admitclip.sa.com/new/auth/sf_rand_string_lowercase6/Z2VvZmZyZXkuaGVpbnNlbkBiZW50ZWxlci5jb20=
162.241.69.179200 OK 0 B URL User Request GET HTTP/1.1 admitclip.sa.com/new/auth/sf_rand_string_lowercase6/Z2VvZmZyZXkuaGVpbnNlbkBiZW50ZWxlci5jb20=
IP 162.241.69.179:443
ASN #46606 UNIFIEDLAYER-AS-1
Certificate IssuerLet's Encrypt
Subjectadmitclip.sa.com
Fingerprint8E:53:B9:64:7F:F3:60:41:C4:F3:98:54:80:13:65:85:2D:F7:F8:F5
ValiditySun, 04 Jun 2023 11:11:56 GMT - Sat, 02 Sep 2023 11:11:55 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /new/auth/sf_rand_string_lowercase6/Z2VvZmZyZXkuaGVpbnNlbkBiZW50ZWxlci5jb20= HTTP/1.1
Host: admitclip.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 06:29:29 GMT
Server: Apache
refresh: 0;url=https://dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
dbnyq.newsult.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2e9ef8eb1eb517
104.21.75.139 42 B URL dbnyq.newsult.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2e9ef8eb1eb517
IP 104.21.75.139:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d2e9ef8eb1eb517 HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:32:56 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 30 May 2023 15:20:42 GMT
etag: "6476144a-2a"
server: cloudflare
cf-ray: 7d2e9efa2985b4fa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 06 Jun 2023 08:32:56 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d2e9efcea9fb50f
104.18.7.185 119 kB URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d2e9efcea9fb50f
IP 104.18.7.185:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 119 kB (118573 bytes)
Hash b25e0ea47553d61daf3fd50b0277abdc
f0823b9ba5aa4f55566f56524e7e294103ed1db3
b6694061fc5c37f66c56fabe8cf6b25c8539da7be71a9b35ee107c5cfb63563c
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7d2e9efcea9fb50f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/eriag/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:00 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7d2e9f110bb9b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7d2e9efcea9fb50f/1686033180619/3f6ebae69d8019787b274b3596e55f3525c4b48fda1fd93335ff344f16a3830b/AAH0nlBfBPdX8J0
104.18.7.185 134 kB URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7d2e9efcea9fb50f/1686033180619/3f6ebae69d8019787b274b3596e55f3525c4b48fda1fd93335ff344f16a3830b/AAH0nlBfBPdX8J0
IP 104.18.7.185:0
Size 134 kB (133719 bytes)
Hash ce94186372fdeeaa6d9567edeb899f2a
6c33ac513277227b6fcf836643d4fa4cf603f40c
d67b9aae68623ca5a2e32a1b96ecacf29ffba4ddd9faf7a5a01ad47a4af404df
GET /cdn-cgi/challenge-platform/h/g/pat/7d2e9efcea9fb50f/1686033180619/3f6ebae69d8019787b274b3596e55f3525c4b48fda1fd93335ff344f16a3830b/AAH0nlBfBPdX8J0 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/eriag/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Tue, 06 Jun 2023 06:33:02 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gP2665p2AGXh7J0s1luVfNSXEtI_aH9kzNf80TxajgwsAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA2QmmahoTCdzzWU_cjTkt9rzQkK7r0JRDfy3Ug31wK-hp3n5Nlkur9cyfSmGhvETNfzP7DjBWLuFe3BGfCvaMn-2I8epeGGFpx57OKWenWkS0ozAVw8pZwpCGNdPD2eeeWcC63BypcwUcZnnJKohILWHt5HcJ6e71kKJNsOrcX9gfLt3ZesHAVwc1uJomYnRcvyLUtAXgg8B8n-H2X664Z3WqgUtqA8ZprXuyXHIjXxHORfViPZWU-y48WLmCWq4SgzW8OJH-fB8OU4naRCAme2w1bQV7r8xfE0uHuhhsMqoI6A_Q-BHk2mkZDHYaScQrq-E1vjk9ZMN1gVzfLYDHgwIDAQAB, max-age=20
server: cloudflare
cf-ray: 7d2e9f1bb9fcb50f-OSL
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/o/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63231
104.21.75.139200 OK 3.7 kB URL GET HTTP/3 dbnyq.newsult.ru/o/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63231
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3695), with no line terminators
Hash d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714
GET /o/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63231 HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Tue, 13 Jun 2023 06:33:03 GMT
last-modified: Tue, 30 May 2023 21:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMG26Y51C2FpetJ6CEpU3M0ZeLZTQbdtRSr6GufRErVsJwdHHYTpZ2udr8Gc74s4XHV23Of%2FDJSuanBGOmi2QyooDovuSDlAL%2FVCCXXrAcUfEla7pm4bzNTxEhuplTyU83bf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f249fc0b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/boot/644abda0df7b837c2a8ca0ddb114e5f9647ed31f0587f
104.21.75.139200 OK 51 kB URL GET HTTP/3 dbnyq.newsult.ru/boot/644abda0df7b837c2a8ca0ddb114e5f9647ed31f0587f
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type ASCII text, with very long lines (50758)
Hash 67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
GET /boot/644abda0df7b837c2a8ca0ddb114e5f9647ed31f0587f HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Tue, 13 Jun 2023 06:33:03 GMT
last-modified: Tue, 30 May 2023 21:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJt0BwxjRAncyWG3iNxlXMO5uG32oaP0mLO7EfrV1o%2BKjLlZ2Mz2H3nYVu%2B24vnwnma7oB6e5Xj8zBnXWwxKeBGHFRvjQ1g%2FSJDBXkKOyftA86Jpyi4yXEpdAdhk%2FA2VHfJM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f228d0ab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/e/644abda0df7b837c2a8ca0ddb114e5f9647ed31f6323e
104.21.75.139200 OK 513 B URL GET HTTP/3 dbnyq.newsult.ru/e/644abda0df7b837c2a8ca0ddb114e5f9647ed31f6323e
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (529), with no line terminators
Hash adc405f5fd089662209870ca5d2106f7
3a8b776df84bf251afc6ddd802cc5bbeddfb0e36
e7bacc97751689afaae192e103fe9851664365c57c7d783560860ad456db7e49
GET /e/644abda0df7b837c2a8ca0ddb114e5f9647ed31f6323e HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Tue, 13 Jun 2023 06:33:03 GMT
last-modified: Tue, 30 May 2023 21:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ftzbL5cZSjddJxne0HKw%2B%2FtP5LpDk7N9LZnDiUH3DEMrASHyOlJqkXJdJlrLkP3B6kLocj9LdYwcWHuLq2r2QiXqBXAkD%2BaWy6tv2xBtP7y9sG594ZyN5UX%2FPNAwVwJrMs2%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f249fc1b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/api-as1f?email=geoffrey.heinsen@benteler.com&data=background
104.21.75.139200 OK 176 B URL GET HTTP/3 dbnyq.newsult.ru/api-as1f?email=geoffrey.heinsen@benteler.com&data=background
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 1aa811df7ddbc8c3baca0af05f6e1dee
2c8afab6b9b2e51ac04385170cc211ff98279bc8
1bd83384939faced0f466c5347e3f67924daa8484991198717395ab5df1ee286
GET /api-as1f?email=geoffrey.heinsen@benteler.com&data=background HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:04 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0y0mooNfsNPtn94XDkETXjH3wxrWQCVIj3Ziq0CWIN0qaYYO%2FtMO2b8QMxVShY0dohUI33YnF1xIC40dgqmZ8zBng5wi8rZnuEaBw8cQ%2FbpI5kO6GB%2Be6qrq03AAUqPe3V%2B3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f24cffdb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
104.21.75.139200 OK 24 kB URL User Request GET HTTP/3 dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
IP 104.21.75.139:443
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (22448)
Hash 5ff6d89c1f1312e07bad6817ed5533c8
5e284552d8b6182388f8c6bdc601a4655ff4b909
70ddb57044c52554da49de1b450894aa0efdb2d595212e8bd7a1d1edb986ba9c
GET /beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com?__cf_chl_tk=hyMxrMda9cP6OE5WjPD1HJyJc_h0nh7DowflcZUCPBk-1686033176-0-gaNycGzNDWU
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZ63IVNTKfUCkXhklJbMKXGTDe3M9lwJfOv2FZAgMA%2FseUY6%2FCiZ5%2BBBQGNhK9l4%2FICRzQ8WoOAIEZ8YL3VHfAimLNI9A1o4ejR3io6NL1qC8xX5C0kXqBJE6PCfgs7aHMQ5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f21bbc3b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/axios@1.4.0/dist/axios.min.js
104.16.124.175200 OK 32 kB URL GET HTTP/2 unpkg.com/axios@1.4.0/dist/axios.min.js
IP 104.16.124.175:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type ASCII text, with very long lines (31803)
Hash 6470a918ba1fd4b8d0882df0269ddb82
97814fdab64aa7d1b30f082f9eb272d4b1ce18a2
fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e
GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dbnyq.newsult.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 2732275
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2e9f22ca2f1bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
dbnyq.newsult.ru/favicon.ico
104.21.75.139404 Not Found 1.2 kB URL GET HTTP/3 dbnyq.newsult.ru/favicon.ico
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1276), with no line terminators
Hash 24b426fea67958554911ff4c943fdfe4
b92889146d4c1bbddccabe58ca15c814ea066f72
335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c
GET /favicon.ico HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XRfcEmWIqf1vei6el4SvFkC9ZXSfMkyeOfKZw1fk5N1Wj%2F%2BYWSkCymCI7YjUaqhQOIFzQ1E%2B7ZzDK7m3ouVtp97%2FUadXYSjNxhn7QuzRrLyaoCUE%2Bbb5k8stvrTRK8YvZGiW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2e9f248fa9b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/APP-QSV6NW/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63160
104.21.75.139200 OK 105 kB URL GET HTTP/3 dbnyq.newsult.ru/APP-QSV6NW/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63160
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 105 kB (105369 bytes)
Hash 8e6b0f88563f9c33f78bce65cf287df7
ef7765cd2a7d64ed27dd7344702597aff6f8c397
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a
GET /APP-QSV6NW/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63160 HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Tue, 13 Jun 2023 06:33:03 GMT
last-modified: Tue, 30 May 2023 21:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glrVRxPcO8PjXwcFF7wUIS2tIcKqV4JjZBEogFEqhbMJ4%2FHcGYuOtYoxE960jrkE%2FhraV8zDnNnErhlnBGSl4c90t0jGLbG5vriC8WyCQuILLo1TXUKlvET8R6TSoIvA3BPb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f24cfffb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/ic/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63157
104.21.75.139200 OK 17 kB URL GET HTTP/3 dbnyq.newsult.ru/ic/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63157
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
GET /ic/644abda0df7b837c2a8ca0ddb114e5f9647ed31f63157 HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: image/x-icon
cache-control: public, max-age=604800
expires: Tue, 13 Jun 2023 06:33:03 GMT
last-modified: Tue, 30 May 2023 21:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ck1Ulx7f3qzSjg%2FBopWbL%2FiN%2BraCWYFC73CrOYV%2FSAgeR2P4RvVWQzJkRZgI9SQXy%2BKaN5H%2FN9AZURjT4ShnvKJF0vNxgY8z4ZHoS%2B%2Fu3ksmFhPnuSd1EeBL8RaFYHsXkGS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f26ea52b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/2
104.21.75.139200 OK 39 kB IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2 HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26R1NoX9TD2UQF1y2CUPgpJaG%2BuLq1HQTIo8h7IgPnEOz6q7s0UbmSKH7zoxbj8D08uOdzyZQ7mP8SFWCWiWEK8koScMha6mki%2FelXFdKKJlYpio1cuHuI5AZzXKtnsdcj7r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f242f07b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
aadcdn.msauthimages.net/c1c6b6c8-uvq10-v88-ktu0uetizrzna6kjlyg-c-8v1gnybhypo/logintenantbranding/0/illustration?ts=637062282632795109
152.199.23.72200 OK 130 kB URL GET HTTP/2 aadcdn.msauthimages.net/c1c6b6c8-uvq10-v88-ktu0uetizrzna6kjlyg-c-8v1gnybhypo/logintenantbranding/0/illustration?ts=637062282632795109
IP 152.199.23.72:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D
ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=24, height=2362, bps=0, compression=LZW, PhotometricIntepretation=CMYK, description=Portraits and scenes of Benteler Automotive on the premises of the Benteler Schwandorf facilities (main factory-focus on alumin, manufacturer=Canon, model=Canon EOS 5D Mark III, width=3543], baseline, precision 8, 850x567, components 3\012- data
Size 130 kB (130197 bytes)
Hash ba0ed1f5881102c469e590c34bc85712
81cc9c6235778995add31ef13e7f39b382b9884b
f0e2d6420e0141fb87960830757683dc3ea150930b6efbbb02ff0eb003e8f6c4
GET /c1c6b6c8-uvq10-v88-ktu0uetizrzna6kjlyg-c-8v1gnybhypo/logintenantbranding/0/illustration?ts=637062282632795109 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
age: 56195
cache-control: public, max-age=86400
content-md5: ug7R9YgRAsRp5ZDDS8hXEg==
content-type: image/*
date: Tue, 06 Jun 2023 06:33:04 GMT
etag: 0x8D74CC5506BEE48
last-modified: Wed, 09 Oct 2019 14:31:03 GMT
server: ECAcc (ska/F7BB)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 53df8dd2-a01e-0046-59bd-97f2a4000000
x-ms-version: 2009-09-19
content-length: 130197
X-Firefox-Spdy: h2
dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com
104.21.75.139403 Forbidden 8.1 kB URL User Request GET HTTP/2 dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com
IP 104.21.75.139:443
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8270), with no line terminators
Hash 2206ee9b8247664a29d3111ebc636e32
dd9de48b4cdb6fc9a01646096b065d224fcc9adc
f79fe242140e667004616a6700e7908fe3aa383485f333c949092cb8de72c7a0
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /Mgeoffrey.heinsen@benteler.com HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Tue, 06 Jun 2023 06:32:56 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBLCCuEB1mZ2e4u7xwd2RMcJX9OwN3lnpNWxh12KFfio2YortKYxIwy6E0%2FioL4KmIDoikoUv48mKxnuP08KpLPHIvPluAoaoIBH3eS%2FgeH4wI0KJykAj65Wiswc%2BWs2nNXj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2e9ef8eb1eb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
dbnyq.newsult.ru/jq/644abda0df7b837c2a8ca0ddb114e5f9647ed31f05879
104.21.75.139200 OK 86 kB URL GET HTTP/3 dbnyq.newsult.ru/jq/644abda0df7b837c2a8ca0ddb114e5f9647ed31f05879
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /jq/644abda0df7b837c2a8ca0ddb114e5f9647ed31f05879 HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Tue, 13 Jun 2023 06:33:03 GMT
last-modified: Tue, 30 May 2023 21:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S04po%2BrkZniRHcHHvvrsvmemLLXOfMysZIYQsX8w%2F8al%2FG6ZFlNaCp8i5bKoTf7QZibkmsW%2FuyOgW0saYfACCAPi553CjRocyrjm5HWhyGG4MuLwCz3%2B5CJ8qEFEecxOBvaF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f228d08b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dbnyq.newsult.ru/jm/644abda0df7b837c2a8ca0ddb114e5f9647ed31f05881
104.21.75.139200 OK 6.1 kB URL GET HTTP/3 dbnyq.newsult.ru/jm/644abda0df7b837c2a8ca0ddb114e5f9647ed31f05881
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type ASCII text, with very long lines (6175), with no line terminators
Hash 0b3cd9bfcbe6444742df90b00f63efc3
0c978b0541c9659215908034b6299f78135c935c
2065edfabc7924bff8e65b4b4ade30bb341d70ab350518bfbad98e1d4f35266f
GET /jm/644abda0df7b837c2a8ca0ddb114e5f9647ed31f05881 HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Tue, 13 Jun 2023 06:33:03 GMT
last-modified: Tue, 30 May 2023 21:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypkPY75IlmsSd49kuSjh5d2%2FY44f0WnguK1sHo%2BMm7u7uV3JCuxB4%2BAVmWKIPhzQX85KT%2F1E51JRK0vgNfiEQLZLrZuzV1oX7UVZ25eXDfBYX%2FD7R9hQk%2FN9ZzzrVfYLOBvA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f228d0bb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/axios/dist/axios.min.js
104.16.124.175302 Found 32 kB URL GET HTTP/2 unpkg.com/axios/dist/axios.min.js
IP 104.16.124.175:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H27PGE1FX0KKHQD9HXYDTEAT-fra
cf-cache-status: HIT
age: 31
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2e9f22aa0d1bfe-OSL
X-Firefox-Spdy: h2
dbnyq.newsult.ru/api-as1f?email=geoffrey.heinsen@benteler.com&data=logo
104.21.75.139200 OK 168 B URL GET HTTP/3 dbnyq.newsult.ru/api-as1f?email=geoffrey.heinsen@benteler.com&data=logo
IP 104.21.75.139:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash c13bacdfbf6f348068de7df1f7a520e6
57f3d507ff23fd1a72a7630ffc90b4dd227626cf
a4ec58bba89f3c2381a8c437ff70f3baa6aa4d2f77dc1a23f4465ee7d183825a
GET /api-as1f?email=geoffrey.heinsen@benteler.com&data=logo HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 06 Jun 2023 06:33:03 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPMMf3tQjEWZZ3JUSscvzwy6RA%2Brpa45oMZ32m0RZFcLo9iPFWgBWA49CjKpL2h4WkyOCOj3b%2BGPEzMPHAK0vNRaCsNCpeoIRQI0p4jsk%2FK0TjyHiBqCQYQdpcp45jjebe7h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f24cffcb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
aadcdn.msauthimages.net/c1c6b6c8-uvq10-v88-ktu0uetizrzna6kjlyg-c-8v1gnybhypo/logintenantbranding/0/bannerlogo?ts=636571487388174033
152.199.23.72200 OK 9.4 kB URL GET HTTP/2 aadcdn.msauthimages.net/c1c6b6c8-uvq10-v88-ktu0uetizrzna6kjlyg-c-8v1gnybhypo/logintenantbranding/0/bannerlogo?ts=636571487388174033
IP 152.199.23.72:443
Requested by https://dbnyq.newsult.ru/beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
Certificate IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D
ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT
File type PNG image data, 650 x 140, 8-bit/color RGBA, non-interlaced\012- data
Hash 02bb8f1c86938734c5a52e8dd11e86e8
3599c7f3f8c53303113596294cac013f6419e2f6
112e441f551c44a1de4ae16129c73666a70dca87f54e26d571d4f709cf565fac
GET /c1c6b6c8-uvq10-v88-ktu0uetizrzna6kjlyg-c-8v1gnybhypo/logintenantbranding/0/bannerlogo?ts=636571487388174033 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dbnyq.newsult.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
age: 56194
cache-control: public, max-age=86400
content-md5: AruPHIaThzTFpS6N0R6G6A==
content-type: image/*
date: Tue, 06 Jun 2023 06:33:03 GMT
etag: 0x8D58E65241886CF
last-modified: Tue, 20 Mar 2018 13:18:59 GMT
server: ECAcc (ska/F7A1)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: ac605f27-d01e-0060-78bd-976910000000
x-ms-version: 2009-09-19
content-length: 9429
X-Firefox-Spdy: h2
dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com
104.21.75.139302 Found 24 kB URL User Request POST HTTP/3 dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com
IP 104.21.75.139:443
Certificate IssuerGoogle Trust Services LLC
Subjectnewsult.ru
Fingerprint44:D0:36:53:40:7D:68:AB:79:26:AA:46:27:EF:0B:E7:4B:D9:06:D4
ValidityFri, 12 May 2023 12:28:02 GMT - Thu, 10 Aug 2023 12:28:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
POST /Mgeoffrey.heinsen@benteler.com HTTP/1.1
Host: dbnyq.newsult.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dbnyq.newsult.ru/Mgeoffrey.heinsen@benteler.com?__cf_chl_tk=hyMxrMda9cP6OE5WjPD1HJyJc_h0nh7DowflcZUCPBk-1686033176-0-gaNycGzNDWU
Content-Type: application/x-www-form-urlencoded
Content-Length: 3595
Origin: https://dbnyq.newsult.ru
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Tue, 06 Jun 2023 06:33:02 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae51647ed31eeb3faPASbeebb091955c06fa68b3eb8afc0bae51647ed31eeb3ff
set-cookie: cf_clearance=jxb4P8C4yI_C5n2J8biFuCywjomNr06UE00ZCBsYUX8-1686033176-0-160; path=/; expires=Wed, 05-Jun-24 06:33:02 GMT; domain=.newsult.ru; HttpOnly; Secure; SameSite=None
PHPSESSID=8661e29ff62a7f72ca42a78c3fe8066f; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oL333LOPIAWFEpMe6SXrXRIOyxQB6qhJwLX6nOVnb5iaeV9pFVvgWhiRTh%2BYLmAZ50VoFdwmje8Kg1Zh%2F3w2X099F%2BCZdiFtxtDjCtZywy0WpmABJIccqKR80pXm0%2FN%2FZ%2BvU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2e9f1f1fdeb4fa-OSL
alt-svc: h3=":443"; ma=86400