFF (little-endian) data, Web/P image
Size
9.6 kB (9648 bytes)
Hash
4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /qrYHJMon3ygoaWQgiST88rpEWc6md9J812zuNIEcVIr4Zx2bLNRf4Yezxvwef240 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
content-disposition: inline; filename="qrYHJMon3ygoaWQgiST88rpEWc6md9J812zuNIEcVIr4Zx2bLNRf4Yezxvwef240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0WHLf5gZAnpCP7FLySbhYi7yCzp3BIVI6%2BmaTv3BcXLtmRaO7784rLToa5SKowCL92i6n8eXLbb2mgYtTDm3Wu3cGPKvcuvnG8pd%2FodKPIDI5U7E1Vy7ThSPG4f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=231&min_rtt=216&rtt_var=87&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2249&delivery_rate=13993079&cwnd=252&unsent_bytes=0&cid=40c5aa1905fc8639&ts=160&x=0", cfL4;desc="?proto=QUIC&rtt=1651&min_rtt=1070&rtt_var=368&sent=441&recv=146&lost=0&retrans=0&sent_bytes=387927&recv_bytes=31110&delivery_rate=1786685&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13515&x=16"
cf-ray: 9361354e1b47b4ed-OSL
alt-svc: h3=":443"; ma=86400

objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250425T221702Z&X-Amz-Expires=300&X-Amz-Signature=ededfcff81f0a7524472f327e4099661e857d4242faa1bede4079a6cd78b1c9e&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.110.133

200 OK

10 kB

URL GET
objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250425T221702Z&X-Amz-Expires=300&X-Amz-Signature=ededfcff81f0a7524472f327e4099661e857d4242faa1bede4079a6cd78b1c9e&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
185.199.110.133:443
ASN
#54113 FASTLY

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10017)
Size
10 kB (10245 bytes)
Hash
6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250425T221702Z&X-Amz-Expires=300&X-Amz-Signature=ededfcff81f0a7524472f327e4099661e857d4242faa1bede4079a6cd78b1c9e&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 25 Apr 2025 22:17:03 GMT
age: 2714
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 2
x-timer: S1745619423.847588,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net

104.21.80.1

200 OK

185 kB

URL User Request GET
lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
JavaScript source, ASCII text, with very long lines (65197)
Size
185 kB (184724 bytes)
Hash
13c3ea6f4a8110a49829bd5391ebc7f3
dd9ea2275526fba08ce10ad1f3dfa4cb33df69e5
bdace3ca09c38c6fe7aa4732e1666a7331aaa55884d8c38eff91b701e6c839af

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /enDulGa/*accounting@slurpmail.net HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artisanglobaltour.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 22:16:49 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GjQsc4VDNtoRrkU0N1hCaZLCI1O07QXMT%2Fb5s4TGFmwWBnpt6UcNf1vttgC6SbbmjsHsFXXdHlOlNRlCpKZtBQGqeJrUiVz6Qmiq2B8w%2FOVKrNXQvEWZ28DHxZsq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15802&min_rtt=15794&rtt_var=4457&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1479&delivery_rate=255399&cwnd=250&unsent_bytes=0&cid=98cdb3e530512fdd&ts=357&x=0"
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IjJjUkVwVVFsWDlwMThSa2NNQkFUK1E9PSIsInZhbHVlIjoiVStLSHJ4OCtBeGZrWkl2WW1oZE1ZOGVIeG5ldGdOOXhUU2V0bE1HMlJUSmdYZHdXTlhmazZtQ2hqWmtSY3ZXdDBNaUp1YVRRQUcwS0M5TlowSkZoZWhha0xVNUNhZzg3Z2ZUUkptRGZ2Y2w1MTNsTXJpeHIwN2lQNlRlOWlUY2MiLCJtYWMiOiIxZTQ2ZTJmMzM2Y2NhMWFiODE0NzgyNjk0OWUyMzAxN2Q5MjdhZjc5ZmMzYzc0OTdkZWQyMTM2OTFjNTY5M2FiIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Sat, 26 Apr 2025 00:16:48 GMT
laravel_session=eyJpdiI6IkVlTS93ZnhWd1JiRG9TOFRmaUFWclE9PSIsInZhbHVlIjoiUlpha0xHcFJUMStEY3dIRmlJTm9zYWtxZGxBdGdBY1czeUpXTGhZNzdLaEI5SklDZlQ0dHUyT3FpT0VRYVlTcG16UE9NZHdlUS8rOHZHRWRjZS82T3FGalB0L1IxTm1jMUl3YlZWUVhWajBtMEVlV2VtdkhJL0hTMjRtY0Q2aXMiLCJtYWMiOiJmMjdhZTkwNjAwYmQzMTg1YWIyMWZhMmM0NmUyNWJmNDgwNTJiMmNhNTM3YWZjYzMyMGZhOThlM2Q2MWFhMGQ5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Sat, 26 Apr 2025 00:16:48 GMT
cf-ray: 936134f67e6d1c02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.18.95.41

302 Found

48 kB

URL GET
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT

File type

Size
48 kB (48123 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 25 Apr 2025 22:16:49 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/44e6f86df4dc/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 936134fd89d9568d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net

104.21.80.1

200 OK

14 kB

URL User Request GET
lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
HTML document, ASCII text, with very long lines (9425), with CRLF line terminators
Size
14 kB (14502 bytes)
Hash
8ea4840c7190ab75b7e64bfba9692c31
feb62ea42925091d4e8a51b253003c2cee7c9ad7
80f8a008df15e3402ed26f3a5ea8e2b04b81be575ebf4ed242100c43e6c7eac7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /enDulGa/*accounting@slurpmail.net HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://artisanglobaltour.com/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZUUGVleDlYS1ovbGFVMWVVMkkrcUE9PSIsInZhbHVlIjoiWlF3bXEyWkthVDVTaGtDbVJxMVk0ci9neGtiTXBtYlFpYXlnd2M2RUN3Qlc2RHYzWjYyUVA4UU9NbjFnenVmUmJpS0Y5M1lOZFNWSmtadDk2V2lsUXM1aWFsWThMUGVKcmdnQVBiU05CNGNGL2V3NGFiWjVGN29DenFLSThBdTEiLCJtYWMiOiIyMjZjYjk0MzE5YjU1YmFiOTZjYWI0NjVlMDVkYTM3ZWIxZjllMTZjMjdkYjBkNmM4MzIwOWFmZGE0NjlkNjNhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjdydlhyU0RCNzlvZ25JQVhZUmpJVkE9PSIsInZhbHVlIjoiMUdBQ2wxYjI2bk5yUGdCamlVUEJ3T2Y5NUhPYXpkZjRVMU1hWlp5MHh5a1Nua2kyMkNMWVlTaFVTYzhZQm1NZmRNSVgrZ3B6bC9xa2FvL09QcG1SdEZhWnArbDE0UXBkenNtNUhyUFQ0SVVqUTg4VkRoakV1cC9UQWt2Y25jRFUiLCJtYWMiOiJkYzlmNmZiZDk5OTkwZDE3NDI3ZDQ5M2Y4ZDNiNDhlYzBlNjI4MzZjY2YyMjYxZTA4NGUzMTIzYWU1MWIxNzI3IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:01 GMT
content-type: text/html; charset=UTF-8
cf-ray: 936135438a1ab4ed-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LhVV4wQR1%2FKse%2FOH6lW%2F%2FQHfUCdYJ7SpAfjrHtpLhaZYi3cBX9yMYZoA1rBp27P2v4RPhf8MZL1MmUdXZR5wy1bJ%2FmJILCxgdyiE3dUEochjrUcje4iO8TzXWu4f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=277&min_rtt=262&rtt_var=129&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2237&delivery_rate=10476683&cwnd=252&unsent_bytes=0&cid=7069281777134079&ts=187&x=0", cfL4;desc="?proto=QUIC&rtt=5853&min_rtt=3304&rtt_var=3812&sent=82&recv=99&lost=0&retrans=0&sent_bytes=9578&recv_bytes=9341&delivery_rate=3805&cwnd=12000&unsent_bytes=0&cid=a5ea826875ae9378&ts=11754&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6Ino3ZWVvSDN2UE8zdFRNSURMR1dyWEE9PSIsInZhbHVlIjoiQTNQTmk5QkppRDN2bndjNDBEN01neG5IQzZockFsWUJBZlNjb1AwOXdBdDMvV2xrWGtOZzBrWFdmY2hzcmN3WTJSMnllWlBjb2p5b0tWeUk0ODZmVWFSaDdLbWJXMjhtcUtOaVhqaVc5NG1SVzc0UXl3RU5hb2JOSVR0Vm93aVEiLCJtYWMiOiJiNjFmMjhhYTRlMDI4YzNjMjVjZjVkNzIxOGQxZTQwMjgxYjExYWViNjU2MDdiODRhM2YzMTQzNWNjNzMzYWQzIiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:00 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlpGdVIvUGdlTjFWTnlSOCs4cURNK1E9PSIsInZhbHVlIjoic2xPblZRL2UwUkIwOEFhSmxnS01YcGp1eXIvd1loeEE1SkNteUFyTUdqQ0VLVGVBVUh1ZGJrbkM4cEFLN05vVzFLcXNFZG5YcGZGK2IyanNhR2ZEdU03dDhlNHBUQVlhbXF0MHRXRVdkS1E3akV0cGlCaEQ2cHVRbVhLTHUyN00iLCJtYWMiOiJmYjE1MzcxOTkyYmQ3YWNmZTdkZGM0MzA2ZDUxYTg5NDQwNmFjZDNiMzg2MTk5MTY2MDNiODMxYWQ2OWMzZDYyIiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:00 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/favicon.ico

104.21.80.1

404 Not Found

0 B

URL GET
lyncutoroatingloardacentr.dbrchj.ru/favicon.ico
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Ino3ZWVvSDN2UE8zdFRNSURMR1dyWEE9PSIsInZhbHVlIjoiQTNQTmk5QkppRDN2bndjNDBEN01neG5IQzZockFsWUJBZlNjb1AwOXdBdDMvV2xrWGtOZzBrWFdmY2hzcmN3WTJSMnllWlBjb2p5b0tWeUk0ODZmVWFSaDdLbWJXMjhtcUtOaVhqaVc5NG1SVzc0UXl3RU5hb2JOSVR0Vm93aVEiLCJtYWMiOiJiNjFmMjhhYTRlMDI4YzNjMjVjZjVkNzIxOGQxZTQwMjgxYjExYWViNjU2MDdiODRhM2YzMTQzNWNjNzMzYWQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpGdVIvUGdlTjFWTnlSOCs4cURNK1E9PSIsInZhbHVlIjoic2xPblZRL2UwUkIwOEFhSmxnS01YcGp1eXIvd1loeEE1SkNteUFyTUdqQ0VLVGVBVUh1ZGJrbkM4cEFLN05vVzFLcXNFZG5YcGZGK2IyanNhR2ZEdU03dDhlNHBUQVlhbXF0MHRXRVdkS1E3akV0cGlCaEQ2cHVRbVhLTHUyN00iLCJtYWMiOiJmYjE1MzcxOTkyYmQ3YWNmZTdkZGM0MzA2ZDUxYTg5NDQwNmFjZDNiMzg2MTk5MTY2MDNiODMxYWQ2OWMzZDYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 25 Apr 2025 22:17:01 GMT
content-type: text/html; charset=UTF-8
cf-ray: 93613546da64b4ed-OSL
server: cloudflare
age: 11
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZg7jCJ9Tt1rXZD5ve9oWGvq4x4ZWPLVreh66t5QdBebBEus641QPxweBQiAeu5qijfOCq%2FhLEt18NsrEqzVkawJZg1K8ofnAqYDcgPK6gyV7TuM1WH4RxsTgZip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=395&min_rtt=382&rtt_var=169&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2158&delivery_rate=8320987&cwnd=252&unsent_bytes=0&cid=c56514fc761fd6b7&ts=19&x=0", cfL4;desc="?proto=QUIC&rtt=5079&min_rtt=1589&rtt_var=3427&sent=94&recv=103&lost=0&retrans=0&sent_bytes=19216&recv_bytes=11397&delivery_rate=31429&cwnd=12000&unsent_bytes=0&cid=a5ea826875ae9378&ts=12001&x=16"
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-vf2.woff2

104.21.80.1

200 OK

93 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-vf2.woff2
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: HIT
last-modified: Fri, 25 Apr 2025 21:04:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8M4IpZ%2BpR9s03sojPTq7kl13FNChAf1Jct9UGSA5MoyUdO0WsYXcLKvNo5YPO8uGk%2BHIPqW6idSmoVQJS0ffxJGbP06ZHU6Zw9epN0zkmRxWeMf%2BtUQkJooCresH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=256&min_rtt=246&rtt_var=87&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2269&delivery_rate=13849315&cwnd=252&unsent_bytes=0&cid=94175ecfc3724b31&ts=453&x=0", cfL4;desc="?proto=QUIC&rtt=1848&min_rtt=1070&rtt_var=777&sent=332&recv=133&lost=0&retrans=0&sent_bytes=272648&recv_bytes=24848&delivery_rate=9322632&cwnd=121200&unsent_bytes=0&cid=a5ea826875ae9378&ts=13127&x=16"
age: 4346
cache-control: max-age=14400
cf-ray: 9361354deb3db4ed-OSL
alt-svc: h3=":443"; ma=86400

artisanglobaltour.com/favicon.ico

103.253.27.80

404 Not Found

315 B

URL GET
artisanglobaltour.com/favicon.ico
IP
103.253.27.80:443
ASN
#6939 HURRICANE

Requested by
https://artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0
Certificate
IssuerLet's Encrypt
Subject*.artisanglobaltour.com
Fingerprint6D:72:09:FF:D7:0E:97:64:86:9F:11:21:54:3A:4E:5F:87:58:18:52
ValiditySun, 16 Mar 2025 09:38:54 GMT - Sat, 14 Jun 2025 09:38:53 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: artisanglobaltour.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artisanglobaltour.com/fcrfr6/458807/YWNjb3VudGluZ0BzbHVycG1haWwubmV0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 25 Apr 2025 22:16:46 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

upload.wikimedia.org/wikipedia/commons/thumb/4/4b/Cloudflare_Logo.svg/1200px-Cloudflare_Logo.svg.png

185.15.59.240

200 OK

12 kB

URL GET
upload.wikimedia.org/wikipedia/commons/thumb/4/4b/Cloudflare_Logo.svg/1200px-Cloudflare_Logo.svg.png
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint0B:3A:AB:D4:5E:55:A4:08:2B:F7:C1:DA:63:37:75:F1:EB:04:6E:A5
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 17 Oct 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (11966 bytes)
Hash
793f9ad30ae52b367007d377699395db
8a6f04b9be89fb6dceef19b985db386b0db95524
c1078f029820709739bc857a4ec2380dc0646f3fd106f410b12e612000b7943a

HTTP Headers

GET /wikipedia/commons/thumb/4/4b/Cloudflare_Logo.svg/1200px-Cloudflare_Logo.svg.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 00:47:50 GMT
etag: 793f9ad30ae52b367007d377699395db
server: ATS/9.2.9
content-type: image/webp
content-disposition: inline;filename*=UTF-8''Cloudflare_Logo.svg.webp
last-modified: Wed, 06 Nov 2024 13:44:34 GMT
content-length: 11966
age: 77339
accept-ranges: bytes
x-cache: cp3078 hit, cp3078 hit/3889
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/uvBDasbrZy1jOieQNg8D7Tbu7opkOdMbKERuKS34130

104.21.80.1

200 OK

644 B

URL GET
lyncutoroatingloardacentr.dbrchj.ru/uvBDasbrZy1jOieQNg8D7Tbu7opkOdMbKERuKS34130
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /uvBDasbrZy1jOieQNg8D7Tbu7opkOdMbKERuKS34130 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/webp
content-length: 644
server: cloudflare
content-disposition: inline; filename="uvBDasbrZy1jOieQNg8D7Tbu7opkOdMbKERuKS34130"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJAkfdZ8ZyxlaO16%2F9L8uB0ViTPO6R6pes2xN5Y6m3Zx19k7P%2B57jrU7%2BdeFtx8DgXh1YyZTTYqetFHnnMm5zV5WxxLcRVNL18e35WKkzdiX3wSLxthqb%2FhLxvxJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=368&min_rtt=346&rtt_var=112&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2228&delivery_rate=10614173&cwnd=252&unsent_bytes=0&cid=42bc3d9392193d1c&ts=177&x=0", cfL4;desc="?proto=QUIC&rtt=1661&min_rtt=1070&rtt_var=464&sent=432&recv=145&lost=0&retrans=0&sent_bytes=380197&recv_bytes=31064&delivery_rate=2176259&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13505&x=16"
cf-ray: 9361354deb3eb4ed-OSL
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/qrueaLBfimlIOAk5mmnOADRL6ZUb9FUZkMUcD6Y67140

104.21.80.1

200 OK

892 B

URL GET
lyncutoroatingloardacentr.dbrchj.ru/qrueaLBfimlIOAk5mmnOADRL6ZUb9FUZkMUcD6Y67140
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
RIFF (little-endian) data, Web/P image
Size
892 B (892 bytes)
Hash
41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /qrueaLBfimlIOAk5mmnOADRL6ZUb9FUZkMUcD6Y67140 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/webp
content-length: 892
server: cloudflare
content-disposition: inline; filename="qrueaLBfimlIOAk5mmnOADRL6ZUb9FUZkMUcD6Y67140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N95Z%2Fv4HjzM2bGtT8f5XJR82gyPWW6TXjlJvZL%2BZthzzbMTTIV96tgHFf2q5gejfF7hKzaQE2pSVReTemDSJMeqC1e7XRMBMiFcSprnC%2BiOZlaX72NA6rDZKjDjr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=379&min_rtt=368&rtt_var=125&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2229&delivery_rate=9211845&cwnd=252&unsent_bytes=0&cid=204d58fd893b6b86&ts=167&x=0", cfL4;desc="?proto=QUIC&rtt=1579&min_rtt=1070&rtt_var=420&sent=450&recv=147&lost=0&retrans=0&sent_bytes=398607&recv_bytes=31155&delivery_rate=575920&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13516&x=16"
cf-ray: 9361354dfb3fb4ed-OSL
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/rquqFSkKnEXEfe6iXmgRkEbflAhXyl0U2FF775QcZ2DZSs6gy

104.21.80.1

200 OK

331 B

URL POST
lyncutoroatingloardacentr.dbrchj.ru/rquqFSkKnEXEfe6iXmgRkEbflAhXyl0U2FF775QcZ2DZSs6gy
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
JSON text data
Size
331 B (331 bytes)
Hash
f8e2e6389055f8c47c37090ba837a68e
ad3d70de66658adef1983b99b90843a624ba3ae9
0235ec44383d8e10f20628ba203b5ba019f80df17c974f24450bd36e47ebd43f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

POST /rquqFSkKnEXEfe6iXmgRkEbflAhXyl0U2FF775QcZ2DZSs6gy HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://lyncutoroatingloardacentr.dbrchj.ru
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Ino3ZWVvSDN2UE8zdFRNSURMR1dyWEE9PSIsInZhbHVlIjoiQTNQTmk5QkppRDN2bndjNDBEN01neG5IQzZockFsWUJBZlNjb1AwOXdBdDMvV2xrWGtOZzBrWFdmY2hzcmN3WTJSMnllWlBjb2p5b0tWeUk0ODZmVWFSaDdLbWJXMjhtcUtOaVhqaVc5NG1SVzc0UXl3RU5hb2JOSVR0Vm93aVEiLCJtYWMiOiJiNjFmMjhhYTRlMDI4YzNjMjVjZjVkNzIxOGQxZTQwMjgxYjExYWViNjU2MDdiODRhM2YzMTQzNWNjNzMzYWQzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpGdVIvUGdlTjFWTnlSOCs4cURNK1E9PSIsInZhbHVlIjoic2xPblZRL2UwUkIwOEFhSmxnS01YcGp1eXIvd1loeEE1SkNteUFyTUdqQ0VLVGVBVUh1ZGJrbkM4cEFLN05vVzFLcXNFZG5YcGZGK2IyanNhR2ZEdU03dDhlNHBUQVlhbXF0MHRXRVdkS1E3akV0cGlCaEQ2cHVRbVhLTHUyN00iLCJtYWMiOiJmYjE1MzcxOTkyYmQ3YWNmZTdkZGM0MzA2ZDUxYTg5NDQwNmFjZDNiMzg2MTk5MTY2MDNiODMxYWQ2OWMzZDYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:01 GMT
content-type: text/html; charset=UTF-8
cf-ray: 936135462a51b4ed-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynhee3VNZWVUZR0DPg58KsVksJ6P9J1zx0ipBE0t%2Ba1PzZinm2g7kP%2FjGFptBsEu0pA%2F%2BDyQdGcJiHYNnbCc7vcEC77Dv%2F5nEenqejolqxMO7dU9gDPA%2Bf8Vzig7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15861&min_rtt=15857&rtt_var=5954&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2361&delivery_rate=254515&cwnd=252&unsent_bytes=0&cid=ff922b047052539e&ts=193&x=0", cfL4;desc="?proto=QUIC&rtt=4690&min_rtt=1589&rtt_var=3348&sent=96&recv=104&lost=0&retrans=0&sent_bytes=20013&recv_bytes=11442&delivery_rate=6196&cwnd=12000&unsent_bytes=0&cid=a5ea826875ae9378&ts=12212&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6IkhjaE1oT25aOUQ2elBOZlNvRXFKNmc9PSIsInZhbHVlIjoic1l3YUkyUnFyZGFLU0NmajBQOTZ6dkd4U1VLYTVHTFFwd1dGV3JYRy9qbmdnU21EdFpIUm9qWXE1T05acTAweWY0MUFTNE9VQ2ZBb2U2dHRxSWVlME01dzEzcTkrYmowVGNyMWUzYkZHUUc2cVhWZDI3TkwyQ09XaXdPMnNhUEMiLCJtYWMiOiIzNjliYmIwZTdjMTRlZWVmMDNlN2YwODM0OTYwYTcxZjljMjA4YmQ5YjUwMTg4NWE4NzhkNzQ0OTYzOTU2NGYxIiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:01 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjRVNFVZUEJncnN3RmdRWXVrYWRoOWc9PSIsInZhbHVlIjoieSs4N1g0RFAwYmxxd25NREhERWJERnpPSEhhTUNmVGE3bTE0dDR4VGlXOW5vVEZXMGx0OVBzMVpSbHQydGpudFlnUytyUW0wSW9TZEhDc3lCL3JDdGVMNHRyUWNodlNTbzFMY1oyY0hMSzRBM0M1RUV2ZUxvUDd6ZTUrMThITUEiLCJtYWMiOiJiMTg0MmY4MmRlMmMzMjhkNzc1NTcxMzE3ODRmOGY5OTY1M2ZjZTAzOTU2MjBmY2I4OGQyMGNjNjI2Y2QxMmMwIiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:01 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-bold.woff2

104.21.80.1

200 OK

28 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-bold.woff2
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
content-disposition: inline; filename="GDSherpa-bold.woff2"
cf-cache-status: HIT
age: 4347
last-modified: Fri, 25 Apr 2025 20:38:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eyMOHIizSbrutTvM%2FlBPAbK4O9RGA5nNj1eAnO4rCxnCAhyueGUW17u0jZtYkT%2BTJ6JdS1sP0leQe9WndZS5tp9azaJxjqC3j07QJQZiPERHtPzeS7Kh7Q0QjU1F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=15421&min_rtt=15412&rtt_var=4341&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2270&delivery_rate=262103&cwnd=252&unsent_bytes=0&cid=583ec5000bc3b2aa&ts=45&x=0", cfL4;desc="?proto=QUIC&rtt=1945&min_rtt=1070&rtt_var=1193&sent=173&recv=125&lost=0&retrans=0&sent_bytes=91282&recv_bytes=19812&delivery_rate=19317695&cwnd=24000&unsent_bytes=0&cid=a5ea826875ae9378&ts=13111&x=16"
cache-control: max-age=14400
cf-ray: 9361354dcb34b4ed-OSL
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/rsCO5VGatptRkyfvGhnVQT1GxhCoFghzuZPdodHP0wmx5K2PNANdVcd197

104.21.80.1

200 OK

268 B

URL GET
lyncutoroatingloardacentr.dbrchj.ru/rsCO5VGatptRkyfvGhnVQT1GxhCoFghzuZPdodHP0wmx5K2PNANdVcd197
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /rsCO5VGatptRkyfvGhnVQT1GxhCoFghzuZPdodHP0wmx5K2PNANdVcd197 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/svg+xml
cf-ray: 9361354e0b44b4ed-OSL
server: cloudflare
content-disposition: inline; filename="rsCO5VGatptRkyfvGhnVQT1GxhCoFghzuZPdodHP0wmx5K2PNANdVcd197"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nPIEaknmBEcB8clJEE%2BgNVNQ4moelPxH3lT1TQR2Dm9QT0aRG0UocIbTvZ%2F9EmMgg5IzQtJTBjzmidqO8v%2BzdSDrSyG718%2BoQW3OB1BHkIoJWbzb80qaaCZKVk%2Bz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=261&min_rtt=257&rtt_var=80&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2243&delivery_rate=14189473&cwnd=252&unsent_bytes=0&cid=3026dd0d428903a5&ts=163&x=0", cfL4;desc="?proto=QUIC&rtt=1651&min_rtt=1070&rtt_var=368&sent=437&recv=146&lost=0&retrans=0&sent_bytes=383690&recv_bytes=31110&delivery_rate=1786685&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13508&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

3.167.2.64

200 OK

223 kB

URL GET
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
3.167.2.64:443
ASN
#0

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (51734)
Size
223 kB (222931 bytes)
Hash
0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
date: Fri, 11 Apr 2025 05:00:09 GMT
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
etag: W/"0329c939fca7c78756b94fbcd95e322b"
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
expires: Sat, 11 Apr 2026 05:00:09 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: ceu63t3ZZA4A9IU0gHo8nMG1KyMfaqHsHPIa80H3Xkhny6Edl-B0Iw==
age: 1271813
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/56FF3D4Gm8v4X6l6GsNhz387ghddy41HZbocmrCq67102

104.21.80.1

200 OK

4.7 MB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/56FF3D4Gm8v4X6l6GsNhz387ghddy41HZbocmrCq67102
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
Unicode text, UTF-8 text, with very long lines (15384), with CRLF, NEL line terminators
Size
4.7 MB (4725037 bytes)
Hash
2995d9daf0336eafbd0374c8223231f3
22cab14ee4b66a777f0e6addc396e44eaa87f58c
d708cb49606bef3818e3414dbf1103812bad7027e14b44b7300107ae4dee2f28

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /56FF3D4Gm8v4X6l6GsNhz387ghddy41HZbocmrCq67102 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: application/javascript
cf-ray: 9361354e1b49b4ed-OSL
server: cloudflare
content-disposition: inline; filename="56FF3D4Gm8v4X6l6GsNhz387ghddy41HZbocmrCq67102"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmjU5E%2FsC4Vr0p2DkAKrtnt4gD5b2jGPx0O2lT3d0RB39jXtzTCX6rRFQJ%2FGTvuuZm72bWgMLLsZM%2B%2Bh%2FijeEXQlmEN0h72gSrQOKwW82cbdbOtCLR9fJHWxU6Yv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=289&min_rtt=287&rtt_var=113&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2194&delivery_rate=13129870&cwnd=252&unsent_bytes=0&cid=790b11f73207adc0&ts=170&x=0", cfL4;desc="?proto=QUIC&rtt=1486&min_rtt=1070&rtt_var=391&sent=453&recv=149&lost=0&retrans=0&sent_bytes=401297&recv_bytes=31246&delivery_rate=1471745&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13567&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/44e6f86df4dc/api.js

104.18.95.41

200 OK

48 kB

URL GET
challenges.cloudflare.com/turnstile/v0/g/44e6f86df4dc/api.js
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT

File type
JavaScript source, ASCII text, with very long lines (48122)
Size
48 kB (48123 bytes)
Hash
3ed4ab6463fdabe2783a7a7828e94177
c80f67f86421dd2c071d5abc70337877db648266
91ce8bcef253fa49b7bbec10fa3c456261336414caa9da52e94988b6a44d1780

HTTP Headers

GET /turnstile/v0/g/44e6f86df4dc/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 22:16:49 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 15 Apr 2025 10:23:44 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 936134fdda56568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-regular.woff2

104.21.80.1

200 OK

29 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/GDSherpa-regular.woff2
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: HIT
age: 4347
last-modified: Fri, 25 Apr 2025 19:20:42 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gMp%2FGM81zZJLAiiqVr0RpMQnXJETzgVBeRiTQcazOyYTEZIn5VFi0Qfo%2BTop8kFlQupZP8%2B72Kpt6HXStwYS32u9zpuBPA8u71hypMojxr6MYd47ky6khUXqJkE4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=15729&min_rtt=15721&rtt_var=4436&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2271&delivery_rate=256598&cwnd=252&unsent_bytes=0&cid=2fe6599349b579bb&ts=38&x=0", cfL4;desc="?proto=QUIC&rtt=1895&min_rtt=1070&rtt_var=996&sent=230&recv=127&lost=0&retrans=0&sent_bytes=158467&recv_bytes=20831&delivery_rate=1323253&cwnd=48000&unsent_bytes=0&cid=a5ea826875ae9378&ts=13114&x=16"
cache-control: max-age=14400
cf-ray: 9361354ddb36b4ed-OSL
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/uvQLyuifNZnSDOHmjTi7CUXkOUTMkXtw1tmlQSiaDV67ytXPY7N5v1MCfHnGYriBeUaQtvUfhVLtQVOtTef258

104.21.80.1

200 OK

18 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/uvQLyuifNZnSDOHmjTi7CUXkOUTMkXtw1tmlQSiaDV67ytXPY7N5v1MCfHnGYriBeUaQtvUfhVLtQVOtTef258
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (17842 bytes)
Hash
4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /uvQLyuifNZnSDOHmjTi7CUXkOUTMkXtw1tmlQSiaDV67ytXPY7N5v1MCfHnGYriBeUaQtvUfhVLtQVOtTef258 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
content-disposition: inline; filename="uvQLyuifNZnSDOHmjTi7CUXkOUTMkXtw1tmlQSiaDV67ytXPY7N5v1MCfHnGYriBeUaQtvUfhVLtQVOtTef258"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DwPteViOoF9hmL9ETDwmnA%2BiL3ltXM5XBEPw287rFq5lLItAfe6KaKXJTz0FRNCFKMgUl4N2UNT07PvstaRPs%2FITPyCZ4rYbuU%2FNAiqvkL5OR0OuJVChMnxujWy1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15456&min_rtt=15396&rtt_var=5816&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2271&delivery_rate=262665&cwnd=251&unsent_bytes=0&cid=4e709565411e0f98&ts=248&x=0", cfL4;desc="?proto=QUIC&rtt=1408&min_rtt=1068&rtt_var=305&sent=470&recv=152&lost=0&retrans=0&sent_bytes=417886&recv_bytes=31381&delivery_rate=2171259&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13628&x=16"
cf-ray: 9361354e1b48b4ed-OSL
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/favicon.ico

104.21.80.1

404 Not Found

0 B

URL GET
lyncutoroatingloardacentr.dbrchj.ru/favicon.ico
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 25 Apr 2025 22:17:04 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9361355abc8eb4ed-OSL
server: cloudflare
age: 14
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZg7jCJ9Tt1rXZD5ve9oWGvq4x4ZWPLVreh66t5QdBebBEus641QPxweBQiAeu5qijfOCq%2FhLEt18NsrEqzVkawJZg1K8ofnAqYDcgPK6gyV7TuM1WH4RxsTgZip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=395&min_rtt=382&rtt_var=169&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2158&delivery_rate=8320987&cwnd=252&unsent_bytes=0&cid=c56514fc761fd6b7&ts=19&x=0", cfL4;desc="?proto=QUIC&rtt=1367&min_rtt=772&rtt_var=287&sent=928&recv=195&lost=0&retrans=0&sent_bytes=930955&recv_bytes=36125&delivery_rate=933403&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=15174&x=16"
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL

104.21.80.1

200 OK

147 kB

URL User Request GET
lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
HTML document, ASCII text, with very long lines (52009), with CRLF line terminators
Size
147 kB (147272 bytes)
Hash
c7661acbb93bb88b383f1ca389d022da
e3abc366a8988bb3dd2a61b6f8b3e99b7b13b298
c3cd380f9912fe8b5df3827c87f21c9bb9b1de8a30a3203d29b9a481f192474a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IkhjaE1oT25aOUQ2elBOZlNvRXFKNmc9PSIsInZhbHVlIjoic1l3YUkyUnFyZGFLU0NmajBQOTZ6dkd4U1VLYTVHTFFwd1dGV3JYRy9qbmdnU21EdFpIUm9qWXE1T05acTAweWY0MUFTNE9VQ2ZBb2U2dHRxSWVlME01dzEzcTkrYmowVGNyMWUzYkZHUUc2cVhWZDI3TkwyQ09XaXdPMnNhUEMiLCJtYWMiOiIzNjliYmIwZTdjMTRlZWVmMDNlN2YwODM0OTYwYTcxZjljMjA4YmQ5YjUwMTg4NWE4NzhkNzQ0OTYzOTU2NGYxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRVNFVZUEJncnN3RmdRWXVrYWRoOWc9PSIsInZhbHVlIjoieSs4N1g0RFAwYmxxd25NREhERWJERnpPSEhhTUNmVGE3bTE0dDR4VGlXOW5vVEZXMGx0OVBzMVpSbHQydGpudFlnUytyUW0wSW9TZEhDc3lCL3JDdGVMNHRyUWNodlNTbzFMY1oyY0hMSzRBM0M1RUV2ZUxvUDd6ZTUrMThITUEiLCJtYWMiOiJiMTg0MmY4MmRlMmMzMjhkNzc1NTcxMzE3ODRmOGY5OTY1M2ZjZTAzOTU2MjBmY2I4OGQyMGNjNjI2Y2QxMmMwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: text/html; charset=UTF-8
cf-ray: 936135495acab4ed-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zkeGvjfoerKJLxIe5d%2B9naKJdAOzb6Nm5VjVHYdpy2pai7TV%2FZIC%2F3MG1Y%2FtSzUuPKe9LxqqQGbDVa2nYrQMj9h7AW2ZXTW34X%2F%2FuMz2NxdhjhktF9sNgEwR9oDp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15423&min_rtt=15386&rtt_var=4393&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2312&delivery_rate=259913&cwnd=251&unsent_bytes=0&cid=1d7ab4878553867b&ts=247&x=0", cfL4;desc="?proto=QUIC&rtt=4343&min_rtt=1589&rtt_var=3205&sent=100&recv=106&lost=0&retrans=0&sent_bytes=21839&recv_bytes=12505&delivery_rate=940976&cwnd=12000&unsent_bytes=0&cid=a5ea826875ae9378&ts=12778&x=16"
set-cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:01 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D; expires=Sat, 26-Apr-2025 00:17:01 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/klTegVlYDIc9GeHhFR6MAdRnFwVqrmkEonMUS5a3eCjsA22FKM04b5Oab230

104.21.80.1

200 OK

1.3 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/klTegVlYDIc9GeHhFR6MAdRnFwVqrmkEonMUS5a3eCjsA22FKM04b5Oab230
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1298 bytes)
Hash
32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /klTegVlYDIc9GeHhFR6MAdRnFwVqrmkEonMUS5a3eCjsA22FKM04b5Oab230 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:03 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
content-disposition: inline; filename="klTegVlYDIc9GeHhFR6MAdRnFwVqrmkEonMUS5a3eCjsA22FKM04b5Oab230"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v6TnhNDHN4%2BjZoVpk220OgG04GZR1G3flfRHh5NiNJdglDHAGEpvhKSCUmF1oN4feI2uiZDS0XMfI8P66TvJdGDoYiLkNMp6ebk4MO1R2WqBVub7%2B2I8wyTVB3Bb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15878&min_rtt=15872&rtt_var=5956&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2245&delivery_rate=254788&cwnd=252&unsent_bytes=0&cid=65dc2a10b18592ae&ts=194&x=0", cfL4;desc="?proto=QUIC&rtt=1359&min_rtt=772&rtt_var=363&sent=925&recv=193&lost=0&retrans=0&sent_bytes=928796&recv_bytes=35127&delivery_rate=3675206&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=14554&x=16"
cf-ray: 93613554cba9b4ed-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 22:16:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 936134fd799556c6-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1285919
expires: Wed, 15 Apr 2026 22:16:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DpO%2FTgIJtLWRoAlXpc5NL%2Bml5hqetY5adFZbL6ocjpHZDiI%2Fx0URSeGdWB1Vk3KQcaXJTt24jyEHmeDCSROwcFPtQz6O4qtNZwu3hUIHsX1%2BUhLFCyq8%2Fd0Rj5lk52hvJXlveJv3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/favicon.ico

104.21.80.1

404 Not Found

0 B

URL GET
lyncutoroatingloardacentr.dbrchj.ru/favicon.ico
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/enDulGa/*accounting@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IjJjUkVwVVFsWDlwMThSa2NNQkFUK1E9PSIsInZhbHVlIjoiVStLSHJ4OCtBeGZrWkl2WW1oZE1ZOGVIeG5ldGdOOXhUU2V0bE1HMlJUSmdYZHdXTlhmazZtQ2hqWmtSY3ZXdDBNaUp1YVRRQUcwS0M5TlowSkZoZWhha0xVNUNhZzg3Z2ZUUkptRGZ2Y2w1MTNsTXJpeHIwN2lQNlRlOWlUY2MiLCJtYWMiOiIxZTQ2ZTJmMzM2Y2NhMWFiODE0NzgyNjk0OWUyMzAxN2Q5MjdhZjc5ZmMzYzc0OTdkZWQyMTM2OTFjNTY5M2FiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVlTS93ZnhWd1JiRG9TOFRmaUFWclE9PSIsInZhbHVlIjoiUlpha0xHcFJUMStEY3dIRmlJTm9zYWtxZGxBdGdBY1czeUpXTGhZNzdLaEI5SklDZlQ0dHUyT3FpT0VRYVlTcG16UE9NZHdlUS8rOHZHRWRjZS82T3FGalB0L1IxTm1jMUl3YlZWUVhWajBtMEVlV2VtdkhJL0hTMjRtY0Q2aXMiLCJtYWMiOiJmMjdhZTkwNjAwYmQzMTg1YWIyMWZhMmM0NmUyNWJmNDgwNTJiMmNhNTM3YWZjYzMyMGZhOThlM2Q2MWFhMGQ5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 25 Apr 2025 22:16:50 GMT
content-type: text/html; charset=UTF-8
cf-ray: 936134ff584ab4ed-OSL
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZg7jCJ9Tt1rXZD5ve9oWGvq4x4ZWPLVreh66t5QdBebBEus641QPxweBQiAeu5qijfOCq%2FhLEt18NsrEqzVkawJZg1K8ofnAqYDcgPK6gyV7TuM1WH4RxsTgZip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=395&min_rtt=382&rtt_var=169&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2158&delivery_rate=8320987&cwnd=252&unsent_bytes=0&cid=c56514fc761fd6b7&ts=19&x=0", cfL4;desc="?proto=QUIC&rtt=6259&min_rtt=3410&rtt_var=5373&sent=75&recv=94&lost=0&retrans=0&sent_bytes=7156&recv_bytes=6292&delivery_rate=2347&cwnd=12000&unsent_bytes=0&cid=a5ea826875ae9378&ts=799&x=16"
cache-control: max-age=14400
cf-cache-status: EXPIRED
content-encoding: br
alt-svc: h3=":443"; ma=86400

lyncutoroatingloardacentr.dbrchj.ru/yzfjLBaElFwqbW05bRiQLnNdvCYbBhkHE9w4XrsKve721Wk7egsuR2KHbsmv90180

104.21.80.1

200 OK

2.9 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/yzfjLBaElFwqbW05bRiQLnNdvCYbBhkHE9w4XrsKve721Wk7egsuR2KHbsmv90180
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /yzfjLBaElFwqbW05bRiQLnNdvCYbBhkHE9w4XrsKve721Wk7egsuR2KHbsmv90180 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/svg+xml
cf-ray: 9361354e0b45b4ed-OSL
server: cloudflare
content-disposition: inline; filename="yzfjLBaElFwqbW05bRiQLnNdvCYbBhkHE9w4XrsKve721Wk7egsuR2KHbsmv90180"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jlk4hNzL7UE29RAsN%2FBCgjuTv9tkFU551%2Fn5K1wEMbsaYcDULG8HKn5n%2Bj0fiKNqX8aKno%2Fy0CRzfiCM2fsLhslRcVSJ92FZE8Dg%2FGZ7clZUhJhfZ4fkNI%2F9Asr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=306&min_rtt=303&rtt_var=121&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2250&delivery_rate=12180722&cwnd=252&unsent_bytes=0&cid=cfac4cbffce6dde3&ts=162&x=0", cfL4;desc="?proto=QUIC&rtt=1661&min_rtt=1070&rtt_var=464&sent=432&recv=145&lost=0&retrans=0&sent_bytes=380197&recv_bytes=31064&delivery_rate=2176259&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13505&x=16"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400

ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

3.167.2.64

200 OK

10 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
3.167.2.64:443
ASN
#0

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (10450)
Size
10 kB (10498 bytes)
Hash
e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179

HTTP Headers

GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
date: Fri, 11 Apr 2025 02:46:27 GMT
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
etag: W/"e0d37a504604ef874bad26435d62011f"
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
expires: Sat, 11 Apr 2026 02:46:27 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 4vil7KcO1OLczzQys_wSxuq4dYVffWsojnSH1BZ1Bj_mtofDJFMswA==
age: 1279835
X-Firefox-Spdy: h2

lyncutoroatingloardacentr.dbrchj.ru/ijC5ScRxsfij0gAAhMFnghXCl2YUxtxkYPxgmnhBOhcaDZrjmr2NR2JHbmUNZkdzbef210

104.21.80.1

200 OK

25 kB

URL GET
lyncutoroatingloardacentr.dbrchj.ru/ijC5ScRxsfij0gAAhMFnghXCl2YUxtxkYPxgmnhBOhcaDZrjmr2NR2JHbmUNZkdzbef210
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Certificate
IssuerGoogle Trust Services
Subjectdbrchj.ru
Fingerprint40:70:B7:56:E3:96:F6:B2:66:67:C5:FA:3B:6F:26:72:6C:6E:EF:10
ValidityWed, 09 Apr 2025 20:23:27 GMT - Tue, 08 Jul 2025 21:21:51 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25216 bytes)
Hash
f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /ijC5ScRxsfij0gAAhMFnghXCl2YUxtxkYPxgmnhBOhcaDZrjmr2NR2JHbmUNZkdzbef210 HTTP/1.1
Host: lyncutoroatingloardacentr.dbrchj.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lyncutoroatingloardacentr.dbrchj.ru/hicmzsbfzrjiwnktfspcirubioiT39XLFY08TR3VSAXLL?MWBYOLWQAHPOWTAWUSESJJMAL
Cookie: XSRF-TOKEN=eyJpdiI6IkNWN01laWhpV1pNU244VDk3MUFjVWc9PSIsInZhbHVlIjoiVkw3MlpzSDZWRGJkNCszdTB5OWtCdDhFajNhRFRjMU5WcVB6Mng0U0J3cllFWkZLS0Ribk5aclNYT1ZrTlZXUkYwSnVkY2NCRkV4Y2dQa2dsQ3RadGI4Wm8vdzVJM0luV1BOZ2pmazIwcGhaM0ZXTWE3aTBZNU9CUzZEd0duMGkiLCJtYWMiOiJiNjJiN2E4NGJjNjk0OWU3NzRjMmExYjYyNTJkNTg1YzYxY2ViMDkyYTc1OWRlYzg5ZDg2OTZiNDBkNTc1ZGNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik45QnFjMWxtNVFTTjdPbG5wek8rY0E9PSIsInZhbHVlIjoiNzkrNGhpTExnZDV4V1pOSHdqTWdPSnZXSmtnVlpVNGZDYUVJYWxTTGswQnVTTWQ3NFQ5dTdvSm1mWXI5WjQyYWR0RzEybFp5R0lzWWxyNFRLUlRTZlltenNOVHRwTjV6SzAwWSs2OCs2cXFrTXlyaVAwNTZjRnVaMDdtaVJmQ2wiLCJtYWMiOiIxNTA4NWMwZWYxNTEzNTQ5ZGZiODRlNjQ5MTA3MjU4NDBjZWEzYTA0NTZiNmJmNGVhNjU3ZWI2MGIxYmEzZjA1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 25 Apr 2025 22:17:02 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
content-disposition: inline; filename="ijC5ScRxsfij0gAAhMFnghXCl2YUxtxkYPxgmnhBOhcaDZrjmr2NR2JHbmUNZkdzbef210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQLPmuAbeusemG183kohvmsY%2BaTAaqRmfzUsJdskpvQjUuHBo1KY8eTyf%2FyYuOYdntj0lwKUzSNwsvA0eMgjxmvJRhGmnTCT%2Bbj8xMurlVGMhgYqdGcGfYC%2F3k20"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=15836&min_rtt=15834&rtt_var=5939&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2255&delivery_rate=255399&cwnd=252&unsent_bytes=0&cid=0eeab15c6e32ddb9&ts=197&x=0", cfL4;desc="?proto=QUIC&rtt=1483&min_rtt=1070&rtt_var=299&sent=456&recv=150&lost=0&retrans=0&sent_bytes=404023&recv_bytes=31291&delivery_rate=351674&cwnd=148500&unsent_bytes=0&cid=a5ea826875ae9378&ts=13583&x=16"
cf-ray: 9361354e0b46b4ed-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML