Report - ut.horestnou.ru/0cGLdK5/

Report Overview

Visited public
2025-03-04 13:52:38
Tags
microsoft phishing suspicious
URL
ut.horestnou.ru/0cGLdK5/
Finishing URL
ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
IP / ASN
172.67.209.173
#13335 CLOUDFLARENET
Title
Profile Access Portal
Phishing - Microsoft
Phishing - Generic phishing
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ut.horestnou.ru	unknown	2024-12-12	2025-03-04	2025-03-04	35 kB	5.6 MB	172.67.209.173
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2025-02-26	889 B	11 kB	185.199.109.133
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-03-04	2.0 kB	268 kB	143.204.55.81
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-02-26	446 B	1.7 kB	104.16.6.189
code.jquery.com	634	2005-12-10	2012-05-21	2025-02-26	1.3 kB	270 kB	151.101.130.137
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-02-26	1.4 kB	148 kB	104.17.25.14
github.com	1423	2007-10-09	2016-07-13	2025-02-26	454 B	15 kB	140.82.121.4
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-02-26	912 B	97 kB	104.18.94.41
3kq246.zkmkxitv.ru	unknown	2025-02-19	2025-03-04	2025-03-04	450 B	823 B	104.21.112.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (27)

	URL	From	Size	First Seen	Last Seen
	ut.horestnou.ru/0cGLdK5/	ScriptElement	39 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/0cGLdK5/ IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 601f46cb1a4616b2aa5496ca3e540b46 376e26b3ced188880fb84a22509691f8d5a5ca28 2f7d6ef7d015611a3955ec3b8fbe9ca1621f19fd8ae5544c6674f96506043636 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-22 05:38 Times Seen103025 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	ut.horestnou.ru/0cGLdK5/	ScriptElement	2.5 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/0cGLdK5/ IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 19599fa14884bd19c62a7fd8980b21f0 e948b4022bd18d298a60ec25438a5da8662f0701 68002984dbbd57bd3fdbd434929317949dc5f0d0810cfa6bff46d30de63665e4 Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	ScriptElement	771 B	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 69887c92e372245c432c634b3ef1fddb 47c47bf07f1093958ea0ede78ca28683d806064c 1fcd62301ac2489c52dced98b0fa2b6e7acc3dc8d45d6888d1c2f3d21db19c0d Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	Eval	13 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash f1728ab1ed63398f49d32dd8b83ba15b b0555ddee7402e6a2a30907ab6c0168df825ac1b f72a0bc7e720e9bcd11dbe5c3c395bed9b8b3f19650fa159d85efe3dc9758d79 Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	Eval	149 kB	2025-03-02	2025-03-05
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-02 04:39 Last Seen2025-03-05 21:26 Times Seen384 Hash 17b13065935376e55fbc397f96751ebe e50a35c558f80856c6a66adebcb518c3636a2b7f 19ea2c1d9f215c85b76f0d6005f108c71f54a9fa3fbd989c3e68999014ae7052 Loading...

	ut.horestnou.ru/0cGLdK5/	ScriptElement	22 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/0cGLdK5/ IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 8c8aa29e41390a9489c07fc8e6e75e3d 9c07fe801a99b98c03a8fbbcf9107a5514ffd83e abf82dff061e196b3bb348c8e229a8663d714f2cb01c5aeb6c7a808d6394d707 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-22 05:38 Times Seen103025 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	ScriptElement	2.1 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash a7ea0edea93b6426072830792a31d8ee e0eb6d857ef0aabda43f31a9e6c77de2416d40c4 4f6458ac58e9a961c7a61f827b9c33da558bcebd7c9929d98b666aa080860929 Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	ScriptElement	140 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash cf6e2b276d05930855503cdffa1382cc ea8d41e4680bcd5c6569190bf2fe5ee50795cfbf d923fddbaa51de57b8a2f88cc180959adf66322672939efd31ef4424e0e6b46c Loading...

	github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js	ScriptElement	10 kB	2024-05-30	2025-06-22
Pretty URL github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js IP 140.82.121.4 ASN #36459 GITHUB Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-30 22:56 Last Seen2025-06-22 05:38 Times Seen25219 Hash 6c20a2be8ba900bc0a7118893a2b1072 ff7766fde1f33882c6e1c481ceed6f6588ea764c b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500 Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	ScriptElement	20 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 06f00f3d66ca589cb56b32e81eae01f0 5bda2126113a0888dac46a51669a33f8d72574d9 6252090751dc4d69cf0c1050199ad36df6900684ec6bc92dc26e4bcbd4945c43 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-06-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-22 05:38 Times Seen103025 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	ScriptElement	2.4 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 9797ff4421819611661461b98c4fdc1c 236fa105ff08131d2a7fde026c5292b1f81caf17 d32db3b5b75b66d444c163df567d365945cb43c562e3daf8b39da1825547ae0a Loading...

	ut.horestnou.ru/0cGLdK5/	Eval	1.7 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/0cGLdK5/ IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash e28ff1393d130c3c26783c3ce2213da4 e2a94bfd9650a61fe143cdd8e77a7fff981da004 94136d46c5301207d577acd532df38892b449258aca858a81ba4bf76bac8d5af Loading...

	ut.horestnou.ru/0cGLdK5/	ScriptElement	9.8 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/0cGLdK5/ IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 87ae6d76f283bced9002bad0b7a67ee6 28c72282f4a85543cf2262054320959a734ff89e a0ce70c20772dfe025f798f30a9f5182a523b5484fb0cc162ee641ffdfa3cc6f Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-22
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-22 05:43 Times Seen222154 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	ut.horestnou.ru/0cGLdK5/	Function	1.8 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/0cGLdK5/ IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by Function Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 7f2f81ac0a38a0573560d928d4f86d5e 161151afe4fe48513e1e1950fe9e9bc5433a54ef cdacc0253317a41f6395d970d35b2854989bf1cb5478ed6a3c75d559ac661cd8 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-22
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-22 05:43 Times Seen222154 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-22
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-22 05:43 Times Seen222154 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	ScriptElement	48 kB	2025-03-04	2025-03-19
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 09:50 Last Seen2025-03-19 17:49 Times Seen5728 Hash 184e29de57c67bc329c650f294847c16 961208535893142386ba3efe1444b4f8a90282c3 dd03ba1dd6d73643a8ed55f4cebc059d673046975d106d26d245326178c2eb9d Loading...

	ut.horestnou.ru/0cGLdK5/	ScriptElement	7.7 kB	2025-03-04	2025-03-04
Pretty URL ut.horestnou.ru/0cGLdK5/ IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 4c112ceef62db6e96fb865f290388eb3 4fd6051a44f9e7fb988971f949e8797a97ed184e 9368cdd78ae0564104b942a46090fc9311d12b6dc22e07f878007b67efa960e0 Loading...

	ut.horestnou.ru/34XbIpXzC7oofdklDHPgiTjK1Zp89106	ScriptElement	4.8 MB	2025-03-01	2025-03-05
Pretty URL ut.horestnou.ru/34XbIpXzC7oofdklDHPgiTjK1Zp89106 IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-01 20:24 Last Seen2025-03-05 21:26 Times Seen402 Hash 98c1379f2579a3442d9900865a1742f4 6963b093f39513dd643482faa818bee986a5cab0 ace6bd023d485928b0cdea143eaab96918c9f12be0d97ab848ea027c333d7248 Loading...

	ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN	Eval	198 kB	2025-02-12	2025-03-05
Pretty URL ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN IP 172.67.209.173 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-02-12 21:51 Last Seen2025-03-05 21:26 Times Seen5350 Hash e02c5cea485ebc4c57548fb383b0fe08 46ca89bcbd64f2c27cb2147b23ff976c7d93ebeb 944a843f8023cf4d833b53d7714e30bdb2aa2625248becc7c38e4de9ebf47071 Loading...

		Size	First Seen	Last Seen
	#1 Write - 627a6a0d77faece792da7a04cb335eda	58 kB	2025-03-04 13:52	2025-03-04 13:52
Pretty Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 627a6a0d77faece792da7a04cb335eda 6a524f1e63e2e5834a10383144b3917ac337bbde fe664e8ea950931ac9c8de7093d3e959ee2db5a3cf5684c0a84c4452c058df9a Loading...

	#2 Write - 8ac34f9758f9bf3620a5554294127b27	12 kB	2025-03-04 13:52	2025-03-04 13:52
Pretty Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash 8ac34f9758f9bf3620a5554294127b27 1561ec008a5b54f383c21f3d48189f6052e22cea 0839b53772a8891a1750d310bc3935480dc529609d496d12f4e2fd804ade20cc Loading...

	#3 Write - ed2c4c434a0c89f377ce05aec91b5287	104 kB	2025-03-04 13:52	2025-03-04 13:52
Pretty Observations First Seen2025-03-04 13:52 Last Seen2025-03-04 13:52 Times Seen1 Hash ed2c4c434a0c89f377ce05aec91b5287 7ae7b627872774e17504fbbab03b985de8d26ab2 6e9be6747ee1c01751795d95a0cc12e7af008c12956ffc1cd88dbf5b14207a1b Loading...

HTTP Transactions (44)

URL IP Response Size

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 04 Mar 2025 13:52:24 GMT
age: 2338002
x-served-by: cache-lga21931-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 337057
x-timer: S1741096345.701982,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 04 Mar 2025 13:52:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1501293
expires: Sun, 22 Feb 2026 13:52:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xAEd3ht6YccI1DQ9AQx7IHCMk7UGQ9dHJXbitk02FsvJZ2%2Fgn2yvyJRMvmiN8Yb7vBEWg9GoxQpD%2B0OzzMCQpY%2BksmHwrr%2F1ZlMvCaUY1UNMLlzhknUeYcBnG2g5PVIuItVWYNEr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 91b1da620f3a5688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 04 Mar 2025 13:52:23 GMT
age: 2338000
x-served-by: cache-lga21931-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 337054
x-timer: S1741096343.000868,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN

172.67.209.173

200 OK

152 kB

URL User Request GET
ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
HTML document, ASCII text, with very long lines (52009), with CRLF line terminators
Size
152 kB (151936 bytes)
Hash
74a39eeb3353fbf3d61e65d481bb559b
3d169cac5dfbd1b9b7fefc63e35da7fce5e20c7b
305e267571e2fe89c7e626d0abe1fd7314fdb16f50c29ac87b6ef9243c1bdcb5

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/0cGLdK5/
Cookie: XSRF-TOKEN=eyJpdiI6Ii9EUmJFdjJPY3IxZHNpcmlURzE0TEE9PSIsInZhbHVlIjoiVnJpSzBtRUR6VW5vK0wrUU45REVRcklrbGhGTWlheHQ4VE5oeDNteHRhN3lLNzBPd2RzcjdMWTFRN2NWaFFIMUZlenJqRmQ2cG5vVm5GTmtvbjJUdERYVllYbUxtam1hOExsY0pUNXc3TXF2Y3pYNjB3a0xvbjhzYno1WnZUai8iLCJtYWMiOiJhOTk0ZDNiMjlhZWQxNjZmMGZjOTgwYWFkMTk0N2JmMWU4ODJiZmYzYmE2NTE4YjNmMDc4YjkyZWE2YjA4MjlmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im0yLzc3UjBYdTV1Z2YrSGJiVE5zSXc9PSIsInZhbHVlIjoiSEo4SUczemdsRWptZHMxSGplemxzenJFbU5MZmRvTitTUVBRSSsrU2VuekVVRVJOTEhPQm1raVkxTmc4UzVYZWtJcFhLWnlOSVIyRmFKa2ttWVdjbWdjRHVVNWFveWFaQXRxd1ZRUTdKRzExU1QwTDNDM2puU1ZsM0UzRXoycnEiLCJtYWMiOiI1OWFjZmM3NjVmMzA2MmM5NWQ4ZWU5ZWRhNjMxYzU0OGViNTE5ZWRjMjhmYzkyYmI5NWMzYzU2MGIxY2ZlNTg0IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:24 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PdXHimajw%2Bcl0zzboGCR5erF03Dr4OjYDN%2Fh6EJJPpyEM6U3JSNWG%2B8oibRebJMJw45NOl6PbALPFtgiDahiSCdQ8pshelm%2FtU3Nh6f9WmjkDV8lfxxFgrZOmoQ2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:24 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:24 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
priority: u=1,i=?0
server: cloudflare
cf-ray: 91b1da948a8956af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1091&min_rtt=969&rtt_var=451&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2270&delivery_rate=2939112&cwnd=240&unsent_bytes=0&cid=cfb9c1b69287e242&ts=305&x=0", cfL4;desc="?proto=QUIC&rtt=5499&min_rtt=1763&rtt_var=3675&sent=33&recv=17&lost=0&retrans=0&sent_bytes=20750&recv_bytes=6731&delivery_rate=1417&cwnd=12000&unsent_bytes=0&cid=36c5f57e114ce594&ts=9206&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/GDSherpa-vf.woff2

172.67.209.173

200 OK

44 kB

URL GET
ut.horestnou.ru/GDSherpa-vf.woff2
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Size
44 kB (43596 bytes)
Hash
2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf.woff2 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
last-modified: Tue, 04 Mar 2025 13:27:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=otSZtdzlKf%2FFdXezD16eFGNde9OeBpHXkAPti00qLeMe0s3TyeIkcD%2Fnzt%2BP30PMKZWxuiw3%2B4nclJ9IYVniwV3tuy7bsLtM9kEYWfaTdRpc5OYXIgW90gK6DqRs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1da9aed6556af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1044&min_rtt=949&rtt_var=424&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2207&delivery_rate=3001053&cwnd=235&unsent_bytes=0&cid=384ace1708939ee4&ts=22&x=0", cfL4;desc="?proto=QUIC&rtt=3577&min_rtt=1609&rtt_var=1569&sent=335&recv=53&lost=0&retrans=0&sent_bytes=357972&recv_bytes=24928&delivery_rate=3852893&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10485&x=1", cfExtPri, cfHdrFlush;dur=1

GET ut.horestnou.ru/qrAvHQP6gHzn1kn4xr8zlSiefeY4KqjwrdY7OKc67140

172.67.209.173

200 OK

892 B

URL GET
ut.horestnou.ru/qrAvHQP6gHzn1kn4xr8zlSiefeY4KqjwrdY7OKc67140
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
892 B (892 bytes)
Hash
41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /qrAvHQP6gHzn1kn4xr8zlSiefeY4KqjwrdY7OKc67140 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="qrAvHQP6gHzn1kn4xr8zlSiefeY4KqjwrdY7OKc67140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WpvFGnkO%2FM1sj2LwNe%2BHRvAg9g3xZJJKEywP5GZanF4wEZ7MHFKz6jfl2tzBisAXvvOl1ikGvcQEU11CRsuCz3Y8T182aPhYLngCml5ype0j7q%2FAKdVnpoOtIMvJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9aed7956af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1021&min_rtt=949&rtt_var=310&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2212&delivery_rate=2822596&cwnd=251&unsent_bytes=0&cid=1a6c88b7af16ae4c&ts=241&x=0", cfL4;desc="?proto=QUIC&rtt=4339&min_rtt=1609&rtt_var=2948&sent=244&recv=48&lost=0&retrans=0&sent_bytes=249860&recv_bytes=24700&delivery_rate=3537940&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10354&x=1", cfExtPri, cfHdrFlush;dur=0

GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250304%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250304T135018Z&X-Amz-Expires=300&X-Amz-Signature=3eaa2c9c3e6a66efbb7c01f2c27dacfca5370b972b47851493e30310fcedb476&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream

185.199.109.133

200 OK

10 kB

URL GET
objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250304%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250304T135018Z&X-Amz-Expires=300&X-Amz-Signature=3eaa2c9c3e6a66efbb7c01f2c27dacfca5370b972b47851493e30310fcedb476&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
185.199.109.133:443
ASN
#54113 FASTLY

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10017)
Size
10 kB (10245 bytes)
Hash
6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500

HTTP Headers

GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250304%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250304T135018Z&X-Amz-Expires=300&X-Amz-Signature=3eaa2c9c3e6a66efbb7c01f2c27dacfca5370b972b47851493e30310fcedb476&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Tue, 04 Mar 2025 13:52:25 GMT
age: 5376
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410022-HEL
x-cache: HIT, HIT
x-cache-hits: 11369, 359
x-timer: S1741096345.215130,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2

GET ut.horestnou.ru/ghHhNhBjfqKxin4ooznjH5HO6jsBbl2xyMUBExT17k4FLjFKE7XJF7ef210

172.67.209.173

200 OK

25 kB

URL GET
ut.horestnou.ru/ghHhNhBjfqKxin4ooznjH5HO6jsBbl2xyMUBExT17k4FLjFKE7XJF7ef210
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25216 bytes)
Hash
f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ghHhNhBjfqKxin4ooznjH5HO6jsBbl2xyMUBExT17k4FLjFKE7XJF7ef210 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ghHhNhBjfqKxin4ooznjH5HO6jsBbl2xyMUBExT17k4FLjFKE7XJF7ef210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tI60uy7mJGb6AvnUdG3GQbl2HeOmlaO5vuIo%2BsfbeBGzK2HDPHaiM5V25%2FXPbnp1PoURY83A0%2FACHqgCGOI%2BbOgiN1SNjJmBvtDL7XXZL07L6iN4qVUaYsgOr1F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9aed8b56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1007&min_rtt=972&rtt_var=389&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2227&delivery_rate=2930041&cwnd=223&unsent_bytes=0&cid=1d7c887c366c9b62&ts=255&x=0", cfL4;desc="?proto=QUIC&rtt=4022&min_rtt=1609&rtt_var=2203&sent=246&recv=50&lost=0&retrans=0&sent_bytes=251630&recv_bytes=24791&delivery_rate=497313&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10361&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/0cGLdK5/

172.67.209.173

200 OK

190 kB

URL User Request GET
ut.horestnou.ru/0cGLdK5/
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
HTML document, ASCII text, with very long lines (65364)
Size
190 kB (189735 bytes)
Hash
addf332e87b1b98871d8a03765a08d9a
2cd6493d2459165928d820302c3fd151abc300be
21e8d6a98d3c2df5ca456e0d05bce4161ed1f5c0daad4bbd0f33ce8d83a0c54a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /0cGLdK5/ HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 04 Mar 2025 13:52:15 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W8BNciQYRWdv3Roi4qkQDG2QGeEk5wo7yTSx3V7cEq4P1Javy0yhg7H7jWlQTXI9RxVrvqZb8ArzidmKJ0smY7x3haHXcnX1ZvLD6i18ZfRdThmSn%2BWkrV3HDL7U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6InI2ZjdtU3NIWStidEZ0Vm5oNVhuaXc9PSIsInZhbHVlIjoiUmxPeFpUL2VlUm96SFZJSnJvWUIzamdDcENoWmsxVTJLWnJvTER2WEhmOHJJOFhtak02OGZLeDBHUUdXN3owSWNma1BVL05JdUVsTjA1UEc1dGROWExIclM2dlZQaUhldHQ0ZkRENW9WQmNEbjl6UzZEaUE5YVRwcmpQMGs3VDgiLCJtYWMiOiJlMDg0NjdmYTYyNjczYzgyYjQzMGQxMGVkYWI2ODkyYmQ0OWZjZjE4ZjMzNzllODkzNTg2ZmZmNjRhZGQxODJmIiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:14 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ik4ydkdSaHJiemVjQ2ZwZk05dTNXUEE9PSIsInZhbHVlIjoiR3Q4OFQzZ2tOMDNaQ1VWV1FaUjlLcXhGb2tBeSt1VHkyL0xNaUVGQmVEWXdnMFltYnNXMWhvQm9DTnA0Zjd4QXU1Zk1uVzhSU1d5T0NUSnZxWmY5RGdCK3lhVlFYbEk2dlVtMSszVEdRWnRDdXNKNktDanRxVzJaeUF3WmVtaTkiLCJtYWMiOiI1ZjNiYjAxYWRlYmQyYjY1MmUxNWI1OGQ1ODk1NTUwOTI1NzJjYzlhNGRjZWJlZmE3ODBmMTg0NGIxNmVmZGY1IiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:14 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 91b1da597fde56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=965&min_rtt=939&rtt_var=371&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1396&delivery_rate=3033013&cwnd=244&unsent_bytes=0&cid=067065112002db82&ts=356&x=0", cfL4;desc="?proto=TCP&rtt=5723&min_rtt=439&rtt_var=10538&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3278&recv_bytes=1259&delivery_rate=6522522&cwnd=254&unsent_bytes=0&cid=a1dc89f528834af9&ts=747&x=0"
X-Firefox-Spdy: h2

GET ut.horestnou.ru/favicon.ico

0.0.0.0

0 B

URL GET
ut.horestnou.ru/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/0cGLdK5/
Cookie: XSRF-TOKEN=eyJpdiI6Ikc3czIzdytMdnlDdldIT2pTY0RRQmc9PSIsInZhbHVlIjoibUVXZ2lWTVhPUVRkNHFFWks5d2R3SnM2VGYzVnFCb2pYTlBNSGZveU1CdWk3M1o3ZEx0NUFUNWI5K2ZzVlRVcUFJRC95S0hZOXE1ZVY5OFcySEZFbWk5QWR2UlFMbWZnbG40ZlMzTGtGNWhUSC9iWVd4bzdJVndwNXRCOVlVSysiLCJtYWMiOiI5ZDUzNmZiOTE3N2YzMWU2YmE2ZDEzMDgzMmVkMjk1ZjkyMWY1MjcyOWE5ODM0MGE1MDIzMTRkNmU0MjZlZjdkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlRnKzlqRE00MXdCNHpVRmRBeVc5WWc9PSIsInZhbHVlIjoiOFFqQ1RpRmg4SjdYQzQ0TjhBNmFqMHdTL3NObW05NHRaUUR6MXQrZlZwbHpKZWNCK0txK1RCSTBhUCs1Y29iNG0vV0hhenI3SExETW4yZHJ4ZnR6b2xGMlNmQzRmQWsrV0ZSaGhJb3lXTGpwZ0NrWEk4YnlvZlIzdFVxVHFpUGwiLCJtYWMiOiJlZTYzZGNjOWQ5NGVkMDA4OTQzZmE2NDBkODk2MjQ1YmQxNjA3OTYzOTMyOWIyMDg2MTUwNjk4NmMxZWY1OWVkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7

143.204.55.81

200 OK

11 kB

URL GET
ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Size
11 kB (10796 bytes)
Hash
12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0

HTTP Headers

GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 10796
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 20 Feb 2025 19:53:24 GMT
expires: Fri, 20 Feb 2026 19:53:24 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TmklM5cAQcMur7lTOiJJS_mt9Yjdd3-G3OQLUVOxbuzXKJBC5ZFw2Q==
age: 1015139
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1501301
expires: Sun, 22 Feb 2026 13:52:23 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VBiy%2BbFpL9BRBx1MReWCOtWBZYVKHofSSFX73XTEOBb6yYrBV3mOSCul3odpAtIVDznC%2FPhGudJ0gC%2FeUHQGBRD5RoZx1Gcd9UPSHexq2MZ4SePoVLdd8vLQzC5TxU3SImZJ9gLm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 91b1da8fbd0856aa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET ut.horestnou.ru/opit6MyTvCj79m0WfjTL2C78skNgDbghg2hQpBiugoFy397EIqcd198

172.67.209.173

200 OK

268 B

URL GET
ut.horestnou.ru/opit6MyTvCj79m0WfjTL2C78skNgDbghg2hQpBiugoFy397EIqcd198
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
SVG Scalable Vector Graphics image
Size
268 B (268 bytes)
Hash
1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /opit6MyTvCj79m0WfjTL2C78skNgDbghg2hQpBiugoFy397EIqcd198 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/svg+xml
content-disposition: inline; filename="opit6MyTvCj79m0WfjTL2C78skNgDbghg2hQpBiugoFy397EIqcd198"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gxKgurgUhz%2BJtODrT3ENcHSTDN9GhewDppnqvbZUJdRkF0cuhJXtCNFICizdZcPySXn93SjbEKoSB1UdGZSn6oOJ0oq3GfcqtsANlbsMjo4vjTI8jD%2FOeH%2FpH%2BbG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9aed8556af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1032&min_rtt=1004&rtt_var=434&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2223&delivery_rate=2306072&cwnd=252&unsent_bytes=0&cid=4df1bea2e1a5ab3f&ts=240&x=0", cfL4;desc="?proto=QUIC&rtt=4618&min_rtt=1609&rtt_var=3187&sent=240&recv=47&lost=0&retrans=0&sent_bytes=246289&recv_bytes=24654&delivery_rate=920139&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10348&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/wxLiVCdwte5KaV8mTNGX1YUjAsmnB8881XXOPGhN1yab173

172.67.209.173

200 OK

2.9 kB

URL GET
ut.horestnou.ru/wxLiVCdwte5KaV8mTNGX1YUjAsmnB8881XXOPGhN1yab173
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2905 bytes)
Hash
e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wxLiVCdwte5KaV8mTNGX1YUjAsmnB8881XXOPGhN1yab173 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/svg+xml
content-disposition: inline; filename="wxLiVCdwte5KaV8mTNGX1YUjAsmnB8881XXOPGhN1yab173"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dpsT7MPaBkUA%2Bp91Gjs1Cxvtrgn8rZd8vrhkBBsnaMBTl%2BaqAnZSkcktIB2TNyM7oC5q5oglw%2BiLPeTL8wJ%2FYTiL4Ewe%2F30HkDNOehy%2ByWD1%2FBwP4VRcQQJPsCeV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9aed8156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=980&min_rtt=959&rtt_var=307&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2215&delivery_rate=2686792&cwnd=247&unsent_bytes=0&cid=00675762bdccb1a7&ts=233&x=0", cfL4;desc="?proto=QUIC&rtt=4863&min_rtt=1609&rtt_var=3597&sent=231&recv=46&lost=0&retrans=0&sent_bytes=236982&recv_bytes=24609&delivery_rate=1456961&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10336&x=1", cfExtPri, cfHdrFlush;dur=0

POST ut.horestnou.ru/mqLo7eAC54pO1aqKN2WWYVQkuzyCe8K0wRZ4OCrEezL2r8ti

172.67.209.173

200 OK

5.5 kB

URL POST
ut.horestnou.ru/mqLo7eAC54pO1aqKN2WWYVQkuzyCe8K0wRZ4OCrEezL2r8ti
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (5523), with no line terminators
Size
5.5 kB (5510 bytes)
Hash
96fab005cd26b1a05dc16730a29d2621
bf7917c20a6bc1520ab65b30b91e43d284971c4d
b451be53302686cd5062a72a3913858490d2ff90fd00147f2c2e3e52256672e3

HTTP Headers

POST /mqLo7eAC54pO1aqKN2WWYVQkuzyCe8K0wRZ4OCrEezL2r8ti HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://ut.horestnou.ru
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:26 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9uFDattmHVvGklmI9AQ5j2Kiuz8tim3wZ0XTKrIqidT4caOT0sb6eeioUqpI8wJBN7tq6QjMjUDLMs9dxBEpgqUCondZv4Sv69ynoLFkKSKqK6plqRfsNhVEtWiI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IlUxSm9zSTFGeVhFd3JwYWNzUEVXcEE9PSIsInZhbHVlIjoiOXBmeTE0bTlvVkJubEZSTHc2SGEwa1l0a1ZEMjI1SStoVkl6Q1RLTW5IRHY2Z3dmRVBiOEJWV3c3cWN3ZlJsU0Z4cFpVS253OFpPdStYUTJiSENNU01iNHNJN0pOUXQ5ZGgydG5mYTRCODBxQnJrdWJNWGJZdnc3RmpxNzRucTIiLCJtYWMiOiI5M2Y5ZTVjZmZlMTRkOTI1NWNkNTJlMjk2YTRlZTU0YTBhZDQxODc1NTBiZmQxODU2N2VlYWZkMDU4MzFiY2ViIiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:26 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ilo2S0tLVzB6Rjl4b2xwekljbUc2R0E9PSIsInZhbHVlIjoiOXRlbGprMWo0M0lSdEtUdy8rWXRSWUNRTDBqYTN6YWlMUkZvd3dLb2ZlSytEUU1mMEpDbUVFRi9FVGJhY2xhYU9sUFJ5WmllT3ExVGZkVnZQVVVsa3JZQy9pclA2UjZUdmF0bVF6dmVaQ2I5eXVlMDRZaFZPVEtWTXE4NUpmTlUiLCJtYWMiOiI0YmFmOTQyYmFlYmIzZmViN2E3OGEwMzM1NTQ3OTM2ZDM3MjBkMTNlYjc2OGUxYWUyNjgyYmU4ZjEyOTNkYmNiIiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:26 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1daa1d8c556af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1098&min_rtt=1091&rtt_var=414&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2381&delivery_rate=2610449&cwnd=251&unsent_bytes=0&cid=3b9ebbfc00cf024b&ts=227&x=0", cfL4;desc="?proto=QUIC&rtt=1282&min_rtt=791&rtt_var=580&sent=505&recv=81&lost=0&retrans=0&sent_bytes=542601&recv_bytes=29105&delivery_rate=11295506&cwnd=126900&unsent_bytes=0&cid=36c5f57e114ce594&ts=11250&x=1", cfExtPri, cfHdrFlush;dur=0

GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js

140.82.121.4

302 Found

10 kB

URL GET
github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
140.82.121.4:443
ASN
#36459 GITHUB

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
10 kB (10245 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Tue, 04 Mar 2025 13:50:18 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250304%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250304T135018Z&X-Amz-Expires=300&X-Amz-Signature=3eaa2c9c3e6a66efbb7c01f2c27dacfca5370b972b47851493e30310fcedb476&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 3EBD:372AF3:F8AC58:FDD01D:67C70598
X-Firefox-Spdy: h2

GET ut.horestnou.ru/abigsrjI7pq8gh30

172.67.209.173

200 OK

36 kB

URL GET
ut.horestnou.ru/abigsrjI7pq8gh30
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
ASCII text, with CRLF line terminators
Size
36 kB (35786 bytes)
Hash
38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /abigsrjI7pq8gh30 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="abigsrjI7pq8gh30"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5eqUyV5WtzvRaxw3MyZvtl18qFiWB2jZ7tkFrTAK2aecrQOg4Sy41ED8lQUzOBWL0Kg%2Bo4QKW8zRtFptC979wTFtwGDEiCP%2F%2ByWNUbt%2FARDPmKDUJpIEWRn6ZO2Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 91b1da9add4c56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=919&min_rtt=897&rtt_var=352&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2177&delivery_rate=3175027&cwnd=237&unsent_bytes=0&cid=e82a159d7dd00cff&ts=248&x=0", cfL4;desc="?proto=QUIC&rtt=4618&min_rtt=1609&rtt_var=3187&sent=233&recv=47&lost=0&retrans=0&sent_bytes=239030&recv_bytes=24654&delivery_rate=920139&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10337&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/GDSherpa-regular.woff2

172.67.209.173

200 OK

29 kB

URL GET
ut.horestnou.ru/GDSherpa-regular.woff2
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Size
29 kB (28584 bytes)
Hash
17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff2 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
last-modified: Tue, 04 Mar 2025 13:27:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7XzOlWMrrEOO7TGWBSr8H%2FNv1Bj5m0fwUpUlEl6GjTzz2mo5NwlUarY1VMEhysxzM345IZxafCnrDe1DRKMSaCCF8OIt%2BPIVxl6zm%2BvmfhZxbJyCwb2lbo3%2FOVX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1da9aed5e56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1082&min_rtt=996&rtt_var=435&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2211&delivery_rate=2859437&cwnd=251&unsent_bytes=0&cid=2f46f33a5acba501&ts=48&x=0", cfL4;desc="?proto=QUIC&rtt=3530&min_rtt=1609&rtt_var=1946&sent=182&recv=44&lost=0&retrans=0&sent_bytes=181966&recv_bytes=24517&delivery_rate=11719498&cwnd=42000&unsent_bytes=0&cid=36c5f57e114ce594&ts=10325&x=1", cfExtPri, cfHdrFlush;dur=8

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 04 Mar 2025 13:52:15 GMT
age: 2337993
x-served-by: cache-lga21931-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 337043
x-timer: S1741096336.710735,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET ut.horestnou.ru/GDSherpa-regular.woff

172.67.209.173

200 OK

37 kB

URL GET
ut.horestnou.ru/GDSherpa-regular.woff
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
Web Open Font Format, TrueType, length 36696, version 1.0
Size
37 kB (36696 bytes)
Hash
a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-regular.woff HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
last-modified: Tue, 04 Mar 2025 13:27:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BHlBL1EYaOr%2FUigU2L8e2e42UsUc7PKkrdnkEE9fUUkMuCS8%2BSJvtg4%2Fs%2B8hTAHMKUaUqTpt7wmy9dNvh2i%2Ba7rzM4uwH0JwYK4Path%2BrVKXsiJMwl%2FljLrjxDS0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1da9aed6056af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=995&min_rtt=994&rtt_var=374&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2210&delivery_rate=2865191&cwnd=193&unsent_bytes=0&cid=46cb90f0970e44a4&ts=29&x=0", cfL4;desc="?proto=QUIC&rtt=3530&min_rtt=1609&rtt_var=1946&sent=166&recv=44&lost=0&retrans=0&sent_bytes=163908&recv_bytes=24517&delivery_rate=11719498&cwnd=42000&unsent_bytes=0&cid=36c5f57e114ce594&ts=10321&x=1", cfExtPri, cfHdrFlush;dur=0

GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2

143.204.55.81

200 OK

20 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Size
20 kB (20416 bytes)
Hash
d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149

HTTP Headers

GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ut.horestnou.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Mon, 03 Mar 2025 02:11:21 GMT
expires: Tue, 03 Mar 2026 02:11:21 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sTOm5dAMDhBgFbM5LLlsgAHTlvS1GzzcyMWbiXLcJR8KRfz0Ti02mQ==
age: 128464
X-Firefox-Spdy: h2

GET developers.cloudflare.com/favicon.png

104.16.6.189

200 OK

937 B

URL GET
developers.cloudflare.com/favicon.png
IP
104.16.6.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjectdevelopers.cloudflare.com
FingerprintE9:3A:C0:6A:2E:64:DE:1B:4E:08:08:AE:18:4B:FF:46:61:C4:C0:78
ValidityTue, 14 Jan 2025 19:23:19 GMT - Mon, 14 Apr 2025 20:23:12 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
937 B (937 bytes)
Hash
fc3b7bbe7970f47579127561139060e2
3f7c5783fe1f4404cb16304a5a274778ea3abd25
85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 04 Mar 2025 13:52:16 GMT
content-type: image/png
content-length: 937
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=7BR3HjKTCOBeJsSZPUwrhyIfDu5.9rx4AzBpmXLeMV4-1741096335-1.0.1.1-B.NB0UOb2GC5QbwTV9X5n7.QcVSI8PRpXdVi4r7xncAlUMEpP8s8kUh7S8SzPnvpnlhM3eduwZhf_bnio8qCXtBJ7utbJ.Vt5tAYxeP5lww; path=/; expires=Tue, 04-Mar-25 14:22:15 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 91b1da63ca68b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ut.horestnou.ru/efvL3i6haIez5WYajalBjbuJjH5tuvb6feCw0YHMOv1qv78149

172.67.209.173

200 OK

270 B

URL GET
ut.horestnou.ru/efvL3i6haIez5WYajalBjbuJjH5tuvb6feCw0YHMOv1qv78149
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /efvL3i6haIez5WYajalBjbuJjH5tuvb6feCw0YHMOv1qv78149 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/svg+xml
server: cloudflare
content-disposition: inline; filename="efvL3i6haIez5WYajalBjbuJjH5tuvb6feCw0YHMOv1qv78149"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6jEzgeqtmydzR1R6B%2FduDG%2FLUtPYoStXno%2Fo7O73gzlXUUmwoxuS%2FDEgd9kc7CCItkRXmuNnR4l6KrguwfmBzKdB5Crp%2Bf8k81sVhwOp%2BRh9qJt3fNWxZgJDQz0j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
priority: u=4,i=?0
vary: accept-encoding
cf-ray: 91b1da9aed7c56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1215&min_rtt=1208&rtt_var=467&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2217&delivery_rate=2253164&cwnd=237&unsent_bytes=0&cid=1fc14865df63bb93&ts=236&x=0", cfExtPri

GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.94.41

302 Found

48 kB

URL GET
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT

File type

Size
48 kB (48239 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 04 Mar 2025 13:52:15 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/f3b948d8acb8/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b1da62094556a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ut.horestnou.ru/0cGLdK5/

172.67.209.173

200 OK

22 kB

URL User Request GET
ut.horestnou.ru/0cGLdK5/
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
HTML document, ASCII text, with very long lines (16629), with CRLF line terminators
Size
22 kB (21636 bytes)
Hash
574a3ccea75a91bc0b5ddd419a1aa91a
e126a5be8248d9ae108f161cf2d53b6cdd537130
2dfcab6f1675c642c25b8c24878ab9e203e635dea92e6e7fbd0ef4fbd09ccb06

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /0cGLdK5/ HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IitqM3J0bzRGQ1JDaFRpWTBpcGVWTGc9PSIsInZhbHVlIjoiRG1BRVpZa2p4YTZHYUVxMUlGQWUrYjJpaDAvNHd0ejFZYjJMVEhBbDYvRUhEeFpyaStXcnBLemx4TWkyV3pUTmkwT0tpYkJmaXl4dlAvekhJR1NFbFVJeldFTDUyUkg3MGl0U0l3SnhacjVaMlE1KzNDUnFLUW84RU9jemtJb1YiLCJtYWMiOiI3N2ZiYmMzNjBhNmFjYTQxNDc2NGM3Y2ExODQ5OGI3MmQ5NzdjNjlhY2NhMzdkZDZiNjc4NzAyZDdkYThjZmE0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZlNzl3YWZRVUszNXpNYTdDTHpYcEE9PSIsInZhbHVlIjoiSmlJaUZBbktIdC81SG1XdWdGSFFIdFg3SnFTKytFN2d3SkV1YzVFQlptWnBnZk5KOFVRRmRDNUxpWWtLR3FNOWxibFN0Z1o2dmZ1VWhIS2N0dzhhaGFXRUZrT2RQaEp2WXZVN2FCSThYL25IN0pNTEJpdm40U0Q2SkFldFRueXAiLCJtYWMiOiI5MDJkOWYyMWMzOGYzYjBkMGY1YjEzZWYwMDY2OTk0Mjg2ZmNhMjRmN2YzZjYwNjA4YTk3OGRkYjhiMzIyMGU4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:22 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rqG%2Fe1yspYZXT%2BoMFtyt3zHgg25XgOKiB9DXo3AxQ6pgaQ87bhyPUcLUmTXAXxWHkOEyFStoltge92j4KO343OYCRm61ioYDjijmIqjEkxWSZayabbjwLcFyG8T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=1,i=?0
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6Ikc3czIzdytMdnlDdldIT2pTY0RRQmc9PSIsInZhbHVlIjoibUVXZ2lWTVhPUVRkNHFFWks5d2R3SnM2VGYzVnFCb2pYTlBNSGZveU1CdWk3M1o3ZEx0NUFUNWI5K2ZzVlRVcUFJRC95S0hZOXE1ZVY5OFcySEZFbWk5QWR2UlFMbWZnbG40ZlMzTGtGNWhUSC9iWVd4bzdJVndwNXRCOVlVSysiLCJtYWMiOiI5ZDUzNmZiOTE3N2YzMWU2YmE2ZDEzMDgzMmVkMjk1ZjkyMWY1MjcyOWE5ODM0MGE1MDIzMTRkNmU0MjZlZjdkIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 04 Mar 2025 15:52:22 GMT
laravel_session=eyJpdiI6IlRnKzlqRE00MXdCNHpVRmRBeVc5WWc9PSIsInZhbHVlIjoiOFFqQ1RpRmg4SjdYQzQ0TjhBNmFqMHdTL3NObW05NHRaUUR6MXQrZlZwbHpKZWNCK0txK1RCSTBhUCs1Y29iNG0vV0hhenI3SExETW4yZHJ4ZnR6b2xGMlNmQzRmQWsrV0ZSaGhJb3lXTGpwZ0NrWEk4YnlvZlIzdFVxVHFpUGwiLCJtYWMiOiJlZTYzZGNjOWQ5NGVkMDA4OTQzZmE2NDBkODk2MjQ1YmQxNjA3OTYzOTMyOWIyMDg2MTUwNjk4NmMxZWY1OWVkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 04 Mar 2025 15:52:22 GMT
cf-ray: 91b1da8a094c56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1007&min_rtt=1007&rtt_var=378&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2147&delivery_rate=2822596&cwnd=252&unsent_bytes=0&cid=fbbd2ba9dd3e4fea&ts=276&x=0", cfExtPri

GET ut.horestnou.ru/56MHiYH6TrbP1joQcdS27af66720

172.67.209.173

200 OK

27 kB

URL GET
ut.horestnou.ru/56MHiYH6TrbP1joQcdS27af66720
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
ASCII text, with very long lines (26765), with no line terminators
Size
27 kB (26765 bytes)
Hash
1a862a89d5633fac83d763886726740d
e5ce3aa454c992a13fd406a9647d7afbf831051f
5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /56MHiYH6TrbP1joQcdS27af66720 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="56MHiYH6TrbP1joQcdS27af66720"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QGK9NdxL4rQyi2HcZGv6n2OmaQaTHDb52OxqWes7bUyzETq8Ni9XttR%2B3IVTHm6ylmRv2swNEg3EpzRPhTH4bNIV6rk0qEcErKpSbwGw4bsWmXChXWdnMnT7bhpW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=2,i=?0
server: cloudflare
cf-ray: 91b1da9add3856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1081&min_rtt=1081&rtt_var=406&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2189&delivery_rate=2624884&cwnd=246&unsent_bytes=0&cid=e734623c808eec6a&ts=238&x=0", cfL4;desc="?proto=QUIC&rtt=3962&min_rtt=1609&rtt_var=2389&sent=117&recv=41&lost=0&retrans=0&sent_bytes=106822&recv_bytes=24379&delivery_rate=1947085&cwnd=42000&unsent_bytes=0&cid=36c5f57e114ce594&ts=10163&x=1", cfExtPri, cfHdrFlush;dur=0

GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css

143.204.55.81

200 OK

223 kB

URL GET
ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type

Size
223 kB (222931 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 21 Feb 2025 21:16:29 GMT
expires: Sat, 21 Feb 2026 21:16:29 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Mca2G7_ew32Q_VPjA1-O2FqDy4_YtGVLKhcXtHHX0tgaO8IvCPYbAA==
age: 923755
X-Firefox-Spdy: h2

GET ut.horestnou.ru/qrnZYNXDmogGXUNchvjuHztJCkIKxL1wjuHA11kCK12uAdiszYHurgLMaaa9npWgqR0rLOQAKcd239

172.67.209.173

200 OK

9.6 kB

URL GET
ut.horestnou.ru/qrnZYNXDmogGXUNchvjuHztJCkIKxL1wjuHA11kCK12uAdiszYHurgLMaaa9npWgqR0rLOQAKcd239
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
9.6 kB (9648 bytes)
Hash
4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /qrnZYNXDmogGXUNchvjuHztJCkIKxL1wjuHA11kCK12uAdiszYHurgLMaaa9npWgqR0rLOQAKcd239 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="qrnZYNXDmogGXUNchvjuHztJCkIKxL1wjuHA11kCK12uAdiszYHurgLMaaa9npWgqR0rLOQAKcd239"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2BwotmgMDwXmkSsf9k6TwJp3wsNzYi42tsYtqpL9rzSR9lfMykMmmk8WXyDA7Ts1YlCdOsFkMfxLZ4mfO2udGNXNDCBsWafytsi58%2FMmD9zXYv8%2FwrnjWchi87B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9aed8c56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1038&min_rtt=997&rtt_var=316&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2246&delivery_rate=2582048&cwnd=252&unsent_bytes=0&cid=d8ba5d279bfe141e&ts=225&x=0", cfL4;desc="?proto=QUIC&rtt=3756&min_rtt=1609&rtt_var=2185&sent=258&recv=51&lost=0&retrans=0&sent_bytes=265975&recv_bytes=24836&delivery_rate=7589272&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10363&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/mngklJwrvgsxWWiJv2WUe3TijzQr2o7PchqtEpzPd6CT6OcGwx218

172.67.209.173

200 OK

1.9 kB

URL GET
ut.horestnou.ru/mngklJwrvgsxWWiJv2WUe3TijzQr2o7PchqtEpzPd6CT6OcGwx218
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /mngklJwrvgsxWWiJv2WUe3TijzQr2o7PchqtEpzPd6CT6OcGwx218 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:26 GMT
content-type: image/svg+xml
content-disposition: inline; filename="mngklJwrvgsxWWiJv2WUe3TijzQr2o7PchqtEpzPd6CT6OcGwx218"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RvycajZnBZN2eOQn0K2V%2F%2FHIbhlfFhzUuZ6vt0%2FmL1NVM%2FERQ0lSP4lH%2BLwSctkFIv4WSPNuPKzOxIV6nJB7nu%2F3B2FFGVxjfI2WBhRiOm7xjmdDJ9ewBZsGTKgC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1daa2090b56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1295&min_rtt=1293&rtt_var=489&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2221&delivery_rate=2174045&cwnd=138&unsent_bytes=0&cid=58c1c0bf4ee95558&ts=343&x=0", cfL4;desc="?proto=QUIC&rtt=1530&min_rtt=791&rtt_var=880&sent=515&recv=83&lost=0&retrans=0&sent_bytes=552436&recv_bytes=29197&delivery_rate=543931&cwnd=126900&unsent_bytes=0&cid=36c5f57e114ce594&ts=11391&x=1", cfExtPri, cfHdrFlush;dur=0

POST ut.horestnou.ru/dx1cOnDfzkCcWcVdhC1V5Ay8HUCCSEoo9gj48

172.67.209.173

200 OK

20 B

URL POST
ut.horestnou.ru/dx1cOnDfzkCcWcVdhC1V5Ay8HUCCSEoo9gj48
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
0b35866f4a3aa4d34ce5dda2d14c2cd8
d2b80911f09c3106fdf0df9920f983945d644083
493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

POST /dx1cOnDfzkCcWcVdhC1V5Ay8HUCCSEoo9gj48 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/0cGLdK5/
Content-Type: multipart/form-data; boundary=---------------------------340421483417397069352413283423
Content-Length: 925
Origin: https://ut.horestnou.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InI2ZjdtU3NIWStidEZ0Vm5oNVhuaXc9PSIsInZhbHVlIjoiUmxPeFpUL2VlUm96SFZJSnJvWUIzamdDcENoWmsxVTJLWnJvTER2WEhmOHJJOFhtak02OGZLeDBHUUdXN3owSWNma1BVL05JdUVsTjA1UEc1dGROWExIclM2dlZQaUhldHQ0ZkRENW9WQmNEbjl6UzZEaUE5YVRwcmpQMGs3VDgiLCJtYWMiOiJlMDg0NjdmYTYyNjczYzgyYjQzMGQxMGVkYWI2ODkyYmQ0OWZjZjE4ZjMzNzllODkzNTg2ZmZmNjRhZGQxODJmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik4ydkdSaHJiemVjQ2ZwZk05dTNXUEE9PSIsInZhbHVlIjoiR3Q4OFQzZ2tOMDNaQ1VWV1FaUjlLcXhGb2tBeSt1VHkyL0xNaUVGQmVEWXdnMFltYnNXMWhvQm9DTnA0Zjd4QXU1Zk1uVzhSU1d5T0NUSnZxWmY5RGdCK3lhVlFYbEk2dlVtMSszVEdRWnRDdXNKNktDanRxVzJaeUF3WmVtaTkiLCJtYWMiOiI1ZjNiYjAxYWRlYmQyYjY1MmUxNWI1OGQ1ODk1NTUwOTI1NzJjYzlhNGRjZWJlZmE3ODBmMTg0NGIxNmVmZGY1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:22 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bB6ebOeKauZIMoVbRSnCuMhYE3gJek794KaSTLICMwaf9O6UqRzUZfA8ucKbYRzP6lEKDuzJRiPcu5xHaNIbEAR4M6JwwZBb0DJYB3Tkn0NOdWZZmJ9pImwog0QM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IitqM3J0bzRGQ1JDaFRpWTBpcGVWTGc9PSIsInZhbHVlIjoiRG1BRVpZa2p4YTZHYUVxMUlGQWUrYjJpaDAvNHd0ejFZYjJMVEhBbDYvRUhEeFpyaStXcnBLemx4TWkyV3pUTmkwT0tpYkJmaXl4dlAvekhJR1NFbFVJeldFTDUyUkg3MGl0U0l3SnhacjVaMlE1KzNDUnFLUW84RU9jemtJb1YiLCJtYWMiOiI3N2ZiYmMzNjBhNmFjYTQxNDc2NGM3Y2ExODQ5OGI3MmQ5NzdjNjlhY2NhMzdkZDZiNjc4NzAyZDdkYThjZmE0IiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:21 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InZlNzl3YWZRVUszNXpNYTdDTHpYcEE9PSIsInZhbHVlIjoiSmlJaUZBbktIdC81SG1XdWdGSFFIdFg3SnFTKytFN2d3SkV1YzVFQlptWnBnZk5KOFVRRmRDNUxpWWtLR3FNOWxibFN0Z1o2dmZ1VWhIS2N0dzhhaGFXRUZrT2RQaEp2WXZVN2FCSThYL25IN0pNTEJpdm40U0Q2SkFldFRueXAiLCJtYWMiOiI5MDJkOWYyMWMzOGYzYjBkMGY1YjEzZWYwMDY2OTk0Mjg2ZmNhMjRmN2YzZjYwNjA4YTk3OGRkYjhiMzIyMGU4IiwidGFnIjoiIn0%3D; expires=Tue, 04-Mar-2025 15:52:21 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da85ca5956af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1119&min_rtt=1117&rtt_var=420&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=3180&delivery_rate=2549686&cwnd=252&unsent_bytes=0&cid=5207eadb88c137c9&ts=271&x=0", cfL4;desc="?proto=QUIC&rtt=6181&min_rtt=2041&rtt_var=3723&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4066&recv_bytes=2746&delivery_rate=288544&cwnd=12000&unsent_bytes=0&cid=36c5f57e114ce594&ts=7001&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/GDSherpa-bold.woff

172.67.209.173

200 OK

36 kB

URL GET
ut.horestnou.ru/GDSherpa-bold.woff
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
Web Open Font Format, TrueType, length 35970, version 1.0
Size
36 kB (35970 bytes)
Hash
496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: font/woff
content-length: 35970
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: MISS
age: 1483
last-modified: Tue, 04 Mar 2025 13:27:42 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3qmIkBLIYnvoT24BngIf52wWvE3VIJ6mWWT%2FpsEAbG7iGWyHsBT3jUbxwtk9%2B5pzhVld8bTD35EgHYF2XQOCiAiZQFniYK7DkvRkXiUYfwzoYYeubG1flu5EMewh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1da9aed5c56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1050&min_rtt=952&rtt_var=427&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2207&delivery_rate=2991596&cwnd=223&unsent_bytes=0&cid=7a0c176d83d15dd3&ts=30&x=0", cfL4;desc="?proto=QUIC&rtt=3962&min_rtt=1609&rtt_var=2389&sent=103&recv=41&lost=0&retrans=0&sent_bytes=91411&recv_bytes=24379&delivery_rate=1947085&cwnd=42000&unsent_bytes=0&cid=36c5f57e114ce594&ts=10160&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/wx5tdqOr50ejUSGpe1C7qrYWSLEO2C5mz2MZ6g4GF12124

172.67.209.173

200 OK

644 B

URL GET
ut.horestnou.ru/wx5tdqOr50ejUSGpe1C7qrYWSLEO2C5mz2MZ6g4GF12124
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
644 B (644 bytes)
Hash
541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /wx5tdqOr50ejUSGpe1C7qrYWSLEO2C5mz2MZ6g4GF12124 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="wx5tdqOr50ejUSGpe1C7qrYWSLEO2C5mz2MZ6g4GF12124"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BvltQTo%2FL8MLCtn60FHJD6PLrMRUB3kO8yNSpcY1WVY3Dke1o4i%2F53WQQYxKLo1nkgmpeGlNyWcPOwQHKZSFkiyOezk3ZHLEI9r3oLqlSEwJ%2FI%2FwPc3WiIrUX0Fr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9aed7356af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1032&min_rtt=1026&rtt_var=397&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2214&delivery_rate=2649302&cwnd=251&unsent_bytes=0&cid=2af18e22c8dafb72&ts=220&x=0", cfL4;desc="?proto=QUIC&rtt=3530&min_rtt=1609&rtt_var=1946&sent=182&recv=44&lost=0&retrans=0&sent_bytes=181966&recv_bytes=24517&delivery_rate=11719498&cwnd=42000&unsent_bytes=0&cid=36c5f57e114ce594&ts=10325&x=1", cfExtPri, cfHdrFlush;dur=8

GET 3kq246.zkmkxitv.ru/jawari!0bs9jrr

104.21.112.1

200 OK

1 B

URL GET
3kq246.zkmkxitv.ru/jawari!0bs9jrr
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjectzkmkxitv.ru
Fingerprint03:13:73:E6:B4:A1:C6:32:8C:C0:AB:89:1E:11:70:4E:C0:AE:EA:66
ValidityWed, 19 Feb 2025 22:28:41 GMT - Tue, 20 May 2025 23:27:04 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /jawari!0bs9jrr HTTP/1.1
Host: 3kq246.zkmkxitv.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/
Origin: https://ut.horestnou.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 04 Mar 2025 13:52:21 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fGtZoGnU71ado1IS%2BULqw7EbYMC%2Bb1NR4YF%2F36qRUfEBVSAzEFIC85dAiU7UYC%2B4lgZBd8dZM24Y8QXzZqBR6NpvwVd3uYNpNIg5QUd0p3XHnPYYqiGNj7KcrvrNIGnwy%2Bh4%2F2U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91b1da81ae0c0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=641&min_rtt=529&rtt_var=259&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3271&recv_bytes=1226&delivery_rate=7362711&cwnd=254&unsent_bytes=0&cid=d6030c66314a72aa&ts=630&x=0"
X-Firefox-Spdy: h2

POST ut.horestnou.ru/rqMG9OsIurUJJkDK0pMwUCAgUZulzCbdVP6TLes1M16Pcjy

172.67.209.173

200 OK

331 B

URL POST
ut.horestnou.ru/rqMG9OsIurUJJkDK0pMwUCAgUZulzCbdVP6TLes1M16Pcjy
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (349), with no line terminators
Size
331 B (331 bytes)
Hash
ef6d0964b4abf81d71d716ef9ba69147
0deb383b0ce6b311eb38464a12b403d266a0f584
998df64e0f1b5120e61e27240f542e0717986d23522d907b8b65fa82000af35b

HTTP Headers

POST /rqMG9OsIurUJJkDK0pMwUCAgUZulzCbdVP6TLes1M16Pcjy HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: https://ut.horestnou.ru
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/0cGLdK5/
Cookie: XSRF-TOKEN=eyJpdiI6Ikc3czIzdytMdnlDdldIT2pTY0RRQmc9PSIsInZhbHVlIjoibUVXZ2lWTVhPUVRkNHFFWks5d2R3SnM2VGYzVnFCb2pYTlBNSGZveU1CdWk3M1o3ZEx0NUFUNWI5K2ZzVlRVcUFJRC95S0hZOXE1ZVY5OFcySEZFbWk5QWR2UlFMbWZnbG40ZlMzTGtGNWhUSC9iWVd4bzdJVndwNXRCOVlVSysiLCJtYWMiOiI5ZDUzNmZiOTE3N2YzMWU2YmE2ZDEzMDgzMmVkMjk1ZjkyMWY1MjcyOWE5ODM0MGE1MDIzMTRkNmU0MjZlZjdkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlRnKzlqRE00MXdCNHpVRmRBeVc5WWc9PSIsInZhbHVlIjoiOFFqQ1RpRmg4SjdYQzQ0TjhBNmFqMHdTL3NObW05NHRaUUR6MXQrZlZwbHpKZWNCK0txK1RCSTBhUCs1Y29iNG0vV0hhenI3SExETW4yZHJ4ZnR6b2xGMlNmQzRmQWsrV0ZSaGhJb3lXTGpwZ0NrWEk4YnlvZlIzdFVxVHFpUGwiLCJtYWMiOiJlZTYzZGNjOWQ5NGVkMDA4OTQzZmE2NDBkODk2MjQ1YmQxNjA3OTYzOTMyOWIyMDg2MTUwNjk4NmMxZWY1OWVkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:23 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2hJek%2BbQL3SBNZpQeml9PZ0K52vdB%2BRIPd1SOwwbN2vlX%2BDhm1rGY4%2Fhr49hgvUm5IkFhWxgyE6GE%2BySEjK9u39VAEyw7CsCTvslXHw4lbgOAwH6D3qhPfQoNDJq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=3,i=?0
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6Ii9EUmJFdjJPY3IxZHNpcmlURzE0TEE9PSIsInZhbHVlIjoiVnJpSzBtRUR6VW5vK0wrUU45REVRcklrbGhGTWlheHQ4VE5oeDNteHRhN3lLNzBPd2RzcjdMWTFRN2NWaFFIMUZlenJqRmQ2cG5vVm5GTmtvbjJUdERYVllYbUxtam1hOExsY0pUNXc3TXF2Y3pYNjB3a0xvbjhzYno1WnZUai8iLCJtYWMiOiJhOTk0ZDNiMjlhZWQxNjZmMGZjOTgwYWFkMTk0N2JmMWU4ODJiZmYzYmE2NTE4YjNmMDc4YjkyZWE2YjA4MjlmIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 04 Mar 2025 15:52:23 GMT
laravel_session=eyJpdiI6Im0yLzc3UjBYdTV1Z2YrSGJiVE5zSXc9PSIsInZhbHVlIjoiSEo4SUczemdsRWptZHMxSGplemxzenJFbU5MZmRvTitTUVBRSSsrU2VuekVVRVJOTEhPQm1raVkxTmc4UzVYZWtJcFhLWnlOSVIyRmFKa2ttWVdjbWdjRHVVNWFveWFaQXRxd1ZRUTdKRzExU1QwTDNDM2puU1ZsM0UzRXoycnEiLCJtYWMiOiI1OWFjZmM3NjVmMzA2MmM5NWQ4ZWU5ZWRhNjMxYzU0OGViNTE5ZWRjMjhmYzkyYmI5NWMzYzU2MGIxY2ZlNTg0IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 04 Mar 2025 15:52:23 GMT
cf-ray: 91b1da908b6456af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1032&min_rtt=974&rtt_var=316&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2248&delivery_rate=2839481&cwnd=235&unsent_bytes=0&cid=0da9ec6842865708&ts=224&x=0", cfExtPri

GET ut.horestnou.ru/GDSherpa-bold.woff2

172.67.209.173

200 OK

28 kB

URL GET
ut.horestnou.ru/GDSherpa-bold.woff2
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Size
28 kB (28000 bytes)
Hash
a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-bold.woff2 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: font/woff2
content-length: 28000
content-disposition: inline; filename="GDSherpa-bold.woff2"
last-modified: Tue, 04 Mar 2025 13:27:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OIWtGI40ifgoeRk7%2FaWhwgXhxXX6F9ucuizh4awqkMcFeP3HnEsFP3YDVcPlgSpyFCPFrcu%2BsvTajEFJWs8gYHfmY26Ewc0drIE9Ozy6Uz9MiFi0K43%2Blat%2BqRwa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1da9aed5456af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1016&min_rtt=950&rtt_var=403&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2208&delivery_rate=2997894&cwnd=243&unsent_bytes=0&cid=8761dfd5b0223161&ts=24&x=0", cfL4;desc="?proto=QUIC&rtt=3781&min_rtt=1609&rtt_var=1927&sent=121&recv=43&lost=0&retrans=0&sent_bytes=111166&recv_bytes=24471&delivery_rate=43669&cwnd=42000&unsent_bytes=0&cid=36c5f57e114ce594&ts=10301&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/GDSherpa-vf2.woff2

172.67.209.173

200 OK

93 kB

URL GET
ut.horestnou.ru/GDSherpa-vf2.woff2
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Size
93 kB (93276 bytes)
Hash
bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
last-modified: Tue, 04 Mar 2025 13:27:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=es9dK3rEiW%2FpjiDhX9C5pSdJ1e747rT75EevjdE6eSTm1R47Vm4BZjxT8XzXVt785MLN8POw3c%2B629lRbGsNGOtXVcYAf69botYK8xr%2FyEKwuCA7mlLzcVbxfBPD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1da9aed6d56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1136&min_rtt=1015&rtt_var=382&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2208&delivery_rate=2717557&cwnd=248&unsent_bytes=0&cid=d1183fa2e7286d29&ts=22&x=0", cfL4;desc="?proto=QUIC&rtt=3577&min_rtt=1609&rtt_var=1569&sent=279&recv=53&lost=0&retrans=0&sent_bytes=291072&recv_bytes=24928&delivery_rate=3852893&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10482&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/34XbIpXzC7oofdklDHPgiTjK1Zp89106

172.67.209.173

200 OK

4.8 MB

URL GET
ut.horestnou.ru/34XbIpXzC7oofdklDHPgiTjK1Zp89106
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type

Size
4.8 MB (4756491 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /34XbIpXzC7oofdklDHPgiTjK1Zp89106 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: application/javascript
content-disposition: inline; filename="34XbIpXzC7oofdklDHPgiTjK1Zp89106"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eps6t7yHtUoqsJkVg8wv2TV%2BqIe%2FjnnipMrk%2B%2BmFifFBCHWj4hf2BBrrN%2F8nZnd7hfSf2w2RqjE7OQxVdoE9ug2Nw8hpybw9ieXLtHM30%2B5P%2FRxkrM9m4aRzN5sP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b1da9b0d9456af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=971&min_rtt=969&rtt_var=367&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2164&delivery_rate=2891370&cwnd=251&unsent_bytes=0&cid=19190038169186dc&ts=239&x=0", cfL4;desc="?proto=QUIC&rtt=4618&min_rtt=1609&rtt_var=3187&sent=241&recv=47&lost=0&retrans=0&sent_bytes=247343&recv_bytes=24654&delivery_rate=920139&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10351&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/klNbsNSvPTewVNr0EigvLxiTD4rWrNJ4V89bKHiokA7vGXBmDu6D4Hql6PKvqUmab226

172.67.209.173

200 OK

1.3 kB

URL GET
ut.horestnou.ru/klNbsNSvPTewVNr0EigvLxiTD4rWrNJ4V89bKHiokA7vGXBmDu6D4Hql6PKvqUmab226
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1298 bytes)
Hash
32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /klNbsNSvPTewVNr0EigvLxiTD4rWrNJ4V89bKHiokA7vGXBmDu6D4Hql6PKvqUmab226 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:26 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="klNbsNSvPTewVNr0EigvLxiTD4rWrNJ4V89bKHiokA7vGXBmDu6D4Hql6PKvqUmab226"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cEqCRKSK3H45c%2Bj6TW0i3paw6r1tgzlNGQNJLsLDgIb0UsF%2BxoI64an70NWpToEdRc8BB5jNYLkqLYai7%2BBgCvDnhxqj8UVivQ%2Fl0c1uNJQfwZGoKRdc3fxVIihQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1daa2090d56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1057&min_rtt=1011&rtt_var=412&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2236&delivery_rate=2817012&cwnd=252&unsent_bytes=0&cid=0b150001092a032e&ts=226&x=0", cfL4;desc="?proto=QUIC&rtt=1266&min_rtt=791&rtt_var=469&sent=509&recv=82&lost=0&retrans=0&sent_bytes=546429&recv_bytes=29151&delivery_rate=197778&cwnd=126900&unsent_bytes=0&cid=36c5f57e114ce594&ts=11277&x=1", cfExtPri, cfHdrFlush;dur=0

GET ut.horestnou.ru/favicon.ico

172.67.209.173

404 Not Found

0 B

URL GET
ut.horestnou.ru/favicon.ico
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IlUxSm9zSTFGeVhFd3JwYWNzUEVXcEE9PSIsInZhbHVlIjoiOXBmeTE0bTlvVkJubEZSTHc2SGEwa1l0a1ZEMjI1SStoVkl6Q1RLTW5IRHY2Z3dmRVBiOEJWV3c3cWN3ZlJsU0Z4cFpVS253OFpPdStYUTJiSENNU01iNHNJN0pOUXQ5ZGgydG5mYTRCODBxQnJrdWJNWGJZdnc3RmpxNzRucTIiLCJtYWMiOiI5M2Y5ZTVjZmZlMTRkOTI1NWNkNTJlMjk2YTRlZTU0YTBhZDQxODc1NTBiZmQxODU2N2VlYWZkMDU4MzFiY2ViIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilo2S0tLVzB6Rjl4b2xwekljbUc2R0E9PSIsInZhbHVlIjoiOXRlbGprMWo0M0lSdEtUdy8rWXRSWUNRTDBqYTN6YWlMUkZvd3dLb2ZlSytEUU1mMEpDbUVFRi9FVGJhY2xhYU9sUFJ5WmllT3ExVGZkVnZQVVVsa3JZQy9pclA2UjZUdmF0bVF6dmVaQ2I5eXVlMDRZaFZPVEtWTXE4NUpmTlUiLCJtYWMiOiI0YmFmOTQyYmFlYmIzZmViN2E3OGEwMzM1NTQ3OTM2ZDM3MjBkMTNlYjc2OGUxYWUyNjgyYmU4ZjEyOTNkYmNiIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 04 Mar 2025 13:52:27 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qbSRpNnnzQLUW9qNIcS9N%2BdIQuhdz9OJZX3sYLuKwsnz8wRMG%2FxylYQsIzQ6Mf8DKtS9c3lIUolZssUmLBXncNxhWc8nqbjJrn5OhSRhT4KJb69d%2BziCWDkOieEH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3
priority: u=6,i=?0
server: cloudflare
cf-ray: 91b1daab79e356af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=908&min_rtt=873&rtt_var=352&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2095&delivery_rate=3262313&cwnd=251&unsent_bytes=0&cid=38f3a1298908e516&ts=646&x=0", cfL4;desc="?proto=QUIC&rtt=2362&min_rtt=791&rtt_var=1618&sent=844&recv=109&lost=0&retrans=0&sent_bytes=935448&recv_bytes=31265&delivery_rate=5757830&cwnd=126900&unsent_bytes=0&cid=36c5f57e114ce594&ts=12392&x=1", cfExtPri, cfHdrFlush;dur=0

GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css

143.204.55.81

200 OK

10 kB

URL GET
ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT

File type
ASCII text, with very long lines (10450)
Size
10 kB (10498 bytes)
Hash
e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179

HTTP Headers

GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 22 Feb 2025 06:22:03 GMT
expires: Sun, 22 Feb 2026 06:22:03 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XLZuagm_yi7BSWMrCsjTSrS5bO1NpwDLkrqS7NOJfamsPylXBAhrcQ==
age: 891021
X-Firefox-Spdy: h2

GET ut.horestnou.ru/uvp3WXyzVx9G17NaEvLBbtp2hb3PnJ2vvEra67PrAXBXEfQwhCHW7StFQCqiuLgh257

172.67.209.173

200 OK

18 kB

URL GET
ut.horestnou.ru/uvp3WXyzVx9G17NaEvLBbtp2hb3PnJ2vvEra67PrAXBXEfQwhCHW7StFQCqiuLgh257
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
RIFF (little-endian) data, Web/P image
Size
18 kB (17842 bytes)
Hash
4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /uvp3WXyzVx9G17NaEvLBbtp2hb3PnJ2vvEra67PrAXBXEfQwhCHW7StFQCqiuLgh257 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/webp
content-length: 17842
content-disposition: inline; filename="uvp3WXyzVx9G17NaEvLBbtp2hb3PnJ2vvEra67PrAXBXEfQwhCHW7StFQCqiuLgh257"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I67VmEFOVUq8KddaCVnDxhvmEHQKKT3pu0lgF2%2F1ubPuC1Tb%2FyR0Ih1wnKltfI4okdQ7PNINl2VUb9c336AzpNbuZbBbjbvAKV%2FUdEPhftJbBxUHFGP7y4F1X%2Faw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9b0d9256af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=971&min_rtt=968&rtt_var=370&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2235&delivery_rate=2853707&cwnd=252&unsent_bytes=0&cid=2c3a7a6cdd3d2978&ts=276&x=0", cfL4;desc="?proto=QUIC&rtt=3557&min_rtt=1609&rtt_var=2037&sent=267&recv=52&lost=0&retrans=0&sent_bytes=276725&recv_bytes=24882&delivery_rate=3337936&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10392&x=1", cfExtPri, cfHdrFlush;dur=0

GET challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js

104.18.94.41

200 OK

48 kB

URL GET
challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/0cGLdK5/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT

File type
JavaScript source, ASCII text, with very long lines (48238)
Size
48 kB (48239 bytes)
Hash
184e29de57c67bc329c650f294847c16
961208535893142386ba3efe1444b4f8a90282c3
dd03ba1dd6d73643a8ed55f4cebc059d673046975d106d26d245326178c2eb9d

HTTP Headers

GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ut.horestnou.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:15 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 28 Feb 2025 15:24:08 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b1da629cb80b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

48 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
48 kB (48316 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1501302
expires: Sun, 22 Feb 2026 13:52:24 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FkUMDXlORRhfIvHzriRGO9raGIUdLv2r08o9UMPgkb4k4hCfAwHnfbtN4aKuZgIH%2BK8BC%2FrYsmvppxQ2qty2Vq%2BwOlKJ2DoEeUliz0GiaLvGmH6wJcxXAm7z%2BHD5LGbkGAQoPOl%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 91b1da9ac9ba56aa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET ut.horestnou.ru/ijuMBLOxm6lwNca4PsgEUbPssFW0VcdXHANsIC9jeQ1Qw78170

172.67.209.173

200 OK

7.4 kB

URL GET
ut.horestnou.ru/ijuMBLOxm6lwNca4PsgEUbPssFW0VcdXHANsIC9jeQ1Qw78170
IP
172.67.209.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Certificate
IssuerGoogle Trust Services
Subjecthorestnou.ru
Fingerprint82:40:95:E1:FF:EB:88:9F:54:00:C6:B8:C7:12:D3:F2:92:A1:0E:65
ValiditySun, 09 Feb 2025 21:15:50 GMT - Sat, 10 May 2025 22:13:25 GMT

File type
SVG Scalable Vector Graphics image
Size
7.4 kB (7390 bytes)
Hash
bca9b46fee32162356ba5b4783e614dc
cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5
fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /ijuMBLOxm6lwNca4PsgEUbPssFW0VcdXHANsIC9jeQ1Qw78170 HTTP/1.1
Host: ut.horestnou.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ut.horestnou.ru/sjtosjxgnwfgxjhvqawlbzslezgqmlgtziloigcpmkyywsusivnfj3y5vbiqae?ALOFHXNMRXRLMJUUBGFAJWUGEZWN
Cookie: XSRF-TOKEN=eyJpdiI6IndUWktpZ05FU0UyaWNCeE9naGJqYnc9PSIsInZhbHVlIjoibE9EcUtjZ1BiYkwvY2kvNkRsc2pHQ2xSOUlhVnBWSXJWOHFLQnhhaHZFcmZ3MXVTY2pCMjhGM3RldmJmR3JOTlFpWEcyVFlUdVR2d3lMZTdCZWNHUWlnTDBDbE5ZQWZXeWJzUVNsNnlsSkx3S053eTFocklzMXpxamcycDdmYWYiLCJtYWMiOiIxMzk0YTRhZDEzMGExOTYzNGFmN2RkMDJjMzZiZjQzOTNkMjY3MjZkODhjZDYzOTE1NjFmM2FmOTI2OTNjNjBlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlZTelY3UGZDWDRTR2RYSldxRWJXTWc9PSIsInZhbHVlIjoiLzA2UlRTamZVUW1CWHJZay82cjZ4bytSREZqQnpUd1ozK1VKaUQ1cjhCVVNxOXZVTWJHZmNUUGFPMURXQWU5UlM1NU9jazhuTHoyT21DQ09YSHlmNWhrYjluQkw3dEZ3Y3dRcEo2UlFlWVJVMVQ1SlM4L3ZIbUhoN01VbEpPdjkiLCJtYWMiOiJiNDhhODcwZDFjNTdhMzVkYjQ2YmQ2NmQzYTM2NTEzMGZjYWFkM2IxOGUzMjliZjNlNTE3NzkxMDZkMzVhMDFmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 04 Mar 2025 13:52:25 GMT
content-type: image/svg+xml
content-disposition: inline; filename="ijuMBLOxm6lwNca4PsgEUbPssFW0VcdXHANsIC9jeQ1Qw78170"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p85Zd2dSaeGm4hMGDbnsS9Otuom85aJyU9NMrvppXDHH2ltrwEXOJWVkmJ67TxXzfrCQN7wdUaKrtZhXKEAeXTHD%2FEnqshPKY835jjmBuYYamOpHtKmsILUWnSpf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b1da9aed7f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=830&min_rtt=824&rtt_var=321&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2218&delivery_rate=3254857&cwnd=251&unsent_bytes=0&cid=4c6b992e1e4f8a13&ts=234&x=0", cfL4;desc="?proto=QUIC&rtt=4618&min_rtt=1609&rtt_var=3187&sent=237&recv=47&lost=0&retrans=0&sent_bytes=243004&recv_bytes=24654&delivery_rate=920139&cwnd=66900&unsent_bytes=0&cid=36c5f57e114ce594&ts=10339&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML