Report - teploholl.ru/qR/minima

Report Overview

Submitted URL
teploholl.ru/qR/minima
IP
185.25.51.74
ASN
#61272 Informacines sistemos ir technologijos, UAB
Submitted
2023-02-04 07:29:49
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
teploholl.ru	unknown	2021-02-03T16:40:52Z	2023-02-02T20:55:40Z	804 B	2.8 kB	185.25.51.74
avtonovocti.ru	unknown	2023-01-22T10:04:38Z	2023-02-03T16:45:06Z	14 kB	859 kB	88.119.169.114
sun9-54.userapi.com	44645	2019-08-08T06:37:56Z	2023-03-12T19:26:49Z	865 B	73 kB	87.240.185.157
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	57 kB	34.120.237.76
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.4 kB	2.8 kB	142.250.74.163
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	1.4 kB	72 kB	142.250.74.163
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	367 B	1.9 kB	104.18.21.226
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.70.68.230
sun9-22.userapi.com	44007	2018-12-06T07:25:20Z	2023-03-13T10:48:41Z	526 B	64 kB	93.186.227.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	teploholl.ru/qR/minima	Phishing
2023-02-04	medium	teploholl.ru/qR/minima	Phishing
2023-02-04	medium	avtonovocti.ru/game-vote/430790	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/js/jquery.js	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/fonts/Pe-icon-7-stroke.woff	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff2	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.ttf	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff2	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff	Phishing
2023-02-04	medium	avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	avtonovocti.ru/layouts/game-vote/js/jquery.js	96 kB	2023-03-07	2024-04-26
Pretty URL avtonovocti.ru/layouts/game-vote/js/jquery.js IP 88.119.169.114 ASN #61272 Informacines sistemos ir technologijos, UAB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-26 04:11:36 Times Seen10415 Hash 895323ed2f7258af4fae2c738c8aea49 276c87ff3e1e3155679c318938e74e5c1b76d809 ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8 Loading...

	avtonovocti.ru/game-vote/430790	112 B	2023-03-13	2023-08-03
Pretty URL avtonovocti.ru/game-vote/430790 IP 88.119.169.114 ASN #61272 Informacines sistemos ir technologijos, UAB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:31:51 Last Seen2023-08-03 08:24:08 Times Seen18 Hash 1708b146922e08da8d6610d8008e4982 78e09ca9913a18ae051dbb1663a8bbaf63df15aa f7e3685d0c755d0ddde81a7419f486900769a14f9024f7e44f33a95f004f5964 Loading...

HTTP Transactions (49)

URL IP Response Size

teploholl.ru/qR/minima

185.25.51.74

301 Moved Permanently

316 B

URL HTTP/1.1
teploholl.ru/qR/minima
IP
185.25.51.74:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
316 B (316 bytes)
Hash
d839fd143b9d6cf47bc34ed11940472a
fb6515797126d6c8836541c3cd0825d89ca634d5
83fc7aeeb09a7287ace83b9d08bc591fe7a449c6f912345650e9194a9ec8bfd4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /qR/minima HTTP/1.1
Host: teploholl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 07:29:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: https://teploholl.ru/qR/minima
Content-Length: 316
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8188
Expires: Sat, 04 Feb 2023 09:46:06 GMT
Date: Sat, 04 Feb 2023 07:29:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6017
Expires: Sat, 04 Feb 2023 09:09:55 GMT
Date: Sat, 04 Feb 2023 07:29:38 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 06:43:36 GMT
content-type: application/json
age: 2762
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7845
Expires: Sat, 04 Feb 2023 09:40:23 GMT
Date: Sat, 04 Feb 2023 07:29:38 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: nnUZLa38D175ozH3EuTALLMNzbT9k9fVA4FTco0WI02hdYCytZbDIWrnyKoa3ovZVei/r9ezWAU=
x-amz-request-id: 0D8S7RHKW8J7F6YY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 06:52:44 GMT
age: 2214
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 07:29:38 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3a9473ac9b97ce1ce66644dd9021aa35
80584dc292e28a20b92207d42401039a15cdd0e0
fd328a8b3a55fe55b834de20ef84922b66e097d83d6188c97a5e98759b7132b4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD328A8B3A55FE55B834DE20EF84922B66E097D83D6188C97A5E98759B7132B4"
Last-Modified: Thu, 02 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21510
Expires: Sat, 04 Feb 2023 13:28:08 GMT
Date: Sat, 04 Feb 2023 07:29:38 GMT
Connection: keep-alive

teploholl.ru/qR/minima

185.25.51.74

308 Permanent Redirect

1.9 kB

URL HTTP/1.1
teploholl.ru/qR/minima
IP
185.25.51.74:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.9 kB (1935 bytes)
Hash
f4e0133eaa69b92ee20f65238f374b71
2596a7f9de3f137fbf63951101437e12db6e4970
334c852eb591c19a74a77e8d7620b15e14d4fcf99c8de02788d46d28d500c3b5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /qR/minima HTTP/1.1
Host: teploholl.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 308 Permanent Redirect
Date: Sat, 04 Feb 2023 07:29:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: https://avtonovocti.ru/game-vote/430790
Content-Length: 1935
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 06:49:07 GMT
age: 2432
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d23ff988680bd5740412db6e3f3d4791
41a8f8d8365a7f7e1a31ff37e523cef9e48c66c9
2cfa0317b6dec72554552d89ca4326640b18c49ea52fb774fc826338519eace0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CFA0317B6DEC72554552D89CA4326640B18C49EA52FB774FC826338519EACE0"
Last-Modified: Fri, 03 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20418
Expires: Sat, 04 Feb 2023 13:09:57 GMT
Date: Sat, 04 Feb 2023 07:29:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6773
Expires: Sat, 04 Feb 2023 09:22:32 GMT
Date: Sat, 04 Feb 2023 07:29:39 GMT
Connection: keep-alive

avtonovocti.ru/game-vote/430790

88.119.169.114

200 OK

3.7 kB

URL HTTP/1.1
avtonovocti.ru/game-vote/430790
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (923)
Size
3.7 kB (3736 bytes)
Hash
59619fb70416e7c6de6fd8cb1eeee86c
1942eb3335f8f9e0b3a7b5b57967312f142b2e5d
9708fb9044318c5b5944ce545c5b54dce093b60fbc5d61256334684eea84a67f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /game-vote/430790 HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; expires=Sat, 04-Feb-2023 09:29:39 GMT; Max-Age=7200; path=/
laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D; expires=Sat, 04-Feb-2023 09:29:39 GMT; Max-Age=7200; path=/; httponly
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3736
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

avtonovocti.ru/layouts/game-vote/css/css.css

88.119.169.114

200 OK

494 B

URL HTTP/1.1
avtonovocti.ru/layouts/game-vote/css/css.css
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
ASCII text
Size
494 B (494 bytes)
Hash
12141710631ca8ca8e64d6a397a4e90d
3a22235f4160691b5a60c7d852eaa98f33cdf697
f76ef0578afe710583ddf4d9f571366cb5d9cbb673a95b01df64103b27134ce1

HTTP Headers

GET /layouts/game-vote/css/css.css HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/game-vote/430790
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 11 Nov 2022 20:19:14 GMT
ETag: "ec8-5ed379a84eb34-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 494
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

avtonovocti.ru/vk-login/vk-modal.css

88.119.169.114

200 OK

1.1 kB

URL HTTP/1.1
avtonovocti.ru/vk-login/vk-modal.css
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
ASCII text
Size
1.1 kB (1136 bytes)
Hash
9d1554ec1a181b74cda46418981252d5
db9274530bb4ab6e6bb2b7c57b3bf700a253665e
4d640e46bdc5579cd04ec396972934c24e9dd75c7ff686d853f76cb01a326eaa

HTTP Headers

GET /vk-login/vk-modal.css HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/game-vote/430790
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 11 Nov 2022 20:19:15 GMT
ETag: "d7d-5ed379a8da590-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1136
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

avtonovocti.ru/layouts/game-vote/js/jquery.js

88.119.169.114

200 OK

33 kB

URL HTTP/1.1
avtonovocti.ru/layouts/game-vote/js/jquery.js
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
ASCII text, with very long lines (32038)
Size
33 kB (33279 bytes)
Hash
46ed104a51da58b1f8bff2ecab0e898b
3f6098bfd567710a5a5897879b680743d32205ae
7a0cdbe39e6a65c613bdea979908ad28c97eb01c91d576f254fe46ec401c8fd1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/js/jquery.js HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/game-vote/430790
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 11 Nov 2022 20:19:14 GMT
ETag: "176d5-5ed379a850a73-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

avtonovocti.ru/layouts/game-vote/css/laapp.min.css

88.119.169.114

200 OK

110 kB

URL HTTP/1.1
avtonovocti.ru/layouts/game-vote/css/laapp.min.css
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
ASCII text, with very long lines (65536), with no line terminators
Size
110 kB (109819 bytes)
Hash
05f1b2dad64f141613d0905390de1da8
2aaa0f269fa91f55f7803c3ed6a192bc66c1dbc8
afb8f6e44d8108c0a6d57747cf161fba1845bd9cdff664815f5f33b38f5551fe

HTTP Headers

GET /layouts/game-vote/css/laapp.min.css HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/game-vote/430790
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 11 Nov 2022 20:19:14 GMT
ETag: "b09d4-5ed379a84fad3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

push.services.mozilla.com/

54.70.68.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.70.68.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: izq0aMv8VNcfODIT0bXF6A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tJrtazCXxTgH/LjmQO0NySXm8sA=

avtonovocti.ru/layouts/game-vote/img/3.png

88.119.169.114

200 OK

319 kB

URL HTTP/1.1
avtonovocti.ru/layouts/game-vote/img/3.png
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
PNG image data, 340 x 603, 8-bit/color RGBA, non-interlaced\012- data
Size
319 kB (318850 bytes)
Hash
96a627ccff4cba91544d7a6964dfb940
6983b468063ade20671679fdabefa4d34a5ecbfb
40057a3f6c7215bb8fb6f9cbbf8e9c647eebba3c8c108ad3a5557985f04d3a52

HTTP Headers

GET /layouts/game-vote/img/3.png HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/game-vote/430790
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 11 Nov 2022 20:19:14 GMT
ETag: "4dd82-5ed379a850a73"
Accept-Ranges: bytes
Content-Length: 318850
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

avtonovocti.ru/layouts/game-vote/fonts/Pe-icon-7-stroke.woff

88.119.169.114

200 OK

59 kB

URL HTTP/1.1
avtonovocti.ru/layouts/game-vote/fonts/Pe-icon-7-stroke.woff
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
Web Open Font Format, TrueType, length 58556, version 1.0\012- data
Size
59 kB (58556 bytes)
Hash
b38ef310874bdd008ac14ef3db939032
7e544bb11b7655998db6f324c612f7ffbf0ab66e
6fb4217048f333e23e0fd0ba2ab05e05fd7500f86a5a80a7cf04a2f94b257bec

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/fonts/Pe-icon-7-stroke.woff HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://avtonovocti.ru/layouts/game-vote/css/laapp.min.css
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 11 Nov 2022 20:19:14 GMT
ETag: "e4bc-5ed379a850a73"
Accept-Ranges: bytes
Content-Length: 58556
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff

avtonovocti.ru/layouts/game-vote/img/6.png

88.119.169.114

200 OK

319 kB

URL HTTP/1.1
avtonovocti.ru/layouts/game-vote/img/6.png
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
PNG image data, 340 x 603, 8-bit/color RGBA, non-interlaced\012- data
Size
319 kB (318850 bytes)
Hash
96a627ccff4cba91544d7a6964dfb940
6983b468063ade20671679fdabefa4d34a5ecbfb
40057a3f6c7215bb8fb6f9cbbf8e9c647eebba3c8c108ad3a5557985f04d3a52

HTTP Headers

GET /layouts/game-vote/img/6.png HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/game-vote/430790
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 11 Nov 2022 20:19:14 GMT
ETag: "4dd82-5ed379a850a73"
Accept-Ranges: bytes
Content-Length: 318850
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 07:29:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 07:29:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 07:29:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ.woff2

142.250.74.163

200 OK

23 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 22992, version 1.0\012- data
Size
23 kB (22992 bytes)
Hash
1efbd38aa76ddae2580fedf378276333
8a49976f2470ba2a1db6144245355d3b889312e4
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

HTTP Headers

GET /s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avtonovocti.ru
Connection: keep-alive
Referer: https://avtonovocti.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22992
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 21:48:50 GMT
expires: Thu, 01 Feb 2024 21:48:50 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Jul 2019 03:45:49 GMT
content-type: font/woff2
age: 207649
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff2

88.119.169.114

404 Not Found

1.6 kB

URL HTTP/1.0
avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff2
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1552 bytes)
Hash
47172e62787300b279ae2e1d21763c81
8bc8206ab37105da07312f4d39d8e57cc9763e00
258682bcb3d7d927aaf47bfe1c01788db1f0cda4bf2240001e5e7408a6f559ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/fonts/fa-solid-900.woff2 HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://avtonovocti.ru/layouts/game-vote/css/laapp.min.css
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.0 404 Not Found
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Content-Length: 1552
Connection: close
Content-Type: text/html; charset=UTF-8

fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh7USSwiPGQ.woff2

142.250.74.163

200 OK

23 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23248, version 1.0\012- data
Size
23 kB (23248 bytes)
Hash
98d8cf792834c0bef59c2be99dc3533d
f48e6d698147781b82f573a71f904355274015cd
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a

HTTP Headers

GET /s/lato/v16/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avtonovocti.ru
Connection: keep-alive
Referer: https://avtonovocti.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 18:45:51 GMT
expires: Fri, 02 Feb 2024 18:45:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Jul 2019 03:45:42 GMT
content-type: font/woff2
age: 132228
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.163

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23484, version 1.0\012- data
Size
24 kB (23484 bytes)
Hash
b4d2c4c39853ee244272c04999b230ba
c82e22dde9716c40ba20e6c7ed03a1b66556de15
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

HTTP Headers

GET /s/lato/v16/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://avtonovocti.ru
Connection: keep-alive
Referer: https://avtonovocti.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23484
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 01:03:28 GMT
expires: Sun, 04 Feb 2024 01:03:28 GMT
cache-control: public, max-age=31536000
age: 23171
last-modified: Tue, 23 Jul 2019 03:45:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 07:29:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff

88.119.169.114

404 Not Found

1.6 kB

URL HTTP/1.0
avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1552 bytes)
Hash
47172e62787300b279ae2e1d21763c81
8bc8206ab37105da07312f4d39d8e57cc9763e00
258682bcb3d7d927aaf47bfe1c01788db1f0cda4bf2240001e5e7408a6f559ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/fonts/fa-solid-900.woff HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://avtonovocti.ru/layouts/game-vote/css/laapp.min.css
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.0 404 Not Found
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Content-Length: 1552
Connection: close
Content-Type: text/html; charset=UTF-8

avtonovocti.ru/layouts/game-vote/img/6/favicon.png

88.119.169.114

404 Not Found

277 B

URL HTTP/1.1
avtonovocti.ru/layouts/game-vote/img/6/favicon.png
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
277 B (277 bytes)
Hash
932f261ce091a52bb8e1537a5c95a2e3
7a1c8a1f7bac5513700d6236eb729440606a5289
8ffd1e940d816da8efb9acdd43f257fb18ed7ee8ea4367b7306e94dd66c0a78c

HTTP Headers

GET /layouts/game-vote/img/6/favicon.png HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/game-vote/430790
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 277
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.ttf

88.119.169.114

404 Not Found

1.6 kB

URL HTTP/1.0
avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.ttf
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1552 bytes)
Hash
47172e62787300b279ae2e1d21763c81
8bc8206ab37105da07312f4d39d8e57cc9763e00
258682bcb3d7d927aaf47bfe1c01788db1f0cda4bf2240001e5e7408a6f559ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/fonts/fa-solid-900.ttf HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/layouts/game-vote/css/laapp.min.css
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.0 404 Not Found
Date: Sat, 04 Feb 2023 07:29:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Content-Length: 1552
Connection: close
Content-Type: text/html; charset=UTF-8

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
aa4e91f46bac1d35afbfa7e8e8439a8f
cf330b721b42f114b932d5da6df277a04ed35c74
d0dd459e7de0af1849ca43c0c601fbfdd58b457874e2449b75deb34e4a50795b

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 07:29:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 05:11:44 GMT
ETag: "cf330b721b42f114b932d5da6df277a04ed35c74"
Last-Modified: Sat, 04 Feb 2023 05:11:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1058
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941b250ce5fb4f7-OSL

sun9-22.userapi.com/s/v1/ig2/ZkCl2PzgZxDmFiYHJYntOvOSWyUdu-I1Lo3dNKd7d5mN3Ff_JG2IuYdSR7KEcr3yoyYhbCooyFpBNrgTY-MjFbM2.jpg?size=384x384&quality=95&crop=199,36,384,384&ava=1

93.186.227.133

200 OK

63 kB

URL HTTP/2
sun9-22.userapi.com/s/v1/ig2/ZkCl2PzgZxDmFiYHJYntOvOSWyUdu-I1Lo3dNKd7d5mN3Ff_JG2IuYdSR7KEcr3yoyYhbCooyFpBNrgTY-MjFbM2.jpg?size=384x384&quality=95&crop=199,36,384,384&ava=1
IP
93.186.227.133:0
ASN
#47541 VKontakte Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 384x384, components 3\012- data
Size
63 kB (63417 bytes)
Hash
b85365642982f9c4f7b49e0f09e69ee0
d3af15fbfb202582707675492c9f92086cb5a55a
e944bb6b0d7ec84e08e14f3af966b6be66eba1501f3bee706904994247d65ebd

HTTP Headers

GET /s/v1/ig2/ZkCl2PzgZxDmFiYHJYntOvOSWyUdu-I1Lo3dNKd7d5mN3Ff_JG2IuYdSR7KEcr3yoyYhbCooyFpBNrgTY-MjFbM2.jpg?size=384x384&quality=95&crop=199,36,384,384&ava=1 HTTP/1.1
Host: sun9-22.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 07:29:39 GMT
content-type: image/jpeg
content-length: 63417
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
x-imp: 825002
expires: Mon, 06 Mar 2023 07:29:39 GMT
cache-control: max-age=2592000
x-frontend: front504112
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2

avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff2

88.119.169.114

404 Not Found

1.6 kB

URL HTTP/1.0
avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff2
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1552 bytes)
Hash
47172e62787300b279ae2e1d21763c81
8bc8206ab37105da07312f4d39d8e57cc9763e00
258682bcb3d7d927aaf47bfe1c01788db1f0cda4bf2240001e5e7408a6f559ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/fonts/fa-solid-900.woff2 HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://avtonovocti.ru/layouts/game-vote/css/laapp.min.css
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.0 404 Not Found
Date: Sat, 04 Feb 2023 07:29:40 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Content-Length: 1552
Connection: close
Content-Type: text/html; charset=UTF-8

avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff

88.119.169.114

404 Not Found

1.6 kB

URL HTTP/1.0
avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.woff
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1552 bytes)
Hash
47172e62787300b279ae2e1d21763c81
8bc8206ab37105da07312f4d39d8e57cc9763e00
258682bcb3d7d927aaf47bfe1c01788db1f0cda4bf2240001e5e7408a6f559ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/fonts/fa-solid-900.woff HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://avtonovocti.ru/layouts/game-vote/css/laapp.min.css
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.0 404 Not Found
Date: Sat, 04 Feb 2023 07:29:40 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Content-Length: 1552
Connection: close
Content-Type: text/html; charset=UTF-8

avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.ttf

88.119.169.114

404 Not Found

1.6 kB

URL HTTP/1.0
avtonovocti.ru/layouts/game-vote/fonts/fa-solid-900.ttf
IP
88.119.169.114:0
ASN
#61272 Informacines sistemos ir technologijos, UAB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1552 bytes)
Hash
47172e62787300b279ae2e1d21763c81
8bc8206ab37105da07312f4d39d8e57cc9763e00
258682bcb3d7d927aaf47bfe1c01788db1f0cda4bf2240001e5e7408a6f559ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /layouts/game-vote/fonts/fa-solid-900.ttf HTTP/1.1
Host: avtonovocti.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/layouts/game-vote/css/laapp.min.css
Cookie: XSRF-TOKEN=eyJpdiI6InlWRTZ3Q05NSDFDVEZYZ1BaQVNrK0E9PSIsInZhbHVlIjoidlJ2UlVOZW5oVlF0U0U4ZE9XXC9FeUFSNVpwR0JyQld2RzZYaUl1ZlhuXC9CekdDM2kxTEdab3A1WTRSSDBZSHpnIiwibWFjIjoiZDRlMTVlNWE3NWQ5ZGZmMmQ0YjdmZGVkMjgxOGFmOTViY2MyYjgyMTMxNWI1NTU2NzZiMTQyYTUyY2Y5MDgwMiJ9; laravel_session=eyJpdiI6IlFpU2U2TnpYaXkwUXllcDdvVVQ0Unc9PSIsInZhbHVlIjoiZ1JZMXR3cVJsMlNtMXI1Z0JZM2NTUDYrblBRb3FRa1RPaGdRSDVaQ290bzh0d0c1NDM4UjNaalBrUjlCbitpUiIsIm1hYyI6ImFhODZlYjY0ZmMzMzZlODM3YmFhOGNjNjhjNDI4Mjk2ODM3YTU5N2JlODMyNjUzM2EzMjNjYjQyYTViNTQ4NDEifQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.0 404 Not Found
Date: Sat, 04 Feb 2023 07:29:40 GMT
Server: Apache/2.4.41 (Ubuntu)
Cache-Control: no-cache, private
Content-Length: 1552
Connection: close
Content-Type: text/html; charset=UTF-8

sun9-54.userapi.com/z246O11fVxcL5fbKmDjHTQAgH8ok7-fej5w7kw/GCEXL17glEU.jpg

87.240.185.157

200 OK

72 kB

URL HTTP/2
sun9-54.userapi.com/z246O11fVxcL5fbKmDjHTQAgH8ok7-fej5w7kw/GCEXL17glEU.jpg
IP
87.240.185.157:0
ASN
#47541 VKontakte Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 400x600, components 3\012- data
Size
72 kB (72187 bytes)
Hash
1daab7219a15a92c3bbd174fdaf1dced
f81879bae4b6f9914807ffec63e617bb17d3d8f1
2f0bf864f5ee625f8a982b520b9a612924fc0761ce543adb2ed77133716e0a4b

HTTP Headers

GET /z246O11fVxcL5fbKmDjHTQAgH8ok7-fej5w7kw/GCEXL17glEU.jpg HTTP/1.1
Host: sun9-54.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avtonovocti.ru/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: kittenx
date: Sat, 04 Feb 2023 07:29:40 GMT
content-type: image/jpeg
content-length: 72187
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 41863a6a-64cc-4fbd-9748-df6e51837ff2
expires: Mon, 06 Mar 2023 07:29:40 GMT
cache-control: max-age=2592000
x-frontend: front221005
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Sat, 04 Feb 2023 09:33:41 GMT
Date: Sat, 04 Feb 2023 07:29:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Sat, 04 Feb 2023 09:33:41 GMT
Date: Sat, 04 Feb 2023 07:29:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Sat, 04 Feb 2023 09:33:41 GMT
Date: Sat, 04 Feb 2023 07:29:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Sat, 04 Feb 2023 09:33:41 GMT
Date: Sat, 04 Feb 2023 07:29:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8352 bytes)
Hash
28099f5ad8a27e5a49a0d1c842486329
d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd
1d798d35ceae594d86fa43aa0ef47b962c52bb1557e17dda9b294bd01f374b3a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8352
x-amzn-requestid: 80032cef-14cd-4f56-9830-8c74891ed00f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEqQFDJIAMFspQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8174-6d3310287fc74bb27e9b038a;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:49:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: byr2TaC2xnnUl56r2iGKZI0o8Ctsv0iy42h_F7-ezKpEijaH9rr5EQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:12:53 GMT
etag: "d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd"
content-type: image/jpeg
age: 33407
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9141 bytes)
Hash
f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: aKr85ooofBPeKkeJIDO5W_X5Rn6xnJlRHmVrs8tgBMYe3HQhobsm3w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:56:07 GMT
age: 34413
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:44 GMT
age: 33836
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8267 bytes)
Hash
99bf0073acf75f9e04b52a96bf47797b
fa68da2c92fa89ed3dafe9915e064fca022af21f
961b77616486483e5767f214d2417275b9c995614128acab3521b6cd2f8866e2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8267
x-amzn-requestid: 8bf1f9c3-4508-489e-9f45-3ce50df74b0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEW0HM6IAMFXog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd80f8-2e7c768d54981cf1634830db;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:47:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ThTL_OlFd4yMELCmSzH4ziqxa8gdYgAAbxLY9VZPVaIldOUkvFVF_Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:12:43 GMT
age: 33417
etag: "fa68da2c92fa89ed3dafe9915e064fca022af21f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 06:20:04 GMT
age: 4176
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:00:26 GMT
age: 34154
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

sun9-54.userapi.com/c852236/v852236285/12c2b0/F7ry_A0SwQc.jpg?ava=1

87.240.185.157

301 Moved Permanently

0 B

URL HTTP/2
sun9-54.userapi.com/c852236/v852236285/12c2b0/F7ry_A0SwQc.jpg?ava=1
IP
87.240.185.157:0
ASN
#47541 VKontakte Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c852236/v852236285/12c2b0/F7ry_A0SwQc.jpg?ava=1 HTTP/1.1
Host: sun9-54.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://avtonovocti.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: kittenx
date: Sat, 04 Feb 2023 07:29:40 GMT
content-type: image/jpeg
location: /z246O11fVxcL5fbKmDjHTQAgH8ok7-fej5w7kw/GCEXL17glEU.jpg
expires: Mon, 06 Mar 2023 07:29:40 GMT
cache-control: max-age=2592000
x-frontend: front221005
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (49)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN