Report - gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=

Report Overview

Submitted URL

gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
IP

192.185.129.39

ASN

#46606 UNIFIEDLAYER-AS-1
Submitted

2023-11-20T21:16:50Z

Access

public
Website Title

Y97hk1d57oEVHjxjFEaqf7wMyJEHzLznGpKRPxZWifuFc
Final URL

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Tags

phishing microsoft outlook
urlquery detections

Phishing - Microsoft Outlook

Detections

urlquery

3
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com (1)	unknown	2021-10-20 07:02:03	2023-11-19 21:12:47	435	13250	104.17.3.184
0jgvx94smaw1iz2.uaoaaiyoff.ru (11)	unknown	2023-11-07 12:52:50	2023-11-20 02:43:31	8084	331974	172.67.214.7
aadcdn.msauthimages.net (1)	4795	2019-08-14 20:34:06	2023-11-19 18:15:33	546	78709	152.199.23.72
gtgassociates.co.tz (1)	unknown	2021-03-30 06:22:57	2023-11-20 02:43:29	602	268	192.185.129.39
cdn.jsdelivr.net (1)	439	2012-09-30 02:15:09	2023-11-19 18:12:10	467	26134	151.101.193.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

Pretty

URL

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-11-20 22:16:51

Last Seen2023-11-20 22:16:51

Times Seen2
Hash

b5cf4e641bad315e58cd4a1865aeb0e7

9fb8fb12ff85a9ae6ab8c268562b7c8223ed3b79

afe464cdd674f9f4be654b2d4858845aa5582f3b8844b611a0e9be5114da7d1b

Pretty

URL

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 01:10:49

Last Seen2023-12-08 10:28:42

Times Seen166695
Hash

a46fb81762396b7bf2020774a2fb4d9e

fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7

d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Pretty

URL

data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUoZGVjb2RlVVJJQ29tcG9uZW50KGVzY2FwZShhdG9iKGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIk5rdmVvTGtzRmxxR1lyZSIpLmdldEF0dHJpYnV0ZSgiVE1DRXVvWW5DWUFxTXdXIikpKSkpO0hqeE5EcW15eVNqbVhKZ2dienljPSJIR2hLcWZCb2puYVpXaVYiOw==
IP

0.0.0.0:0
ASN

#0

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-11-20 22:16:51

Last Seen2023-11-20 22:16:51

Times Seen1
Hash

4d37116766546c55f9e18db42a601c7e

a00128424774e42a003548afdadd8a37bc0deb9c

82547d43cbd9f2a428eed4b5fa115439b61e27d8faec7d911c4e05d82b88ab60

HTTP Transactions (15)

URL IP Response Size

gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=

192.185.129.39

URL

gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
IP

192.185.129.39:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

                                        GET /MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20= HTTP/1.1
Host: gtgassociates.co.tz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
refresh: 0;url=https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/#daldrich@havenparkmgmt.com
x-content-type-options: nosniff
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 20 Nov 2023 21:16:32 GMT
server: Apache
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

151.101.193.229

25360

URL

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
IP

151.101.193.229:0
ASN

#54113 FASTLY

Magic

Unicode text, UTF-8 text, with very long lines (65306)

Size

25360
Hash

abe91756d18b7cd60871a2f47c1e8192

7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d

7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

HTTP Headers

                                        GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Mon, 20 Nov 2023 21:16:34 GMT
age: 14038236
x-served-by: cache-fra-eddf8230097-FRA, cache-bma1661-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

12961

URL

challenges.cloudflare.com/turnstile/v0/api.js
IP

104.17.3.184:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

12961
Hash

947f5184241faa00f008391a78c7c49f

82a745cfb8426300d155f168a1d0ebf465e1b4d3

9e863c54c25e6b52b8ceb6f0bfad7e339b0ae531ba8b50b7930894c0dc2ac178

HTTP Headers

                                        GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 302 Found
date: Mon, 20 Nov 2023 21:16:34 GMT
vary: accept-encoding
location: /turnstile/v0/g/9914b343/api.js
access-control-allow-origin: *
cache-control: max-age=300, public
server: cloudflare
cf-ray: 8293b6fb5d3d712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ

172.67.214.7

200 OK

81983

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

ASCII text, with very long lines (9001), with CRLF line terminators

Size

81983
Hash

b5cf4e641bad315e58cd4a1865aeb0e7

9fb8fb12ff85a9ae6ab8c268562b7c8223ed3b79

afe464cdd674f9f4be654b2d4858845aa5582f3b8844b611a0e9be5114da7d1b

HTTP Headers

                                        GET /1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6C0y2wAub20MGrpwInOnIFn7V8uYIMWHgsMhoPu0aimALQUJtREHW%2BpO09css49AX3P2LELB0ZVENLD5m83SLCTRb889Aw13lIN4VNgX59fTWSoSWRUSDK1QihtVSOR0tm9GMVLqdbgPgB0u6iQTtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af175691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/67OVhPGOQ43/e-KJBqzCpU9wvcbxR261TuG4Zj4biixWwEa5F4ljrbDXsYt8hSyXdgy7dUixha7Q9Lmtt4JUpu6FX8KrIA

172.67.214.7

200 OK

1195

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/67OVhPGOQ43/e-KJBqzCpU9wvcbxR261TuG4Zj4biixWwEa5F4ljrbDXsYt8hSyXdgy7dUixha7Q9Lmtt4JUpu6FX8KrIA
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

HTML document, ASCII text, with very long lines (1223), with no line terminators

Size

1195
Hash

4d4431f7f2c9e77ac897947028b22b4d

494f62f0e60b54173d774cd05f88afa128fddf41

d4c8fcb784b4dca3f3829900966f7ccc4dcb7c78fcccd0f980391d5266906d93

HTTP Headers

                                        GET /1b3sw/67OVhPGOQ43/e-KJBqzCpU9wvcbxR261TuG4Zj4biixWwEa5F4ljrbDXsYt8hSyXdgy7dUixha7Q9Lmtt4JUpu6FX8KrIA HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTy59vaAgXg07GggNAo5x3%2BWQUxcy1WSHSOgCf3844Os5pvOUpXjed5cwwyIEqMyUCJNL07PNyoMueG3kYjAHMtvIUOyvvaYKcHhr2DVpdmeLtsDfhoG6KVP3y%2FSbRwbml6qwxQjckFWXs2qs4ZITA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af105691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6DqGHAvxfsU/fi-C79L18HZVzpy3HERRmX7pD6grmz6cO4JYXKW8bv6J7IdS3DhgegN60y65t1ieyan9rvZHqMZned3J9tP

172.67.214.7

200 OK

728

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6DqGHAvxfsU/fi-C79L18HZVzpy3HERRmX7pD6grmz6cO4JYXKW8bv6J7IdS3DhgegN60y65t1ieyan9rvZHqMZned3J9tP
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (814), with no line terminators

Size

728
Hash

73e232524704fab76162aeee539823db

98947976e27fe3168693d6cab3faa36aeea5b104

7ca01fb21e721c982720d96a01d36cffa09f741350ed43a2b3b78a99e685b561

HTTP Headers

                                        GET /1b3sw/6DqGHAvxfsU/fi-C79L18HZVzpy3HERRmX7pD6grmz6cO4JYXKW8bv6J7IdS3DhgegN60y65t1ieyan9rvZHqMZned3J9tP HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:39 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZ50fOqOZvjsWk9QAHG6Vs5PIyN92vHaSBVz3QO2r4I51pa2r78VUcASbnhzZI943VrsU5F9Q%2BxY6UTHDOz%2BnQUmnEhJvTNE%2F52QwIsdWeuVE%2FXDK8jK5NwlwcE0y58TYqurljIOx9PE6Z7ucAyb8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7186b525691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=

172.67.214.7

200 OK

15413

URL User Request GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

ASCII text, with very long lines (15413), with no line terminators

Size

15413
Hash

e98494ef3467064065660d440937fa0b

e5bca2b2ab052b1ecc24c9380258e25e725cb63e

271e8ae7ece4f13bc12e741fd8d17f5168c0ceee436e9eb42458cae8609e47c9

HTTP Headers

                                        GET /1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20= HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wryPE%2BbfHP44jl8KiM%2BIDJmS5VMkjTbZh%2BZZf331p%2BGPhBZLixX5suEOtdkN%2FLyOozGUOodpslxJJeOOfRyqaM%2FR06BXin%2FCQsHlYyO4D6ZMhYIXoD51HasDl5J0NVErLEV2OE8uIWIPgJAWPjt2Gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b713ddd75691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6PCdCslrTqC/si-ul891eQPIE2qPcshat3fFDgI82psWAWCh1u96pMJ6k1DPjAcO9AWZD310TD1vRBuMax5YOZAk7umX7Sr

172.67.214.7

200 OK

2471

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6PCdCslrTqC/si-ul891eQPIE2qPcshat3fFDgI82psWAWCh1u96pMJ6k1DPjAcO9AWZD310TD1vRBuMax5YOZAk7umX7Sr
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2507), with no line terminators

Size

2471
Hash

eaddbb8987aa4e3b6daf09839c06e1b1

c2fcee25ef38151cd2d63e40d17c88878ad2b50e

fa39f33bec21cf361a112bdf5d28e22f95e0a5f1f017c09afa49740dfe85599a

HTTP Headers

                                        GET /1b3sw/6PCdCslrTqC/si-ul891eQPIE2qPcshat3fFDgI82psWAWCh1u96pMJ6k1DPjAcO9AWZD310TD1vRBuMax5YOZAk7umX7Sr HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMfIzzSg2i4qt%2BmzJlmOGd2NwU5FvzFA2R8ou04%2B7Zez%2Fx9CHTrMssmimu%2BWM%2FiGD9KdpCXeCqiJnlOL0VAFr4fKo6tv2hJnqKpDN6hUn39jgVN3SAPxDuRbGFrIGOiMn5Fxc0%2Bp%2FQcVaIMLQsWAkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af115691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6JmgoWGy4Lp/lg-KRvjMq3HJIjxSw06KhOqaoh508woKfHLXOW7k3tJ9fZMACNYTW6MAhbYedzdBOhsqWKvyVw7valAC462

172.67.214.7

200 OK

5747

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6JmgoWGy4Lp/lg-KRvjMq3HJIjxSw06KhOqaoh508woKfHLXOW7k3tJ9fZMACNYTW6MAhbYedzdBOhsqWKvyVw7valAC462
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (5880), with no line terminators

Size

5747
Hash

210701b7ed23f6c688db552c52354aa4

81c87826621e983176e10a519e632e58efa73068

452aa9feda2171aabf287bdd3a84e8a64d6583cc464ea6472b985be92ba77bb5

HTTP Headers

                                        GET /1b3sw/6JmgoWGy4Lp/lg-KRvjMq3HJIjxSw06KhOqaoh508woKfHLXOW7k3tJ9fZMACNYTW6MAhbYedzdBOhsqWKvyVw7valAC462 HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iKRnXYzsodeWO1maU2scNHxYaBnxOMhlzGlIsgPrBUwfBVfds9UdVbSlmDj%2FmZWgI9ZmrLhdfb%2BGriGA6fYrQ0qqvsSW8Mj5pz4YhufI2u5%2Fb5TLq%2FOnEEY4XdnGc2ohVjTtRFuhpRq7HDAXdi6yA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af0b5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6A9GFlwaeQa/bg-5a0UMkzM2qhrakqS761dffY8mKmJwKLI40bMjIbuoXbGoSmpIr9xesiDoZ8CZUQRP5LIAOXMYkiKOMIQ

172.67.214.7

200 OK

16500

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6A9GFlwaeQa/bg-5a0UMkzM2qhrakqS761dffY8mKmJwKLI40bMjIbuoXbGoSmpIr9xesiDoZ8CZUQRP5LIAOXMYkiKOMIQ
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

Size

16500
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /1b3sw/6A9GFlwaeQa/bg-5a0UMkzM2qhrakqS761dffY8mKmJwKLI40bMjIbuoXbGoSmpIr9xesiDoZ8CZUQRP5LIAOXMYkiKOMIQ HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jm5FsgjIrpVbULhpcWXfkxC66%2F6ENpkiqwpOIblmfIeOjhK50hm97Oy8bwt3e8g1WnOI7y3dMtRLh7%2FM6h6T0FCmH9znNNgvsI0LVeaiglSWHotCMHvFIyFS4t%2FfEoBBQUvU%2BJyFxOzz45V7UUXkFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b716f9d25691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/65xsDMuONym/st-4qnakfdIuM7py2XYbDH1cMhM0xILhgInuoT1He1lHixIWyaFlcS606Pv93LXb37SFWvl6Ce4vKEEMWUb

172.67.214.7

200 OK

96562

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/65xsDMuONym/st-4qnakfdIuM7py2XYbDH1cMhM0xILhgInuoT1He1lHixIWyaFlcS606Pv93LXb37SFWvl6Ce4vKEEMWUb
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

96562
Hash

11f4f8cae1bfb32cab3fd4b72155779c

dd9a1accfa0a82218d305302ebc80addbc5e5e2c

8211bcfd34ea82e461a36eb0b6f6291d2d7af35461f7a3fda85a3d0526e94f99

HTTP Headers

                                        GET /1b3sw/65xsDMuONym/st-4qnakfdIuM7py2XYbDH1cMhM0xILhgInuoT1He1lHixIWyaFlcS606Pv93LXb37SFWvl6Ce4vKEEMWUb HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/css;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CuLh1284ats5pbVgUEUc8sI16pd0%2BWBXQ6F8mZZ3Is1wzJX%2BRM%2F%2FUZiC%2BNBfivMxYcmxf4uWoA4KCr5aRf83PeUnS5%2BybikPjxnLFAAUcfDkD4orfmBb%2FtmWHASHz4cItm%2BkPrz1Rf0vI1yVTEdnSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7149f025691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6jy4hEcS55x/bg-W705fVqe9a5Hqk1NiBqnSiMqXrqs76rKvhdo0s4SxUk66lYA9QboVO90KhCpIM4AcK7wq93K6UA19gP9

172.67.214.7

200 OK

16500

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6jy4hEcS55x/bg-W705fVqe9a5Hqk1NiBqnSiMqXrqs76rKvhdo0s4SxUk66lYA9QboVO90KhCpIM4AcK7wq93K6UA19gP9
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

Size

16500
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /1b3sw/6jy4hEcS55x/bg-W705fVqe9a5Hqk1NiBqnSiMqXrqs76rKvhdo0s4SxUk66lYA9QboVO90KhCpIM4AcK7wq93K6UA19gP9 HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IVOA4exGbq%2BkQwYNaJaq%2BO7Wz1EKbv0WD32W8xpMqv86%2Friwk7Ei3RSUimXoNn80LuOh9mKI4bRG8B8HQvFmKP0Lqu4qFcgx1TZU3LG9ORg3%2Bqk82l5kkY6pX5sOb7qqo021xuI6piO3jgV8kBv4bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b716f9d15691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aadcdn.msauthimages.net/dbd5a2dd-uoqjhttblonxuhg7zatwokljqveqvandon4te9zwmgm/logintenantbranding/0/illustration?ts=637438387445131712

152.199.23.72

200 OK

78090

URL GET HTTP/2

aadcdn.msauthimages.net/dbd5a2dd-uoqjhttblonxuhg7zatwokljqveqvandon4te9zwmgm/logintenantbranding/0/illustration?ts=637438387445131712
IP

152.199.23.72:443
ASN

#15133 EDGECAST

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerMicrosoft Corporation

Subjectaadcdn.msauthimages.net

Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D

ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT

Magic

PNG image data, 1920 x 972, 8-bit/color RGBA, non-interlaced\012- data

Size

78090
Hash

03898bccf7fa4171b64aa6548bfbe2f6

826d368716e785a5ef1bea4ebd4ad385ce2d01cb

88269571b0c8ad6f1b8a2daa3ef0e7dff4944227e58558708fdde17b8dcd38d5

HTTP Headers

                                        GET /dbd5a2dd-uoqjhttblonxuhg7zatwokljqveqvandon4te9zwmgm/logintenantbranding/0/illustration?ts=637438387445131712 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: A4mLzPf6QXG2SqZUi/vi9g==
content-type: image/*
date: Mon, 20 Nov 2023 21:16:39 GMT
etag: 0x8D8A2D60A03D4D7
last-modified: Thu, 17 Dec 2020 21:52:24 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 17add730-201e-0046-70f6-1b7765000000
x-ms-version: 2009-09-19
content-length: 78090
X-Firefox-Spdy: h2

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt

172.67.214.7

200 OK

86927

URL GET HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

ASCII text, with very long lines (65450), with CRLF line terminators

Size

86927
Hash

a46fb81762396b7bf2020774a2fb4d9e

fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7

d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

HTTP Headers

                                        GET /1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BhQ1qkiZJZRk8w9SnPcdcr8CPvpLW6nXB72Dnn11cFWdnfGCXANPGe4%2FfMfBT9VYF7aUMvMCSdn8RHMUajLGTJOCMTf4BMvej35kpD6%2FuVSful9pTzWlc973Qzvv%2BS7wmz4M1dxrn2qzNX7rjKZR7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7149f075691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/3qivrzRDwxFKBtyiMY9jGDxXVJ

172.67.214.7

200 OK

220

URL POST HTTP/3

0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/3qivrzRDwxFKBtyiMY9jGDxXVJ
IP

172.67.214.7:443
ASN

#13335 CLOUDFLARENET

Requested by

https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate

IssuerGoogle Trust Services LLC

Subjectuaoaaiyoff.ru

Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45

ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

Magic

troff or preprocessor input, ASCII text, with no line terminators

Size

220
Hash

c390ebdea3798e696a9750b329937059

41f70f9055c5d3914612fe52d17c1d14144f6838

4a06a05a755b8bdd3c827f10967d941d0272983d2adffeb5c1c334610f59bd33

HTTP Headers

                                        POST /1b3sw/3qivrzRDwxFKBtyiMY9jGDxXVJ HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 41
Origin: https://0jgvx94smaw1iz2.uaoaaiyoff.ru
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:39 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONF9in3pMyXNaKj1dSs%2Fu1aEgWftU3a%2FO%2Bc0TjBmW3zRfy3Sn0UZKG1AYzWxZoOUT2YMGq%2BT5VVwEWnkV5aSqfGD%2FoOYV%2FNEGf2ojYt6oniozaTIMIZPgDL3bVsphafApqQO5XTvjaurcVnpxKtWbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7178a7b5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

#1 JS:Script (size: 31)

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 31730)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 86927)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 163)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#1 JS:Eval (size: 4)

Observations

Hash

#1 JS:Write (size: 3692)

Observations

Hash

#2 JS:Write (size: 3574)

Observations

Hash

#3 JS:Write (size: 1148)

Observations

Hash

#4 JS:Write (size: 11328)

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers