| ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-vf2.woff2 |  104.21.31.58 | 200 OK | 93 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-vf2.woff2 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 93276, version 1.0 Hashbcd7983ea5aa57c55f6758b4977983cb ef3a009e205229e07fb0ec8569e669b11c378ef1 6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
last-modified: Fri, 14 Mar 2025 07:14:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ojwo29IlGfGichEnGyJ5j1r7ZYvjZZqd4SZyE%2BKmhPk3kyE%2BByn2ggjvmzGlDKUU3Brpb7sVx1KZeVVv8I2fddJH92kDgg0%2B8oWopbZ2xQsHtzNSDxhq%2BnzG0pd3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2683
accept-ranges: bytes
server: cloudflare
cf-ray: 92023b4319045687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1076&min_rtt=1070&rtt_var=413&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2383&delivery_rate=2590339&cwnd=251&unsent_bytes=0&cid=c8c91018f8186a1c&ts=195&x=0", cfL4;desc="?proto=TCP&rtt=60052&min_rtt=57865&rtt_var=2784&sent=296&recv=70&lost=0&retrans=0&sent_bytes=288157&recv_bytes=7432&delivery_rate=991102&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=7971&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/34TXRzDQRrDtjWZIPhpJgh1KnyFcD90yfK67101 | 104.21.31.58 | 200 OK | 4.7 MB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/34TXRzDQRrDtjWZIPhpJgh1KnyFcD90yfK67101 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
Size4.7 MB (4712061 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /34TXRzDQRrDtjWZIPhpJgh1KnyFcD90yfK67101 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:26 GMT
content-type: application/javascript
content-disposition: inline; filename="34TXRzDQRrDtjWZIPhpJgh1KnyFcD90yfK67101"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=swNdSPSrUxuk0aqAQGiyDqVZIBq01RFDnw0MFAfQgwfMgMARMCpxtTGkiWPGw7u4QKWJ%2BXOe1x6ILOCEf3RU0w6CHsb8IkGTTiSt2kUiaUg8swbRAaQ2ecWS%2FAB%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b4369ae5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1011&min_rtt=1007&rtt_var=291&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2276&delivery_rate=2798067&cwnd=251&unsent_bytes=0&cid=b17efa4ee90d25fb&ts=131&x=0", cfL4;desc="?proto=TCP&rtt=58224&min_rtt=57510&rtt_var=96&sent=471&recv=180&lost=0&retrans=0&sent_bytes=465877&recv_bytes=8919&delivery_rate=2392295&cwnd=481&unsent_bytes=0&cid=f8b34b2724c51115&ts=9778&x=0"
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32 ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 21601
expires: Wed, 04 Mar 2026 07:59:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K63yRoUNVo4MD0AMlxKxPnfNtCLketnJ3UvyUFmVF6S8n8sRA5NVwczDYxT%2FEr00RhtWByt0O9jzhMJ08lzbwZVrxkr8Fv3uhakeTYpqJLbDO%2FYotjISGjs4WKmNDIxw9jnXxxQE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92023b165ffb56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css |  143.204.55.3 | 200 OK | 10 kB |
URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css IP143.204.55.3:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typeASCII text, with very long lines (10450) Hashe0d37a504604ef874bad26435d62011f 4301f0d2b729ae22adece657d79eccaa25f429b1 c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 22 Feb 2025 06:22:03 GMT
expires: Sun, 22 Feb 2026 06:22:03 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: W5KXbzwRz64dyovTxrx4I0XWGtedhdD7YZjno1jKwaQSHwQcoOcV4g==
age: 1733841
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/ijQJjrmbb8Or3PR7kByWef7us5PiuqrhoO6NhHwTzFYWhAoSZmdJyz230 | 104.21.31.58 | 200 OK | 1.3 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/ijQJjrmbb8Or3PR7kByWef7us5PiuqrhoO6NhHwTzFYWhAoSZmdJyz230 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeRIFF (little-endian) data, Web/P image Hash32ca2081553e969f9fdd4374134521ad 7b09924c4c3d8b6e41fe38363e342da098be4173 216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /ijQJjrmbb8Or3PR7kByWef7us5PiuqrhoO6NhHwTzFYWhAoSZmdJyz230 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:26 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="ijQJjrmbb8Or3PR7kByWef7us5PiuqrhoO6NhHwTzFYWhAoSZmdJyz230"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BL5%2BSFhZbqZQ2k%2FNVUaFrUBlLIEdELHHSybae5WprHUq4Bhfu6GphHcCrk0qUXqpgaT%2FCctteM2cJL%2BTseK4T9DFXb8YvV3OwC5QR3PCqNc13PcMRWXk6jY0BWS6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b4c7c855687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1199&min_rtt=1151&rtt_var=409&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2315&delivery_rate=2089466&cwnd=251&unsent_bytes=0&cid=e5c8ea2e804f5f51&ts=119&x=0", cfL4;desc="?proto=TCP&rtt=58293&min_rtt=57510&rtt_var=287&sent=457&recv=169&lost=0&retrans=0&sent_bytes=453382&recv_bytes=8919&delivery_rate=2392295&cwnd=468&unsent_bytes=0&cid=f8b34b2724c51115&ts=9619&x=0"
X-Firefox-Spdy: h2
|
|
| ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 | 143.204.55.3 | 200 OK | 20 kB |
URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 IP143.204.55.3:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 20416, version 2.197 Hashd99a7377dabb55772ca9f986b0a04b57 2b5fcd8431953c44e410d0489899e74f6d2cfecc affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Mon, 03 Mar 2025 02:11:21 GMT
expires: Tue, 03 Mar 2026 02:11:21 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uDLJjxnxdrPmoe-VdBi3BytmQ-eOVy7uRTVARPHITY-6Pa9tdYGl3Q==
age: 971285
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/oz36EdMyyT7g50fr3mPOK0IU6hzvwDRG0EPuOfRyCcq | 104.21.31.58 | 200 OK | 20 B |
URL POST ad0.micrologsystemout365serversystemdatalogconfirmation.su/oz36EdMyyT7g50fr3mPOK0IU6hzvwDRG0EPuOfRyCcq IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash0b35866f4a3aa4d34ce5dda2d14c2cd8 d2b80911f09c3106fdf0df9920f983945d644083 493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
POST /oz36EdMyyT7g50fr3mPOK0IU6hzvwDRG0EPuOfRyCcq HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------9650981031443260491770990657
Content-Length: 942
Origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkllY25PVHlBTFl2TXZoRGlKRkZpdlE9PSIsInZhbHVlIjoiRFF0ODRndG1BcEdpMGNUSithMzI1NlRvVVR6eloyQTgyLzFFMVFvaWsvVEphTmtzVzl5SmRNQ3plYUxwelZwTUhKMzVGcEFjQ2hKUEg4Z1VkeDA1RDYwekJGWmNFMEVyWU5SdzFIbGJDajNlUnRQai9pTkJLMkcwQ0FTWXNDQi8iLCJtYWMiOiJhYTIyNzQ3NWNkZGFmMGYyMzQ1OWVjNmI4YTI3Mjc5NWU5NDg4NTZkODEyMTg3ZWQ3ZjA1YWZiY2RiNjQyMWY1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InBZYnkwQjl3K1VrQi8zNXNjM1RqRXc9PSIsInZhbHVlIjoiZFplNHZlYTU1YkI5VXg3KzVkU3d0MTRmWmxtZm9LRDI3em40dFdjZUFUc2JZTEoza3YvNVV3c0pnWUZBMXZ1TzNWUXZrV1creUFFcmxnOUorN0JsaGRyNXRKSmtzWWtXeVRSQVFkSW5JRDZCOTJYSzUwYWZWdlh3VU93YWRpK3MiLCJtYWMiOiI4YzAyYzU0ZjkwN2Q3NWQ5NWI1NzNkMmY3OGViZDQzZWNlMzUwMjk2OThjZWJlYjNmMzRlOGU3OGU1MTcwNDgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:23 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6K%2B3w99%2F%2BWQSEGP8kuo7eHen%2Fku7o7riPdCelfmNEPpmRzqgL2hJ%2FbBbtvTdk%2FVckA51KFBQXTrbwBWPydy1NNJCPZNUUSSue338kWyxcMrx6580z1fxmXzZoctQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6InpQVC9GWllWMUhkTXFhVXhOVEY2Tmc9PSIsInZhbHVlIjoiL0syQ3h1dHlxeTNKb2Y3Z1pIdUlDd3VRdWhaMDlKRlVOdzRyalFUMXozcFVxeGZzeUZEdjlKN29mSWtQaXVLajE1aVNGNXpCd0RkRXdnQ1p3MVFmM2RPNkttV2pTbDZTbUlJNTREaitEQXRlNzd2YjlPeTkyM21xM0I4MXc1NDAiLCJtYWMiOiJhNDY4Njg1YzFmNDU4NTU0NzU4NjEwODIyNGEyYThiZmVhYjQzYzllMDlmYmY4NzlkMWM0ZWIzZTZiNTU3MjM4IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:23 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkJrdy8vVDBsZVNTbitwS0g5ZTNsK2c9PSIsInZhbHVlIjoidktmS0tBd24wUVdSTzAzQWgwRzIwZHhJRVdVS2FkZlUxczlPdmdUK1RwZm5RcWxOYU1OaTNNU25xbkRWQWxOVDlOQTBvSUs2Z3hnSERnaUhSTmg2VEpTSjV1T1VVQS9WLzZkWVZVeElSbVlMYVpYQW5saU45VmpsMlpURWFQY1YiLCJtYWMiOiJkYTk0NDFlNjRmNmY1NTU5ZWM2OTRmYTUxMWI3ZDQ5NWM3ODI3N2Q2ZmZkOWY4MjBlMTYwMmZkYjkxMTA0YzAzIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:23 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
server: cloudflare
cf-ray: 92023b396dae5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1228&min_rtt=1226&rtt_var=465&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=3399&delivery_rate=2322373&cwnd=251&unsent_bytes=0&cid=637bd46ef9c170f3&ts=121&x=0", cfL4;desc="?proto=TCP&rtt=67996&min_rtt=58171&rtt_var=16682&sent=46&recv=22&lost=0&retrans=0&sent_bytes=28005&recv_bytes=3139&delivery_rate=394209&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=6599&x=0"
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32 ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 21608
expires: Wed, 04 Mar 2026 07:59:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHQs6TTL4QGy6Jl3pcaOl5boK7rjojNxqLCc491H6bKptME1HwyyOxRkMWfgr3e%2FYKGDF8QZz7dUOxCpjeiTxIZXvIoIaKpGdN0I%2FEf%2Fr6CqN1W9qQQB9yJENDPblqaOZ%2BN2RWYO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92023b430f1b56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-regular.woff2 | 104.21.31.58 | 200 OK | 29 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-regular.woff2 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28584, version 1.66 Hash17081510f3a6f2f619ec8c6f244523c7 87f34b2a1532c50f2a424c345d03fe028db35635 2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: HIT
last-modified: Fri, 14 Mar 2025 07:14:40 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFDvqPZ005x%2B1I5m%2FkhVT8rbYmXG2h23JarYMBXfoXfIIunDSa%2F9ls4EsN6h4CUoCxWiAoxKntLAZ%2B9CDB%2FMG8XOs4m9JUBSZxOSDQvDZaoW3C3HjgHYOXjK7m9J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
age: 2683
cache-control: max-age=14400
server: cloudflare
cf-ray: 92023b4318f45687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1403&min_rtt=1389&rtt_var=549&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2387&delivery_rate=1925531&cwnd=251&unsent_bytes=0&cid=14c33bb58dd99725&ts=173&x=0", cfL4;desc="?proto=TCP&rtt=60052&min_rtt=57865&rtt_var=2784&sent=206&recv=70&lost=0&retrans=0&sent_bytes=176946&recv_bytes=7432&delivery_rate=991102&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=7962&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-regular.woff | 104.21.31.58 | 200 OK | 37 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-regular.woff IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeWeb Open Font Format, TrueType, length 36696, version 1.0 Hasha69e9ab8afdd7486ec0749c551051ff2 c34e6aa327b536fb48d1fe03577a47c7ee2231b8 fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-regular.woff HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
cf-cache-status: HIT
age: 2683
last-modified: Fri, 14 Mar 2025 06:39:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p3%2BGYubHQOETU0Hpn3Hl0hC80E2yfv7daUqNDuuyDlQ1ANJWc1M4DvXJJ%2FLqKskh1y9jqksCH%2Fix9OVMlW5rpT4yHfVVtRKvhs4jT8iR0E5BNCgzHScfKbJB51Hp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
server: cloudflare
cf-ray: 92023b4318f55687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1036&min_rtt=1021&rtt_var=413&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2386&delivery_rate=2538124&cwnd=251&unsent_bytes=0&cid=54e41633762d0062&ts=13&x=0", cfL4;desc="?proto=TCP&rtt=60052&min_rtt=57865&rtt_var=2784&sent=228&recv=70&lost=0&retrans=0&sent_bytes=204402&recv_bytes=7432&delivery_rate=991102&cwnd=256&unsent_bytes=1852&cid=f8b34b2724c51115&ts=7963&x=0"
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.130.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.130.137:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 14 Mar 2025 07:59:23 GMT
age: 5692698
x-served-by: cache-lga21931-LGA, cache-osl6521-OSL
x-cache: HIT, HIT
x-cache-hits: 500673, 142067
x-timer: S1741939164.682632,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/favicon.ico | 104.21.31.58 | 404 Not Found | 0 B |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/favicon.ico IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Ii91c1pSdTEyL09lbWNuWUtJSUlvWHc9PSIsInZhbHVlIjoiUUJsOW5wdGFLaG4xWUp6ck0vbE81cG41T2xwNGZ5dERaOFRoZ1lheTV0b0lnOXA1UnRhWlJ3eVYvSHByaDg2bmdJaHhoaHY3Zk5sQzc5TFBNMVY3TlBWWEhnaTYvd3BYZ1dqOUVxQStiTTlIZ1M0cG1qcnFnNUVnVWR2Y01BMGoiLCJtYWMiOiIyYjBlZjg1ZWIxMzQ0NzA3YzkwZmEyM2JkZjdlNTM4YTgyZDQwODMxMGVkMmIyN2Y5ZWVkOTc0YzkwMDYxNzE4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBWaUxLOHJ1a3ExVURnUUl2VW5kWkE9PSIsInZhbHVlIjoiM3pDV3R5N3lWZk9OcHBUOE5iMUp4Ymg0WndXYS91eS9hTHNyU1RlTWtzVFZXTlJZaEdCb0VSbjJLRFY3TUk0b2E1dkUwRTd5WWZIMUtMSU5KQkZhTWFGNlVSMElQMGJJRm5yMDVETHZFcE9XdHBuanFUZUJNYnFvejBxcmJHWFMiLCJtYWMiOiI0N2UzMGI2MTUxYTY5ODhkZmYxYjE4MmMyNTEwYWY5N2Y5ZWY3YWNhMmY4YTkyMDExY2FlZDI2ZDQ5ZmZjNTk4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGHOU0JWeen5CedltKGUSW0VqTz%2BeMIUTPwkXpfC%2B4q2J4srTKG85kO32ckigS1yw%2FpwlXwtvWvYiIie%2BWjGIsVgwXeo1QQR8ABsFjWtgeVPdGNjIElvJotk77De"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
server: cloudflare
cf-ray: 92023b3e9b805687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1104&min_rtt=1090&rtt_var=331&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2250&delivery_rate=2507359&cwnd=251&unsent_bytes=0&cid=329e1e2272d86a64&ts=126&x=0", cfL4;desc="?proto=TCP&rtt=60302&min_rtt=57865&rtt_var=3814&sent=73&recv=38&lost=0&retrans=0&sent_bytes=42434&recv_bytes=4917&delivery_rate=394209&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=7441&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net | 104.21.31.58 | 200 OK | 17 kB |
URL User Request GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net IP104.21.31.58:443
CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeHTML document, ASCII text, with very long lines (12005), with CRLF line terminators Hashfda621928e011ed6b18a036e5f756cf4 2e1d7a03b0955008d686c48791c7ec47c8dd28be 1d2278bb0d0134f9cfddd0b8cea6f57f01587089f75af4155934c9364640b341
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code |
GET /aFteNdiAnsen/$robert.smotlak%40slurpmail.net HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reviewstipsandoffers.com/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InpQVC9GWllWMUhkTXFhVXhOVEY2Tmc9PSIsInZhbHVlIjoiL0syQ3h1dHlxeTNKb2Y3Z1pIdUlDd3VRdWhaMDlKRlVOdzRyalFUMXozcFVxeGZzeUZEdjlKN29mSWtQaXVLajE1aVNGNXpCd0RkRXdnQ1p3MVFmM2RPNkttV2pTbDZTbUlJNTREaitEQXRlNzd2YjlPeTkyM21xM0I4MXc1NDAiLCJtYWMiOiJhNDY4Njg1YzFmNDU4NTU0NzU4NjEwODIyNGEyYThiZmVhYjQzYzllMDlmYmY4NzlkMWM0ZWIzZTZiNTU3MjM4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkJrdy8vVDBsZVNTbitwS0g5ZTNsK2c9PSIsInZhbHVlIjoidktmS0tBd24wUVdSTzAzQWgwRzIwZHhJRVdVS2FkZlUxczlPdmdUK1RwZm5RcWxOYU1OaTNNU25xbkRWQWxOVDlOQTBvSUs2Z3hnSERnaUhSTmg2VEpTSjV1T1VVQS9WLzZkWVZVeElSbVlMYVpYQW5saU45VmpsMlpURWFQY1YiLCJtYWMiOiJkYTk0NDFlNjRmNmY1NTU5ZWM2OTRmYTUxMWI3ZDQ5NWM3ODI3N2Q2ZmZkOWY4MjBlMTYwMmZkYjkxMTA0YzAzIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:23 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UpXZDE7ql9DBQkleHiCZQbDqp2JRGVH4TkLBepAu4OUq4Sog82%2BSA2Hl0DRV1yFEDn9gLlvR7yNYpPmShYQs%2F%2Bq4R7BRvqW5Q7En0P9dm8Rm6U7ojSKndh0%2F0Azg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Ii91c1pSdTEyL09lbWNuWUtJSUlvWHc9PSIsInZhbHVlIjoiUUJsOW5wdGFLaG4xWUp6ck0vbE81cG41T2xwNGZ5dERaOFRoZ1lheTV0b0lnOXA1UnRhWlJ3eVYvSHByaDg2bmdJaHhoaHY3Zk5sQzc5TFBNMVY3TlBWWEhnaTYvd3BYZ1dqOUVxQStiTTlIZ1M0cG1qcnFnNUVnVWR2Y01BMGoiLCJtYWMiOiIyYjBlZjg1ZWIxMzQ0NzA3YzkwZmEyM2JkZjdlNTM4YTgyZDQwODMxMGVkMmIyN2Y5ZWVkOTc0YzkwMDYxNzE4IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:23 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlBWaUxLOHJ1a3ExVURnUUl2VW5kWkE9PSIsInZhbHVlIjoiM3pDV3R5N3lWZk9OcHBUOE5iMUp4Ymg0WndXYS91eS9hTHNyU1RlTWtzVFZXTlJZaEdCb0VSbjJLRFY3TUk0b2E1dkUwRTd5WWZIMUtMSU5KQkZhTWFGNlVSMElQMGJJRm5yMDVETHZFcE9XdHBuanFUZUJNYnFvejBxcmJHWFMiLCJtYWMiOiI0N2UzMGI2MTUxYTY5ODhkZmYxYjE4MmMyNTEwYWY5N2Y5ZWY3YWNhMmY4YTkyMDExY2FlZDI2ZDQ5ZmZjNTk4IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:23 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 92023b3b2f695687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1109&min_rtt=1078&rtt_var=331&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2303&delivery_rate=2494401&cwnd=250&unsent_bytes=0&cid=5950e837e79029e2&ts=140&x=0", cfL4;desc="?proto=TCP&rtt=64102&min_rtt=58171&rtt_var=10362&sent=51&recv=27&lost=0&retrans=0&sent_bytes=29416&recv_bytes=3843&delivery_rate=394209&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=6872&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/xyJp6PVrs4ef21 | 104.21.31.58 | 200 OK | 36 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/xyJp6PVrs4ef21 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeASCII text, with CRLF line terminators Hash38501e3fbbbd89b56aa5ba35de1a32fe d9b31981b6f834e8480ba28fbc1cff1be772f589 a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /xyJp6PVrs4ef21 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="xyJp6PVrs4ef21"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KNtMo3%2FNSPm6gx9QkPoFTMYcaESjkpHFot6iA9vE4egRQ6qmz75Dr4S9x32K7B5%2BQGvUFbL6RMJj4zeISw8s2kf069%2BmGtTibh9eeGm2iPxA%2Bc9K5Xlrcv%2F3zKI6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b4308ec5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1058&min_rtt=1028&rtt_var=342&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2265&delivery_rate=2496551&cwnd=247&unsent_bytes=0&cid=2d1f49b8b67bcb00&ts=143&x=0", cfL4;desc="?proto=TCP&rtt=62365&min_rtt=57713&rtt_var=8034&sent=395&recv=128&lost=0&retrans=0&sent_bytes=396427&recv_bytes=8357&delivery_rate=2392295&cwnd=399&unsent_bytes=0&cid=f8b34b2724c51115&ts=8160&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/efWBNyAjR5S3KcJUhZZ7pvv9uvOERmqKHXJMc8DfBH90148 | 104.21.31.58 | 200 OK | 270 B |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/efWBNyAjR5S3KcJUhZZ7pvv9uvOERmqKHXJMc8DfBH90148 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeSVG Scalable Vector Graphics image Hash0c09c5ea7c28d6feb4d124957dde0a0d 1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /efWBNyAjR5S3KcJUhZZ7pvv9uvOERmqKHXJMc8DfBH90148 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: image/svg+xml
content-disposition: inline; filename="efWBNyAjR5S3KcJUhZZ7pvv9uvOERmqKHXJMc8DfBH90148"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KyhL9hQfJAJ9e%2ByhHFCzHNAOoky%2FkQE%2FXwAFcM9044xOK45jR%2FpLTX799sJz2MLHGzo%2B0pWaBSN5pUGoHBk72ejjxyDA7wRNAo6Rdm7JCgCseWIyHnEPaLRFHMPz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b43699b5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1074&min_rtt=1050&rtt_var=442&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2305&delivery_rate=2327974&cwnd=250&unsent_bytes=0&cid=b212c14ec4aaac64&ts=133&x=0", cfL4;desc="?proto=TCP&rtt=58451&min_rtt=57510&rtt_var=329&sent=426&recv=150&lost=0&retrans=0&sent_bytes=428720&recv_bytes=8357&delivery_rate=2392295&cwnd=433&unsent_bytes=0&cid=f8b34b2724c51115&ts=8221&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/favicon.ico | 104.21.31.58 | 404 Not Found | 0 B |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/favicon.ico IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6InNoNHZITm12RnFjZmUrTkZJcno1L2c9PSIsInZhbHVlIjoiTmM5UWw0ekpzV2JYZlBxS0ZHU01FNzFKRjYyWS9CRXVGTTNoLytBZDhGOHcyYWh5bENYOXE5bzQ0MytZMlJzaTd5RDYzM2NSaWZQcFNNM2FPaExVazVMWHkrcmNDQVJWYzlnTG1nSVNWazFXWnFnU0dob2hyMlN6T1RUMHVObVgiLCJtYWMiOiIzMTQ0M2MwNTU3NGY5M2U5NjUyN2YzMDdlNWNiOThjZjYzY2JiMzlhNDVkZTI3YmNmZDEzOGE1OTAyZGRkMjk5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtNRXRxZHdQYlNFTkwzU0ZuNzg5QXc9PSIsInZhbHVlIjoibDB6UFczZlJNYkhuSWJRSWJ3ZlVCUk1CTXVSZU1LSXZFQS9Tb2ZoU3ExY0tFQS9ldUF4eXlVUnVqNFRpb3A2d3NYSmpkakQ0U056TDRCYllnTUZsMnhITFFQcFN6a3FKMkkzcFRMc2ZrcEJXaTl4bitUVGV6NDBkR3NqOWUvVkIiLCJtYWMiOiI3OWJmNWIxNzAyNDc3MjNlOGNmNjM2Nzg4M2VjMGUyYmFkOGIyYTJiZTNhODc5ZWU5YjI5MzdmMDk3NzhlNDVkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Fri, 14 Mar 2025 07:59:27 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGHOU0JWeen5CedltKGUSW0VqTz%2BeMIUTPwkXpfC%2B4q2J4srTKG85kO32ckigS1yw%2FpwlXwtvWvYiIie%2BWjGIsVgwXeo1QQR8ABsFjWtgeVPdGNjIElvJotk77De"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
age: 3
cache-control: max-age=14400
server: cloudflare
cf-ray: 92023b5799fc5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1104&min_rtt=1090&rtt_var=331&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2250&delivery_rate=2507359&cwnd=251&unsent_bytes=0&cid=329e1e2272d86a64&ts=126&x=0", cfL4;desc="?proto=TCP&rtt=58141&min_rtt=57348&rtt_var=187&sent=872&recv=315&lost=0&retrans=0&sent_bytes=930930&recv_bytes=9586&delivery_rate=4394580&cwnd=617&unsent_bytes=0&cid=f8b34b2724c51115&ts=11240&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-bold.woff | 104.21.31.58 | 200 OK | 36 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-bold.woff IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeWeb Open Font Format, TrueType, length 35970, version 1.0 Hash496b7bbde91c7dc7cf9bbabbb3921da8 2bd3c406a715ab52dad84c803c55bf4a6e66a924 ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-bold.woff HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: HIT
last-modified: Fri, 14 Mar 2025 07:14:40 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EsGmsHG4SfnlRjTfa%2F9Gu8DkB71t7R5pfCZ0R%2FaW2K8ajqZdN7SXg5rdQ04ABYOm%2BWER%2BLQuJnWSlbmf344Z6b8%2F1ddDevF%2FLbff60mbSRyXh%2FBYWMUXjUkzMRBz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
age: 2683
cache-control: max-age=14400
server: cloudflare
cf-ray: 92023b4318f35687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1018&min_rtt=994&rtt_var=317&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2384&delivery_rate=2551541&cwnd=251&unsent_bytes=0&cid=cc8c700850eba50d&ts=151&x=0", cfL4;desc="?proto=TCP&rtt=60052&min_rtt=57865&rtt_var=2784&sent=151&recv=70&lost=0&retrans=0&sent_bytes=111187&recv_bytes=7432&delivery_rate=991102&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=7960&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX | 104.21.31.58 | 200 OK | 150 kB |
URL User Request GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX IP104.21.31.58:443
CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeHTML document, ASCII text, with very long lines (52005), with CRLF line terminators Size150 kB (149632 bytes) Hash0b3b2276de57c816847e3ed398fbab67 0a058ec17b61619afd26545331912dd461cfba42 fa9e26ccc6be9cac9f6db35fb93b8af3a98a8cc10bb174dc9deb74ef3b4b07c3
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code |
GET /iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Ikg1OHJkMEUyOVdhYTc3R21DcHhRenc9PSIsInZhbHVlIjoienlMMmxQbVFlZjZ4RGkxa0craDExdVdnL1RpMWh5bGRUZ0tlRHJUK3VteEdhNHNOeTVtOEpUQTVpcXZwbU9BWE5Wcm8wLzI4TW12VGp0SVBPQjhUVHBEWVNUVEVzSFJNS0xwbHBLNXIyVHplcnVhQnVWQjNKZ0N0VFhSQTduWmUiLCJtYWMiOiIwYTEzOGFhNmZjYWMxMWE3OWY4ZmNmNTdmNWUyZjEzYTFjMGYyYTRlNmFkMzA4YmEzZmJiOTc5NTY1OTEwMTQxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InlOWE1Gd1pqeFQwODAwdGZ6RjRqRWc9PSIsInZhbHVlIjoicjEwY21qUnFLZjkyVVZqUVZRWUFSZmVRYVFjaUtQTi9lRjE1RHo5UUtHTVdPVEtpMWhmZXNJcTQrTGRHMDlIYXBQYkcwd2xmTUY2ZmNwaWthMnVOTk9GNWhQdVhVMVkvWjFSR01jdzNrNVoxVWQxblpMdUNPaU9VRVYxSFh4TTkiLCJtYWMiOiI4ZjNkODJkNWJhNTJlNzU4MmZhOGFjMTRlYzBmZWYzNjMwMDRhNTNhODg3NjFkYmJkYWY0ODFiNjY3Y2U5YzY3IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWD4RCeZgdprpDOGjEOU4S3%2FWoWhImkcDWKVafOIFRapqxqupy6X6GN3mJSNmnIuAm9UZ6l4PXCexnie926jGpl7cPx20hMPMj5tmitmx%2FNn%2Bqc9GyO6ETZkUjuN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:24 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:24 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 92023b406d7a5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1070&min_rtt=1061&rtt_var=315&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2396&delivery_rate=2609009&cwnd=237&unsent_bytes=0&cid=b843e9f06ba7c9ca&ts=145&x=0", cfL4;desc="?proto=TCP&rtt=60127&min_rtt=57865&rtt_var=3210&sent=77&recv=40&lost=0&retrans=0&sent_bytes=43204&recv_bytes=5764&delivery_rate=394209&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=7710&x=0"
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.130.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.130.137:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 14 Mar 2025 07:59:24 GMT
age: 5692699
x-served-by: cache-lga21931-LGA, cache-osl6521-OSL
x-cache: HIT, HIT
x-cache-hits: 500673, 142068
x-timer: S1741939165.594621,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 | 143.204.55.3 | 200 OK | 11 kB |
URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 IP143.204.55.3:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File typePNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced Hash12bdacc832185d0367ecc23fd24c86ce 4422f316eb4d8c8d160312bb695fd1d944cbff12 877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Wed, 12 Mar 2025 01:00:17 GMT
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Thu, 12 Mar 2026 01:00:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WuovsJ-DTp6xC1WNtglqO4N-394pIJBCuPClXKhr2OsVxYdiZoGRfw==
age: 197947
X-Firefox-Spdy: h2
|
|
| objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250314%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250314T075747Z&X-Amz-Expires=300&X-Amz-Signature=9b2550e9ffe037c3efc1cfb2ac2592e4ba68e5dcaa02d390338120e942fead74&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream | 185.199.108.133 | 200 OK | 10 kB |
URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250314%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250314T075747Z&X-Amz-Expires=300&X-Amz-Signature=9b2550e9ffe037c3efc1cfb2ac2592e4ba68e5dcaa02d390338120e942fead74&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream IP185.199.108.133:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerSectigo Limited Subject*.github.io Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91 ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (10017) Hash6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250314%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250314T075747Z&X-Amz-Expires=300&X-Amz-Signature=9b2550e9ffe037c3efc1cfb2ac2592e4ba68e5dcaa02d390338120e942fead74&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 14 Mar 2025 07:59:25 GMT
age: 5684
x-served-by: cache-iad-kiad7000045-IAD, cache-osl6523-OSL
x-cache: HIT, HIT
x-cache-hits: 27915, 1
x-timer: S1741939165.422025,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2
|
|
| get.geojs.io/v1/ip/geo.json | 104.26.0.100 | 200 OK | 331 B |
URL GET get.geojs.io/v1/ip/geo.json IP104.26.0.100:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectgeojs.io Fingerprint5C:2B:75:7A:49:73:C3:5B:60:4B:9B:92:F2:03:41:93:9B:39:98:55 ValidityFri, 28 Feb 2025 05:45:56 GMT - Thu, 29 May 2025 06:45:49 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (389), with no line terminators Hashb4d0291797c90e1377857d0689aa2a67 e8b735375d705235a7f78b7dbff5adf73f1c179c 1aca47d7162cb11a70e5172bc45afc51b0b4c8eeec46b0e160e04bd924566ca7
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:29 GMT
content-type: application/json
x-request-id: 6f2c88f49f7dfe54fe4463fd69be595c-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VKNunaQaGjlSaUDESMPLe796%2Bm5y4xsnaKUUP4RxY%2FuociAMtrTeF6QUVcOLza1vAWnWJYc59BlrSswS%2BJntOU1C4KewTnhwS4p%2Bukr63nP4JSxDp5ZB1qbLIjLdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 92023b5f39fbb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=58339&min_rtt=58289&rtt_var=12382&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3239&recv_bytes=1304&delivery_rate=64116&cwnd=253&unsent_bytes=0&cid=4bcf9d40d3e0b717&ts=218&x=0"
X-Firefox-Spdy: h2
|
|
| t.go.rac.co.uk/r/?id=h1020a75,d7623c,1ac8b&p1=r%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFv%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFw%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFp%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFa%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFd%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BFs.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA== |  54.229.114.212 | 302 Found | 607 B |
URL User Request GET t.go.rac.co.uk/r/?id=h1020a75,d7623c,1ac8b&p1=r%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFv%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFw%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFp%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFa%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFd%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BFs.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA== IP54.229.114.212:443
CertificateIssuerAmazon Subjectt.go.rac.co.uk Fingerprint2D:0D:E1:EC:5D:58:2D:B9:14:A9:33:F8:F9:95:B5:59:F4:C6:4C:C8 ValidityTue, 17 Sep 2024 00:00:00 GMT - Fri, 17 Oct 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r/?id=h1020a75,d7623c,1ac8b&p1=r%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFv%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFw%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFt%EF%BB%BF%EF%BB%BFi%EF%BB%BF%EF%BB%BFp%EF%BB%BF%EF%BB%BFs%EF%BB%BF%EF%BB%BFa%EF%BB%BF%EF%BB%BFn%EF%BB%BF%EF%BB%BFd%EF%BB%BF%EF%BB%BFo%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFf%EF%BB%BF%EF%BB%BFe%EF%BB%BF%EF%BB%BFr%EF%BB%BF%EF%BB%BFs.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA== HTTP/1.1
Host: t.go.rac.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 14 Mar 2025 07:59:12 GMT
content-type: text/plain; charset=utf-8
content-length: 17
location: https://reviewstipsandoffers.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA==
server: Apache
x-robots-tag: noindex
p3p: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV"
set-cookie: AMCV_6797C27A57DFC4097F000101%40AdobeOrg=MCMID%7C60505773032792391672134635854629437439; Domain=rac.co.uk; Path=/; Expires=Wed, 08-Apr-2026 07:59:12 GMT
nlid=1020a75|d7623c; Domain=rac.co.uk; Path=/
nllastdelid=d7623c; Domain=rac.co.uk; Path=/; Expires=Wed, 08-Apr-2026 07:59:12 GMT
X-Firefox-Spdy: h2
|
|
| reviewstipsandoffers.com/favicon.ico | 185.150.191.220 | 200 OK | 1.2 kB |
URL GET reviewstipsandoffers.com/favicon.ico IP185.150.191.220:443
Requested byhttps://reviewstipsandoffers.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA== CertificateIssuerLet's Encrypt Subjectreviewstipsandoffers.com FingerprintFD:50:37:C0:31:2A:54:2C:18:D1:A2:A7:4C:D3:E7:18:EC:07:CF:8C ValidityFri, 28 Feb 2025 02:32:37 GMT - Thu, 29 May 2025 02:32:36 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hashecd280e82296af8cdb574963511af731 7573cfd72be08e43970116814f3daf306f5a59a2 b9e83d3546424cc208f7b89c7a50af647e3dc5d270687575e56f3d4af7a70c3d
GET /favicon.ico HTTP/1.1
Host: reviewstipsandoffers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reviewstipsandoffers.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Thu, 13 Dec 2007 13:46:41 GMT
accept-ranges: bytes
content-length: 1150
content-type: image/x-icon
date: Fri, 14 Mar 2025 07:59:13 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/b/c8ec7565fab7/api.js | 104.18.94.41 | 200 OK | 48 kB |
URL GET challenges.cloudflare.com/turnstile/v0/b/c8ec7565fab7/api.js IP104.18.94.41:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28 ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File typeJavaScript source, ASCII text, with very long lines (48122) Hashd28852417b2f548b9d22157f3059676b 186a3e17cdb58cf409574285bb587060bd798361 538b4166b164fabbe579b771eb697e6e89f40cce3ab16479a7a057083d943310
GET /turnstile/v0/b/c8ec7565fab7/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:17 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 12 Mar 2025 15:12:18 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 92023b17790656c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/qrjYvOxYMSzAEsVBSghB794isDKH6Kf0GmqqNg45140 | 104.21.31.58 | 200 OK | 892 B |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/qrjYvOxYMSzAEsVBSghB794isDKH6Kf0GmqqNg45140 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeRIFF (little-endian) data, Web/P image Hash41d62ca205d54a78e4298367482b4e2b 839aae21ed8ecfc238fdc68b93ccb27431cd5393 20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /qrjYvOxYMSzAEsVBSghB794isDKH6Kf0GmqqNg45140 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="qrjYvOxYMSzAEsVBSghB794isDKH6Kf0GmqqNg45140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iot4943vFnUxANX7juIe%2Bwiqky1Du3teaoITW3VUxcDBCEkgaZipLv%2FmELYKXOFR%2FZdBJ%2FCPruaTQ3Ekb4lTP%2FR1bzNcPR7BKy7LkgsDp%2BoCuxKchtnbWBDEuZrR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b43290f5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1046&min_rtt=1036&rtt_var=309&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2301&delivery_rate=2676524&cwnd=251&unsent_bytes=0&cid=5106bd460a856ace&ts=80&x=0", cfL4;desc="?proto=TCP&rtt=58486&min_rtt=57713&rtt_var=235&sent=377&recv=124&lost=0&retrans=0&sent_bytes=386548&recv_bytes=8357&delivery_rate=4279692&cwnd=394&unsent_bytes=0&cid=f8b34b2724c51115&ts=8110&x=0"
X-Firefox-Spdy: h2
|
|
| ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css | 143.204.55.3 | 200 OK | 223 kB |
URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css IP143.204.55.3:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerDigiCert Inc Subject*.oktacdn.com Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5 ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
Size223 kB (222931 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
date: Tue, 25 Feb 2025 03:22:29 GMT
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
etag: W/"0329c939fca7c78756b94fbcd95e322b"
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
expires: Wed, 25 Feb 2026 03:22:29 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WT-9xCb_88ZY_jEhfBREm4Dr2dTwxMrjaLkuBUFMVG3m7hG-bBgqXg==
age: 1485415
X-Firefox-Spdy: h2
|
|
| developers.cloudflare.com/favicon.png | 104.16.3.189 | 200 OK | 937 B |
URL GET developers.cloudflare.com/favicon.png IP104.16.3.189:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectdevelopers.cloudflare.com FingerprintE9:3A:C0:6A:2E:64:DE:1B:4E:08:08:AE:18:4B:FF:46:61:C4:C0:78 ValidityTue, 14 Jan 2025 19:23:19 GMT - Mon, 14 Apr 2025 20:23:12 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hashfc3b7bbe7970f47579127561139060e2 3f7c5783fe1f4404cb16304a5a274778ea3abd25 85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe
GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:18 GMT
content-type: image/png
content-length: 937
cf-cache-status: HIT
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=yO1LkgrRpkPxM8QtrXvHxska2jbomAdbjV1d5DOdFc0-1741939158-1.0.1.1-43phq55cR9uX8WJa0hfRUpMyAq63aiFSMF4Oofs3nCkyBZ4w_1bz9S.N0974VuPkmmrswIk_67lXFInzkdrE1TBgaRmOn62NBxhLsyhYk1k; path=/; expires=Fri, 14-Mar-25 08:29:18 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 92023b1a4eee568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-bold.woff2 | 104.21.31.58 | 200 OK | 28 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-bold.woff2 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28000, version 1.66 Hasha4bca6c95fed0d0c5cc46cf07710dcec 73b56e33b82b42921db8702a33efd0f2b2ec9794 5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="GDSherpa-bold.woff2"
last-modified: Fri, 14 Mar 2025 07:14:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6Z8SbmUiQ1Eb0VfvCuqU6qKC%2Bu2MeUFs1dLuHQuZYQtU7E%2FMU6KqKwFRoM6%2B9fL3PmKmBfF0RCmQl%2FeQJM9ZdFGX6OPd%2Bm6d3vXa78gdVr6EnBVTWiPonhyc7br"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2684
accept-ranges: bytes
server: cloudflare
cf-ray: 92023b4308f05687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1695&min_rtt=1673&rtt_var=516&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2385&delivery_rate=1567099&cwnd=251&unsent_bytes=0&cid=5e82c0f38c9dae3a&ts=157&x=0", cfL4;desc="?proto=TCP&rtt=60052&min_rtt=57865&rtt_var=2784&sent=178&recv=70&lost=0&retrans=0&sent_bytes=142575&recv_bytes=7432&delivery_rate=991102&cwnd=256&unsent_bytes=5534&cid=f8b34b2724c51115&ts=7960&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/zcqDA7iQV1HpJZd5C97j4uwqrYzm4HKtZ3oC88z8cfw | 104.21.31.58 | 200 OK | 350 B |
URL POST ad0.micrologsystemout365serversystemdatalogconfirmation.su/zcqDA7iQV1HpJZd5C97j4uwqrYzm4HKtZ3oC88z8cfw IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (367), with no line terminators Hash749589815fa0d8f9e22ca3035f04a55d f5710512d528f6c73330038054bc160d209fe075 2c47e5a5f3dc3f3d1e72651d3a3f822ca99f671fe1e28a322460a448f5d1e995
POST /zcqDA7iQV1HpJZd5C97j4uwqrYzm4HKtZ3oC88z8cfw HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 37
Origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Ii91c1pSdTEyL09lbWNuWUtJSUlvWHc9PSIsInZhbHVlIjoiUUJsOW5wdGFLaG4xWUp6ck0vbE81cG41T2xwNGZ5dERaOFRoZ1lheTV0b0lnOXA1UnRhWlJ3eVYvSHByaDg2bmdJaHhoaHY3Zk5sQzc5TFBNMVY3TlBWWEhnaTYvd3BYZ1dqOUVxQStiTTlIZ1M0cG1qcnFnNUVnVWR2Y01BMGoiLCJtYWMiOiIyYjBlZjg1ZWIxMzQ0NzA3YzkwZmEyM2JkZjdlNTM4YTgyZDQwODMxMGVkMmIyN2Y5ZWVkOTc0YzkwMDYxNzE4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBWaUxLOHJ1a3ExVURnUUl2VW5kWkE9PSIsInZhbHVlIjoiM3pDV3R5N3lWZk9OcHBUOE5iMUp4Ymg0WndXYS91eS9hTHNyU1RlTWtzVFZXTlJZaEdCb0VSbjJLRFY3TUk0b2E1dkUwRTd5WWZIMUtMSU5KQkZhTWFGNlVSMElQMGJJRm5yMDVETHZFcE9XdHBuanFUZUJNYnFvejBxcmJHWFMiLCJtYWMiOiI0N2UzMGI2MTUxYTY5ODhkZmYxYjE4MmMyNTEwYWY5N2Y5ZWY3YWNhMmY4YTkyMDExY2FlZDI2ZDQ5ZmZjNTk4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:23 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8eHOrSYsWtuSmBKIie4a1vDr5AD0tVo3oIDIO1fY3gvm0J%2BLISVpCTNg3L676UXE9STDycqVrM7%2BRmQnSaDKt6k1HhwC40GfHdjZbyCNzpNkEn8h09IozoVkvcxJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Ikg1OHJkMEUyOVdhYTc3R21DcHhRenc9PSIsInZhbHVlIjoienlMMmxQbVFlZjZ4RGkxa0craDExdVdnL1RpMWh5bGRUZ0tlRHJUK3VteEdhNHNOeTVtOEpUQTVpcXZwbU9BWE5Wcm8wLzI4TW12VGp0SVBPQjhUVHBEWVNUVEVzSFJNS0xwbHBLNXIyVHplcnVhQnVWQjNKZ0N0VFhSQTduWmUiLCJtYWMiOiIwYTEzOGFhNmZjYWMxMWE3OWY4ZmNmNTdmNWUyZjEzYTFjMGYyYTRlNmFkMzA4YmEzZmJiOTc5NTY1OTEwMTQxIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:23 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InlOWE1Gd1pqeFQwODAwdGZ6RjRqRWc9PSIsInZhbHVlIjoicjEwY21qUnFLZjkyVVZqUVZRWUFSZmVRYVFjaUtQTi9lRjE1RHo5UUtHTVdPVEtpMWhmZXNJcTQrTGRHMDlIYXBQYkcwd2xmTUY2ZmNwaWthMnVOTk9GNWhQdVhVMVkvWjFSR01jdzNrNVoxVWQxblpMdUNPaU9VRVYxSFh4TTkiLCJtYWMiOiI4ZjNkODJkNWJhNTJlNzU4MmZhOGFjMTRlYzBmZWYzNjMwMDRhNTNhODg3NjFkYmJkYWY0ODFiNjY3Y2U5YzY3IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:23 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 92023b3ddaae5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1126&min_rtt=1107&rtt_var=349&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2490&delivery_rate=2333601&cwnd=248&unsent_bytes=0&cid=74dcd55360975100&ts=135&x=0", cfL4;desc="?proto=TCP&rtt=60835&min_rtt=57865&rtt_var=5156&sent=69&recv=36&lost=0&retrans=0&sent_bytes=40779&recv_bytes=4917&delivery_rate=394209&cwnd=256&unsent_bytes=0&cid=f8b34b2724c51115&ts=7292&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/56ZYLZBaoDlZxyQdr8920 | 104.21.31.58 | 200 OK | 27 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/56ZYLZBaoDlZxyQdr8920 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeASCII text, with very long lines (26765), with no line terminators Hash1a862a89d5633fac83d763886726740d e5ce3aa454c992a13fd406a9647d7afbf831051f 5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /56ZYLZBaoDlZxyQdr8920 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="56ZYLZBaoDlZxyQdr8920"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSdiM%2F5wa2EJlXg%2Fp%2FBLJFqXqhct4bRwX7Da%2BhtIFRv0BNnIXUimP%2Bzdd1JIAM9UvQRdMUZCfnNqbDRJCscGNOnXg6BRkOPdieoaXCzo8rGphOvakYliVIPXjgVF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b4308e85687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1162&min_rtt=1154&rtt_var=341&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2272&delivery_rate=2387469&cwnd=251&unsent_bytes=0&cid=d22f86384b91bd3d&ts=92&x=0", cfL4;desc="?proto=TCP&rtt=58460&min_rtt=57713&rtt_var=513&sent=373&recv=118&lost=0&retrans=0&sent_bytes=382442&recv_bytes=8357&delivery_rate=3275053&cwnd=365&unsent_bytes=0&cid=f8b34b2724c51115&ts=8076&x=0"
X-Firefox-Spdy: h2
|
|
| reviewstipsandoffers.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA== | 185.150.191.220 | 200 OK | 607 B |
URL User Request GET reviewstipsandoffers.com/sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA== IP185.150.191.220:443
CertificateIssuerLet's Encrypt Subjectreviewstipsandoffers.com FingerprintFD:50:37:C0:31:2A:54:2C:18:D1:A2:A7:4C:D3:E7:18:EC:07:CF:8C ValidityFri, 28 Feb 2025 02:32:37 GMT - Thu, 29 May 2025 02:32:36 GMT
File typeJavaScript source, ASCII text, with very long lines (651), with no line terminators Hash4cd73372a40955be650c7ccb89c48eff 9ebe5ce832e659625637572d95511d424f739048 6a00e6214531ecef65a2bcb15f96329edb1fe1e36c7e640c46d445fa028cb372
GET /sys/html/idvye1yrYiAp71CH3IRVQ/cm9iZXJ0LnNtb3RsYWtAc2x1cnBtYWlsLm5ldA== HTTP/1.1
Host: reviewstipsandoffers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Fri, 14 Mar 2025 07:59:13 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js |  140.82.121.3 | 302 Found | 10 kB |
URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP140.82.121.3:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerSectigo Limited Subjectgithub.com FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: GitHub.com
date: Fri, 14 Mar 2025 07:57:47 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250314%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250314T075747Z&X-Amz-Expires=300&X-Amz-Signature=9b2550e9ffe037c3efc1cfb2ac2592e4ba68e5dcaa02d390338120e942fead74&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
x-github-request-id: B7B8:24B51D:2505B1E:2668F67:67D3E1DC
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/uviRdjwTAfcfqX13ewSylqUppklsJqrztZkHEnkMlJ12123 | 104.21.31.58 | 200 OK | 644 B |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/uviRdjwTAfcfqX13ewSylqUppklsJqrztZkHEnkMlJ12123 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeRIFF (little-endian) data, Web/P image Hash541b83c2195088043337e4353b6fd60d f09630596b6713217984785a64f6ea83e91b49c5 2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /uviRdjwTAfcfqX13ewSylqUppklsJqrztZkHEnkMlJ12123 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="uviRdjwTAfcfqX13ewSylqUppklsJqrztZkHEnkMlJ12123"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TDubWMQZ8SS4KSEOvt%2BdldFuzsCYopvYOohLTe%2FpYAuCae8AbZwpD1LwgT2r6iaP1TJuCx5QDYoaJDnhZm1UQ39J4imVDZg0kqSYshOHVyomaOpNl%2B8ltulDSbwH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b43190b5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1043&min_rtt=1017&rtt_var=302&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2305&delivery_rate=2747628&cwnd=251&unsent_bytes=0&cid=1a7e17d0f7ed6070&ts=85&x=0", cfL4;desc="?proto=TCP&rtt=58486&min_rtt=57713&rtt_var=235&sent=385&recv=124&lost=0&retrans=0&sent_bytes=391033&recv_bytes=8357&delivery_rate=4279692&cwnd=394&unsent_bytes=0&cid=f8b34b2724c51115&ts=8114&x=0"
X-Firefox-Spdy: h2
|
|
| 3w4ewc.biijvi.ru/pani!pnmtkdc | 172.67.191.206 | 200 OK | 1 B |
URL GET 3w4ewc.biijvi.ru/pani!pnmtkdc IP172.67.191.206:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectbiijvi.ru Fingerprint02:EF:A6:97:C6:28:CC:B6:D5:58:DA:02:5D:E7:F2:98:D8:DB:C8:5F ValidityThu, 27 Feb 2025 12:53:40 GMT - Wed, 28 May 2025 13:51:24 GMT
File typevery short file (no magic) Hashcfcd208495d565ef66e7dff9f98764da b6589fc6ab0dc82cf12099d1c2d40ab994e8410c 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /pani!pnmtkdc HTTP/1.1
Host: 3w4ewc.biijvi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:22 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DDfSt1mLfWU5LVsu3blwtPbT3A2Mr8xiTRtgJMPAwMeZa8%2Fgn5kgiLOlNgZxAkxpQBtsTmgT7WXE7tE6efqSfTKfQcoHCTEHt9EBb7jg9T344j%2F177CnXaH3XSNxp1wcSACS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b324f85568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59663&min_rtt=59511&rtt_var=12662&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3192&recv_bytes=1150&delivery_rate=62562&cwnd=254&unsent_bytes=0&cid=533f6bcbaf251cf5&ts=1076&x=0"
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js | 104.17.24.14 | 200 OK | 48 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP104.17.24.14:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32 ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators Hash2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 21607
expires: Wed, 04 Mar 2026 07:59:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jPc%2FK7nQPL5zMd28l5zkGp2u0wYekCipvVGNqCBbQbreurtzvZkZWEUy5uc7E%2BDmXpsYNFm7bMjZ0oHMFTn2zh%2BGB2jGvwxbVAl26t5nySewgOw2RV%2FB74MzmWmaZsoV%2Fdkg%2Fu1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92023b3d0dba56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback | 104.18.94.41 | 302 Found | 48 kB |
URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP104.18.94.41:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28 ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 14 Mar 2025 07:59:17 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/c8ec7565fab7/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 92023b165f5c56c9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/kl4NMEEHRA8ApbDQcG20qtwxRyhrSmFD2zJ1978161 | 104.21.31.58 | 200 OK | 7.4 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/kl4NMEEHRA8ApbDQcG20qtwxRyhrSmFD2zJ1978161 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeSVG Scalable Vector Graphics image Hashbca9b46fee32162356ba5b4783e614dc cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5 fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /kl4NMEEHRA8ApbDQcG20qtwxRyhrSmFD2zJ1978161 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: image/svg+xml
content-disposition: inline; filename="kl4NMEEHRA8ApbDQcG20qtwxRyhrSmFD2zJ1978161"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f8Mn86yhuRr4F3m3yduqByShqe4oEEZXSHIAzQYFlU7UNPs8LAbuzTsDHaeKNLLymFjaGWXFQZtMu8QdQxC8gkh7T%2BFfWzzE6UOw3ysgB5FdZgngYAVJLUgmqgDa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b43699c5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1404&min_rtt=1385&rtt_var=407&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2300&delivery_rate=2013908&cwnd=251&unsent_bytes=0&cid=d69d93d3b7e982a9&ts=80&x=0", cfL4;desc="?proto=TCP&rtt=62365&min_rtt=57713&rtt_var=8034&sent=388&recv=128&lost=0&retrans=0&sent_bytes=392362&recv_bytes=8357&delivery_rate=2392295&cwnd=399&unsent_bytes=0&cid=f8b34b2724c51115&ts=8158&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/ghSO8uuKzhyNNR2be8pQdWmnSvfPoO4foeo7lj8iLNFaef208 | 104.21.31.58 | 200 OK | 25 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/ghSO8uuKzhyNNR2be8pQdWmnSvfPoO4foeo7lj8iLNFaef208 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeRIFF (little-endian) data, Web/P image Hashf9a795e2270664a7a169c73b6d84a575 0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8 d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /ghSO8uuKzhyNNR2be8pQdWmnSvfPoO4foeo7lj8iLNFaef208 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ghSO8uuKzhyNNR2be8pQdWmnSvfPoO4foeo7lj8iLNFaef208"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=awt00VqyQzAnKHIeG%2FfNbTfQR2IxNgwui5ZW%2BaTHRcq0wAdinRuJgr6tQ7JlXHPaD%2B7FiLUwTj10SV1ixvmdUFMwmEaMoeuz2a3IircNiZChJQXyRwll4PfF75l6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b4369a75687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1014&min_rtt=973&rtt_var=314&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2307&delivery_rate=2635122&cwnd=251&unsent_bytes=0&cid=7512d5ecee7d2bf4&ts=82&x=0", cfL4;desc="?proto=TCP&rtt=62365&min_rtt=57713&rtt_var=8034&sent=399&recv=128&lost=0&retrans=0&sent_bytes=400166&recv_bytes=8357&delivery_rate=2392295&cwnd=399&unsent_bytes=0&cid=f8b34b2724c51115&ts=8161&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/opsLw1BodbbdeSD3E9PKwCLmRhKmt5LBJtduWst4yMrLjUbJWYUZ56UqALqKu8q8xscd240 | 104.21.31.58 | 200 OK | 9.6 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/opsLw1BodbbdeSD3E9PKwCLmRhKmt5LBJtduWst4yMrLjUbJWYUZ56UqALqKu8q8xscd240 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeRIFF (little-endian) data, Web/P image Hash4946eb373b18d178c93d473489673bb6 16477acb73b63ca251d37401249e7e4515febd24 666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /opsLw1BodbbdeSD3E9PKwCLmRhKmt5LBJtduWst4yMrLjUbJWYUZ56UqALqKu8q8xscd240 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:26 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="opsLw1BodbbdeSD3E9PKwCLmRhKmt5LBJtduWst4yMrLjUbJWYUZ56UqALqKu8q8xscd240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KqfYVWDsOCTjZuz2LYuDRcbPx6ls6DJXp2FvdzJc8%2BV1822KZMinnejGW34Qcyqfg01CvVh2hPc%2Bd6OUd4h%2B1%2F5aiux3tKUxJ%2BHn3oVQpebLVp7mF5NSE8%2BsHxJc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b4369a95687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1012&min_rtt=992&rtt_var=293&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2329&delivery_rate=2819863&cwnd=251&unsent_bytes=0&cid=8fcf5ef8c71babab&ts=81&x=0", cfL4;desc="?proto=TCP&rtt=58224&min_rtt=57510&rtt_var=96&sent=461&recv=180&lost=0&retrans=0&sent_bytes=455459&recv_bytes=8919&delivery_rate=2392295&cwnd=481&unsent_bytes=0&cid=f8b34b2724c51115&ts=9726&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/mnzSkXQOfCgQduSAEJIKmSLAui6vMuqF87F56moSl6OagD72bWPG8GWR1Rwx212 | 104.21.31.58 | 200 OK | 1.9 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/mnzSkXQOfCgQduSAEJIKmSLAui6vMuqF87F56moSl6OagD72bWPG8GWR1Rwx212 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeSVG Scalable Vector Graphics image Hash4b5c228b4faba433d06ec569ed855b2d a7d3882b93e332460e7c59510a6a811ef011983f eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /mnzSkXQOfCgQduSAEJIKmSLAui6vMuqF87F56moSl6OagD72bWPG8GWR1Rwx212 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:26 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mnzSkXQOfCgQduSAEJIKmSLAui6vMuqF87F56moSl6OagD72bWPG8GWR1Rwx212"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4q3GwODLa%2Bqul5EDIf4iHwCaeJZDToJ7STwLibQboF8R2s3p1NQ1EtsaY7I9e%2B2sTOGGARqhZL0aRBGgijaJwXljR2Zr20PNJHprC3IAGt0Nd0x4rXHi9oWzOhAk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b4c7c795687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1147&min_rtt=1124&rtt_var=337&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2321&delivery_rate=2433613&cwnd=251&unsent_bytes=0&cid=a480fadef415dcdf&ts=85&x=0", cfL4;desc="?proto=TCP&rtt=58293&min_rtt=57510&rtt_var=287&sent=448&recv=169&lost=0&retrans=0&sent_bytes=448303&recv_bytes=8919&delivery_rate=2392295&cwnd=468&unsent_bytes=0&cid=f8b34b2724c51115&ts=9582&x=0"
X-Firefox-Spdy: h2
|
|
| 574xgfnd25owzksr5lfzpws6sgtbwbx4g2mjhj9a3gra8jcpajhd.lenovapk.ru/hjqsaqkzhesntilzfnzwvvqZYryTFYRALCMQOBPFEIJPGZBEOFHPBPXYEHNDrs7QmIgGLKo6pzmyzNKwx40 | 104.21.61.5 | 200 OK | 536 B |
URL POST 574xgfnd25owzksr5lfzpws6sgtbwbx4g2mjhj9a3gra8jcpajhd.lenovapk.ru/hjqsaqkzhesntilzfnzwvvqZYryTFYRALCMQOBPFEIJPGZBEOFHPBPXYEHNDrs7QmIgGLKo6pzmyzNKwx40 IP104.21.61.5:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectlenovapk.ru Fingerprint09:84:6B:EB:96:31:2D:AC:72:7C:E4:8C:9B:39:F5:5A:AB:DE:0B:D9 ValiditySat, 01 Mar 2025 18:27:10 GMT - Fri, 30 May 2025 19:22:19 GMT
File typeASCII text, with very long lines (536), with no line terminators Hashb700a2408fff4601b18b91dd7b1adf0f 294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc 23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft | | Quad9 DNS | malicious | Sinkholed |
POST /hjqsaqkzhesntilzfnzwvvqZYryTFYRALCMQOBPFEIJPGZBEOFHPBPXYEHNDrs7QmIgGLKo6pzmyzNKwx40 HTTP/1.1
Host: 574xgfnd25owzksr5lfzpws6sgtbwbx4g2mjhj9a3gra8jcpajhd.lenovapk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 121
Origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:30 GMT
content-type: text/plain; charset=utf-8
vary: Origin
access-control-allow-origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w2zsGC0ugvMPM%2BcTrFxe%2Bq5OON7XL5ny%2BFf2Oj4RwVIok8zW4dpopxxs%2Fs328lz0Rwan9qFMO%2BNkMQq4OubIEkeud%2FTbCpzst%2FsiAIJCVWdurs5yDo8TOLekFW1v3qXBIdHeqju42bqXNT0EdFxm725HhwCFuweXAAmRJrf%2BvLgM7LPWjK6h0c1ZsaBvWzOF%2FcYm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b627ca10b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=63188&min_rtt=57597&rtt_var=19877&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3271&recv_bytes=1616&delivery_rate=64572&cwnd=252&unsent_bytes=0&cid=6455ec400ffdb731&ts=912&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net | 104.21.31.58 | 200 OK | 195 kB |
URL User Request GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net IP104.21.31.58:443
CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeHTML document, ASCII text, with very long lines (65300) Size195 kB (195235 bytes) Hash8d3b5919afe326deb89122bdab10ecb1 4f628bc95cc1076260f280a987a12aa712359605 40b74898ea4391238ec028979510535d77b5e0deea13ab77eae3ac16fed8ba51
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code |
GET /aFteNdiAnsen/$robert.smotlak%40slurpmail.net HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reviewstipsandoffers.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:16 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Cuyu7v9NHiJumBJj6pJKcWzUn7LZCqsc%2FLR90Sqb9pLUubDwFg1ARpqeOciBLYHOapuw2mQbMiZPBRa%2FyZIGe60cw7YohobGu2SUUGkshQb81u2wXnxmkfbwI%2Bd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IkllY25PVHlBTFl2TXZoRGlKRkZpdlE9PSIsInZhbHVlIjoiRFF0ODRndG1BcEdpMGNUSithMzI1NlRvVVR6eloyQTgyLzFFMVFvaWsvVEphTmtzVzl5SmRNQ3plYUxwelZwTUhKMzVGcEFjQ2hKUEg4Z1VkeDA1RDYwekJGWmNFMEVyWU5SdzFIbGJDajNlUnRQai9pTkJLMkcwQ0FTWXNDQi8iLCJtYWMiOiJhYTIyNzQ3NWNkZGFmMGYyMzQ1OWVjNmI4YTI3Mjc5NWU5NDg4NTZkODEyMTg3ZWQ3ZjA1YWZiY2RiNjQyMWY1IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:16 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InBZYnkwQjl3K1VrQi8zNXNjM1RqRXc9PSIsInZhbHVlIjoiZFplNHZlYTU1YkI5VXg3KzVkU3d0MTRmWmxtZm9LRDI3em40dFdjZUFUc2JZTEoza3YvNVV3c0pnWUZBMXZ1TzNWUXZrV1creUFFcmxnOUorN0JsaGRyNXRKSmtzWWtXeVRSQVFkSW5JRDZCOTJYSzUwYWZWdlh3VU93YWRpK3MiLCJtYWMiOiI4YzAyYzU0ZjkwN2Q3NWQ5NWI1NzNkMmY3OGViZDQzZWNlMzUwMjk2OThjZWJlYjNmMzRlOGU3OGU1MTcwNDgzIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:16 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 92023b11ddbb5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1264&min_rtt=1264&rtt_var=475&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1560&delivery_rate=2280314&cwnd=251&unsent_bytes=0&cid=e4f5fe5d4d9bbf3e&ts=124&x=0", cfL4;desc="?proto=TCP&rtt=58375&min_rtt=58335&rtt_var=12344&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3305&recv_bytes=1212&delivery_rate=64101&cwnd=253&unsent_bytes=0&cid=f8b34b2724c51115&ts=283&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/rssDkFnRGJNatccwZgPYP0GzNuRvqr6wOWNijzYpCJBaBnhDjdRXYOsCg6U006Toef200 | 104.21.31.58 | 200 OK | 268 B |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/rssDkFnRGJNatccwZgPYP0GzNuRvqr6wOWNijzYpCJBaBnhDjdRXYOsCg6U006Toef200 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeSVG Scalable Vector Graphics image Hash1318aafc1fb9ded0c623e5b9a557e6df 0917cdd7633cd1642b02b2b785416ec7e5106dcc d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /rssDkFnRGJNatccwZgPYP0GzNuRvqr6wOWNijzYpCJBaBnhDjdRXYOsCg6U006Toef200 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: image/svg+xml
content-disposition: inline; filename="rssDkFnRGJNatccwZgPYP0GzNuRvqr6wOWNijzYpCJBaBnhDjdRXYOsCg6U006Toef200"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z62fGB2hbCT9owQ4DslRHuw90vc791A295Ue0LFJMzXhooGvRrN5LYAYub2Bra3prtvYaJe%2Bji5ybuy%2B6muXoLlsymtNaENEk%2F3SN4gZIRlaTPCOrrQmKbLXQP%2Fi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b4369a35687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1122&min_rtt=1118&rtt_var=428&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2327&delivery_rate=2507359&cwnd=247&unsent_bytes=0&cid=c2cba4e62c14e780&ts=84&x=0", cfL4;desc="?proto=TCP&rtt=62365&min_rtt=57713&rtt_var=8034&sent=392&recv=128&lost=0&retrans=0&sent_bytes=395504&recv_bytes=8357&delivery_rate=2392295&cwnd=399&unsent_bytes=0&cid=f8b34b2724c51115&ts=8160&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/stH6wt5xVkH4xLS7X0OQmcX8Twj0DN4567HoxpbhX0IRvU9BhykqCghWrYGLOSigh260 | 104.21.31.58 | 200 OK | 18 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/stH6wt5xVkH4xLS7X0OQmcX8Twj0DN4567HoxpbhX0IRvU9BhykqCghWrYGLOSigh260 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeRIFF (little-endian) data, Web/P image Hash4b52ecdc33382c9dca874f551990e704 8f3bf8e41cd4cdddb17836b261e73f827b84341b cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /stH6wt5xVkH4xLS7X0OQmcX8Twj0DN4567HoxpbhX0IRvU9BhykqCghWrYGLOSigh260 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:25 GMT
content-type: image/webp
content-length: 17842
content-disposition: inline; filename="stH6wt5xVkH4xLS7X0OQmcX8Twj0DN4567HoxpbhX0IRvU9BhykqCghWrYGLOSigh260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3n67KCD2LTfnmvYaJDdfP0SDXgMEpuvYraVN3TqQRc0x6C70KWEM4clB%2FBLFJtVlPeOviwOhOfsOtPgUnxCfYele9tHiTz36SDa%2BViIXRtocOkWMjhyCCJ9vrEv0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92023b4369ab5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1204&min_rtt=1189&rtt_var=476&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2326&delivery_rate=2207317&cwnd=247&unsent_bytes=0&cid=520b2704d6b99db5&ts=91&x=0", cfL4;desc="?proto=TCP&rtt=58294&min_rtt=57510&rtt_var=209&sent=429&recv=158&lost=0&retrans=0&sent_bytes=429677&recv_bytes=8357&delivery_rate=2392295&cwnd=451&unsent_bytes=0&cid=f8b34b2724c51115&ts=8732&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/pwnydYXH70BSxiynbJjRDwCpH7NZpZu2s99MgvsMtfyoOoMBxpANpzr5evnb | 104.21.31.58 | 200 OK | 5.5 kB |
URL POST ad0.micrologsystemout365serversystemdatalogconfirmation.su/pwnydYXH70BSxiynbJjRDwCpH7NZpZu2s99MgvsMtfyoOoMBxpANpzr5evnb IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (5515), with no line terminators Hashd5d9858a6d69880ddb6bc2167b1b99df 1671ba4bb8f3f60f78c9975539bf673ae137a615 86d664b227fb2bf43c6ff9c02d7148c0c68a6d5d81606eb188141889f1e54286
POST /pwnydYXH70BSxiynbJjRDwCpH7NZpZu2s99MgvsMtfyoOoMBxpANpzr5evnb HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:26 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWMO%2BIpGpCEbmVjmyFUlmx5kvygLsbNW7cJDW%2FHYvseIFdYyrWDXXP9ZYtp26Ml9UZcdXukWHmv2%2BUpc7xwhEbUNAdUAeCd0bug6%2FdnCgvcXOp7Q4SLc%2Fsllk%2FdD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6InNoNHZITm12RnFjZmUrTkZJcno1L2c9PSIsInZhbHVlIjoiTmM5UWw0ekpzV2JYZlBxS0ZHU01FNzFKRjYyWS9CRXVGTTNoLytBZDhGOHcyYWh5bENYOXE5bzQ0MytZMlJzaTd5RDYzM2NSaWZQcFNNM2FPaExVazVMWHkrcmNDQVJWYzlnTG1nSVNWazFXWnFnU0dob2hyMlN6T1RUMHVObVgiLCJtYWMiOiIzMTQ0M2MwNTU3NGY5M2U5NjUyN2YzMDdlNWNiOThjZjYzY2JiMzlhNDVkZTI3YmNmZDEzOGE1OTAyZGRkMjk5IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:26 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImtNRXRxZHdQYlNFTkwzU0ZuNzg5QXc9PSIsInZhbHVlIjoibDB6UFczZlJNYkhuSWJRSWJ3ZlVCUk1CTXVSZU1LSXZFQS9Tb2ZoU3ExY0tFQS9ldUF4eXlVUnVqNFRpb3A2d3NYSmpkakQ0U056TDRCYllnTUZsMnhITFFQcFN6a3FKMkkzcFRMc2ZrcEJXaTl4bitUVGV6NDBkR3NqOWUvVkIiLCJtYWMiOiI3OWJmNWIxNzAyNDc3MjNlOGNmNjM2Nzg4M2VjMGUyYmFkOGIyYTJiZTNhODc5ZWU5YjI5MzdmMDk3NzhlNDVkIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 09:59:26 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
server: cloudflare
cf-ray: 92023b4c2bf65687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1202&min_rtt=1192&rtt_var=341&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2541&delivery_rate=2401326&cwnd=251&unsent_bytes=0&cid=968c149b296abdba&ts=118&x=0", cfL4;desc="?proto=TCP&rtt=58293&min_rtt=57510&rtt_var=287&sent=451&recv=169&lost=0&retrans=0&sent_bytes=449743&recv_bytes=8919&delivery_rate=2392295&cwnd=468&unsent_bytes=0&cid=f8b34b2724c51115&ts=9582&x=0"
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.130.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.130.137:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/aFteNdiAnsen/$robert.smotlak%40slurpmail.net CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 14 Mar 2025 07:59:17 GMT
age: 5692692
x-served-by: cache-lga21931-LGA, cache-osl6521-OSL
x-cache: HIT, HIT
x-cache-hits: 500673, 142065
x-timer: S1741939157.498930,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-vf.woff2 | 104.21.31.58 | 200 OK | 44 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/GDSherpa-vf.woff2 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43596, version 1.0 Hash2a05e9e5572abc320b2b7ea38a70dcc1 d5fa2a856d5632c2469e42436159375117ef3c35 3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:24 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
last-modified: Fri, 14 Mar 2025 07:14:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QlTs0L8v2fO9TRrwKyTqJwRVNeHN4vauReiT3ATCaZ6zpjyfqdgu0D8elnrQakCpIgY47eQqKVRJJca%2FsBogHDhkTwm0VuBU%2FOO0jZdcNDMXTu1bIAtVz6drITx6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2683
accept-ranges: bytes
server: cloudflare
cf-ray: 92023b4318fb5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1085&min_rtt=1035&rtt_var=488&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2383&delivery_rate=2015309&cwnd=250&unsent_bytes=0&cid=ed7fde343527d42f&ts=200&x=0", cfL4;desc="?proto=TCP&rtt=60052&min_rtt=57865&rtt_var=2784&sent=228&recv=70&lost=0&retrans=0&sent_bytes=204402&recv_bytes=7432&delivery_rate=991102&cwnd=256&unsent_bytes=39354&cid=f8b34b2724c51115&ts=7964&x=0"
X-Firefox-Spdy: h2
|
|
| ad0.micrologsystemout365serversystemdatalogconfirmation.su/yzjgSsM1WsfsZS47oTEId5TZRcytW1y7zMYB4Prs3SCWrexQ9uTfo4joXioGYYlzi90180 | 104.21.31.58 | 200 OK | 2.9 kB |
URL GET ad0.micrologsystemout365serversystemdatalogconfirmation.su/yzjgSsM1WsfsZS47oTEId5TZRcytW1y7zMYB4Prs3SCWrexQ9uTfo4joXioGYYlzi90180 IP104.21.31.58:443
Requested byhttps://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX CertificateIssuerGoogle Trust Services Subjectmicrologsystemout365serversystemdatalogconfirmation.su Fingerprint3B:AD:A8:2B:93:2C:22:88:00:26:34:22:B9:EE:64:24:5E:A4:0F:11 ValidityThu, 13 Mar 2025 13:59:09 GMT - Wed, 11 Jun 2025 14:57:39 GMT
File typeSVG Scalable Vector Graphics image Hashe924de0d471df54b6280f3dc8b187cb8 857f03226070b502a9e06b4249710ec10be4c9e9 24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Microsoft |
GET /yzjgSsM1WsfsZS47oTEId5TZRcytW1y7zMYB4Prs3SCWrexQ9uTfo4joXioGYYlzi90180 HTTP/1.1
Host: ad0.micrologsystemout365serversystemdatalogconfirmation.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad0.micrologsystemout365serversystemdatalogconfirmation.su/iljnrdjptglmmbjjwotqytfrd4FOZ2ZQDMZCVYKGTF?OSFTRAKDWBVONITUJWX
Cookie: XSRF-TOKEN=eyJpdiI6Im5VdTlvNEJNbXBhRU81UnFrNFU1bEE9PSIsInZhbHVlIjoiVU4vU3hjQVBqeUZmc1BCZVV4NHFHUWp1MTBCeEFwMTU3a2pKa2hIOXU2UjVQTEhCSnhxam5oaEpKOUoya1I5Q3FEc3pWaTNBbHkzRjVJRDROQTBaYlZsbVpIT2VzSmdIRTVJdnozQXlIdUpTSkoxRnQwVUxZdXdzamM0ZWtKZnYiLCJtYWMiOiIxMTFmNWNiZmU2YWE3ZmU2MzMwOTQ2ZmU1NDBhYWQ3MWIzZjY3YzgxYzM5NGNmNGExZGExODNjZTRmMmRmMWM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZGejhtZWgvUFVVTSs5c1R3Y2JERFE9PSIsInZhbHVlIjoieERVTGFjMWVOVzR0MWZoaW56NWVteGR2V3RUaG1GYlZCL3M1R08veGc4dzQvanhpNCsvUGF4Mi9CelVKWGFLUHBDRG9wVGtqSjdNT3VGZnFSMTB0RlBmNnRIVzBlRzFZdTh2b3J4QkdyQ2VlUUVnQUNETlBoQnRoejBXMFdqNlIiLCJtYWMiOiI3ZDc0YTc1YmRjNTdiYzJjMjY5ZGMxYWUzNTMxZDIxOWY0YjUzOWY0YmNkMGViYTk5OGI5NGE1MDc2MDM1Y2NlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Mar 2025 07:59:27 GMT
content-type: image/svg+xml
content-disposition: inline; filename="yzjgSsM1WsfsZS47oTEId5TZRcytW1y7zMYB4Prs3SCWrexQ9uTfo4joXioGYYlzi90180"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vQDtlEwGWB3q07uGlTa6fPLeamFddKlYtbmJeaRvdjjJ3O9D3TvsUXa4XrgZiOMY65qZSl24hCST5KPneWJMyOJoCYU0CthBHHo7qJvUIljPPJ76eN2FEEU1vK2t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 92023b43699e5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1032&min_rtt=994&rtt_var=306&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2328&delivery_rate=2847590&cwnd=251&unsent_bytes=0&cid=766bda3213ce9107&ts=87&x=0", cfL4;desc="?proto=TCP&rtt=58061&min_rtt=57348&rtt_var=165&sent=869&recv=311&lost=0&retrans=0&sent_bytes=929040&recv_bytes=8919&delivery_rate=4394580&cwnd=617&unsent_bytes=0&cid=f8b34b2724c51115&ts=10737&x=0"
X-Firefox-Spdy: h2
|
|