Report - g4sist.com.br/pp/ppp/xe6GHDdjOc61nYljg8vJw/c2VjdXJpdHlAc2x1cnBtYWlsLm5ldA==

Report Overview

Visited public
2025-01-25 11:25:31
Tags
phishing microsoft outlook suspicious
URL
g4sist.com.br/pp/ppp/xe6GHDdjOc61nYljg8vJw/c2VjdXJpdHlAc2x1cnBtYWlsLm5ldA==
Finishing URL
flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net
IP / ASN
23.239.118.146
#53850 GORILLASERVERS
Title
Phishing - Microsoft Outlook
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2025-01-22	411 B	32 kB	151.101.66.137
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-01-22	441 B	49 kB	104.17.25.14
g4sist.com.br	unknown	2004-05-04	2015-01-23	2025-01-24	529 B	362 B	23.239.118.146
flin.zelidarne.ru	unknown	2025-01-16	2025-01-23	2025-01-23	2.1 kB	238 kB	104.21.45.176
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-01-22	875 B	49 kB	104.18.95.41

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	unknown	1.7 kB	2025-01-25 11:25	2025-01-25 11:25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 11:25 Last Seen2025-01-25 11:25 Times Seen1 Hash 8a33e021136da6b2313e2f7f3b9b0721 ad60ae6d6a9ba67ec5f494703dc627a3055a44bd 76e79090bc350cefad4f1f92cb23e55cf0e812aeeadcff9d3c17fbe2681c6b46 Loading...

	unknown	48 kB	2025-01-25 11:25	2025-01-25 11:25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 11:25 Last Seen2025-01-25 11:25 Times Seen1 Hash c38ef9701ef249f8f7fec58861da0d6e d553b411003823defc52fb195fb6916dc909f016 f8aaf967a4c375800405a7e598716eb7a33723c406760871edc058c28d55ccf6 Loading...

	flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net	200 kB	2025-01-25 11:25	2025-01-25 11:25
Pretty URL flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-25 11:25 Last Seen2025-01-25 11:25 Times Seen1 Hash e59f9f4a97bd482477e14aeb977c0772 adee67de4c7e370baae27d391c2060f25edea322 6d519030fcff608e7e103d40db6fb0f33a860338a1cd0bdf4ae5f723b1dcbb1c Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07 01:02	2025-02-05 19:08
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-02-05 19:08 Times Seen173590 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	48 kB	2025-01-22 18:10	2025-01-28 15:33
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-22 18:10 Last Seen2025-01-28 15:33 Times Seen3065 Hash 7515ea4f181b76acacfb90430c6df9c3 49775b023cda207d8a8ae14caedb65a8990f57f5 b34abd4710711ace5b6c275118ffa7e1170c7d468bd95e3c859f9e76f767214b Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	48 kB	2023-03-07 01:31	2025-02-05 19:08
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-02-05 19:08 Times Seen73728 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 1d109844211a86d058d7e095af136267	2.2 kB	2025-01-25 11:25	2025-01-25 11:25
Pretty Observations First Seen2025-01-25 11:25 Last Seen2025-01-25 11:25 Times Seen1 Hash 1d109844211a86d058d7e095af136267 cb410d19de95e807011be70c98d6705ea692159d 69515b15ed88f5e4fc191f44f242c528a2fd1565cd1fd4a06249bc52a99fe1e0 Loading...

		Size	First Seen	Last Seen
	#1 Write - 624d293ffeabd79c411b7e5b71012404	58 kB	2025-01-25 11:25	2025-01-25 11:25
Pretty Observations First Seen2025-01-25 11:25 Last Seen2025-01-25 11:25 Times Seen1 Hash 624d293ffeabd79c411b7e5b71012404 15914840f202c2e731bda9261fca5d2b5e94abb2 4212d938f594a544411403cbdf52dea835a78172be741fcb5295cd7b88f0e79c Loading...

HTTP Transactions (8)

URL IP Response Size

g4sist.com.br/pp/ppp/xe6GHDdjOc61nYljg8vJw/c2VjdXJpdHlAc2x1cnBtYWlsLm5ldA==

23.239.118.146

200 OK

0 B

URL
g4sist.com.br/pp/ppp/xe6GHDdjOc61nYljg8vJw/c2VjdXJpdHlAc2x1cnBtYWlsLm5ldA==
IP
23.239.118.146:0
ASN
#53850 GORILLASERVERS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pp/ppp/xe6GHDdjOc61nYljg8vJw/c2VjdXJpdHlAc2x1cnBtYWlsLm5ldA== HTTP/1.1
Host: g4sist.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 25 Jan 2025 11:25:06 GMT
Server: Apache
refresh: 0;url=https://flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net
Vary: Accept-Encoding
X-Mod-Pagespeed: 1.13.35.2-0
Cache-Control: max-age=0, no-cache, s-maxage=10
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

flin.zelidarne.ru/s3u3uho/

104.21.45.176

200 OK

33 kB

URL
flin.zelidarne.ru/s3u3uho/
IP
104.21.45.176:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (65253), with CRLF line terminators
Size
33 kB (32682 bytes)
Hash
e06912e1692d25d3f9c829568ddd4afa
9c1380b57fcd5792ae7c894e9325335846fed8af
6a266412c62c642e120772fe6ebcd37ec122f99981826fd4c2194cf8671c4f0e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /s3u3uho/ HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Jan 2025 11:25:06 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVvfMVBMEQQW%2FlIvMUJSiUlKDv36NecD2sWIgAgr1BdSLj9jhh6Y2Vcf2xERDGdK2WSOIgRb%2BbOAMjZo6pUB4wsXEupSilQH%2FcHUTvnaFDR17kSpGVMxnr%2BYPpRRig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IlpWQ2FwSytYck53eCtmQlhDaUhlcHc9PSIsInZhbHVlIjoiYnpLN2VMZlZUZ2RrZm9ZbjllR1BISGdBelc0cjdXbSt2a2l3YWNPRWxqbFo5MzVSSGUrcUdTcGRMY3RzWTM3a2NYQ0M0VXNwVHJzc1hnMXhhSmp3RFlRTVk3MElpYTh0UVU2MjhEWUFhK0JuVVdXVGg0MmY4ZWQ0U1BzYzljUjkiLCJtYWMiOiJlNzJkN2VlZTA5NjAxNzYwZjM3MWRiZWJlYWE2NzQ0Nzg4ZTE4MjllZTVkMDNkZjQ0OGI1ZWNlYmIyZjQ1NDQ2IiwidGFnIjoiIn0%3D; expires=Sat, 25-Jan-2025 13:25:06 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjdOSERqK2V3YzhKWjNoS0ZFNjFhT0E9PSIsInZhbHVlIjoicEdlY3dMWlJzM0xmTUdkRFpPcHlFMnFZZVhzWnVyZWFKYkJBK0JPeGx2WmNGN1Y1V0R3OXlkZW4rRGVkUDg2aEVJVmY2ZW5hN1E3MVBJTHRmaHpocFBuMm5NVlJSYThuM1NXSitWTnp0L3J6Z2JqUkJ2TE8zU2hrNFowanUzbm8iLCJtYWMiOiI1MWVmMjY1NTQ5YTFmZjM4ZjE1YWQzOWMwOWQ0ZmYzYjRjNmExMzNhN2E3ODQ4MzZjNmRkNjAyZjVjMmE2NDE1IiwidGFnIjoiIn0%3D; expires=Sat, 25-Jan-2025 13:25:06 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 9077e693ae72568b-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5135&min_rtt=5116&rtt_var=1476&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1386&delivery_rate=542166&cwnd=127&unsent_bytes=0&cid=1eee089271f9831a&ts=193&x=0", cfL4;desc="?proto=TCP&rtt=5687&min_rtt=469&rtt_var=10456&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1255&delivery_rate=7715808&cwnd=254&unsent_bytes=0&cid=b882d41a7e176096&ts=310&x=0"
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.18.95.41

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintEF:AE:47:10:51:72:52:24:8B:84:F7:18:BC:91:3D:8F:CC:64:29:8D
ValidityWed, 01 Jan 2025 16:48:17 GMT - Tue, 01 Apr 2025 17:48:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 25 Jan 2025 11:25:07 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/725bd36e298b/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 9077e696eb93568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.66.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 25 Jan 2025 11:25:07 GMT
age: 3289645
x-served-by: cache-lga21931-LGA, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1266081
x-timer: S1737804307.043979,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Jan 2025 11:25:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 237208
expires: Thu, 15 Jan 2026 11:25:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0rpIPDs5Ea41kwUUesvqGKW0ZeF0BVyOnl4eIPvd4qwfNMGnKgmhjXBBfpQJwcQLYRer6tI5lab5g9OtviY1Db4B%2B92wKJCSrJ6HDuw%2BXrq%2Fr%2FYoukZAh%2Bg5zi7vGZ0SKccEmmiD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 9077e696aa85568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/b/725bd36e298b/api.js

104.18.95.41

200 OK

48 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/b/725bd36e298b/api.js
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintEF:AE:47:10:51:72:52:24:8B:84:F7:18:BC:91:3D:8F:CC:64:29:8D
ValidityWed, 01 Jan 2025 16:48:17 GMT - Tue, 01 Apr 2025 17:48:13 GMT

File type
JavaScript source, ASCII text, with very long lines (48120)
Size
48 kB (48121 bytes)
Hash
7515ea4f181b76acacfb90430c6df9c3
49775b023cda207d8a8ae14caedb65a8990f57f5
b34abd4710711ace5b6c275118ffa7e1170c7d468bd95e3c859f9e76f767214b

HTTP Headers

GET /turnstile/v0/b/725bd36e298b/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flin.zelidarne.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Jan 2025 11:25:07 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 21 Jan 2025 23:46:19 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 9077e6970bb6568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

flin.zelidarne.ru/favicon.ico

104.21.45.176

404 Not Found

0 B

URL GET HTTP/3
flin.zelidarne.ru/favicon.ico
IP
104.21.45.176:443
ASN
#13335 CLOUDFLARENET

Requested by
https://flin.zelidarne.ru/s3u3uho/#Msecurity@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flin.zelidarne.ru/s3u3uho/
Cookie: XSRF-TOKEN=eyJpdiI6IlpWQ2FwSytYck53eCtmQlhDaUhlcHc9PSIsInZhbHVlIjoiYnpLN2VMZlZUZ2RrZm9ZbjllR1BISGdBelc0cjdXbSt2a2l3YWNPRWxqbFo5MzVSSGUrcUdTcGRMY3RzWTM3a2NYQ0M0VXNwVHJzc1hnMXhhSmp3RFlRTVk3MElpYTh0UVU2MjhEWUFhK0JuVVdXVGg0MmY4ZWQ0U1BzYzljUjkiLCJtYWMiOiJlNzJkN2VlZTA5NjAxNzYwZjM3MWRiZWJlYWE2NzQ0Nzg4ZTE4MjllZTVkMDNkZjQ0OGI1ZWNlYmIyZjQ1NDQ2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjdOSERqK2V3YzhKWjNoS0ZFNjFhT0E9PSIsInZhbHVlIjoicEdlY3dMWlJzM0xmTUdkRFpPcHlFMnFZZVhzWnVyZWFKYkJBK0JPeGx2WmNGN1Y1V0R3OXlkZW4rRGVkUDg2aEVJVmY2ZW5hN1E3MVBJTHRmaHpocFBuMm5NVlJSYThuM1NXSitWTnp0L3J6Z2JqUkJ2TE8zU2hrNFowanUzbm8iLCJtYWMiOiI1MWVmMjY1NTQ5YTFmZjM4ZjE1YWQzOWMwOWQ0ZmYzYjRjNmExMzNhN2E3ODQ4MzZjNmRkNjAyZjVjMmE2NDE1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 25 Jan 2025 11:25:07 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jmSqe1qNY9PKe%2FafvKm9ssOGurEMppdrQMnRmGOUTXtGq2KtVAhce9VHf2cj20HC8Kadtc2ZOR045hLYH0kyDJ03RBcMG4%2BGxLgJ3iVcJwoNoDVhQXk4iFlfNPeCZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
priority: u=6,i=?0
server: cloudflare
cf-ray: 9077e6982e12b527-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5207&min_rtt=5119&rtt_var=1491&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2086&delivery_rate=544863&cwnd=244&unsent_bytes=0&cid=c8c0632541766dcc&ts=27&x=0", cfL4;desc="?proto=QUIC&rtt=4104&min_rtt=3087&rtt_var=1884&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4153&recv_bytes=1894&delivery_rate=192381&cwnd=12000&unsent_bytes=0&cid=ab0e026d5112432d&ts=567&x=1", cfExtPri, cfHdrFlush;dur=0

flin.zelidarne.ru/s3u3uho/

104.21.45.176

200 OK

200 kB

URL User Request GET HTTP/2
flin.zelidarne.ru/s3u3uho/
IP
104.21.45.176:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectzelidarne.ru
FingerprintC2:43:DC:39:F6:52:65:01:87:DF:52:F6:59:22:85:A1:F8:34:04:BE
ValiditySat, 18 Jan 2025 16:42:11 GMT - Fri, 18 Apr 2025 17:40:53 GMT

File type
HTML document, ASCII text, with very long lines (65253), with CRLF line terminators
Size
200 kB (200196 bytes)
Hash
e06912e1692d25d3f9c829568ddd4afa
9c1380b57fcd5792ae7c894e9325335846fed8af
6a266412c62c642e120772fe6ebcd37ec122f99981826fd4c2194cf8671c4f0e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /s3u3uho/ HTTP/1.1
Host: flin.zelidarne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 25 Jan 2025 11:25:06 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVvfMVBMEQQW%2FlIvMUJSiUlKDv36NecD2sWIgAgr1BdSLj9jhh6Y2Vcf2xERDGdK2WSOIgRb%2BbOAMjZo6pUB4wsXEupSilQH%2FcHUTvnaFDR17kSpGVMxnr%2BYPpRRig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IlpWQ2FwSytYck53eCtmQlhDaUhlcHc9PSIsInZhbHVlIjoiYnpLN2VMZlZUZ2RrZm9ZbjllR1BISGdBelc0cjdXbSt2a2l3YWNPRWxqbFo5MzVSSGUrcUdTcGRMY3RzWTM3a2NYQ0M0VXNwVHJzc1hnMXhhSmp3RFlRTVk3MElpYTh0UVU2MjhEWUFhK0JuVVdXVGg0MmY4ZWQ0U1BzYzljUjkiLCJtYWMiOiJlNzJkN2VlZTA5NjAxNzYwZjM3MWRiZWJlYWE2NzQ0Nzg4ZTE4MjllZTVkMDNkZjQ0OGI1ZWNlYmIyZjQ1NDQ2IiwidGFnIjoiIn0%3D; expires=Sat, 25-Jan-2025 13:25:06 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjdOSERqK2V3YzhKWjNoS0ZFNjFhT0E9PSIsInZhbHVlIjoicEdlY3dMWlJzM0xmTUdkRFpPcHlFMnFZZVhzWnVyZWFKYkJBK0JPeGx2WmNGN1Y1V0R3OXlkZW4rRGVkUDg2aEVJVmY2ZW5hN1E3MVBJTHRmaHpocFBuMm5NVlJSYThuM1NXSitWTnp0L3J6Z2JqUkJ2TE8zU2hrNFowanUzbm8iLCJtYWMiOiI1MWVmMjY1NTQ5YTFmZjM4ZjE1YWQzOWMwOWQ0ZmYzYjRjNmExMzNhN2E3ODQ4MzZjNmRkNjAyZjVjMmE2NDE1IiwidGFnIjoiIn0%3D; expires=Sat, 25-Jan-2025 13:25:06 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 9077e693ae72568b-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=5135&min_rtt=5116&rtt_var=1476&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1386&delivery_rate=542166&cwnd=127&unsent_bytes=0&cid=1eee089271f9831a&ts=193&x=0", cfL4;desc="?proto=TCP&rtt=5687&min_rtt=469&rtt_var=10456&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1255&delivery_rate=7715808&cwnd=254&unsent_bytes=0&cid=b882d41a7e176096&ts=310&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (8)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN