Report - ldt.kansinulang.ru/4kSMCQQy/

Report Overview

Visited public
2025-03-26 17:02:00
Tags
microsoft phishing suspicious tycoon
URL
ldt.kansinulang.ru/4kSMCQQy/
Finishing URL
ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
IP / ASN
172.67.168.213
#13335 CLOUDFLARENET
Title
Login To Secure Profile
Phishing - Microsoft
Phishing - Generic phishing
Suspicious - Anti-debugging code
Phishing - Tycoon Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-03-26	1.4 kB	148 kB	104.17.25.14
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-03-26	449 B	1.7 kB	104.16.3.189
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-03-26	892 B	11 kB	185.199.108.133
dr98gc.hxnywi.ru	unknown	2025-02-26	2025-03-26	2025-03-26	451 B	816 B	188.114.96.1
ldt.kansinulang.ru	unknown	2025-01-15	2025-03-25	2025-03-25	36 kB	6.3 MB	188.114.97.1
github.com	1423	2007-10-09	2016-07-13	2025-03-26	457 B	15 kB	140.82.121.4
code.jquery.com	634	2005-12-10	2012-05-21	2025-03-26	1.3 kB	270 kB	151.101.66.137
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-03-25	2.0 kB	268 kB	143.204.55.87

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-26 17:01:51	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-03-25	medium	ldt.kansinulang.ru/4kSMCQQy/	Generic/Spear Phishing
2025-03-25	medium	ldt.kansinulang.ru/4kSMCQQy/	Generic/Spear Phishing

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (27)

	URL	From	Size	First Seen	Last Seen
	ldt.kansinulang.ru/4kSMCQQy/	ScriptElement	22 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash f8eb7cb82f844ed99e4fa0b81b3761ea b94c11de0e62cf6e934de7a5e50ee4c48111ad78 724b737459dbe7005a890247cd779aa1fc0ca792bb703e0b2216e74af3262330 Loading...

	ldt.kansinulang.ru/4kSMCQQy/	Function	1.8 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 6952c26db62fba66b0ad424fce86d6b4 f9239bf9558fcd5ad26bf649e043157769c4ff9c 942da4f39d648804d5deffb3dcbaae04dfb5e431170d2dabe9177f1bcb228bc7 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-12
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-12 10:07 Times Seen96108 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	ScriptElement	770 B	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 4983987291f9b1babe9504216c93f7e6 76da7b637feb834d02d6734bf6dce0f72843e524 628556fe3b5f5e3e02878cec5ad3d5b9eae03641976798dc7ac8217fd99d3844 Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	Eval	148 kB	2025-03-19	2025-05-03
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-05-03 07:23 Times Seen3889 Hash 8970b928fbfc88d2a9e4ec87364781b9 a377b962b64905bf923db1b1ec2661519991aca4 5b48fe8776491e5d298044f7bcbe5f875074fa22cda01bcbb9396ee2a3051cb1 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-12
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-12 10:07 Times Seen96108 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	ldt.kansinulang.ru/4kSMCQQy/	Eval	13 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash c9ad4ec7e6dba8cf63a16995988cd49b 6e72f9fb488852c7783cd92005313abcecc20016 b15fbd810af38770bed22016af184b786c82ca96d3429da0d89bcece0c88d9a0 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-12
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-12 10:18 Times Seen213014 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	ldt.kansinulang.ru/4kSMCQQy/	ScriptElement	2.5 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash b3132449966f86769400798d44f4685e 62c466d35ce844c493eea9305e82e3e288fb800c 58df46146a1ae2097ad07e7b65ce54fb81ebd7db83c8e02a535a5a98489e6861 Loading...

	ldt.kansinulang.ru/4kSMCQQy/	Eval	1.7 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash fc1ec5ec1cddac9ab33a99b1b18c1f54 1780abf1cf24fee69db583609c410dc2fc8b717f 6d0113a83228f3dce34a11314e10241776e44ef62c9fccf08edd46e9d91ff59e Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-12
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-12 10:18 Times Seen213014 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-12
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-12 10:07 Times Seen96108 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	ScriptElement	2.1 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 9618d68bc41f117ae1427778e393a0f6 51bcec447cda38b68e991121c8fa0bb1060da18d 7cf1bf4f26aaae816022bb6de33b43f449f4a19282478fa539c0e3bf36466860 Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	ScriptElement	142 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 6879014be6e7fa8a07901516115ff0bc 78eee61bd068ce039d05f3ceae86511d502897b9 fbf94cc5030673ad40c0d5fa8d8ea41f929895b34a80c0af5198795c98b412d9 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-12
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-12 10:18 Times Seen213014 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	ldt.kansinulang.ru/4kSMCQQy/	ScriptElement	39 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash dad6bea3c1e154e16a4849874ebb96f3 92f2b6603a3377a70e5a0e3b7ff7dbb5a555ddb5 4c715002b1cc711aa26844d37edeb5b42d8e18f847b66156e90d35943c0baab9 Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	Eval	14 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash a024ae23283a271baf341cb461a3b969 23c88e90c7a6b57526bbe481a1448cebe3471e16 59d0d75b8b3226256d753eb484499815d15cec126d5a4a881c34daecb422cd75 Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	Eval	197 kB	2025-03-19	2025-05-03
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-05-03 07:23 Times Seen3899 Hash 6c3e12f3c6adef6b7fd961c67dbe3da8 d009941f0f482ec59da4cd9676d51da21c52a5af aae52996a7f7c8d8777e467eeff0725581388f05ac914b823ac037a1d236e72a Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-06-12
Pretty URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP 140.82.121.4 ASN #36459 GITHUB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 22:56 Last Seen2025-06-12 09:57 Times Seen20354 Hash 6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	ScriptElement	2.4 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 47c81624deedfc417e0d0f706b0978e2 a78461b2d7e20c2dbfd6e2942b02089e6ba04966 9b8711448410511d4bd8be837eb8193b77ec236707a015cf612e1645a57209ee Loading...

	ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP	ScriptElement	20 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 2c4e78feebbc675f27fd2a85590c4718 6cd619635694c322a026061b16d7b7b1bb836561 77dd6e897046bd8c57a9580a1fc124624c131395bb77f3e89588f6eec2036169 Loading...

	ldt.kansinulang.ru/56nISXaGh2WYuJRW4SMhLdyvR1XghfzX4Bh4ttRf6qnH67110	ScriptElement	4.7 MB	2025-03-19	2025-04-10
Pretty URL ldt.kansinulang.ru/56nISXaGh2WYuJRW4SMhLdyvR1XghfzX4Bh4ttRf6qnH67110 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-19 19:34 Last Seen2025-04-10 19:30 Times Seen1602 Hash b0dd0ee65ad6c93237212291f6ace239 f6533f76a1e8f0682f7773e34920bb20eb1fa890 c8b1697ed6be7a7fc6e61df7e018aed20c6f53db559f4b1faad855e469ae3a03 Loading...

	ldt.kansinulang.ru/4kSMCQQy/	ScriptElement	305 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 08ae756a716d17c0dc8bd1282731b77c 65becd20361e6131e218f8bb6424f840c105a3e4 84cf917cc77c6da3486222b2164f4143903d6ee3a933e0be2c315990c4d82d20 Loading...

	ldt.kansinulang.ru/4kSMCQQy/	ScriptElement	10 kB	2025-03-26	2025-03-26
Pretty URL ldt.kansinulang.ru/4kSMCQQy/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash ebe0c45af32ba118f48dcd53c3b40175 2b270010235a231ac5dca69ae3749101455d8f0e d9f6477ca3611e7c89d93bbe997e92dbb1f87518ddd1f9444482a9495311b11f Loading...

		Size	First Seen	Last Seen
	#1 Write - ebb74c457da574182279f37e13b3d2e1	13 kB	2025-03-26 17:02	2025-03-26 17:02
Pretty Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash ebb74c457da574182279f37e13b3d2e1 72158b8526ac99dfb3e35c8bf9f315df9d4a9a2a a2a4fa05a2642dd7229e6e5a44fd4608e1cc53cf916350af2b003779e6d1eb77 Loading...

	#2 Write - 34c588eedd1c9bec7d905b8e548b4419	104 kB	2025-03-26 17:02	2025-03-26 17:02
Pretty Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash 34c588eedd1c9bec7d905b8e548b4419 0dde4e99dd8822d10bdaa175bd223ff669094d56 eab2a3475f1d0ad3eb276389b5d8094b831cab454e5fa27fb0cc237c9453eb7e Loading...

	#3 Write - a538f033675bbabc56c471baf9472889	266 kB	2025-03-26 17:02	2025-03-26 17:02
Pretty Observations First Seen2025-03-26 17:02 Last Seen2025-03-26 17:02 Times Seen1 Hash a538f033675bbabc56c471baf9472889 209f5f712c05b019003f4f6877e096bbf54dc8fa 9cc8eda3862ab9334d1e26a94b0e08fe0a3889092b0fbcfcab2fa2a513bf856b Loading...

HTTP Transactions (42)

URL IP Response Size

ldt.kansinulang.ru/mn3yom9r2DuplsPrjgRDY8eijQOHLDjd8kU2UoMM90150

188.114.97.1

200 OK

270 B

URL GET
ldt.kansinulang.ru/mn3yom9r2DuplsPrjgRDY8eijQOHLDjd8kU2UoMM90150
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /mn3yom9r2DuplsPrjgRDY8eijQOHLDjd8kU2UoMM90150 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/svg+xml
server: cloudflare
content-disposition: inline; filename="mn3yom9r2DuplsPrjgRDY8eijQOHLDjd8kU2UoMM90150"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EaV9cygpMSOIRVCrvKZ26Et88Puxv5bAkITMTvJSZBW73Ho79SliqTlOAZ3kYN8xjHzoEeOcYYS7Xjt2t9DhmMqwbjWBmYC52bA2aQnIz2Yb4TrLZer6iHUqKqd%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
priority: u=4,i=?0
vary: accept-encoding
cf-ray: 92683638f835fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5196&min_rtt=5106&rtt_var=1979&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2224&delivery_rate=557775&cwnd=251&unsent_bytes=0&cid=b8b228551085bad2&ts=154&x=0", cfExtPri

ldt.kansinulang.ru/rsJjFPTAb2PvKjMtX0raIs4cuvZsFfkFZlR1MzCGv62mXqpzTVcd200

188.114.97.1

200 OK

268 B

URL GET
ldt.kansinulang.ru/rsJjFPTAb2PvKjMtX0raIs4cuvZsFfkFZlR1MzCGv62mXqpzTVcd200
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /rsJjFPTAb2PvKjMtX0raIs4cuvZsFfkFZlR1MzCGv62mXqpzTVcd200 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/svg+xml
content-disposition: inline; filename="rsJjFPTAb2PvKjMtX0raIs4cuvZsFfkFZlR1MzCGv62mXqpzTVcd200"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bdh7Imjm2tBPtcOmlAbtW5VhElQAGJIdqR%2BKIML7TO1VkOp7W7PmujelAURVoXs7IidQxTMbfQ4FoJTcV4hAu0p%2FoOKt%2FPHjqcnIoC9qCwN7ToE3PnWAjxnqoSJv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 92683639084afe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4549&min_rtt=4522&rtt_var=1751&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2234&delivery_rate=600463&cwnd=214&unsent_bytes=0&cid=22c974fe589c9880&ts=91&x=0", cfL4;desc="?proto=QUIC&rtt=21999&min_rtt=20361&rtt_var=1324&sent=128&recv=49&lost=0&retrans=0&sent_bytes=104502&recv_bytes=25039&delivery_rate=39585&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9192&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/4kSMCQQy/

188.114.97.1

200 OK

991 kB

URL User Request GET
ldt.kansinulang.ru/4kSMCQQy/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
HTML document, ASCII text, with very long lines (65356)
Size
991 kB (990563 bytes)
Hash
102383475fd91e633c06eee0b0ed9f76
8566abb2d098e525b2f015c059dd1f58eeeaf67e
583e116ba3a50a26669d5a50e5b5d866257b02d8debbb556c3aba484d2b1399d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /4kSMCQQy/ HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 17:01:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CMcAqLrhI55RS2akUpLfVLQSI0sa1DP18YL%2FQd4PtZhukMqWRdHhNAnm7%2FS7ZQ4yAp%2FQem%2BE8au8ht0Sayim8EK2W%2BGpZb2heoZ%2BhRdNGG1PQsnqB2YbPmZZv9oj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IkRCMUFhYWJNZzBUWlFYRGxRY3J6Unc9PSIsInZhbHVlIjoiYnB3NFR3RDFac0ZLUUtQWXJIeUpjUktWV0hRV0g1clI1eGRSVVNIczlhZW9YTXZ5V3hxc281d0NxeGg2ZkQ5WW1GZ0hsOXpiZ1FKVU1MaE9wM0hJU3F6Z2VlYzl2WS80UUNDVjFmYVBPOS9qVDNaYkZGSjQxY1RQTlRsZEo2Y1EiLCJtYWMiOiJlMjIwNTJlM2U2Yzg0YmNmYTM3NDdjMTU0ODViOTUzN2Y4NzJiNmE3OGI0ZWIxZDU0Nzg0MTBjMWIxMjA5NWVjIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:36 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImptdEtDTkZoOEhCL25rbURKZnJxWnc9PSIsInZhbHVlIjoiVk9EdERaZHdabE0vZ0dEWjgwempOajBPUkp6eUhHN0dCUHE2MEtQVFBVMURZTHVPRS82elBmSnV4N2lCWlhaQS9FMGpaVlk3ejBGMnBZUWJ0NDlVcXN2QUxIRVZPRUFBVS9SRHZkQXBZdy9oWk5KeU5WNDNFSDRuN0d5T3BVOEgiLCJtYWMiOiJhZjY1ZTllZDRiN2I2OWZjM2U2YTM2ZjZmNTc1NDBmN2ZiMDMyYjljZTQ2OTgxNWZlZDU4NjNkNTM0YWQyN2ViIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:36 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 926835febf16fff5-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5131&min_rtt=5108&rtt_var=1481&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1399&delivery_rate=540622&cwnd=186&unsent_bytes=0&cid=b3357f3fa295ef24&ts=193&x=0", cfL4;desc="?proto=TCP&rtt=25315&min_rtt=19994&rtt_var=12944&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3282&recv_bytes=1266&delivery_rate=214592&cwnd=216&unsent_bytes=0&cid=eb039b394616be8c&ts=280&x=0"
X-Firefox-Spdy: h2

ldt.kansinulang.ru/lm9yR6ydHSvLPe9BKZ8fBEkyl89xMJ6GfvvyZ4tfw

188.114.97.1

200 OK

334 B

URL POST
ldt.kansinulang.ru/lm9yR6ydHSvLPe9BKZ8fBEkyl89xMJ6GfvvyZ4tfw
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (355), with no line terminators
Size
334 B (334 bytes)
Hash
e1ae64a5e6c7f36b0a8bbce178d0175b
609ac7ab7acd8525f1625abf0399e729592e00e8
86dc95ec81aa307da2e094cc8bfd82407443f48562f6bd26d8dc11c556c27b56

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

POST /lm9yR6ydHSvLPe9BKZ8fBEkyl89xMJ6GfvvyZ4tfw HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: https://ldt.kansinulang.ru
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/4kSMCQQy/
Cookie: XSRF-TOKEN=eyJpdiI6InNSd1hHVzRBMEtWSWNGbkJZdm55QVE9PSIsInZhbHVlIjoiZFBxUGdqR2MvWXpWNU1abEFMaEhOMElITlJpRGZsOHpiV084NjRvWlVuZU8vNGRBaERReGg3ZTNjcW9yQ3l3WklBMXFQWFVQbjl5Y2hZWlBHeEhkSTdTb2p2eU0yZnlSMjFxaVF0R2tuaTJDOHRQTnlwNTg4R0tKSElsQ3lMMHUiLCJtYWMiOiJlOGU0MjNhZjYzZWM0MDhlODNlYTRhNDc4MGU1NzMzNGNkNjEwN2I1NTBkMGQyYzAxOTM0MjE0NzYxMTA2OWE0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImpGY0RzOUV5TEpjWUxoSnBUbkUxYWc9PSIsInZhbHVlIjoiYjFMYzlGZy9OQkVqaWRQbFBOdlp5WFpPWGNIcVdrMG5WK0lMK01RVVRVUFBqNGo5WUpwZ2FJcFo1ajRsekdBTHFtL1BLQVFsWVZid1pQVmhQMk5zczRTNmpqK0VtaGlCYUpaaGxoTGdCZ3prd0xLSXZ1Zm9VWDdnRGFIZmszcVUiLCJtYWMiOiIyYTM5YzI0NTU2NDZmMmU5NWUxOGI1ZThmMzBkMDEyNTJiMjA1NTJhNGVhYWNlNTU3YmFjZjRmYTQ1MjdhYWRhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CLmdNPBew8ippqKhIR%2F6A8m3EvlzTO56TFDWTQ7CCmyFZfnUIRYu3UrI%2FSzVKph%2BpfBjDPBDF5vXnIKb61Lda2cFveNVONMPOLqajuN9MRReOwCFjC6yF%2FFjSjSu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6ImlOZExqc25oVi9TN2E1UjYxNDdrU1E9PSIsInZhbHVlIjoiYjl3bmk3Qi93cDFxdHZVanhpZXVISFBzMGlHeUN1OWNGbGczdlovZ09TVUdGbG5oc3RhMFJvdjZVL2Q5NytZNWZ3c2x4SElyTXBiYTdpb0RQZHoyTlpBaHhwYzl1V1AybTZxZzE3YTJja2MzdnFwMDVpME52MVg1eFRGVDY2anQiLCJtYWMiOiJkODgwZWVlZTExZjQ1NWE1ZmFmYzdhZTA5OWU4YzM0NTg2MjM5NDYyYzUzMmM4MGE1OTRmYThkMjFlZDNlYjc3IiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:45 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Im1qb2wrUzd2aFA1TnFvZnRCU3psYUE9PSIsInZhbHVlIjoicEVKU3dGWHMvV0MvZHJ5U2NNZHdCSVhabzZLdks2RGRKTDdVU0J0blZuZ0hsQWZHRTNGcXZtUmx0TW42b0FDOXpHMXFjMmxoUXZJa1Robk1DdE80emFyeTFuYjI4TDlid0owOWRuL0sydlZ1RnZvbk5JOWNxdWV3eVhSMmNNYkEiLCJtYWMiOiJlNGQ1MmUzZDEzNGU0Nzc5MWJmYTY2ZDJkODZmZmRlMjJmZDQ5MDY3NGY2Yzg2MzgwYTc0Njk0MzIzNDA0ZGE2IiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:45 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=3,i=?0
server: cloudflare
cf-ray: 92683634083efe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5749&min_rtt=5727&rtt_var=1654&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2254&delivery_rate=483039&cwnd=243&unsent_bytes=0&cid=173fdd980ec26cc3&ts=100&x=0", cfL4;desc="?proto=QUIC&rtt=23560&min_rtt=20710&rtt_var=5419&sent=31&recv=14&lost=0&retrans=0&sent_bytes=20340&recv_bytes=5689&delivery_rate=124572&cwnd=24000&unsent_bytes=0&cid=c05697167c16ac6f&ts=8403&x=1", cfExtPri, cfHdrFlush;dur=0

github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.4

302 Found

10 kB

URL GET
github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
140.82.121.4:443
ASN
#36459 GITHUB

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
10 kB (10245 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 26 Mar 2025 17:00:37 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250326%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250326T170037Z&X-Amz-Expires=300&X-Amz-Signature=ae610a85b10c53c50411634978948cbea9efbab6ec8c70f9ef89152a8bc19af9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: E553:1B6C1A:666510C:692BC82:67E432F9
X-Firefox-Spdy: h2

ldt.kansinulang.ru/GDSherpa-bold.woff

188.114.97.1

200 OK

36 kB

URL GET
ldt.kansinulang.ru/GDSherpa-bold.woff
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-bold.woff HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:46 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="GDSherpa-bold.woff"
last-modified: Wed, 26 Mar 2025 17:01:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eE3mETOOwirGFk3GQoyP4THDwDW74N%2BvN1vtli9kCRdw4NQstdUV9ba%2B6q8MNXTr0qC9Wza07EAx93qKT91IEme9QkUgFEi%2FjpXpruIOIro7MfaywWV0suX0P8Ua"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 92683638d80afe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5224&min_rtt=5206&rtt_var=1965&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2218&delivery_rate=547061&cwnd=251&unsent_bytes=0&cid=d7a89ee4ffef6d83&ts=204&x=0", cfL4;desc="?proto=QUIC&rtt=22462&min_rtt=20347&rtt_var=1876&sent=191&recv=63&lost=0&retrans=0&sent_bytes=166123&recv_bytes=25675&delivery_rate=855570&cwnd=42000&unsent_bytes=0&cid=c05697167c16ac6f&ts=9297&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/GDSherpa-regular.woff

188.114.97.1

200 OK

37 kB

URL GET
ldt.kansinulang.ru/GDSherpa-regular.woff
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:46 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
last-modified: Wed, 26 Mar 2025 17:01:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44g1%2BfDDS5iRicUGcBWBaMJOAsDwnTcFu9xfAQeZgptzDY8WQ3Hh1o0QXOfE%2BRmrbG3cfgH9226k7UPlVmeWj3avh%2F9z6Ez%2FbWkgTtgOyzRZLK2cvg6eh5eNfyPF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 92683638e81afe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4693&min_rtt=4644&rtt_var=1350&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2222&delivery_rate=595940&cwnd=245&unsent_bytes=0&cid=74fc49913ce61c55&ts=207&x=0", cfL4;desc="?proto=QUIC&rtt=22462&min_rtt=20347&rtt_var=1876&sent=227&recv=63&lost=0&retrans=0&sent_bytes=208123&recv_bytes=25675&delivery_rate=855570&cwnd=42000&unsent_bytes=0&cid=c05697167c16ac6f&ts=9307&x=1", cfExtPri, cfHdrFlush;dur=22

ldt.kansinulang.ru/GDSherpa-vf.woff2

188.114.97.1

200 OK

44 kB

URL GET
ldt.kansinulang.ru/GDSherpa-vf.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:46 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
cf-cache-status: MISS
last-modified: Wed, 26 Mar 2025 17:01:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7PoWNWcen6BDHRaUne8Yi56fNauxOBSEX9YweQLy3WgIgIoxZqEMPOdQtlAebudXnUzBC5Qh%2FZuASZyBn2kyiQvz0usuwvbOAgPL4WdZ5OL42AOnqQU3frE1V8f2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
priority: u=3,i=?0
server: cloudflare
cf-ray: 92683638e823fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4050&min_rtt=4027&rtt_var=1179&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2217&delivery_rate=678256&cwnd=241&unsent_bytes=0&cid=a73ffacb922fe532&ts=284&x=0", cfL4;desc="?proto=QUIC&rtt=22153&min_rtt=20347&rtt_var=1591&sent=374&recv=65&lost=0&retrans=0&sent_bytes=379123&recv_bytes=25768&delivery_rate=2556592&cwnd=111300&unsent_bytes=0&cid=c05697167c16ac6f&ts=9370&x=1", cfExtPri, cfHdrFlush;dur=9

ldt.kansinulang.ru/opViwxyigSDjA7peuy7eorTP94fgEGdbKS7sEQbE9Y9nHstfcu6Ku3XlB36jq8xRsdRBB67CxTcVcqYE5fOldef240

188.114.97.1

200 OK

9.6 kB

URL GET
ldt.kansinulang.ru/opViwxyigSDjA7peuy7eorTP94fgEGdbKS7sEQbE9Y9nHstfcu6Ku3XlB36jq8xRsdRBB67CxTcVcqYE5fOldef240
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
RIFF (little-endian) data, Web/P image
Size
9.6 kB (9648 bytes)
Hash
4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /opViwxyigSDjA7peuy7eorTP94fgEGdbKS7sEQbE9Y9nHstfcu6Ku3XlB36jq8xRsdRBB67CxTcVcqYE5fOldef240 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="opViwxyigSDjA7peuy7eorTP94fgEGdbKS7sEQbE9Y9nHstfcu6Ku3XlB36jq8xRsdRBB67CxTcVcqYE5fOldef240"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAG6bgDdEZ6dpQLfDYgzgIIfZRjMXma4EJcF0CGhaMWmoL2VifLeva3%2FfnR2KESB0pcLAMSNArenwVS9aYwvuJ2D0r5tt7FinAXyDg93jc%2FJf3e76yDm6oGpoUdT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 926836390856fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5816&min_rtt=5716&rtt_var=1662&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2269&delivery_rate=489347&cwnd=252&unsent_bytes=0&cid=e742295266c450d9&ts=149&x=0", cfL4;desc="?proto=QUIC&rtt=22511&min_rtt=20347&rtt_var=2337&sent=174&recv=57&lost=0&retrans=0&sent_bytes=148245&recv_bytes=25403&delivery_rate=515600&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9256&x=1", cfExtPri, cfHdrFlush;dur=0

code.jquery.com/jquery-3.6.0.min.js

151.101.66.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 26 Mar 2025 17:01:37 GMT
age: 1677701
x-served-by: cache-lga21931-LGA, cache-hel1410022-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 44623
x-timer: S1743008497.342873,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ldt.kansinulang.ru/favicon.ico

188.114.97.1

404 Not Found

0 B

URL GET
ldt.kansinulang.ru/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/4kSMCQQy/
Cookie: XSRF-TOKEN=eyJpdiI6InNSd1hHVzRBMEtWSWNGbkJZdm55QVE9PSIsInZhbHVlIjoiZFBxUGdqR2MvWXpWNU1abEFMaEhOMElITlJpRGZsOHpiV084NjRvWlVuZU8vNGRBaERReGg3ZTNjcW9yQ3l3WklBMXFQWFVQbjl5Y2hZWlBHeEhkSTdTb2p2eU0yZnlSMjFxaVF0R2tuaTJDOHRQTnlwNTg4R0tKSElsQ3lMMHUiLCJtYWMiOiJlOGU0MjNhZjYzZWM0MDhlODNlYTRhNDc4MGU1NzMzNGNkNjEwN2I1NTBkMGQyYzAxOTM0MjE0NzYxMTA2OWE0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImpGY0RzOUV5TEpjWUxoSnBUbkUxYWc9PSIsInZhbHVlIjoiYjFMYzlGZy9OQkVqaWRQbFBOdlp5WFpPWGNIcVdrMG5WK0lMK01RVVRVUFBqNGo5WUpwZ2FJcFo1ajRsekdBTHFtL1BLQVFsWVZid1pQVmhQMk5zczRTNmpqK0VtaGlCYUpaaGxoTGdCZ3prd0xLSXZ1Zm9VWDdnRGFIZmszcVUiLCJtYWMiOiIyYTM5YzI0NTU2NDZmMmU5NWUxOGI1ZThmMzBkMDEyNTJiMjA1NTJhNGVhYWNlNTU3YmFjZjRmYTQ1MjdhYWRhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBEnzA8unAfGdfqZe05l5J6A7nCrMoYYpbCYno9zdZWdHXiRJkqs0UFMUu9%2FWahQmJppmSzvBGBrPA6qTtSntZHwY4Fex%2FB%2B5EaLpGsjRhumUySE90IEL3uQKUgj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
server: cloudflare
cf-ray: 92683634b951fe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4932&min_rtt=4905&rtt_var=1429&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2104&delivery_rate=562734&cwnd=251&unsent_bytes=0&cid=668e9b2b6d3eee13&ts=27&x=0", cfL4;desc="?proto=QUIC&rtt=23316&min_rtt=20710&rtt_var=4551&sent=34&recv=15&lost=0&retrans=0&sent_bytes=22204&recv_bytes=5733&delivery_rate=11590&cwnd=24000&unsent_bytes=0&cid=c05697167c16ac6f&ts=8446&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/56nISXaGh2WYuJRW4SMhLdyvR1XghfzX4Bh4ttRf6qnH67110

188.114.97.1

200 OK

4.7 MB

URL GET
ldt.kansinulang.ru/56nISXaGh2WYuJRW4SMhLdyvR1XghfzX4Bh4ttRf6qnH67110
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type

Size
4.7 MB (4724541 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /56nISXaGh2WYuJRW4SMhLdyvR1XghfzX4Bh4ttRf6qnH67110 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: application/javascript
content-disposition: inline; filename="56nISXaGh2WYuJRW4SMhLdyvR1XghfzX4Bh4ttRf6qnH67110"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yr%2FPV2bnxUBLHySeOD5ka4blrV0GA6LL%2BZDSKL%2FWm7LSQvdscR3fTj1oAVED2JqiEVGcpEXzs62%2BVhya6Fv0AB5HmOTXdqkwfZ1YBzLqswBo%2BHH53XKgLjqAUt8I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 926836391861fe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4918&min_rtt=4914&rtt_var=1852&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2192&delivery_rate=575121&cwnd=249&unsent_bytes=0&cid=c56ec5cea93dc5f7&ts=107&x=0", cfL4;desc="?proto=QUIC&rtt=21797&min_rtt=20361&rtt_var=1398&sent=145&recv=50&lost=0&retrans=0&sent_bytes=120942&recv_bytes=25085&delivery_rate=60852&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9217&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/favicon.ico

188.114.97.1

404 Not Found

0 B

URL GET
ldt.kansinulang.ru/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6Imk1aDF4a3Q5aU1SYlczQXg5UERxK1E9PSIsInZhbHVlIjoiVjU5OGx0TmNGa1BMQzk4ZmZ0ZTFtR2pHcERPSlI4bjVkVDBRSXpoeUNFU0ZqNFA2Z0dkR0J1QTUrTnFva3BMRHViaUIxQ21ObGd3ZTNBc3N4K0dqb3l3SjM2VGh2a2d1WnNjcEpnMUlvbndPZnl5SkJVemNjNHlsSkdNRW1QYzQiLCJtYWMiOiJkY2Q4ZTNkMzliZjkyYjgwODlmYjJkNWI4MTYyZWU2ZTI5ZTkzZTBmNDViMTZhZTRkY2E0ZDdlY2Y3NzFlMzUwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImptemcvaXdZZnNENHJ0YU0zR2h4WGc9PSIsInZhbHVlIjoid3Y5dGhVbFVKUXhjVHdnd3JhazFGVTZLa2JSMHZDMVNVQXpxRjBGTW5VM2E1dGx2UG9YOE1kRVZ6ZGc1eTd0ckJ2ZGNPZkVrTlZocU5rU1h5eVU1T2lJeHB6VkkvQy9wR3pTSVg4TlNza1ZyOTRlK09tWUJuTjNzWEY0ZUpTYlIiLCJtYWMiOiJhNzU2Njc0MmRjOTJkODM4Mzg3ZmJiYzJkMGM1N2NjZDUyYzc4YTJhOGJmZDU2ZTk3NzdkNGFjNDhlNWIwZjZlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 26 Mar 2025 17:01:47 GMT
content-type: text/html; charset=UTF-8
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBEnzA8unAfGdfqZe05l5J6A7nCrMoYYpbCYno9zdZWdHXiRJkqs0UFMUu9%2FWahQmJppmSzvBGBrPA6qTtSntZHwY4Fex%2FB%2B5EaLpGsjRhumUySE90IEL3uQKUgj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=6,i=?0
server: cloudflare
cf-ray: 92683644f803fe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4932&min_rtt=4905&rtt_var=1429&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2104&delivery_rate=562734&cwnd=251&unsent_bytes=0&cid=668e9b2b6d3eee13&ts=27&x=0", cfL4;desc="?proto=QUIC&rtt=20946&min_rtt=20025&rtt_var=769&sent=891&recv=133&lost=0&retrans=0&sent_bytes=939359&recv_bytes=33397&delivery_rate=21154&cwnd=178500&unsent_bytes=0&cid=c05697167c16ac6f&ts=10979&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/uvhcEBn0FQQTX11dTIg19JdVmVLcgaa7mnOfF72dK8HXlTHPpOUMb3Vwgm5p1L3MonAlJgh259

188.114.97.1

200 OK

18 kB

URL GET
ldt.kansinulang.ru/uvhcEBn0FQQTX11dTIg19JdVmVLcgaa7mnOfF72dK8HXlTHPpOUMb3Vwgm5p1L3MonAlJgh259
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (17842 bytes)
Hash
4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /uvhcEBn0FQQTX11dTIg19JdVmVLcgaa7mnOfF72dK8HXlTHPpOUMb3Vwgm5p1L3MonAlJgh259 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/webp
content-length: 17842
content-disposition: inline; filename="uvhcEBn0FQQTX11dTIg19JdVmVLcgaa7mnOfF72dK8HXlTHPpOUMb3Vwgm5p1L3MonAlJgh259"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kAnQ2ex0kmkGOtV1b%2FRbUpiPQZbQlS1Ih2THowF6d5e%2Ffc7Eg6DP2Gspw0syCbMxmByW4eTS1CJMbDkddIdOLLJL7tH%2BSs6gFBQQp1Ra03Rf31tCzSR5BBjRY3uY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 926836390859fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4359&min_rtt=4314&rtt_var=1280&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2253&delivery_rate=624150&cwnd=251&unsent_bytes=0&cid=7a8e8f613605c889&ts=106&x=0", cfL4;desc="?proto=QUIC&rtt=21797&min_rtt=20361&rtt_var=1398&sent=137&recv=50&lost=0&retrans=0&sent_bytes=112505&recv_bytes=25085&delivery_rate=60852&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9214&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/4kSMCQQy/

188.114.97.1

200 OK

22 kB

URL User Request GET
ldt.kansinulang.ru/4kSMCQQy/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
HTML document, ASCII text, with very long lines (17077), with CRLF line terminators
Size
22 kB (22128 bytes)
Hash
29f768f4a72d7f5e5a383369a503b208
5677bda86e9c0b1fce8f00dfae7d2e2f2395c405
cae07fa49fad1c4b450832f28f176dba5bfdf4bb32743f359355c623e1f4b448

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /4kSMCQQy/ HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImRIWGFNRmxHN3dpcno2K01LWWZKWkE9PSIsInZhbHVlIjoiTHRRcTJXS1M2cjBiVnI0aFZvbVBvaStWb0grVy81emF1akZsL3JrWjZpc3hVSklqMnBHNjhLNEpnNzJ4YTFvaE4zK3BsTFBwZ1ppaDlXczZERlY4bEhOZThiUG9KZkdSRzlRb0JQL0M4WEpCYVlURE92WXFscE5NNmkxQjJ3ZUEiLCJtYWMiOiIxOGE1Y2Y4MmJhMmQ4YTNjMzA4NWE3NmRhYzRmM2RkMzAzNGEwNTFkOGQyODBkNjcyNDIwNTNjZmQ2ZDgxOTNmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im11Z2xkR1lNM1U5RjRQTzJVWS82QUE9PSIsInZhbHVlIjoiZGE1ZGdyMzJzRGdMY0I0UmlSZjNEVlpzTGFXRC9hN3d5RjlSQXRMVkRJRTZGdnFKQVhJaG9ydno2SU82em1NeUFJaVRQMHhObktiaHRIRUMwZDNHVzl2Qlp2c3hiN3NXMlZpUjlMbUNySlZpaVBSTXFTOTNuTzgzb3kxbnJEQTAiLCJtYWMiOiJhOWQ4OWNlNGE2YTFiMzkwMGE1MDBkMGJkNjc2N2ZmM2IxZmY3NWVmOGFhZThlMjk2ZThiMzcwMTNlMjg3NmEwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:44 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DZ%2F753y%2FDbIGupSeJymDjLdOtezv2HnAJotDHDsppmjRf3DSVNznYUHusZKK5e6jjA%2FelxCqQCuP1WzxeLiNkdU2vjHra141A3nedWKhqPvJLdSnHolkEISGxHHk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6InNSd1hHVzRBMEtWSWNGbkJZdm55QVE9PSIsInZhbHVlIjoiZFBxUGdqR2MvWXpWNU1abEFMaEhOMElITlJpRGZsOHpiV084NjRvWlVuZU8vNGRBaERReGg3ZTNjcW9yQ3l3WklBMXFQWFVQbjl5Y2hZWlBHeEhkSTdTb2p2eU0yZnlSMjFxaVF0R2tuaTJDOHRQTnlwNTg4R0tKSElsQ3lMMHUiLCJtYWMiOiJlOGU0MjNhZjYzZWM0MDhlODNlYTRhNDc4MGU1NzMzNGNkNjEwN2I1NTBkMGQyYzAxOTM0MjE0NzYxMTA2OWE0IiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:44 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImpGY0RzOUV5TEpjWUxoSnBUbkUxYWc9PSIsInZhbHVlIjoiYjFMYzlGZy9OQkVqaWRQbFBOdlp5WFpPWGNIcVdrMG5WK0lMK01RVVRVUFBqNGo5WUpwZ2FJcFo1ajRsekdBTHFtL1BLQVFsWVZid1pQVmhQMk5zczRTNmpqK0VtaGlCYUpaaGxoTGdCZ3prd0xLSXZ1Zm9VWDdnRGFIZmszcVUiLCJtYWMiOiIyYTM5YzI0NTU2NDZmMmU5NWUxOGI1ZThmMzBkMDEyNTJiMjA1NTJhNGVhYWNlNTU3YmFjZjRmYTQ1MjdhYWRhIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:44 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 926836321daffe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5224&min_rtt=5082&rtt_var=1509&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2152&delivery_rate=546326&cwnd=251&unsent_bytes=0&cid=2e2843f7803ccdb1&ts=135&x=0", cfL4;desc="?proto=QUIC&rtt=24316&min_rtt=21087&rtt_var=7258&sent=15&recv=10&lost=0&retrans=0&sent_bytes=5706&recv_bytes=3759&delivery_rate=207&cwnd=12000&unsent_bytes=0&cid=c05697167c16ac6f&ts=8125&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP

188.114.97.1

200 OK

153 kB

URL User Request GET
ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
HTML document, ASCII text, with very long lines (52007), with CRLF line terminators
Size
153 kB (153034 bytes)
Hash
fcdcde3dc65370f934f8860ffdc3023f
69cb6e2a1548e95b1f4e12cdfb1b25fa66b5fd2a
b791a79b90ede208f6d6ac75ddcf8b01809612057629028a3d9372420ce8e294

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/4kSMCQQy/
Cookie: XSRF-TOKEN=eyJpdiI6ImlOZExqc25oVi9TN2E1UjYxNDdrU1E9PSIsInZhbHVlIjoiYjl3bmk3Qi93cDFxdHZVanhpZXVISFBzMGlHeUN1OWNGbGczdlovZ09TVUdGbG5oc3RhMFJvdjZVL2Q5NytZNWZ3c2x4SElyTXBiYTdpb0RQZHoyTlpBaHhwYzl1V1AybTZxZzE3YTJja2MzdnFwMDVpME52MVg1eFRGVDY2anQiLCJtYWMiOiJkODgwZWVlZTExZjQ1NWE1ZmFmYzdhZTA5OWU4YzM0NTg2MjM5NDYyYzUzMmM4MGE1OTRmYThkMjFlZDNlYjc3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im1qb2wrUzd2aFA1TnFvZnRCU3psYUE9PSIsInZhbHVlIjoicEVKU3dGWHMvV0MvZHJ5U2NNZHdCSVhabzZLdks2RGRKTDdVU0J0blZuZ0hsQWZHRTNGcXZtUmx0TW42b0FDOXpHMXFjMmxoUXZJa1Robk1DdE80emFyeTFuYjI4TDlid0owOWRuL0sydlZ1RnZvbk5JOWNxdWV3eVhSMmNNYkEiLCJtYWMiOiJlNGQ1MmUzZDEzNGU0Nzc5MWJmYTY2ZDJkODZmZmRlMjJmZDQ5MDY3NGY2Yzg2MzgwYTc0Njk0MzIzNDA0ZGE2IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WEozGgqLSwBZm2wsbSYDajKa%2Fgm4G%2BS4i9es9%2Fucliycc86QseOr8g7aSNWgySqV7qNmEvZSL8cuxwcs0cEE7SFCCEUcPg08hT6eSU1sdcUI0KlQ0zbokSlfBJio"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:45 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:45 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 92683635fb74fe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4978&min_rtt=4968&rtt_var=1870&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2282&delivery_rate=573268&cwnd=251&unsent_bytes=0&cid=d322b7085f8c8855&ts=201&x=0", cfL4;desc="?proto=QUIC&rtt=23354&min_rtt=20710&rtt_var=3489&sent=36&recv=17&lost=0&retrans=0&sent_bytes=23065&recv_bytes=6773&delivery_rate=19119&cwnd=24000&unsent_bytes=0&cid=c05697167c16ac6f&ts=8808&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/GDSherpa-vf2.woff2

188.114.97.1

200 OK

93 kB

URL GET
ldt.kansinulang.ru/GDSherpa-vf2.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:46 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: MISS
last-modified: Wed, 26 Mar 2025 17:01:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0m%2B%2BfMiMaCadxChDDqWZMDS%2Fgho7CNXxdwAlepGK7CsW0%2F0PgaMjKJYLsMYtkM%2Bq6htqMnZl8SSmruTDO1025Efopbq7S%2FrmCscTVsPwglLY7C%2FWl12Pe1mjIXi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
priority: u=3,i=?0
server: cloudflare
cf-ray: 92683638e82ffe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3995&min_rtt=3957&rtt_var=1176&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2219&delivery_rate=678256&cwnd=241&unsent_bytes=0&cid=5650dae2586eceba&ts=250&x=0", cfL4;desc="?proto=QUIC&rtt=22296&min_rtt=20347&rtt_var=1740&sent=278&recv=64&lost=0&retrans=0&sent_bytes=267823&recv_bytes=25721&delivery_rate=1315322&cwnd=59700&unsent_bytes=0&cid=c05697167c16ac6f&ts=9341&x=1", cfExtPri, cfHdrFlush;dur=12

ldt.kansinulang.ru/qrIWhfGQiw7YG9Uhkefvw6ZKAYeBR9wZKkVeRTZ45140

188.114.97.1

200 OK

892 B

URL GET
ldt.kansinulang.ru/qrIWhfGQiw7YG9Uhkefvw6ZKAYeBR9wZKkVeRTZ45140
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
RIFF (little-endian) data, Web/P image
Size
892 B (892 bytes)
Hash
41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /qrIWhfGQiw7YG9Uhkefvw6ZKAYeBR9wZKkVeRTZ45140 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="qrIWhfGQiw7YG9Uhkefvw6ZKAYeBR9wZKkVeRTZ45140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XHApmAveagsnzDiP1P5QOWBFGsHerjpNphhVbQ%2BAJXLZJj7%2B9pYnWeI%2F%2B5%2BxfHKqE2HjrP6JdbiTG5IvhDKtT%2BdrGvtaujkQ3VG%2FulHVJ9ja%2BCeaxPkDX5FiYmiv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 92683638f832fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4932&min_rtt=4910&rtt_var=1422&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2223&delivery_rate=564631&cwnd=251&unsent_bytes=0&cid=24888c559e79a032&ts=136&x=0", cfL4;desc="?proto=QUIC&rtt=22328&min_rtt=20361&rtt_var=2137&sent=155&recv=53&lost=0&retrans=0&sent_bytes=130207&recv_bytes=25222&delivery_rate=69474&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9228&x=1", cfExtPri, cfHdrFlush;dur=0

ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

143.204.55.87

200 OK

10 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (10450)
Size
10 kB (10498 bytes)
Hash
e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179

HTTP Headers

GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 18 Mar 2025 00:00:41 GMT
expires: Wed, 18 Mar 2026 00:00:41 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 28LQi8dQ7izAIVmwAn8zGedltX2tR8owSiiDd0xc_np9CO6K108ckg==
age: 752464
X-Firefox-Spdy: h2

ldt.kansinulang.ru/ghVhpo2skYkRcwLxGJW5U7UZE2uV8UHV5VxygnbkmPtdJR7WJEE7YqrCcCMveezEP12210

188.114.97.1

200 OK

25 kB

URL GET
ldt.kansinulang.ru/ghVhpo2skYkRcwLxGJW5U7UZE2uV8UHV5VxygnbkmPtdJR7WJEE7YqrCcCMveezEP12210
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25216 bytes)
Hash
f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /ghVhpo2skYkRcwLxGJW5U7UZE2uV8UHV5VxygnbkmPtdJR7WJEE7YqrCcCMveezEP12210 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ghVhpo2skYkRcwLxGJW5U7UZE2uV8UHV5VxygnbkmPtdJR7WJEE7YqrCcCMveezEP12210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5GZiWghFhsAgIwCLX7B4lcURmRkfQR%2BwefYNW4MxK1ipHPlqtimJAIHHqYDEQBlvWp9hV2wMCj1DPw1wS%2FnvROeZ8AH%2Ftd9UUVDMKM67Or3AvPLlIrUPL6R0%2Fk8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 926836390852fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4501&min_rtt=4479&rtt_var=1302&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2249&delivery_rate=615517&cwnd=247&unsent_bytes=0&cid=64bab9fecdd1261b&ts=147&x=0", cfL4;desc="?proto=QUIC&rtt=22511&min_rtt=20347&rtt_var=2337&sent=163&recv=57&lost=0&retrans=0&sent_bytes=135612&recv_bytes=25403&delivery_rate=515600&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9251&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/mn6TmBcT6KHTFadUSBIMdeVPs6tJ7ij3UTC3wYByRXeyBxJcfa17FxBAdKaYOVKuv220

188.114.97.1

200 OK

1.9 kB

URL GET
ldt.kansinulang.ru/mn6TmBcT6KHTFadUSBIMdeVPs6tJ7ij3UTC3wYByRXeyBxJcfa17FxBAdKaYOVKuv220
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /mn6TmBcT6KHTFadUSBIMdeVPs6tJ7ij3UTC3wYByRXeyBxJcfa17FxBAdKaYOVKuv220 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6Imk1aDF4a3Q5aU1SYlczQXg5UERxK1E9PSIsInZhbHVlIjoiVjU5OGx0TmNGa1BMQzk4ZmZ0ZTFtR2pHcERPSlI4bjVkVDBRSXpoeUNFU0ZqNFA2Z0dkR0J1QTUrTnFva3BMRHViaUIxQ21ObGd3ZTNBc3N4K0dqb3l3SjM2VGh2a2d1WnNjcEpnMUlvbndPZnl5SkJVemNjNHlsSkdNRW1QYzQiLCJtYWMiOiJkY2Q4ZTNkMzliZjkyYjgwODlmYjJkNWI4MTYyZWU2ZTI5ZTkzZTBmNDViMTZhZTRkY2E0ZDdlY2Y3NzFlMzUwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImptemcvaXdZZnNENHJ0YU0zR2h4WGc9PSIsInZhbHVlIjoid3Y5dGhVbFVKUXhjVHdnd3JhazFGVTZLa2JSMHZDMVNVQXpxRjBGTW5VM2E1dGx2UG9YOE1kRVZ6ZGc1eTd0ckJ2ZGNPZkVrTlZocU5rU1h5eVU1T2lJeHB6VkkvQy9wR3pTSVg4TlNza1ZyOTRlK09tWUJuTjNzWEY0ZUpTYlIiLCJtYWMiOiJhNzU2Njc0MmRjOTJkODM4Mzg3ZmJiYzJkMGM1N2NjZDUyYzc4YTJhOGJmZDU2ZTk3NzdkNGFjNDhlNWIwZjZlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:47 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mn6TmBcT6KHTFadUSBIMdeVPs6tJ7ij3UTC3wYByRXeyBxJcfa17FxBAdKaYOVKuv220"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PTVKLVgCyQiSm4RM9zkF13vMYjdrpLC%2Fs7qeGr%2BcBoDlEjcA9TBjR7vtwloTtArq7dnrHrtg6wM87QJxMb2JZRFRaXxSmig%2FsGydDZWEwQZqGinXmBuMy4bL9wUi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 92683643ae7efe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4052&min_rtt=4051&rtt_var=1521&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2247&delivery_rate=701305&cwnd=250&unsent_bytes=0&cid=41412b6581b98bca&ts=149&x=0", cfL4;desc="?proto=QUIC&rtt=21046&min_rtt=20025&rtt_var=902&sent=888&recv=130&lost=0&retrans=0&sent_bytes=937752&recv_bytes=32359&delivery_rate=26854&cwnd=178500&unsent_bytes=0&cid=c05697167c16ac6f&ts=10943&x=1", cfExtPri, cfHdrFlush;dur=0

ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

143.204.55.87

200 OK

20 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Size
20 kB (20416 bytes)
Hash
d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ldt.kansinulang.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 26 Mar 2025 04:24:56 GMT
expires: Thu, 26 Mar 2026 04:24:56 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4fzEJtFX7R7rKr5jF_JRsbsDX1vcnLvu3NXlNAiinJyHvooDdu7qcw==
age: 45411
X-Firefox-Spdy: h2

ldt.kansinulang.ru/abZrj4D3IOrBrs4OKfgh30

188.114.97.1

200 OK

36 kB

URL GET
ldt.kansinulang.ru/abZrj4D3IOrBrs4OKfgh30
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
ASCII text, with CRLF line terminators
Size
36 kB (35786 bytes)
Hash
38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /abZrj4D3IOrBrs4OKfgh30 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: text/css;charset=UTF-8
server: cloudflare
content-disposition: inline; filename="abZrj4D3IOrBrs4OKfgh30"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vR0AzOUH9qVhddd2y5J%2B2L6YXUjf7XJ%2FmZ7GuFvNhwPaLrZhpVBC3lKaaR3bXzVUAgyAYbDeAvPI%2FN6oSbTxGEdO6DYw4doNMHD4YWi89hUbE1QOwi%2Fd1I6C8eOZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
priority: u=2,i=?0
vary: accept-encoding
cf-ray: 92683638dffbfe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5571&min_rtt=5522&rtt_var=1639&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2194&delivery_rate=496426&cwnd=251&unsent_bytes=0&cid=d84c761c39ccdf56&ts=116&x=0", cfExtPri

ldt.kansinulang.ru/GDSherpa-regular.woff2

188.114.97.1

200 OK

29 kB

URL GET
ldt.kansinulang.ru/GDSherpa-regular.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:46 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
last-modified: Wed, 26 Mar 2025 17:01:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VVEGWVa05bDJDPCYFrAGlY0esE5FdP%2BvhslCXyAgDrN0y90DmewgyXGnoyEAA3r6eAmyBwvQsHjUTqFZ79wb8DIGm7op%2BtbnGBZOTQ%2BqyQVD%2FufxCveww6Thl2od"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 92683638d813fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5535&min_rtt=5515&rtt_var=1589&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2223&delivery_rate=504696&cwnd=252&unsent_bytes=0&cid=66e7e1935170a242&ts=212&x=0", cfL4;desc="?proto=QUIC&rtt=22462&min_rtt=20347&rtt_var=1876&sent=227&recv=63&lost=0&retrans=0&sent_bytes=208123&recv_bytes=25675&delivery_rate=855570&cwnd=42000&unsent_bytes=0&cid=c05697167c16ac6f&ts=9308&x=1", cfExtPri, cfHdrFlush;dur=21

ldt.kansinulang.ru/uvRYny4Df6mtfDjmiKr0cnjcs1Vm2qrVWqY1OIagWVPloMQhgq712130

188.114.97.1

200 OK

644 B

URL GET
ldt.kansinulang.ru/uvRYny4Df6mtfDjmiKr0cnjcs1Vm2qrVWqY1OIagWVPloMQhgq712130
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /uvRYny4Df6mtfDjmiKr0cnjcs1Vm2qrVWqY1OIagWVPloMQhgq712130 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="uvRYny4Df6mtfDjmiKr0cnjcs1Vm2qrVWqY1OIagWVPloMQhgq712130"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uDVHX1JYey%2FI9JWgUxkkwdMdydSvHSDYyu2hcztRGHQkVzhHbYygSTCqoHBoWYdMF7drjwHA8C%2F6VIdr3mUX0jOlhf7c%2BWf%2FPXpALnOVTOYSAVm0eP4AK3DRTY4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 92683638e830fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4300&min_rtt=4277&rtt_var=1245&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2235&delivery_rate=646684&cwnd=251&unsent_bytes=0&cid=37de889423232e00&ts=118&x=0", cfL4;desc="?proto=QUIC&rtt=21999&min_rtt=20361&rtt_var=1324&sent=135&recv=49&lost=0&retrans=0&sent_bytes=110972&recv_bytes=25039&delivery_rate=39585&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9206&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/klKUoiGLO5pFbsfbPGOwFbXMEDdATepOyzyEGj28kOjj7wNpKAtEavAJJj256170

188.114.97.1

200 OK

7.4 kB

URL GET
ldt.kansinulang.ru/klKUoiGLO5pFbsfbPGOwFbXMEDdATepOyzyEGj28kOjj7wNpKAtEavAJJj256170
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7390 bytes)
Hash
bca9b46fee32162356ba5b4783e614dc
cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5
fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /klKUoiGLO5pFbsfbPGOwFbXMEDdATepOyzyEGj28kOjj7wNpKAtEavAJJj256170 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/svg+xml
content-disposition: inline; filename="klKUoiGLO5pFbsfbPGOwFbXMEDdATepOyzyEGj28kOjj7wNpKAtEavAJJj256170"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EDww%2FkoHDZRi1nGV7SxRQI9qEMLUlV7iGQ135JBM%2FBNpEy9bW5FYs6E95E8tcBIaJGjou0uzzTHt4bw%2Btlq89wAWwP6QpJZoffTAfb7caovvBfPjKGq3BkBx3JS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 92683638f83efe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5610&min_rtt=5572&rtt_var=1638&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2243&delivery_rate=491034&cwnd=251&unsent_bytes=0&cid=06d2031b4bcb1be6&ts=103&x=0", cfL4;desc="?proto=QUIC&rtt=21999&min_rtt=20361&rtt_var=1324&sent=132&recv=49&lost=0&retrans=0&sent_bytes=107672&recv_bytes=25039&delivery_rate=39585&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9201&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/wrudCPzF9NbVqXQVV0d1ZMij4i40h7GxDGi2RrDBfTcF4Ecu6vel

188.114.97.1

200 OK

11 kB

URL POST
ldt.kansinulang.ru/wrudCPzF9NbVqXQVV0d1ZMij4i40h7GxDGi2RrDBfTcF4Ecu6vel
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
JSON text data
Size
11 kB (10725 bytes)
Hash
257522f3959010564efa9cd62b1183ad
993b8f82f46b38a42e65745170eb42b81b0f2714
fcc65555ccd8e4fa2b2d56749f3549d3ea2b37a88c9c388b46f4747fc7ee255d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

POST /wrudCPzF9NbVqXQVV0d1ZMij4i40h7GxDGi2RrDBfTcF4Ecu6vel HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 768
Origin: https://ldt.kansinulang.ru
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:47 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IbgErU5O7imqDS3oC4m6pJDrJ0utjK6%2Bvi0B4jsKjdkeM4nWYQUbKPyfwaU0JW6FBsYLhAvIUEqMLjBWmaRplLzWt7sqWEug2fcUDhrZLKhHzFAI4kXD8GQkdcpi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Imk1aDF4a3Q5aU1SYlczQXg5UERxK1E9PSIsInZhbHVlIjoiVjU5OGx0TmNGa1BMQzk4ZmZ0ZTFtR2pHcERPSlI4bjVkVDBRSXpoeUNFU0ZqNFA2Z0dkR0J1QTUrTnFva3BMRHViaUIxQ21ObGd3ZTNBc3N4K0dqb3l3SjM2VGh2a2d1WnNjcEpnMUlvbndPZnl5SkJVemNjNHlsSkdNRW1QYzQiLCJtYWMiOiJkY2Q4ZTNkMzliZjkyYjgwODlmYjJkNWI4MTYyZWU2ZTI5ZTkzZTBmNDViMTZhZTRkY2E0ZDdlY2Y3NzFlMzUwIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:46 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImptemcvaXdZZnNENHJ0YU0zR2h4WGc9PSIsInZhbHVlIjoid3Y5dGhVbFVKUXhjVHdnd3JhazFGVTZLa2JSMHZDMVNVQXpxRjBGTW5VM2E1dGx2UG9YOE1kRVZ6ZGc1eTd0ckJ2ZGNPZkVrTlZocU5rU1h5eVU1T2lJeHB6VkkvQy9wR3pTSVg4TlNza1ZyOTRlK09tWUJuTjNzWEY0ZUpTYlIiLCJtYWMiOiJhNzU2Njc0MmRjOTJkODM4Mzg3ZmJiYzJkMGM1N2NjZDUyYzc4YTJhOGJmZDU2ZTk3NzdkNGFjNDhlNWIwZjZlIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:46 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 9268363f98f9fe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5135&min_rtt=5120&rtt_var=1471&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=3115&delivery_rate=543615&cwnd=244&unsent_bytes=0&cid=47e6d71c4ba995a2&ts=157&x=0", cfL4;desc="?proto=QUIC&rtt=21185&min_rtt=20025&rtt_var=1221&sent=878&recv=126&lost=0&retrans=0&sent_bytes=929824&recv_bytes=30286&delivery_rate=4050531&cwnd=178500&unsent_bytes=0&cid=c05697167c16ac6f&ts=10302&x=1", cfExtPri, cfHdrFlush;dur=0

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 17:01:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 92683603f9035697-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1090941
expires: Mon, 16 Mar 2026 17:01:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWK5HrQh7TUYuuFhoFadAZTRnW45b7SCPr7Czjy18Sq0CQZy6xps%2BAg5Of1ZBP8XjNR7a%2BqtzUB7rPDvHm8Pj%2FabbCCMRANWiBDSoVrK5TKkRWq33p70A44u2Tu8ZMYBLFpAV1O1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

developers.cloudflare.com/favicon.png

104.16.3.189

200 OK

937 B

URL GET
developers.cloudflare.com/favicon.png
IP
104.16.3.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerGoogle Trust Services
Subjectdevelopers.cloudflare.com
Fingerprint40:EB:B1:34:10:10:4D:1A:39:4E:1C:9D:94:F9:3A:A8:D7:1B:D9:43
ValidityFri, 14 Mar 2025 21:43:15 GMT - Thu, 12 Jun 2025 22:43:11 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
937 B (937 bytes)
Hash
fc3b7bbe7970f47579127561139060e2
3f7c5783fe1f4404cb16304a5a274778ea3abd25
85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 17:01:37 GMT
content-type: image/png
content-length: 937
cf-cache-status: HIT
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=6mGZ146lQF5D1v4RrUBcXpOd0WEenkhUeYYJ85lNKes-1743008497-1.0.1.1-JGyrKpm1Aa3i4MfAZFTrr06ujs1vxkt8tQwTUQ8it0Gh6nfuoxtCJW91fyihZHRwTP084Y6DZ3nxvyflD3d0rSTbPQvmlUl12y6WS1p2HGI; path=/; expires=Wed, 26-Mar-25 17:31:37 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 92683605de33b4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1090948
expires: Mon, 16 Mar 2026 17:01:44 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFSyvx%2FTQhcQjcEYM7Wbht1AtTEzIbnWwg4DPSCopJCxpO%2BDkCh%2FJoMQA9LUf0V249M4ZZWIpMYRlmbQF4Hcm6YrPK8njXYnqCaB0hAGV5HAbFI%2FBTDzHGWt4z3Wck1oZXpwlhgz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 926836337962b521-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

ldt.kansinulang.ru/yzb4578xk6bUOxjsGOq4IraLMF492egjcC0lAbKrsmZNLZWdw5D3Yb9SrCdqL90180

188.114.97.1

200 OK

2.9 kB

URL GET
ldt.kansinulang.ru/yzb4578xk6bUOxjsGOq4IraLMF492egjcC0lAbKrsmZNLZWdw5D3Yb9SrCdqL90180
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /yzb4578xk6bUOxjsGOq4IraLMF492egjcC0lAbKrsmZNLZWdw5D3Yb9SrCdqL90180 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: image/svg+xml
content-disposition: inline; filename="yzb4578xk6bUOxjsGOq4IraLMF492egjcC0lAbKrsmZNLZWdw5D3Yb9SrCdqL90180"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6oCjs7jQafJcZLW6RJ6tz%2BiANY%2FQWM1VCUWPr5nl79WK37T60m6QXjWAcHf3DL8k9T0MO5UiEsDAjaSMxzIHZvqGeKUpKfOabIfNcAGYuBwe%2BAhgr4I8XwOVKHk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 926836390849fe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4515&min_rtt=4498&rtt_var=1289&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2245&delivery_rate=620885&cwnd=240&unsent_bytes=0&cid=de5bb445ee724561&ts=99&x=0", cfL4;desc="?proto=QUIC&rtt=21999&min_rtt=20361&rtt_var=1324&sent=129&recv=49&lost=0&retrans=0&sent_bytes=105554&recv_bytes=25039&delivery_rate=39585&cwnd=28800&unsent_bytes=0&cid=c05697167c16ac6f&ts=9200&x=1", cfExtPri, cfHdrFlush;dur=0

objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250326%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250326T170037Z&X-Amz-Expires=300&X-Amz-Signature=ae610a85b10c53c50411634978948cbea9efbab6ec8c70f9ef89152a8bc19af9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.108.133

200 OK

10 kB

URL GET
objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250326%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250326T170037Z&X-Amz-Expires=300&X-Amz-Signature=ae610a85b10c53c50411634978948cbea9efbab6ec8c70f9ef89152a8bc19af9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
185.199.108.133:443
ASN
#54113 FASTLY

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10017)
Size
10 kB (10245 bytes)
Hash
6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250326%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250326T170037Z&X-Amz-Expires=300&X-Amz-Signature=ae610a85b10c53c50411634978948cbea9efbab6ec8c70f9ef89152a8bc19af9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 2798
date: Wed, 26 Mar 2025 17:01:46 GMT
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 0
x-timer: S1743008506.147338,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.66.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 26 Mar 2025 17:01:45 GMT
age: 1677710
x-served-by: cache-lga21931-LGA, cache-hel1410022-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 44636
x-timer: S1743008506.686332,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ldt.kansinulang.ru/34gH01zEgabFidD8917

188.114.97.1

200 OK

27 kB

URL GET
ldt.kansinulang.ru/34gH01zEgabFidD8917
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
ASCII text, with very long lines (26765), with no line terminators
Size
27 kB (26765 bytes)
Hash
1a862a89d5633fac83d763886726740d
e5ce3aa454c992a13fd406a9647d7afbf831051f
5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /34gH01zEgabFidD8917 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: text/css;charset=UTF-8
server: cloudflare
content-disposition: inline; filename="34gH01zEgabFidD8917"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzarYJug%2B580dI%2BsZx3RVswUsEHXf274O8odd8Isj58N1FM8%2FDGGH0lGmsavryw%2BKkVP0QsH4KciGvTbDrkt8J1Eiol98B7VV%2FuUhfpmGeB4du4c4Wjgyqf0iFwG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
priority: u=2,i=?0
vary: accept-encoding
cf-ray: 92683638cfe3fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5569&min_rtt=5547&rtt_var=2125&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2191&delivery_rate=497119&cwnd=234&unsent_bytes=0&cid=a5b9a9cdd3c62dce&ts=110&x=0", cfExtPri

ldt.kansinulang.ru/GDSherpa-bold.woff2

188.114.97.1

200 OK

28 kB

URL GET
ldt.kansinulang.ru/GDSherpa-bold.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNuNUNMRlhYUlQ2aTdzZkRteEJVWEE9PSIsInZhbHVlIjoiU1B4V21mUHZDWnBGY2h6ZXRpNDMxMnhwcEtnejZVaU81NDh3eTR3MDkxKzlzQUxWT013OWE0eXJ0RTcyN2c2UGYvbHJNSXoyOHpGMUJRVEJKSXB4VzNVNXBXdjdlOXFOTTNRcHVBWmtSVzY3RjcrVExIcHMrb00vbU1uU3Y2UXgiLCJtYWMiOiIwNGNlYzI2NmVlMTM2NDJjZDAxYzVkMDkwODc2Y2M3NWMxNzNjZDAzMDlkOGM5MDYyYWU1YzFiNTA4NzcxZjIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndTcUtLS3gxYkx6ZnREMi8xRHdZdkE9PSIsInZhbHVlIjoiVlI0SHJpcm53UW94ZjNNNmlXRzdmM0NGajZsTUFYK3JRd3hrcHZnQ05zRDZOeE1WYWJlc252Qmh5aVpkSSsxSWk2NUwrdXNOSlVFQzMxWUROZGZVK3BJbHhpenU2c0RiNkdPK3hUdkgrUEFYeWZVZGFmRFJhSmpoaXhudTNxSkQiLCJtYWMiOiI2MTIyNzIxYTIyZmVhNjAyMzE5NmQ2NjI5ZTY2YzY1NjQzYWVlYmMzMDFmMWYzZGEzYjJjMzk5NTE5Njg0ZWQwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:46 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="GDSherpa-bold.woff2"
last-modified: Wed, 26 Mar 2025 17:01:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p83u1DJrQ%2FupUSF%2ByH2ucdl1fZpV3Vsx82qx5NyfN0v2IGfD8dS0ft40%2BOFFAULDvEU7Euu%2BRLdKlv58tSC9V4XhTY3SfFub0KsTwazBtuAG1ujtMrgX1WsDESo5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 92683638d806fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5035&min_rtt=4968&rtt_var=1436&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2221&delivery_rate=563960&cwnd=251&unsent_bytes=0&cid=9219d6c6a1355fd6&ts=207&x=0", cfL4;desc="?proto=QUIC&rtt=22462&min_rtt=20347&rtt_var=1876&sent=201&recv=63&lost=0&retrans=0&sent_bytes=178123&recv_bytes=25675&delivery_rate=855570&cwnd=42000&unsent_bytes=0&cid=c05697167c16ac6f&ts=9298&x=1", cfExtPri, cfHdrFlush;dur=0

dr98gc.hxnywi.ru/chai!irsldo

188.114.96.1

200 OK

1 B

URL GET
dr98gc.hxnywi.ru/chai!irsldo
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerGoogle Trust Services
Subjecthxnywi.ru
FingerprintC8:77:50:2D:4F:4D:71:DB:75:90:C3:12:03:35:FF:1F:22:59:10:B4
ValidityThu, 27 Feb 2025 13:05:34 GMT - Wed, 28 May 2025 14:04:05 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /chai!irsldo HTTP/1.1
Host: dr98gc.hxnywi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/
Origin: https://ldt.kansinulang.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 17:01:44 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBjGqhFWD7ZCKXBS4z%2Fknx7hOYTftUw97Uraq3H2HsVF2OYPAvYKk72wlpy%2FiYwz1Hp8Xt8MXlqYUjCCe3qHLHFqY9JbGN17fFya41gOwVeEbI9SejNGu3kMHBD4v%2BHhsPLI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9268362b7a08feb3-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=25497&min_rtt=20044&rtt_var=13196&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3190&recv_bytes=1096&delivery_rate=216625&cwnd=255&unsent_bytes=0&cid=a69b44c8d8510199&ts=768&x=0"
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 926836389ab5b521-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1090949
expires: Mon, 16 Mar 2026 17:01:45 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HYyxyVJ8LVwCWOI0wjQHNsrLZL3Lfp%2FIvtBkKep7lmNuqulLtul%2FzmOSwDYW63CyvxdnIYN6nZPZR3Ytx0ZsgYSlCFAPNIL1tsjqdjn97fC1LNtjOx2r7%2Bu6jLcCU1JArzVYL0sU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

143.204.55.87

200 OK

223 kB

URL GET
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type

Size
223 kB (222931 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 18 Mar 2025 03:22:46 GMT
expires: Wed, 18 Mar 2026 03:22:46 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yIk0Fu_Ko-_SFoVfyw1nOCv-IX71wskh_i4N3IzefHTHKD3qbr5A4Q==
age: 740339
X-Firefox-Spdy: h2

ldt.kansinulang.ru/ijI3O4tCtbzsOtxb132YKBHLDqr7LsrJhpgOoDeBTtVbGdRczvX3UrL0ab229

188.114.97.1

200 OK

1.3 kB

URL GET
ldt.kansinulang.ru/ijI3O4tCtbzsOtxb132YKBHLDqr7LsrJhpgOoDeBTtVbGdRczvX3UrL0ab229
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1298 bytes)
Hash
32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /ijI3O4tCtbzsOtxb132YKBHLDqr7LsrJhpgOoDeBTtVbGdRczvX3UrL0ab229 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Cookie: XSRF-TOKEN=eyJpdiI6Imk1aDF4a3Q5aU1SYlczQXg5UERxK1E9PSIsInZhbHVlIjoiVjU5OGx0TmNGa1BMQzk4ZmZ0ZTFtR2pHcERPSlI4bjVkVDBRSXpoeUNFU0ZqNFA2Z0dkR0J1QTUrTnFva3BMRHViaUIxQ21ObGd3ZTNBc3N4K0dqb3l3SjM2VGh2a2d1WnNjcEpnMUlvbndPZnl5SkJVemNjNHlsSkdNRW1QYzQiLCJtYWMiOiJkY2Q4ZTNkMzliZjkyYjgwODlmYjJkNWI4MTYyZWU2ZTI5ZTkzZTBmNDViMTZhZTRkY2E0ZDdlY2Y3NzFlMzUwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImptemcvaXdZZnNENHJ0YU0zR2h4WGc9PSIsInZhbHVlIjoid3Y5dGhVbFVKUXhjVHdnd3JhazFGVTZLa2JSMHZDMVNVQXpxRjBGTW5VM2E1dGx2UG9YOE1kRVZ6ZGc1eTd0ckJ2ZGNPZkVrTlZocU5rU1h5eVU1T2lJeHB6VkkvQy9wR3pTSVg4TlNza1ZyOTRlK09tWUJuTjNzWEY0ZUpTYlIiLCJtYWMiOiJhNzU2Njc0MmRjOTJkODM4Mzg3ZmJiYzJkMGM1N2NjZDUyYzc4YTJhOGJmZDU2ZTk3NzdkNGFjNDhlNWIwZjZlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:47 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="ijI3O4tCtbzsOtxb132YKBHLDqr7LsrJhpgOoDeBTtVbGdRczvX3UrL0ab229"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cjj2y%2BCdF83mglst5SVaDkLAhZrm2MJ89ThRFHyZa%2BxCuQ%2B%2B0no0k6haj40MHHNMnpSdHlWU6s9rKMA9IebrZ3aKmVHH92nX%2FHhX%2BsaRAg6NUXql2mJjk5CcjDZg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 92683643be83fe9b-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4960&min_rtt=4943&rtt_var=1423&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2240&delivery_rate=562845&cwnd=251&unsent_bytes=0&cid=387d9cc3fef47496&ts=119&x=0", cfL4;desc="?proto=QUIC&rtt=21046&min_rtt=20025&rtt_var=902&sent=886&recv=130&lost=0&retrans=0&sent_bytes=935557&recv_bytes=32359&delivery_rate=26854&cwnd=178500&unsent_bytes=0&cid=c05697167c16ac6f&ts=10921&x=1", cfExtPri, cfHdrFlush;dur=0

ldt.kansinulang.ru/hkno1Paud79uHwcfBDwRv0loa5gJg8YgcWaFvNrS49

188.114.97.1

200 OK

20 B

URL POST
ldt.kansinulang.ru/hkno1Paud79uHwcfBDwRv0loa5gJg8YgcWaFvNrS49
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerGoogle Trust Services
Subjectkansinulang.ru
Fingerprint0A:A3:1B:2B:B6:B0:54:B1:BA:A0:52:7F:D0:47:21:1E:81:AF:98:E2
ValiditySun, 16 Mar 2025 12:52:20 GMT - Sat, 14 Jun 2025 13:49:37 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
0b35866f4a3aa4d34ce5dda2d14c2cd8
d2b80911f09c3106fdf0df9920f983945d644083
493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

POST /hkno1Paud79uHwcfBDwRv0loa5gJg8YgcWaFvNrS49 HTTP/1.1
Host: ldt.kansinulang.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ldt.kansinulang.ru/4kSMCQQy/
Content-Type: multipart/form-data; boundary=---------------------------256539056635360878111381500059
Content-Length: 926
Origin: https://ldt.kansinulang.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkRCMUFhYWJNZzBUWlFYRGxRY3J6Unc9PSIsInZhbHVlIjoiYnB3NFR3RDFac0ZLUUtQWXJIeUpjUktWV0hRV0g1clI1eGRSVVNIczlhZW9YTXZ5V3hxc281d0NxeGg2ZkQ5WW1GZ0hsOXpiZ1FKVU1MaE9wM0hJU3F6Z2VlYzl2WS80UUNDVjFmYVBPOS9qVDNaYkZGSjQxY1RQTlRsZEo2Y1EiLCJtYWMiOiJlMjIwNTJlM2U2Yzg0YmNmYTM3NDdjMTU0ODViOTUzN2Y4NzJiNmE3OGI0ZWIxZDU0Nzg0MTBjMWIxMjA5NWVjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImptdEtDTkZoOEhCL25rbURKZnJxWnc9PSIsInZhbHVlIjoiVk9EdERaZHdabE0vZ0dEWjgwempOajBPUkp6eUhHN0dCUHE2MEtQVFBVMURZTHVPRS82elBmSnV4N2lCWlhaQS9FMGpaVlk3ejBGMnBZUWJ0NDlVcXN2QUxIRVZPRUFBVS9SRHZkQXBZdy9oWk5KeU5WNDNFSDRuN0d5T3BVOEgiLCJtYWMiOiJhZjY1ZTllZDRiN2I2OWZjM2U2YTM2ZjZmNTc1NDBmN2ZiMDMyYjljZTQ2OTgxNWZlZDU4NjNkNTM0YWQyN2ViIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 17:01:44 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gSoI2I7Hl9q9ahdEmix%2BgpK11RiaH8KqI4pO0YuKyzxElzNpa4nfrQsZOpKN5uU%2FIUTGr%2B4EoxQIkLTyhy7EdkuQqCgcOQBlvRxn9rLSJtJndBIAhMM9nSnEw8xk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6ImRIWGFNRmxHN3dpcno2K01LWWZKWkE9PSIsInZhbHVlIjoiTHRRcTJXS1M2cjBiVnI0aFZvbVBvaStWb0grVy81emF1akZsL3JrWjZpc3hVSklqMnBHNjhLNEpnNzJ4YTFvaE4zK3BsTFBwZ1ppaDlXczZERlY4bEhOZThiUG9KZkdSRzlRb0JQL0M4WEpCYVlURE92WXFscE5NNmkxQjJ3ZUEiLCJtYWMiOiIxOGE1Y2Y4MmJhMmQ4YTNjMzA4NWE3NmRhYzRmM2RkMzAzNGEwNTFkOGQyODBkNjcyNDIwNTNjZmQ2ZDgxOTNmIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:44 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Im11Z2xkR1lNM1U5RjRQTzJVWS82QUE9PSIsInZhbHVlIjoiZGE1ZGdyMzJzRGdMY0I0UmlSZjNEVlpzTGFXRC9hN3d5RjlSQXRMVkRJRTZGdnFKQVhJaG9ydno2SU82em1NeUFJaVRQMHhObktiaHRIRUMwZDNHVzl2Qlp2c3hiN3NXMlZpUjlMbUNySlZpaVBSTXFTOTNuTzgzb3kxbnJEQTAiLCJtYWMiOiJhOWQ4OWNlNGE2YTFiMzkwMGE1MDBkMGJkNjc2N2ZmM2IxZmY3NWVmOGFhZThlMjk2ZThiMzcwMTNlMjg3NmEwIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 19:01:44 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 926836309bd3fe9b-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5332&min_rtt=5264&rtt_var=2022&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=3197&delivery_rate=541033&cwnd=251&unsent_bytes=0&cid=d7f52aaa65a2364e&ts=155&x=0", cfL4;desc="?proto=QUIC&rtt=24755&min_rtt=21087&rtt_var=8505&sent=11&recv=8&lost=0&retrans=0&sent_bytes=4047&recv_bytes=2807&delivery_rate=28167&cwnd=12000&unsent_bytes=0&cid=c05697167c16ac6f&ts=7914&x=1", cfExtPri, cfHdrFlush;dur=0

code.jquery.com/jquery-3.6.0.min.js

151.101.66.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://ldt.kansinulang.ru/4kSMCQQy/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 26 Mar 2025 17:01:44 GMT
age: 1677709
x-served-by: cache-lga21931-LGA, cache-hel1410022-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 44632
x-timer: S1743008505.882969,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

143.204.55.87

200 OK

11 kB

URL GET
ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
143.204.55.87:443
ASN
#16509 AMAZON-02

Requested by
https://ldt.kansinulang.ru/yrjvqzkbnvvwpokhezxamgjvdwcvfjrnrgjyvwauwbbXPG0GD2K93KS1OOMCD8N9JHBDCW?WYUEBMFIRCVAYJYCFFRLQSFP
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Size
11 kB (10796 bytes)
Hash
12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ldt.kansinulang.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Wed, 12 Mar 2025 01:00:17 GMT
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Thu, 12 Mar 2026 01:00:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri  https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LuAjXCF7varyTq2mFTXntHbWii-RbKrWBqYJdalF8CB4-5kejL-YIw==
age: 1267288
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML