Report - v94.retorr.ru/d9GZGthY

Report Overview

URL

v94.retorr.ru/d9GZGthY
IP

195.22.123.35

ASN

#197808 Technical Services Company Ltd
Submitted

2023-04-09T17:00:50Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
v94.retorr.ru (1)	unknown	2021-05-25 15:33:59	2023-04-08 05:32:25	386	1118	195.22.123.35
l.funzone.by (4)	unknown	2018-11-15 15:16:42	2023-04-09 09:48:16	2260	151822	178.124.129.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-09	medium	v94.retorr.ru/d9GZGthY

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

v94.retorr.ru/d9GZGthY

195.22.123.35

302 Found

URL User Request GET HTTP/1.1

v94.retorr.ru/d9GZGthY
IP

195.22.123.35:80
ASN

#197808 Technical Services Company Ltd

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /d9GZGthY HTTP/1.1
Host: v94.retorr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
Server: nginx/1.10.2
Date: Sun, 09 Apr 2023 17:00:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
Last-Modified: Sun, 09 Apr 2023 17:00:35 GMT
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: 0
Set-Cookie: k_sub_id=2i353011el2iqjsqn298; expires=Wed, 10-May-2023 17:00:35 GMT; Max-Age=2678400; path=/; domain=.v94.retorr.ru
_token=uuid_2i353011el2iqjsqn298_2i353011el2iqjsqn2986432ef33c84523.54424440; expires=Wed, 10-May-2023 17:00:35 GMT; Max-Age=2678400; path=/; domain=.v94.retorr.ru
540ad=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjY0NzZcIjoxNjgxMDU5NjM1fSxcImNhbXBhaWduc1wiOntcIjE5MTlcIjoxNjgxMDU5NjM1fSxcInRpbWVcIjoxNjgxMDU5NjM1fSJ9.ABuy8C3Zm97ke-RuDAm5-Gto53MlyGEsMbKIxXSW9SM; expires=Wed, 10-May-2023 17:00:35 GMT; Max-Age=2678400; path=/; domain=.v94.retorr.ru
Location: http://l.funzone.by/subslp/flow/l_maxim?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https://v93.retorr.ru/TggjNT?sub_id_1=vp

l.funzone.by/subslp/flow/l_maxim?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https://v93.retorr.ru/TggjNT?sub_id_1=vp

Belarus Republican Unitary Telecommunication Enterprise Beltelecom

178.124.129.133

URL

l.funzone.by/subslp/flow/l_maxim?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https://v93.retorr.ru/TggjNT?sub_id_1=vp
IP

178.124.129.133:0
ASN

#6697 Republican Unitary Telecommunication Enterprise Beltelecom

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /subslp/flow/l_maxim?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https://v93.retorr.ru/TggjNT?sub_id_1=vp HTTP/1.1
Host: l.funzone.by
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
Server: nginx/1.14.1
Date: Sun, 09 Apr 2023 17:00:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.26
X-TraceID: 6432ef34023b0
Set-Cookie: PHPSESSID=74b7b73dced34d176301a5f03d19c59f; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://l.funzone.by/subslp/auth?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https%3A%2F%2Fv93.retorr.ru%2FTggjNT%3Fsub_id_1%3Dvp&sid=52-c174a622-5176-3b8c-93e6-ca94c2e3a62c&imsid=52-6432ef341f867&HDR_CBFH_16=1

l.funzone.by/subslp/auth?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https%3A%2F%2Fv93.retorr.ru%2FTggjNT%3Fsub_id_1%3Dvp&sid=52-c174a622-5176-3b8c-93e6-ca94c2e3a62c&imsid=52-6432ef341f867&HDR_CBFH_16=1

178.124.129.133

200 OK

25875

URL User Request GET HTTP/1.1

l.funzone.by/subslp/auth?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https%3A%2F%2Fv93.retorr.ru%2FTggjNT%3Fsub_id_1%3Dvp&sid=52-c174a622-5176-3b8c-93e6-ca94c2e3a62c&imsid=52-6432ef341f867&HDR_CBFH_16=1
IP

178.124.129.133:80
ASN

#6697 Republican Unitary Telecommunication Enterprise Beltelecom

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (65056), with CRLF line terminators

Size

25875
Hash

5695d3fb9f5de95e34369334c589febc

4247fc66a5b96c9aaeb27427e32699a4c0b862be

06c1a836982c70421f5cba7e06b8ca73b4b7cd74b4850aba519ce9928d7d7584

HTTP Headers

                                        GET /subslp/auth?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https%3A%2F%2Fv93.retorr.ru%2FTggjNT%3Fsub_id_1%3Dvp&sid=52-c174a622-5176-3b8c-93e6-ca94c2e3a62c&imsid=52-6432ef341f867&HDR_CBFH_16=1 HTTP/1.1
Host: l.funzone.by
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=74b7b73dced34d176301a5f03d19c59f
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Sun, 09 Apr 2023 17:00:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.26
X-TraceID: 6432ef3449a30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

l.funzone.by/favicon.ico

178.124.129.133

200 OK

1406

URL GET HTTP/1.1

l.funzone.by/favicon.ico
IP

178.124.129.133:80
ASN

#6697 Republican Unitary Telecommunication Enterprise Beltelecom

Requested by

http://l.funzone.by/subslp/auth?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https%3A%2F%2Fv93.retorr.ru%2FTggjNT%3Fsub_id_1%3Dvp&sid=52-c174a622-5176-3b8c-93e6-ca94c2e3a62c&imsid=52-6432ef341f867&HDR_CBFH_16=1

Magic

MS Windows icon resource - 1 icon, 16x16\012- data

Size

1406
Hash

011201ab56695ce86ea2f190bce2670b

bb8fad6accf293e619360935047c23f00da3c769

a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: l.funzone.by
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://l.funzone.by/subslp/auth?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https%3A%2F%2Fv93.retorr.ru%2FTggjNT%3Fsub_id_1%3Dvp&sid=52-c174a622-5176-3b8c-93e6-ca94c2e3a62c&imsid=52-6432ef341f867&HDR_CBFH_16=1
Cookie: PHPSESSID=74b7b73dced34d176301a5f03d19c59f
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Sun, 09 Apr 2023 17:00:36 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 1406
Connection: keep-alive
Vary: Host
Last-Modified: Tue, 28 Feb 2023 07:38:27 GMT
ETag: "57e-5f5bdae6482c0"
Accept-Ranges: bytes

l.funzone.by/subslp/flow/l_maxim?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https://v93.retorr.ru/TggjNT?sub_id_1=vp

178.124.129.133

302 Found

122606

URL User Request GET HTTP/1.1

l.funzone.by/subslp/flow/l_maxim?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https://v93.retorr.ru/TggjNT?sub_id_1=vp
IP

178.124.129.133:80
ASN

#6697 Republican Unitary Telecommunication Enterprise Beltelecom

Magic

Size

122606
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /subslp/flow/l_maxim?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https://v93.retorr.ru/TggjNT?sub_id_1=vp HTTP/1.1
Host: l.funzone.by
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 302 Found
Server: nginx/1.14.1
Date: Sun, 09 Apr 2023 17:00:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.26
X-TraceID: 6432ef34023b0
Set-Cookie: PHPSESSID=74b7b73dced34d176301a5f03d19c59f; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://l.funzone.by/subslp/auth?lpid=88&altlpid=87&lpcontext=vw_by2&keyid=2i353011el2iqjsqn298&backurl=https%3A%2F%2Fv93.retorr.ru%2FTggjNT%3Fsub_id_1%3Dvp&sid=52-c174a622-5176-3b8c-93e6-ca94c2e3a62c&imsid=52-6432ef341f867&HDR_CBFH_16=1

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers