Report - gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=

Report Overview

Visited public
2023-11-20 21:16:50
Tags
phishing microsoft outlook
Submit Tags
URL
gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Finishing URL
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
IP / ASN
192.185.129.39
#46606 UNIFIEDLAYER-AS-1
Title
Y97hk1d57oEVHjxjFEaqf7wMyJEHzLznGpKRPxZWifuFc
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2023-11-19 21:12:47	435 B	13 kB	104.17.3.184
0jgvx94smaw1iz2.uaoaaiyoff.ru	unknown	2023-11-01	2023-11-07 12:52:50	2023-11-20 02:43:31	8.1 kB	332 kB	172.67.214.7
aadcdn.msauthimages.net	4795	2018-11-12	2019-08-14 20:34:06	2023-11-19 18:15:33	546 B	79 kB	152.199.23.72
gtgassociates.co.tz	unknown	2021-03-29	2021-03-30 06:22:57	2023-11-20 02:43:29	602 B	268 B	192.185.129.39
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-11-19 18:12:10	467 B	26 kB	151.101.193.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	31 B	2023-10-19	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-19 19:11 Last Seen2024-08-21 04:06 Times Seen26506 Hash 3d1074fb6b65f4b9536871023e610d5a 4c714779bcd18078513b46b165790086ba8dccb0 b57f451d459d16b81d0fcacdb0c79d84f114df0ec897bcbff79d72addd7cf688 Loading...

	0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ	ScriptElement	32 kB	2023-11-20	2023-11-20
Pretty URL 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ IP 172.67.214.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 22:16 Last Seen2023-11-20 22:16 Times Seen1 Hash b5cf4e641bad315e58cd4a1865aeb0e7 9fb8fb12ff85a9ae6ab8c268562b7c8223ed3b79 afe464cdd674f9f4be654b2d4858845aa5582f3b8844b611a0e9be5114da7d1b Loading...

	0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt	ScriptElement	87 kB	2023-03-07	2025-07-08
Pretty URL 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt IP 172.67.214.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-07-08 03:20 Times Seen59272 Hash a46fb81762396b7bf2020774a2fb4d9e fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7 d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d Loading...

	data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUoZGVjb2RlVVJJQ29tcG9uZW50KGVzY2FwZShhdG9iKGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIk5rdmVvTGtzRmxxR1lyZSIpLmdldEF0dHJpYnV0ZSgiVE1DRXVvWW5DWUFxTXdXIikpKSkpO0hqeE5EcW15eVNqbVhKZ2dienljPSJIR2hLcWZCb2puYVpXaVYiOw==	ScriptElement	163 B	2024-08-20	2024-08-20
Pretty URL data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUoZGVjb2RlVVJJQ29tcG9uZW50KGVzY2FwZShhdG9iKGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIk5rdmVvTGtzRmxxR1lyZSIpLmdldEF0dHJpYnV0ZSgiVE1DRXVvWW5DWUFxTXdXIikpKSkpO0hqeE5EcW15eVNqbVhKZ2dienljPSJIR2hLcWZCb2puYVpXaVYiOw== IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 18:35 Last Seen2024-08-20 18:35 Times Seen1 Hash 4d37116766546c55f9e18db42a601c7e a00128424774e42a003548afdadd8a37bc0deb9c 82547d43cbd9f2a428eed4b5fa115439b61e27d8faec7d911c4e05d82b88ab60 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-07-08 05:48
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-07-08 05:48 Times Seen404469 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

		Size	First Seen	Last Seen
	#1 Write - 62fa45ac45aa8914e83bab4759a0788f	3.7 kB	2024-08-20 18:35	2024-08-20 18:35
Pretty Observations First Seen2024-08-20 18:35 Last Seen2024-08-20 18:35 Times Seen1 Hash 62fa45ac45aa8914e83bab4759a0788f 5b910db6fb638e772f7339cab9460c7999f84d8e 227e2b02df46fe57ca9bcaf3e949c46a27088cdfe0b92068795d8e345193258c Loading...

	#2 Write - a27c88365ce7cd8f68390c4c024e29e1	3.6 kB	2023-11-07 13:07	2024-08-20 20:33
Pretty Observations First Seen2023-11-07 13:07 Last Seen2024-08-20 20:33 Times Seen72071 Hash a27c88365ce7cd8f68390c4c024e29e1 1d15a8d192608f93096ef8d9aa623c360dbb7351 0ca2b3df8f04565300bafcd6c929a1d310d2a761ff9f8dda200f3f6cffab50ce Loading...

	#3 Write - 4705429a9448137621cad6bdc357ac64	1.1 kB	2024-08-20 18:35	2024-08-20 18:35
Pretty Observations First Seen2024-08-20 18:35 Last Seen2024-08-20 18:35 Times Seen1 Hash 4705429a9448137621cad6bdc357ac64 d329de9ce53eeef092b14166c19bfd457dc2b5d4 1c1bc5987d3883e88e81a196d5669d41c067d8297a6a1bcce4961ec497d8489c Loading...

	#4 Write - feadb418b40515ba2372aca592247983	11 kB	2024-08-20 18:35	2024-08-20 18:35
Pretty Observations First Seen2024-08-20 18:35 Last Seen2024-08-20 18:35 Times Seen1 Hash feadb418b40515ba2372aca592247983 69508f21d2c7e5989ff088c3893441debe070ac8 ae777d5e21ffb568b50112c9d5ea63ac5e7e8efe91eddbaa69477842e3edf015 Loading...

HTTP Transactions (15)

URL IP Response Size

gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=

192.185.129.39

0 B

URL
gtgassociates.co.tz/MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
IP
192.185.129.39:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /MONDAYAJE/4DD8KfW1YMNkL674WfLfy1toWAQh6O/8amq3mL468uBWlgZCkZhJPJfrRoWfjUzZ4M3AeebekkedTxe/ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20= HTTP/1.1
Host: gtgassociates.co.tz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
refresh: 0;url=https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/#daldrich@havenparkmgmt.com
x-content-type-options: nosniff
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 20 Nov 2023 21:16:32 GMT
server: Apache
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

151.101.193.229

25 kB

URL
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
IP
151.101.193.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
25 kB (25360 bytes)
Hash
abe91756d18b7cd60871a2f47c1e8192
7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Mon, 20 Nov 2023 21:16:34 GMT
age: 14038236
x-served-by: cache-fra-eddf8230097-FRA, cache-bma1661-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

13 kB

URL
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
13 kB (12961 bytes)
Hash
947f5184241faa00f008391a78c7c49f
82a745cfb8426300d155f168a1d0ebf465e1b4d3
9e863c54c25e6b52b8ceb6f0bfad7e339b0ae531ba8b50b7930894c0dc2ac178

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 20 Nov 2023 21:16:34 GMT
vary: accept-encoding
location: /turnstile/v0/g/9914b343/api.js
access-control-allow-origin: *
cache-control: max-age=300, public
server: cloudflare
cf-ray: 8293b6fb5d3d712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ

172.67.214.7

200 OK

82 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
ASCII text, with very long lines (9001), with CRLF line terminators
Size
82 kB (81983 bytes)
Hash
b5cf4e641bad315e58cd4a1865aeb0e7
9fb8fb12ff85a9ae6ab8c268562b7c8223ed3b79
afe464cdd674f9f4be654b2d4858845aa5582f3b8844b611a0e9be5114da7d1b

HTTP Headers

GET /1b3sw/6522wNQ1sps/sc-NbG54H78DN5jerEG6RZSkKcJoWBAlAP9ZrF8JgPtoA0esh3QDLn7RBIaAiaYYvcH0cFXtEZdEoDlFwyJ HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6C0y2wAub20MGrpwInOnIFn7V8uYIMWHgsMhoPu0aimALQUJtREHW%2BpO09css49AX3P2LELB0ZVENLD5m83SLCTRb889Aw13lIN4VNgX59fTWSoSWRUSDK1QihtVSOR0tm9GMVLqdbgPgB0u6iQTtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af175691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/67OVhPGOQ43/e-KJBqzCpU9wvcbxR261TuG4Zj4biixWwEa5F4ljrbDXsYt8hSyXdgy7dUixha7Q9Lmtt4JUpu6FX8KrIA

172.67.214.7

200 OK

1.2 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/67OVhPGOQ43/e-KJBqzCpU9wvcbxR261TuG4Zj4biixWwEa5F4ljrbDXsYt8hSyXdgy7dUixha7Q9Lmtt4JUpu6FX8KrIA
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
HTML document, ASCII text, with very long lines (1223), with no line terminators
Size
1.2 kB (1195 bytes)
Hash
4d4431f7f2c9e77ac897947028b22b4d
494f62f0e60b54173d774cd05f88afa128fddf41
d4c8fcb784b4dca3f3829900966f7ccc4dcb7c78fcccd0f980391d5266906d93

HTTP Headers

GET /1b3sw/67OVhPGOQ43/e-KJBqzCpU9wvcbxR261TuG4Zj4biixWwEa5F4ljrbDXsYt8hSyXdgy7dUixha7Q9Lmtt4JUpu6FX8KrIA HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTy59vaAgXg07GggNAo5x3%2BWQUxcy1WSHSOgCf3844Os5pvOUpXjed5cwwyIEqMyUCJNL07PNyoMueG3kYjAHMtvIUOyvvaYKcHhr2DVpdmeLtsDfhoG6KVP3y%2FSbRwbml6qwxQjckFWXs2qs4ZITA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af105691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6DqGHAvxfsU/fi-C79L18HZVzpy3HERRmX7pD6grmz6cO4JYXKW8bv6J7IdS3DhgegN60y65t1ieyan9rvZHqMZned3J9tP

172.67.214.7

200 OK

728 B

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6DqGHAvxfsU/fi-C79L18HZVzpy3HERRmX7pD6grmz6cO4JYXKW8bv6J7IdS3DhgegN60y65t1ieyan9rvZHqMZned3J9tP
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (814), with no line terminators
Size
728 B (728 bytes)
Hash
73e232524704fab76162aeee539823db
98947976e27fe3168693d6cab3faa36aeea5b104
7ca01fb21e721c982720d96a01d36cffa09f741350ed43a2b3b78a99e685b561

HTTP Headers

GET /1b3sw/6DqGHAvxfsU/fi-C79L18HZVzpy3HERRmX7pD6grmz6cO4JYXKW8bv6J7IdS3DhgegN60y65t1ieyan9rvZHqMZned3J9tP HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:39 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZ50fOqOZvjsWk9QAHG6Vs5PIyN92vHaSBVz3QO2r4I51pa2r78VUcASbnhzZI943VrsU5F9Q%2BxY6UTHDOz%2BnQUmnEhJvTNE%2F52QwIsdWeuVE%2FXDK8jK5NwlwcE0y58TYqurljIOx9PE6Z7ucAyb8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7186b525691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=

172.67.214.7

200 OK

15 kB

URL User Request GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
ASCII text, with very long lines (15413), with no line terminators
Size
15 kB (15413 bytes)
Hash
e98494ef3467064065660d440937fa0b
e5bca2b2ab052b1ecc24c9380258e25e725cb63e
271e8ae7ece4f13bc12e741fd8d17f5168c0ceee436e9eb42458cae8609e47c9

HTTP Headers

GET /1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20= HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wryPE%2BbfHP44jl8KiM%2BIDJmS5VMkjTbZh%2BZZf331p%2BGPhBZLixX5suEOtdkN%2FLyOozGUOodpslxJJeOOfRyqaM%2FR06BXin%2FCQsHlYyO4D6ZMhYIXoD51HasDl5J0NVErLEV2OE8uIWIPgJAWPjt2Gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b713ddd75691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6PCdCslrTqC/si-ul891eQPIE2qPcshat3fFDgI82psWAWCh1u96pMJ6k1DPjAcO9AWZD310TD1vRBuMax5YOZAk7umX7Sr

172.67.214.7

200 OK

2.5 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6PCdCslrTqC/si-ul891eQPIE2qPcshat3fFDgI82psWAWCh1u96pMJ6k1DPjAcO9AWZD310TD1vRBuMax5YOZAk7umX7Sr
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2507), with no line terminators
Size
2.5 kB (2471 bytes)
Hash
eaddbb8987aa4e3b6daf09839c06e1b1
c2fcee25ef38151cd2d63e40d17c88878ad2b50e
fa39f33bec21cf361a112bdf5d28e22f95e0a5f1f017c09afa49740dfe85599a

HTTP Headers

GET /1b3sw/6PCdCslrTqC/si-ul891eQPIE2qPcshat3fFDgI82psWAWCh1u96pMJ6k1DPjAcO9AWZD310TD1vRBuMax5YOZAk7umX7Sr HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMfIzzSg2i4qt%2BmzJlmOGd2NwU5FvzFA2R8ou04%2B7Zez%2Fx9CHTrMssmimu%2BWM%2FiGD9KdpCXeCqiJnlOL0VAFr4fKo6tv2hJnqKpDN6hUn39jgVN3SAPxDuRbGFrIGOiMn5Fxc0%2Bp%2FQcVaIMLQsWAkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af115691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6JmgoWGy4Lp/lg-KRvjMq3HJIjxSw06KhOqaoh508woKfHLXOW7k3tJ9fZMACNYTW6MAhbYedzdBOhsqWKvyVw7valAC462

172.67.214.7

200 OK

5.7 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6JmgoWGy4Lp/lg-KRvjMq3HJIjxSw06KhOqaoh508woKfHLXOW7k3tJ9fZMACNYTW6MAhbYedzdBOhsqWKvyVw7valAC462
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
SVG Scalable Vector Graphics image\012- , Unicode text, UTF-8 text, with very long lines (5880), with no line terminators
Size
5.7 kB (5747 bytes)
Hash
210701b7ed23f6c688db552c52354aa4
81c87826621e983176e10a519e632e58efa73068
452aa9feda2171aabf287bdd3a84e8a64d6583cc464ea6472b985be92ba77bb5

HTTP Headers

GET /1b3sw/6JmgoWGy4Lp/lg-KRvjMq3HJIjxSw06KhOqaoh508woKfHLXOW7k3tJ9fZMACNYTW6MAhbYedzdBOhsqWKvyVw7valAC462 HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iKRnXYzsodeWO1maU2scNHxYaBnxOMhlzGlIsgPrBUwfBVfds9UdVbSlmDj%2FmZWgI9ZmrLhdfb%2BGriGA6fYrQ0qqvsSW8Mj5pz4YhufI2u5%2Fb5TLq%2FOnEEY4XdnGc2ohVjTtRFuhpRq7HDAXdi6yA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b714af0b5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6A9GFlwaeQa/bg-5a0UMkzM2qhrakqS761dffY8mKmJwKLI40bMjIbuoXbGoSmpIr9xesiDoZ8CZUQRP5LIAOXMYkiKOMIQ

172.67.214.7

200 OK

16 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6A9GFlwaeQa/bg-5a0UMkzM2qhrakqS761dffY8mKmJwKLI40bMjIbuoXbGoSmpIr9xesiDoZ8CZUQRP5LIAOXMYkiKOMIQ
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type

Size
16 kB (16500 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1b3sw/6A9GFlwaeQa/bg-5a0UMkzM2qhrakqS761dffY8mKmJwKLI40bMjIbuoXbGoSmpIr9xesiDoZ8CZUQRP5LIAOXMYkiKOMIQ HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jm5FsgjIrpVbULhpcWXfkxC66%2F6ENpkiqwpOIblmfIeOjhK50hm97Oy8bwt3e8g1WnOI7y3dMtRLh7%2FM6h6T0FCmH9znNNgvsI0LVeaiglSWHotCMHvFIyFS4t%2FfEoBBQUvU%2BJyFxOzz45V7UUXkFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b716f9d25691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/65xsDMuONym/st-4qnakfdIuM7py2XYbDH1cMhM0xILhgInuoT1He1lHixIWyaFlcS606Pv93LXb37SFWvl6Ce4vKEEMWUb

172.67.214.7

200 OK

97 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/65xsDMuONym/st-4qnakfdIuM7py2XYbDH1cMhM0xILhgInuoT1He1lHixIWyaFlcS606Pv93LXb37SFWvl6Ce4vKEEMWUb
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
97 kB (96562 bytes)
Hash
11f4f8cae1bfb32cab3fd4b72155779c
dd9a1accfa0a82218d305302ebc80addbc5e5e2c
8211bcfd34ea82e461a36eb0b6f6291d2d7af35461f7a3fda85a3d0526e94f99

HTTP Headers

GET /1b3sw/65xsDMuONym/st-4qnakfdIuM7py2XYbDH1cMhM0xILhgInuoT1He1lHixIWyaFlcS606Pv93LXb37SFWvl6Ce4vKEEMWUb HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/css;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CuLh1284ats5pbVgUEUc8sI16pd0%2BWBXQ6F8mZZ3Is1wzJX%2BRM%2F%2FUZiC%2BNBfivMxYcmxf4uWoA4KCr5aRf83PeUnS5%2BybikPjxnLFAAUcfDkD4orfmBb%2FtmWHASHz4cItm%2BkPrz1Rf0vI1yVTEdnSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7149f025691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6jy4hEcS55x/bg-W705fVqe9a5Hqk1NiBqnSiMqXrqs76rKvhdo0s4SxUk66lYA9QboVO90KhCpIM4AcK7wq93K6UA19gP9

172.67.214.7

200 OK

16 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/6jy4hEcS55x/bg-W705fVqe9a5Hqk1NiBqnSiMqXrqs76rKvhdo0s4SxUk66lYA9QboVO90KhCpIM4AcK7wq93K6UA19gP9
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type

Size
16 kB (16500 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1b3sw/6jy4hEcS55x/bg-W705fVqe9a5Hqk1NiBqnSiMqXrqs76rKvhdo0s4SxUk66lYA9QboVO90KhCpIM4AcK7wq93K6UA19gP9 HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: image/svg+xml
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IVOA4exGbq%2BkQwYNaJaq%2BO7Wz1EKbv0WD32W8xpMqv86%2Friwk7Ei3RSUimXoNn80LuOh9mKI4bRG8B8HQvFmKP0Lqu4qFcgx1TZU3LG9ORg3%2Bqk82l5kkY6pX5sOb7qqo021xuI6piO3jgV8kBv4bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b716f9d15691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET aadcdn.msauthimages.net/dbd5a2dd-uoqjhttblonxuhg7zatwokljqveqvandon4te9zwmgm/logintenantbranding/0/illustration?ts=637438387445131712

152.199.23.72

200 OK

78 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-uoqjhttblonxuhg7zatwokljqveqvandon4te9zwmgm/logintenantbranding/0/illustration?ts=637438387445131712
IP
152.199.23.72:443
ASN
#15133 EDGECAST

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D
ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT

File type
PNG image data, 1920 x 972, 8-bit/color RGBA, non-interlaced\012- data
Size
78 kB (78090 bytes)
Hash
03898bccf7fa4171b64aa6548bfbe2f6
826d368716e785a5ef1bea4ebd4ad385ce2d01cb
88269571b0c8ad6f1b8a2daa3ef0e7dff4944227e58558708fdde17b8dcd38d5

HTTP Headers

GET /dbd5a2dd-uoqjhttblonxuhg7zatwokljqveqvandon4te9zwmgm/logintenantbranding/0/illustration?ts=637438387445131712 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: A4mLzPf6QXG2SqZUi/vi9g==
content-type: image/*
date: Mon, 20 Nov 2023 21:16:39 GMT
etag: 0x8D8A2D60A03D4D7
last-modified: Thu, 17 Dec 2020 21:52:24 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 17add730-201e-0046-70f6-1b7765000000
x-ms-version: 2009-09-19
content-length: 78090
X-Firefox-Spdy: h2

GET 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt

172.67.214.7

200 OK

87 kB

URL GET HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
87 kB (86927 bytes)
Hash
a46fb81762396b7bf2020774a2fb4d9e
fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

HTTP Headers

GET /1b3sw/62djWijV6Ny/jq-2I85Bp67nVLcPqC0mipJEU8Yk9I4RNzQo2N4ZHkVpL2IS2ng1ZbWQIvcWyl6Ut13x4kYcaTcknTZ8zYt HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:38 GMT
content-type: text/javascript;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BhQ1qkiZJZRk8w9SnPcdcr8CPvpLW6nXB72Dnn11cFWdnfGCXANPGe4%2FfMfBT9VYF7aUMvMCSdn8RHMUajLGTJOCMTf4BMvej35kpD6%2FuVSful9pTzWlc973Qzvv%2BS7wmz4M1dxrn2qzNX7rjKZR7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7149f075691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

POST 0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/3qivrzRDwxFKBtyiMY9jGDxXVJ

172.67.214.7

200 OK

220 B

URL POST HTTP/3
0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/3qivrzRDwxFKBtyiMY9jGDxXVJ
IP
172.67.214.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Certificate
IssuerGoogle Trust Services LLC
Subjectuaoaaiyoff.ru
Fingerprint57:1E:DB:48:D4:DE:5F:73:08:24:E5:CD:85:69:3C:06:64:90:3F:45
ValidityWed, 01 Nov 2023 20:53:49 GMT - Tue, 30 Jan 2024 20:53:48 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
220 B (220 bytes)
Hash
c390ebdea3798e696a9750b329937059
41f70f9055c5d3914612fe52d17c1d14144f6838
4a06a05a755b8bdd3c827f10967d941d0272983d2adffeb5c1c334610f59bd33

HTTP Headers

POST /1b3sw/3qivrzRDwxFKBtyiMY9jGDxXVJ HTTP/1.1
Host: 0jgvx94smaw1iz2.uaoaaiyoff.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 41
Origin: https://0jgvx94smaw1iz2.uaoaaiyoff.ru
DNT: 1
Connection: keep-alive
Referer: https://0jgvx94smaw1iz2.uaoaaiyoff.ru/1b3sw/0QLRDKyE4lRyKLkXk8nns9z5EA9O2mRIdtMPWBlfhCNWRz9DtEMcfHUhCwIzreDPvJHGubWHob6S2Z9f2MlYDjyUqD5?id=ZGFsZHJpY2hAaGF2ZW5wYXJrbWdtdC5jb20=
Cookie: PHPSESSID=4jqqhlq6ve5uvadoeqklqqt01g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 21:16:39 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ONF9in3pMyXNaKj1dSs%2Fu1aEgWftU3a%2FO%2Bc0TjBmW3zRfy3Sn0UZKG1AYzWxZoOUT2YMGq%2BT5VVwEWnkV5aSqfGD%2FoOYV%2FNEGf2ojYt6oniozaTIMIZPgDL3bVsphafApqQO5XTvjaurcVnpxKtWbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8293b7178a7b5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers