Report - nomoat.ru/lander/finsurvey-id/index.html

Report Overview

Submitted URL
nomoat.ru/lander/finsurvey-id/index.html
IP
185.198.166.32
ASN
#21100 ITL LLC
Submitted
2024-05-10 18:40:31
Access
public
Website Title
Selamat!
Final URL
nomoat.ru/lander/finsurvey-id/index.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
backunder.com	unknown	2022-12-13	2022-12-14	2024-03-31	391 B	1.6 kB	172.67.169.6
jouteetu.net	260109	2021-07-08	2021-07-15	2024-05-09	1.3 kB	1.9 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-08	983 B	1.1 kB	139.45.197.250
nomoat.ru	unknown	unknown	No data	No data	1.9 kB	33 kB	185.198.166.32
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09	2024-05-09	672 B	1.6 kB	172.64.149.23
news-burena.com	unknown	2023-08-18	2023-09-19	2024-02-26	839 B	9.9 kB	149.7.16.92
oungimuk.net	335656	2021-02-06	2021-02-10	2024-04-27	1.0 kB	38 kB	139.45.197.251

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	amunfezanttor.com	Sinkholed
2024-05-10	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	nomoat.ru/lander/finsurvey-id/index.html	497 B	2023-03-07	2024-05-19
Pretty URL nomoat.ru/lander/finsurvey-id/index.html IP 185.198.166.32 ASN #21100 ITL LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:17:49 Last Seen2024-05-19 14:20:01 Times Seen67 Hash 06498ad20a4100026472671d703abbb2 3e8ddcbc523b5de2fbe70161f0874467d722f05a 14d269c291348fb823eea40faea5f239418624b02d7216629e5000f5ab4ffab9 Loading...

	nomoat.ru/lander/finsurvey-id/index.html	97 B	2023-03-07	2024-05-19
Pretty URL nomoat.ru/lander/finsurvey-id/index.html IP 185.198.166.32 ASN #21100 ITL LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:20:53 Last Seen2024-05-19 16:35:03 Times Seen232 Hash e5becd724a37f0cb88133664ef9459cc 189d18ce6815d9dd33d5c97f1f9ae194efd47935 3b324ef1aae1c96b56094b43ddc2b486182a63653357c17793b6eb4c17cbe01f Loading...

	nomoat.ru/lander/finsurvey-id/index.html	46 B	2023-03-29	2024-05-19
Pretty URL nomoat.ru/lander/finsurvey-id/index.html IP 185.198.166.32 ASN #21100 ITL LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 22:16:09 Last Seen2024-05-19 14:20:01 Times Seen98 Hash d0e0ccb003bbb3075c2e983d5859c77f ac4b645c2b2c07d3656f0a734f6038a4779f4d28 4a3c9440b4f6d853b3a30e919903e7956db30ee228defb539fd8792a03270e34 Loading...

	backunder.com/script.js	911 B	2023-03-13	2024-05-19
Pretty URL backunder.com/script.js IP 172.67.169.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:39:15 Last Seen2024-05-19 14:20:01 Times Seen2422 Hash 87431f5c53069a8fd36f6efee29a514f 08296a974e36b3c9c9eb2a853658fbb8659c8836 e05b5f6d873b1857e696af8883191ef454f3919e62df36805ad502ba6a0dbfb7 Loading...

	oungimuk.net/pfe/current/micro.tag.min.js?z=4800093&sw=/sw-check-permissions-f4e9b.js	37 kB	2024-04-25	2024-05-15
Pretty URL oungimuk.net/pfe/current/micro.tag.min.js?z=4800093&sw=/sw-check-permissions-f4e9b.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-15 20:42:51 Times Seen2522 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	news-burena.com/code/backbtn.js	394 B	2023-03-07	2024-05-19
Pretty URL news-burena.com/code/backbtn.js IP 149.7.16.92 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:49 Last Seen2024-05-19 14:20:01 Times Seen304 Hash bc407fada9a52a36e5f8e260a6839502 7c31790842614adcf515d36608975556c41ad06d a0209849109697c52a14dbc041d1d4ff61137f04b2b09531756a03cdd48509f8 Loading...

	nomoat.ru/lander/finsurvey-id/index.html	148 B	2024-02-21	2024-05-19
Pretty URL nomoat.ru/lander/finsurvey-id/index.html IP 185.198.166.32 ASN #21100 ITL LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-21 03:22:32 Last Seen2024-05-19 13:02:05 Times Seen5 Hash 04fce079e0252f6b42a02ea3d2a91b8c 1b7d6e649149d1afb5161957e9ecf3c019e2d6f4 a958294fe1346cdd3e4fd2d329a04ceea967eddcfd5006a060638fd6258d2e5f Loading...

	news-burena.com/code/https.js?uid=136888&site=8054216&banadu=0&sub1=sub1	8.9 kB	2024-05-10	2024-05-10
Pretty URL news-burena.com/code/https.js?uid=136888&site=8054216&banadu=0&sub1=sub1 IP 149.7.16.92 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 20:40:36 Last Seen2024-05-10 20:40:37 Times Seen4 Hash 61cc3b9425639974fe779774551e27de bb2e5ef52bc6691b0d0059ce33d465c839b59edd ebe05e43e716e213a74e960d440fe7c1d5f7c04666032b3ef43438941218b41d Loading...

HTTP Transactions (16)

URL IP Response Size

nomoat.ru/lander/finsurvey-id/index.html

185.198.166.32

200 OK

13 kB

URL User Request GET HTTP/1.1
nomoat.ru/lander/finsurvey-id/index.html
IP
185.198.166.32:443
ASN
#21100 ITL LLC

Certificate
IssuerLet's Encrypt
Subjectnomoat.ru
FingerprintCD:E1:29:FA:41:DD:27:09:D0:6B:36:D0:73:EE:1C:40:BC:BC:EF:68
ValidityFri, 19 Apr 2024 07:42:00 GMT - Thu, 18 Jul 2024 07:41:59 GMT

File type
HTML document, ASCII text
Size
13 kB (13240 bytes)
Hash
4d4e3bdb6215a241f9555ac6424457af
0aa38f7fce155863560c1db40c4e164089020460
02d6b846627d504958747688f9d462c43b825c4a6e574cdf7d9999fc4b8fd5f4

HTTP Headers

GET /lander/finsurvey-id/index.html HTTP/1.1
Host: nomoat.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 18:40:05 GMT
Content-Type: text/html
Last-Modified: Wed, 20 Sep 2023 09:18:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"650ab8f6-1ce56"
X-Content-Type-Options: nosniff
Content-Encoding: gzip

nomoat.ru/lander/finsurvey-id/index_files/prz1.jpg

185.198.166.32

200 OK

17 kB

URL GET HTTP/1.1
nomoat.ru/lander/finsurvey-id/index_files/prz1.jpg
IP
185.198.166.32:443
ASN
#21100 ITL LLC

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectnomoat.ru
FingerprintCD:E1:29:FA:41:DD:27:09:D0:6B:36:D0:73:EE:1C:40:BC:BC:EF:68
ValidityFri, 19 Apr 2024 07:42:00 GMT - Thu, 18 Jul 2024 07:41:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 250x188, components 3
Size
17 kB (16568 bytes)
Hash
1a29030e9e81ea3135c60870c7741ed7
f0a7a6011075673229866747b3114a58c646fd8d
915cff4d9c7f479b4342b196ce0fd1013bcd5fb830218d8fb60a620da8f0427d

HTTP Headers

GET /lander/finsurvey-id/index_files/prz1.jpg HTTP/1.1
Host: nomoat.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/lander/finsurvey-id/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 18:40:06 GMT
Content-Type: image/jpeg
Content-Length: 16568
Last-Modified: Fri, 10 Mar 2023 16:20:43 GMT
Connection: keep-alive
ETag: "640b58db-40b8"
Expires: Mon, 20 May 2024 18:40:06 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

zerossl.ocsp.sectigo.com/

172.64.149.23

316 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
316 B (316 bytes)
Hash
65ce44e10fa3fe4fa887140be9f51a86
62a41d32e57fb837f6ef980ad481769cda5c30f4
6911022cfae266d7d4fce9dd00782847c415bf333678d7fd5528dc0628fefab8

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 18:40:06 GMT
Content-Type: application/ocsp-response
Content-Length: 316
Connection: keep-alive
Last-Modified: Fri, 10 May 2024 17:48:14 GMT
Expires: Fri, 17 May 2024 17:48:13 GMT
Etag: "62a41d32e57fb837f6ef980ad481769cda5c30f4"
Cache-Control: max-age=601858,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 881c0e471998569c-OSL

news-burena.com/code/backbtn.js

149.7.16.92

200 OK

394 B

URL GET HTTP/2
news-burena.com/code/backbtn.js
IP
149.7.16.92:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerZeroSSL
Subjectnews-burena.com
FingerprintBD:E1:49:BA:66:28:70:B4:EC:EF:79:C6:E6:2A:5A:0F:D6:AE:AE:75
ValiditySat, 13 Apr 2024 00:00:00 GMT - Fri, 12 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
394 B (394 bytes)
Hash
bc407fada9a52a36e5f8e260a6839502
7c31790842614adcf515d36608975556c41ad06d
a0209849109697c52a14dbc041d1d4ff61137f04b2b09531756a03cdd48509f8

HTTP Headers

GET /code/backbtn.js HTTP/1.1
Host: news-burena.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/javascript
content-length: 394
last-modified: Wed, 19 May 2021 12:34:54 GMT
etag: "60a505ee-18a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

oungimuk.net/zone?&pub=0&zone_id=4800093&is_mobile=false&domain=nomoat.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=6441508a-69ca-455b-bc76-0eb60d810ca1&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
oungimuk.net/zone?&pub=0&zone_id=4800093&is_mobile=false&domain=nomoat.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=6441508a-69ca-455b-bc76-0eb60d810ca1&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectoungimuk.net
FingerprintC1:EE:24:F7:3C:C1:F6:61:6D:0E:30:82:9A:4F:69:22:97:2A:12:DA
ValidityWed, 13 Mar 2024 18:32:04 GMT - Tue, 11 Jun 2024 18:32:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=4800093&is_mobile=false&domain=nomoat.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=6441508a-69ca-455b-bc76-0eb60d810ca1&action=prerequest HTTP/1.1
Host: oungimuk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nomoat.ru
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-length: 0
x-trace-id: e944f4106d6b97a634899b897abad96a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nomoat.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

zerossl.ocsp.sectigo.com/

172.64.149.23

316 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
316 B (316 bytes)
Hash
65ce44e10fa3fe4fa887140be9f51a86
62a41d32e57fb837f6ef980ad481769cda5c30f4
6911022cfae266d7d4fce9dd00782847c415bf333678d7fd5528dc0628fefab8

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 18:40:06 GMT
Content-Type: application/ocsp-response
Content-Length: 316
Connection: keep-alive
Last-Modified: Fri, 10 May 2024 17:48:14 GMT
Expires: Fri, 17 May 2024 17:48:13 GMT
Etag: "62a41d32e57fb837f6ef980ad481769cda5c30f4"
Cache-Control: max-age=601086,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 881c0e470f4e712f-OSL

news-burena.com/code/https.js?uid=136888&site=8054216&banadu=0&sub1=sub1

149.7.16.92

200 OK

8.9 kB

URL GET HTTP/2
news-burena.com/code/https.js?uid=136888&site=8054216&banadu=0&sub1=sub1
IP
149.7.16.92:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerZeroSSL
Subjectnews-burena.com
FingerprintBD:E1:49:BA:66:28:70:B4:EC:EF:79:C6:E6:2A:5A:0F:D6:AE:AE:75
ValiditySat, 13 Apr 2024 00:00:00 GMT - Fri, 12 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8905), with no line terminators
Size
8.9 kB (8905 bytes)
Hash
61cc3b9425639974fe779774551e27de
bb2e5ef52bc6691b0d0059ce33d465c839b59edd
ebe05e43e716e213a74e960d440fe7c1d5f7c04666032b3ef43438941218b41d

HTTP Headers

GET /code/https.js?uid=136888&site=8054216&banadu=0&sub1=sub1 HTTP/1.1
Host: news-burena.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/javascript
content-length: 8905
last-modified: Thu, 09 May 2024 07:43:39 GMT
etag: "663c7eab-22c9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

backunder.com/script.js

172.67.169.6

200 OK

871 B

URL GET HTTP/2
backunder.com/script.js
IP
172.67.169.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectbackunder.com
FingerprintF0:95:C2:A7:B0:15:EB:8D:1E:CE:36:6A:FC:03:95:FA:C0:07:37:96
ValiditySat, 30 Mar 2024 17:02:34 GMT - Fri, 28 Jun 2024 17:02:33 GMT

File type
JavaScript source, ASCII text, with very long lines (350)
Size
871 B (871 bytes)
Hash
87431f5c53069a8fd36f6efee29a514f
08296a974e36b3c9c9eb2a853658fbb8659c8836
e05b5f6d873b1857e696af8883191ef454f3919e62df36805ad502ba6a0dbfb7

HTTP Headers

GET /script.js HTTP/1.1
Host: backunder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1228
etag: W/"4cc-5f2f3364b2fe4-gzip"
last-modified: Mon, 23 Jan 2023 19:14:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1082
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K5brmnz3o0M7X4GlbQoLb2QdnTnlKrcaXYkwV%2FAm2mKTIKDnN6xMHi7fXCt4xbRueqC8WecysNgwJ8VPmGef4M1ql8o%2B%2F1r673w0blgj0aFaft6nYhvimo4%2BhtH56Vng"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c0e468be5b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 263
Origin: https://nomoat.ru
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9c69e3e0769c110c289ed91ad70eebb8
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nomoat.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

nomoat.ru/sw-check-permissions-f4e9b.js?zoneId=4800093

185.198.166.32

200 OK

566 B

URL GET HTTP/1.1
nomoat.ru/sw-check-permissions-f4e9b.js?zoneId=4800093
IP
185.198.166.32:443
ASN
#21100 ITL LLC

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectnomoat.ru
FingerprintCD:E1:29:FA:41:DD:27:09:D0:6B:36:D0:73:EE:1C:40:BC:BC:EF:68
ValidityFri, 19 Apr 2024 07:42:00 GMT - Thu, 18 Jul 2024 07:41:59 GMT

File type
Java source, ASCII text
Size
566 B (566 bytes)
Hash
bd13116b6d51d2ac2d7666d6867ec2f5
18b47b72c8f7b2bee56260e7c53b76ca9832eff7
93e056ddfa835cfb93c472164b96fbfdc7c90a3ef92d53de2ac3cf057c78dad1

HTTP Headers

GET /sw-check-permissions-f4e9b.js?zoneId=4800093 HTTP/1.1
Host: nomoat.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/lander/finsurvey-id/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 18:40:06 GMT
Content-Type: application/javascript
Content-Length: 566
Last-Modified: Thu, 24 Aug 2023 13:11:12 GMT
Connection: keep-alive
ETag: "64e756f0-236"
Expires: Mon, 20 May 2024 18:40:06 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 266
Origin: https://nomoat.ru
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5a86f35dbab61f468ca8308f900c3f47
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nomoat.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 265
Origin: https://nomoat.ru
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: dcb62159b12c728aa2e1569cc5da82a7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nomoat.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://nomoat.ru/
Origin: https://nomoat.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://nomoat.ru
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
7c1bfd163691f2c5d9fa9dc645ab72c0
3b9bd07bf5caccc9409ea8b31b947b1a2e85e590
e9085890d96d6a96d07e01f6e8ed896fc5631ef6cb97e6c6cc1b59aa8492efe2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nomoat.ru/
Content-Type: application/json
Content-Length: 891
Origin: https://nomoat.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://nomoat.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

nomoat.ru/lander/finsurvey-id/favicon.ico

185.198.166.32

200 OK

1.2 kB

URL GET HTTP/1.1
nomoat.ru/lander/finsurvey-id/favicon.ico
IP
185.198.166.32:443
ASN
#21100 ITL LLC

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectnomoat.ru
FingerprintCD:E1:29:FA:41:DD:27:09:D0:6B:36:D0:73:EE:1C:40:BC:BC:EF:68
ValidityFri, 19 Apr 2024 07:42:00 GMT - Thu, 18 Jul 2024 07:41:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
bf395735c85923b97b38b1be3bdfa75a
2b05490dc2f41119d444ff3123fe36acf75c0f8e
07348466057b4d4c7c038c4448dd24befa5c48e653c52264d8475cdfdd60438e

HTTP Headers

GET /lander/finsurvey-id/favicon.ico HTTP/1.1
Host: nomoat.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/lander/finsurvey-id/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 18:40:06 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 10 Mar 2023 16:01:38 GMT
Connection: keep-alive
ETag: "640b5462-47e"
Expires: Mon, 20 May 2024 18:40:06 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

oungimuk.net/pfe/current/micro.tag.min.js?z=4800093&sw=/sw-check-permissions-f4e9b.js

139.45.197.251

200 OK

37 kB

URL GET HTTP/2
oungimuk.net/pfe/current/micro.tag.min.js?z=4800093&sw=/sw-check-permissions-f4e9b.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://nomoat.ru/lander/finsurvey-id/index.html
Certificate
IssuerLet's Encrypt
Subjectoungimuk.net
FingerprintC1:EE:24:F7:3C:C1:F6:61:6D:0E:30:82:9A:4F:69:22:97:2A:12:DA
ValidityWed, 13 Mar 2024 18:32:04 GMT - Tue, 11 Jun 2024 18:32:03 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
37 kB (37142 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4800093&sw=/sw-check-permissions-f4e9b.js HTTP/1.1
Host: oungimuk.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nomoat.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:40:06 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML