Report - xn--31-mlcaxniu6i.xn--p1ai/include/mainpage/uymkjp.php?rg=epox

Report Overview

Visited public
2025-03-28 02:17:51
Tags
Submit Tags
URL
xn--31-mlcaxniu6i.xn--p1ai/include/mainpage/uymkjp.php?rg=epox
Finishing URL
www.smoffrs.ru/s/42cf1c2250951
IP / ASN
92.53.96.165
#9123 TimeWeb Ltd.
Title
The most popular dating site this month

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xn--31-mlcaxniu6i.xn--p1ai	unknown	unknown	2025-03-27	2025-03-27	530 B	240 B	92.53.96.165
openfpcdn.io	238589	2021-11-10	2021-11-11	2025-03-26	434 B	16 kB	108.157.229.67
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-26	527 B	24 kB	142.250.74.35
www.smoffrs.ru	unknown	2025-03-21	2025-03-27	2025-03-27	17 kB	375 kB	81.30.157.12
grayvsgray.pw	unknown	2025-03-06	2025-03-06	2025-03-27	915 B	2.7 kB	88.214.27.56
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-26	445 B	2.2 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-28 02:17:29	low	Client IP	108.157.229.67	ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-28	medium	smoffrs.ru	Sinkholed
2025-03-28	medium	smoffrs.ru	Sinkholed
2025-03-28	medium	smoffrs.ru	Sinkholed
2025-03-28	medium	grayvsgray.pw	Sinkholed
2025-03-28	medium	smoffrs.ru	Sinkholed
2025-03-28	medium	grayvsgray.pw	Sinkholed
2025-03-28	medium	smoffrs.ru	Sinkholed
2025-03-28	medium	smoffrs.ru	Sinkholed
2025-03-28	medium	smoffrs.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	grayvsgray.pw/	ScriptElement	1.3 kB	2025-03-23	2025-05-28
Pretty URL grayvsgray.pw/ IP 88.214.27.56 ASN #209272 Alviva Holding Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-23 11:51 Last Seen2025-05-28 06:14 Times Seen46 Hash 3c62b6cbfdb7e0938762a5e18a97e396 6350481336db4eb1af55deb8990beb36bc203f92 37aaa4e6507ff472dc5f938c89e8c8608cc765084852061abc856dd8b76cf33d Loading...

	www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/js.js	ScriptElement	151 B	2023-08-06	2025-06-27
Pretty URL www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/js.js IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-06 21:26 Last Seen2025-06-27 13:52 Times Seen12 Hash e46de74d1bdfda878c542f3eafd6430f 04174b7fcb23a76f5fe923e2e565a81652569402 54bad1d3ee7350421b67a4fdfd7f5e16e0fae60748ad0308ba0b78f745c50595 Loading...

	www.smoffrs.ru/s/42cf1c2250951	ScriptElement	74 B	2024-12-01	2025-06-10
Pretty URL www.smoffrs.ru/s/42cf1c2250951 IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-01 03:43 Last Seen2025-06-10 12:49 Times Seen105 Hash 98a034ed0a7d7378713feeb627919452 3026bc38061892f142d97363723441c2493c0017 a200246eb668b3409235457012882e14221fbd3b261c7b1d4377f5a987c1d31d Loading...

	www.smoffrs.ru/s/42cf1c2250951	ScriptElement	295 B	2024-11-10	2025-05-21
Pretty URL www.smoffrs.ru/s/42cf1c2250951 IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-10 04:50 Last Seen2025-05-21 06:21 Times Seen472 Hash f398ac5936744ce386a8e0e367b60de4 a188acd27aebe524f01b1d1c2e58e685c3cb5079 b1d8b9662c2eabddbe07915ca9c666282e62b10589c85ed60540a972829ba04e Loading...

	www.smoffrs.ru/s/42cf1c2250951	ScriptElement	31 kB	2023-03-07	2025-06-27
Pretty URL www.smoffrs.ru/s/42cf1c2250951 IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2025-06-27 13:52 Times Seen1506 Hash e7d6b85edb141824af8951e19333337c 76600b2cb1978ca24d9fe39b1412f052da855ddb 6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e Loading...

	www.smoffrs.ru/s/42cf1c2250951	ScriptElement	6.8 kB	2024-11-10	2025-05-21
Pretty URL www.smoffrs.ru/s/42cf1c2250951 IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-10 04:50 Last Seen2025-05-21 06:21 Times Seen400 Hash 7c26f90e12f24cf6ece53d5765907698 daf46fc6d5f6c6b8e99d8aeb4fd376c2a1d38958 996038c06f2a6a19769c542696d0427f08a621fe8b0a326fd0f388f44fd0d70f Loading...

	openfpcdn.io/botd/v1	ScriptElement	15 kB	2024-04-04	2025-06-27
Pretty URL openfpcdn.io/botd/v1 IP 108.157.229.67 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 09:37 Last Seen2025-06-27 23:19 Times Seen1311 Hash 234a8c1c15df9b03c65e9e14c82fc872 e5ca36727846aede7dfbc07e88b2b025eb0cae90 29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89 Loading...

	www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/jquery-3.2.1.min.js	ScriptElement	0 B	0001-01-01	2025-06-28
Pretty URL www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/jquery-3.2.1.min.js IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-28 03:05 Times Seen5170345 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.smoffrs.ru/s/42cf1c2250951	ScriptElement	1.1 kB	2024-12-01	2025-06-06
Pretty URL www.smoffrs.ru/s/42cf1c2250951 IP 81.30.157.12 ASN #24961 WIIT AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-01 03:43 Last Seen2025-06-06 15:12 Times Seen95 Hash 4f7a49cff1ca356661c77d233028e285 c563076612f6143941929e12fa38c13e90ce879b a1428e7f50bf1a9248e8b1789f307349673c07f7e8eedfdae2cbdf750d824f9e Loading...

HTTP Transactions (13)

URL IP Response Size

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.35

200 OK

24 kB

URL GET
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.smoffrs.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Mar 2025 09:14:50 GMT
expires: Fri, 27 Mar 2026 09:14:50 GMT
cache-control: public, max-age=31536000
age: 61362
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/js.js

81.30.157.12

200 OK

151 B

URL GET
www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/js.js
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerLet's Encrypt
Subjectsmoffrs.ru
Fingerprint18:23:26:08:0D:D9:5D:F3:99:DA:F0:4F:A5:63:AB:85:21:34:9B:36
ValidityFri, 21 Mar 2025 16:35:12 GMT - Thu, 19 Jun 2025 16:35:11 GMT

File type
JavaScript source, ASCII text, with no line terminators
Size
151 B (151 bytes)
Hash
7d8a4de33c523490a33fab50a31a3df1
2bb0bdc0eb97f93bb0fbb1a5430bce8c8cfbb789
03a3722f034258658b9c8041d26b24ac5264991bc02edfc921e60b884f0a0413

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/trafee/prelands/43/assets/js/js.js HTTP/1.1
Host: www.smoffrs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.smoffrs.ru/s/42cf1c2250951
Cookie: s=Kan1qKjmfpycYJmLumAQX52KWudBhGzoMxayVSKb8caGUFTzJRUhqgY%2FOGI03wxf07ENJV1dIXCBsfUKvAf0fSB%2BLvYRH%2BMr%2FTdQAmRnYdMztdA5xsumdcTUeGRlIxktO4PvwPxthJvwAHoRJ2PV74tQkV2e2BfGYXhARts1fWjzTLIRhnUqmDLV%2BaGdko2QKqvTRTrR2Bak0KuFHd7wc6xmtYur01Mm7gdmT1yu71p8nv1e5XotrpNZ9uGWVaAZ0VqkcvMETQjrBF8KMBShv6M4Znm3XXzKnU1VG%2F0D0YUrmUrtUyciUypzMlwGXDy01MUa22V3XE5qycBYQ4s%2FevmloY5GDN4OBPPIOtRI8kRRT0cxtkgwHMarubOTcSqqYB595%2BAfBn6j45ArJFuK%2B0GgNlvTiMZxFlW9HjlFk1fSnDb2p9IMQ74UKBf6QEM3uamYDyRl%2BRuz37cpVKMrqUXVsWIAjDO9oie1IrcnIhZBOMrltLqDdKCijp2qDCS9T9H3ud%2Fptz8yM%2FDTk9PVM7hSL23byHsZtkusJF9yopd2x9tfbii%2BvYzSw12Bvj7WiC8bdTFJuz%2BSfdSBgIBcBTcMmTAoHLi5ERBkLK0qGSOCe4kEwdqIqB%2FVnuKx2rQOoCCQM83kWnMywLSr0QSSdhC560BPTz%2B6JzP%2FExuafjYrb3z5FuAQyr6QtqGPEmDP3Wt4G5Q2%2F6Hx7HrnDAEMOOH2DSyIBtv81hupXwy98gbJFHmSvSc%2FfbCNFgpZb5QZpqlfNsy1Bb2xQl0akQQn1Ll2KvAxxg6NLgWTvytOFywyRvxen9FFbKQig1iHkZfLCf4XaMnZmqgsBOtNONrN4frxkazjULH%2Bfgvd0SRiCFbSfIQ6hy9ygX2yC4cVfjUU5oiQwOsO8DLaPGCkhUCyQnUp6KQkQru1YSP7w1X7Go4uiq9P6pHEM1AYZsM2hrkZ%2FeVY7pXSl9VeSYOtMeIScvlQW%2B6j1z3tMl8r51FLnQVHA1BxFuavsp4m5TwZo%2BQ1WCXr0GZEgn6ZbuXclckVcWsuhm6McwnUcxkuCLeAwJEDj39gqGNPhgDqHxxwLRlXN3k2XsRHzOrDbUEP0ugiNxZqxyJ2%2FScyK8C0vO2gX3lce6aU%2FcQL8KUDEfGkrWs1cOV20y6NNnKh%2FrgzJDcOFkDVJcCpx2sxlRIgwzBGor1yt9SM0dIWznoD%2FsaqTBsz6BiSrm38cqmmN0wig%2F82Qvs50TSppsw1l5bPkJnEE9Aoim1chf7WwOT38M1PpNSFmsE9SRnmu%2FB%2Fy6cLB%2Fc9tvBHLg1%2BJMeM83nrL29l%2BG1X%2F4TmXhpusg3LAE1By6gCYVKTnqP2blz6QxyDa0b2imEOWZOH8Jz7DQrflCbcjPal6qGO8sE4JCuDmz8Uxqj9u2Gf%2FgwpekQ5UZFPaOXsg78Vv13gJIzV%2BIS66ob43QpXgBDm4oLX1cXvKXHHFw223I1aWSqZ1sM3g44BlZ29b4L7Op5yPX54BqLiIEJfYXt1uw69DZnygXPYYH%2Fli7kx44lsWBMiJZEfTYmlNLoz%2BCbl3%2B8zlPheHqJeqvX1y1f9QM%2BieCZB5%2Bjpv6N6vGWgYrRPVBNT9IR7BQAFBBSiajXRnZyoKw%2BKn6OcHoE80JDILdkodeFh93MbbHAQ1IGnEKEBKoDZOYGrZyYQ1dJlYYMXKD%2BOR2tGMdGCMEQnyRblbRSh7WDPvDBOuzV9FYCsvMRNEGOTc0HT%2FnkbFhTdnWyAt11gQiWFm2WNZHdUlOjrFY0GfYWyh6NZHjQ59CliRQ%2F5Bo6MAcpFpE4%2BJIyr%2F1VSR1c37hfCpiJZml88LAuFym0jkW3mvFO4KhZo5%2FRRGn5yxQlAjF8BhDmV7K9vKga11tLlsUIn1GVx4saum01kYoMjNkefdXGfUJyfWdBKF9iLpjbQf1QU00N2qM5Dvy6GK6wjWuHSMDdz4WMO9pai%2Fzo3xA1mZ7%2Fm9j1%2F06MLmcpPUwEo9MjYS5cZYj5hK9rd3uiSytqQ2GyGjc4Aqmr7e3hEoTejBdHJfmcmN2SdBHSoz%2BTisOrZkdDsD77mmf%2FX2Squ1g%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Fri, 28 Mar 2025 02:17:31 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=86400, public
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.smoffrs.ru/bundle/trafee/prelands/43/assets/img/u1.jpg

81.30.157.12

200 OK

33 kB

URL GET
www.smoffrs.ru/bundle/trafee/prelands/43/assets/img/u1.jpg
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerLet's Encrypt
Subjectsmoffrs.ru
Fingerprint18:23:26:08:0D:D9:5D:F3:99:DA:F0:4F:A5:63:AB:85:21:34:9B:36
ValidityFri, 21 Mar 2025 16:35:12 GMT - Thu, 19 Jun 2025 16:35:11 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x667, components 3
Size
33 kB (32612 bytes)
Hash
5d1b17315ed808bd0f8d82ddfb28e590
eb8d1da39d8a7c09d24609e79abf75478a4ffbd3
884a7432cad6a5c960352e970a53f7c17a8208eced5f58c43f727f0bed806176

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/trafee/prelands/43/assets/img/u1.jpg HTTP/1.1
Host: www.smoffrs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.smoffrs.ru/bundle/trafee/prelands/43/assets/css/style.css
Cookie: s=Kan1qKjmfpycYJmLumAQX52KWudBhGzoMxayVSKb8caGUFTzJRUhqgY%2FOGI03wxf07ENJV1dIXCBsfUKvAf0fSB%2BLvYRH%2BMr%2FTdQAmRnYdMztdA5xsumdcTUeGRlIxktO4PvwPxthJvwAHoRJ2PV74tQkV2e2BfGYXhARts1fWjzTLIRhnUqmDLV%2BaGdko2QKqvTRTrR2Bak0KuFHd7wc6xmtYur01Mm7gdmT1yu71p8nv1e5XotrpNZ9uGWVaAZ0VqkcvMETQjrBF8KMBShv6M4Znm3XXzKnU1VG%2F0D0YUrmUrtUyciUypzMlwGXDy01MUa22V3XE5qycBYQ4s%2FevmloY5GDN4OBPPIOtRI8kRRT0cxtkgwHMarubOTcSqqYB595%2BAfBn6j45ArJFuK%2B0GgNlvTiMZxFlW9HjlFk1fSnDb2p9IMQ74UKBf6QEM3uamYDyRl%2BRuz37cpVKMrqUXVsWIAjDO9oie1IrcnIhZBOMrltLqDdKCijp2qDCS9T9H3ud%2Fptz8yM%2FDTk9PVM7hSL23byHsZtkusJF9yopd2x9tfbii%2BvYzSw12Bvj7WiC8bdTFJuz%2BSfdSBgIBcBTcMmTAoHLi5ERBkLK0qGSOCe4kEwdqIqB%2FVnuKx2rQOoCCQM83kWnMywLSr0QSSdhC560BPTz%2B6JzP%2FExuafjYrb3z5FuAQyr6QtqGPEmDP3Wt4G5Q2%2F6Hx7HrnDAEMOOH2DSyIBtv81hupXwy98gbJFHmSvSc%2FfbCNFgpZb5QZpqlfNsy1Bb2xQl0akQQn1Ll2KvAxxg6NLgWTvytOFywyRvxen9FFbKQig1iHkZfLCf4XaMnZmqgsBOtNONrN4frxkazjULH%2Bfgvd0SRiCFbSfIQ6hy9ygX2yC4cVfjUU5oiQwOsO8DLaPGCkhUCyQnUp6KQkQru1YSP7w1X7Go4uiq9P6pHEM1AYZsM2hrkZ%2FeVY7pXSl9VeSYOtMeIScvlQW%2B6j1z3tMl8r51FLnQVHA1BxFuavsp4m5TwZo%2BQ1WCXr0GZEgn6ZbuXclckVcWsuhm6McwnUcxkuCLeAwJEDj39gqGNPhgDqHxxwLRlXN3k2XsRHzOrDbUEP0ugiNxZqxyJ2%2FScyK8C0vO2gX3lce6aU%2FcQL8KUDEfGkrWs1cOV20y6NNnKh%2FrgzJDcOFkDVJcCpx2sxlRIgwzBGor1yt9SM0dIWznoD%2FsaqTBsz6BiSrm38cqmmN0wig%2F82Qvs50TSppsw1l5bPkJnEE9Aoim1chf7WwOT38M1PpNSFmsE9SRnmu%2FB%2Fy6cLB%2Fc9tvBHLg1%2BJMeM83nrL29l%2BG1X%2F4TmXhpusg3LAE1By6gCYVKTnqP2blz6QxyDa0b2imEOWZOH8Jz7DQrflCbcjPal6qGO8sE4JCuDmz8Uxqj9u2Gf%2FgwpekQ5UZFPaOXsg78Vv13gJIzV%2BIS66ob43QpXgBDm4oLX1cXvKXHHFw223I1aWSqZ1sM3g44BlZ29b4L7Op5yPX54BqLiIEJfYXt1uw69DZnygXPYYH%2Fli7kx44lsWBMiJZEfTYmlNLoz%2BCbl3%2B8zlPheHqJeqvX1y1f9QM%2BieCZB5%2Bjpv6N6vGWgYrRPVBNT9IR7BQAFBBSiajXRnZyoKw%2BKn6OcHoE80JDILdkodeFh93MbbHAQ1IGnEKEBKoDZOYGrZyYQ1dJlYYMXKD%2BOR2tGMdGCMEQnyRblbRSh7WDPvDBOuzV9FYCsvMRNEGOTc0HT%2FnkbFhTdnWyAt11gQiWFm2WNZHdUlOjrFY0GfYWyh6NZHjQ59CliRQ%2F5Bo6MAcpFpE4%2BJIyr%2F1VSR1c37hfCpiJZml88LAuFym0jkW3mvFO4KhZo5%2FRRGn5yxQlAjF8BhDmV7K9vKga11tLlsUIn1GVx4saum01kYoMjNkefdXGfUJyfWdBKF9iLpjbQf1QU00N2qM5Dvy6GK6wjWuHSMDdz4WMO9pai%2Fzo3xA1mZ7%2Fm9j1%2F06MLmcpPUwEo9MjYS5cZYj5hK9rd3uiSytqQ2GyGjc4Aqmr7e3hEoTejBdHJfmcmN2SdBHSoz%2BTisOrZkdDsD77mmf%2FX2Squ1g%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Fri, 28 Mar 2025 02:17:32 GMT
content-type: image/jpeg
cache-control: max-age=86400, public
X-Firefox-Spdy: h2

GET www.smoffrs.ru/bundle/trafee/prelands/43/assets/img/bg.jpg

81.30.157.12

200 OK

202 kB

URL GET
www.smoffrs.ru/bundle/trafee/prelands/43/assets/img/bg.jpg
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerLet's Encrypt
Subjectsmoffrs.ru
Fingerprint18:23:26:08:0D:D9:5D:F3:99:DA:F0:4F:A5:63:AB:85:21:34:9B:36
ValidityFri, 21 Mar 2025 16:35:12 GMT - Thu, 19 Jun 2025 16:35:11 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3
Size
202 kB (201964 bytes)
Hash
8d4702e68d0a5be687984f1e51dd9fc4
ea7f36e3efb63f6d8c005cb599059d52e3009622
780f083aca765f3ccf0aabf16263a794051aaaf73fa074efb469c8bec61643db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/trafee/prelands/43/assets/img/bg.jpg HTTP/1.1
Host: www.smoffrs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.smoffrs.ru/bundle/trafee/prelands/43/assets/css/style.css
Cookie: s=Kan1qKjmfpycYJmLumAQX52KWudBhGzoMxayVSKb8caGUFTzJRUhqgY%2FOGI03wxf07ENJV1dIXCBsfUKvAf0fSB%2BLvYRH%2BMr%2FTdQAmRnYdMztdA5xsumdcTUeGRlIxktO4PvwPxthJvwAHoRJ2PV74tQkV2e2BfGYXhARts1fWjzTLIRhnUqmDLV%2BaGdko2QKqvTRTrR2Bak0KuFHd7wc6xmtYur01Mm7gdmT1yu71p8nv1e5XotrpNZ9uGWVaAZ0VqkcvMETQjrBF8KMBShv6M4Znm3XXzKnU1VG%2F0D0YUrmUrtUyciUypzMlwGXDy01MUa22V3XE5qycBYQ4s%2FevmloY5GDN4OBPPIOtRI8kRRT0cxtkgwHMarubOTcSqqYB595%2BAfBn6j45ArJFuK%2B0GgNlvTiMZxFlW9HjlFk1fSnDb2p9IMQ74UKBf6QEM3uamYDyRl%2BRuz37cpVKMrqUXVsWIAjDO9oie1IrcnIhZBOMrltLqDdKCijp2qDCS9T9H3ud%2Fptz8yM%2FDTk9PVM7hSL23byHsZtkusJF9yopd2x9tfbii%2BvYzSw12Bvj7WiC8bdTFJuz%2BSfdSBgIBcBTcMmTAoHLi5ERBkLK0qGSOCe4kEwdqIqB%2FVnuKx2rQOoCCQM83kWnMywLSr0QSSdhC560BPTz%2B6JzP%2FExuafjYrb3z5FuAQyr6QtqGPEmDP3Wt4G5Q2%2F6Hx7HrnDAEMOOH2DSyIBtv81hupXwy98gbJFHmSvSc%2FfbCNFgpZb5QZpqlfNsy1Bb2xQl0akQQn1Ll2KvAxxg6NLgWTvytOFywyRvxen9FFbKQig1iHkZfLCf4XaMnZmqgsBOtNONrN4frxkazjULH%2Bfgvd0SRiCFbSfIQ6hy9ygX2yC4cVfjUU5oiQwOsO8DLaPGCkhUCyQnUp6KQkQru1YSP7w1X7Go4uiq9P6pHEM1AYZsM2hrkZ%2FeVY7pXSl9VeSYOtMeIScvlQW%2B6j1z3tMl8r51FLnQVHA1BxFuavsp4m5TwZo%2BQ1WCXr0GZEgn6ZbuXclckVcWsuhm6McwnUcxkuCLeAwJEDj39gqGNPhgDqHxxwLRlXN3k2XsRHzOrDbUEP0ugiNxZqxyJ2%2FScyK8C0vO2gX3lce6aU%2FcQL8KUDEfGkrWs1cOV20y6NNnKh%2FrgzJDcOFkDVJcCpx2sxlRIgwzBGor1yt9SM0dIWznoD%2FsaqTBsz6BiSrm38cqmmN0wig%2F82Qvs50TSppsw1l5bPkJnEE9Aoim1chf7WwOT38M1PpNSFmsE9SRnmu%2FB%2Fy6cLB%2Fc9tvBHLg1%2BJMeM83nrL29l%2BG1X%2F4TmXhpusg3LAE1By6gCYVKTnqP2blz6QxyDa0b2imEOWZOH8Jz7DQrflCbcjPal6qGO8sE4JCuDmz8Uxqj9u2Gf%2FgwpekQ5UZFPaOXsg78Vv13gJIzV%2BIS66ob43QpXgBDm4oLX1cXvKXHHFw223I1aWSqZ1sM3g44BlZ29b4L7Op5yPX54BqLiIEJfYXt1uw69DZnygXPYYH%2Fli7kx44lsWBMiJZEfTYmlNLoz%2BCbl3%2B8zlPheHqJeqvX1y1f9QM%2BieCZB5%2Bjpv6N6vGWgYrRPVBNT9IR7BQAFBBSiajXRnZyoKw%2BKn6OcHoE80JDILdkodeFh93MbbHAQ1IGnEKEBKoDZOYGrZyYQ1dJlYYMXKD%2BOR2tGMdGCMEQnyRblbRSh7WDPvDBOuzV9FYCsvMRNEGOTc0HT%2FnkbFhTdnWyAt11gQiWFm2WNZHdUlOjrFY0GfYWyh6NZHjQ59CliRQ%2F5Bo6MAcpFpE4%2BJIyr%2F1VSR1c37hfCpiJZml88LAuFym0jkW3mvFO4KhZo5%2FRRGn5yxQlAjF8BhDmV7K9vKga11tLlsUIn1GVx4saum01kYoMjNkefdXGfUJyfWdBKF9iLpjbQf1QU00N2qM5Dvy6GK6wjWuHSMDdz4WMO9pai%2Fzo3xA1mZ7%2Fm9j1%2F06MLmcpPUwEo9MjYS5cZYj5hK9rd3uiSytqQ2GyGjc4Aqmr7e3hEoTejBdHJfmcmN2SdBHSoz%2BTisOrZkdDsD77mmf%2FX2Squ1g%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Fri, 28 Mar 2025 02:17:32 GMT
content-type: image/jpeg
cache-control: max-age=86400, public
X-Firefox-Spdy: h2

GET grayvsgray.pw/

88.214.27.56

200 OK

1.8 kB

URL User Request GET
grayvsgray.pw/
IP
88.214.27.56:443
ASN
#209272 Alviva Holding Limited

Certificate
IssuerSectigo Limited
Subjectgrayvsgray.pw
Fingerprint7F:B9:74:BA:4C:EA:1F:77:FB:1B:D7:88:62:E0:9C:E0:AE:4D:37:EB
ValidityThu, 06 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1896), with no line terminators
Size
1.8 kB (1782 bytes)
Hash
46e5a2c3c6cccbea75a375728b966589
bd9bce69152b23309fd9ea10fc7d6a4fcce0a978
3da605a43f2538a80dad75cb865455e614c390cc574b8a13052123364fcc3d60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: grayvsgray.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 28 Mar 2025 02:17:29 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 21 Mar 2025 18:18:12 GMT
ETag: "6f6-630de46fb2100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 720
Keep-Alive: timeout=2, max=100
Content-Type: text/html

GET www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/jquery-3.2.1.min.js

81.30.157.12

200 OK

87 kB

URL GET
www.smoffrs.ru/bundle/trafee/prelands/43/assets/js/jquery-3.2.1.min.js
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerLet's Encrypt
Subjectsmoffrs.ru
Fingerprint18:23:26:08:0D:D9:5D:F3:99:DA:F0:4F:A5:63:AB:85:21:34:9B:36
ValidityFri, 21 Mar 2025 16:35:12 GMT - Thu, 19 Jun 2025 16:35:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/trafee/prelands/43/assets/js/jquery-3.2.1.min.js HTTP/1.1
Host: www.smoffrs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.smoffrs.ru/s/42cf1c2250951
Cookie: s=Kan1qKjmfpycYJmLumAQX52KWudBhGzoMxayVSKb8caGUFTzJRUhqgY%2FOGI03wxf07ENJV1dIXCBsfUKvAf0fSB%2BLvYRH%2BMr%2FTdQAmRnYdMztdA5xsumdcTUeGRlIxktO4PvwPxthJvwAHoRJ2PV74tQkV2e2BfGYXhARts1fWjzTLIRhnUqmDLV%2BaGdko2QKqvTRTrR2Bak0KuFHd7wc6xmtYur01Mm7gdmT1yu71p8nv1e5XotrpNZ9uGWVaAZ0VqkcvMETQjrBF8KMBShv6M4Znm3XXzKnU1VG%2F0D0YUrmUrtUyciUypzMlwGXDy01MUa22V3XE5qycBYQ4s%2FevmloY5GDN4OBPPIOtRI8kRRT0cxtkgwHMarubOTcSqqYB595%2BAfBn6j45ArJFuK%2B0GgNlvTiMZxFlW9HjlFk1fSnDb2p9IMQ74UKBf6QEM3uamYDyRl%2BRuz37cpVKMrqUXVsWIAjDO9oie1IrcnIhZBOMrltLqDdKCijp2qDCS9T9H3ud%2Fptz8yM%2FDTk9PVM7hSL23byHsZtkusJF9yopd2x9tfbii%2BvYzSw12Bvj7WiC8bdTFJuz%2BSfdSBgIBcBTcMmTAoHLi5ERBkLK0qGSOCe4kEwdqIqB%2FVnuKx2rQOoCCQM83kWnMywLSr0QSSdhC560BPTz%2B6JzP%2FExuafjYrb3z5FuAQyr6QtqGPEmDP3Wt4G5Q2%2F6Hx7HrnDAEMOOH2DSyIBtv81hupXwy98gbJFHmSvSc%2FfbCNFgpZb5QZpqlfNsy1Bb2xQl0akQQn1Ll2KvAxxg6NLgWTvytOFywyRvxen9FFbKQig1iHkZfLCf4XaMnZmqgsBOtNONrN4frxkazjULH%2Bfgvd0SRiCFbSfIQ6hy9ygX2yC4cVfjUU5oiQwOsO8DLaPGCkhUCyQnUp6KQkQru1YSP7w1X7Go4uiq9P6pHEM1AYZsM2hrkZ%2FeVY7pXSl9VeSYOtMeIScvlQW%2B6j1z3tMl8r51FLnQVHA1BxFuavsp4m5TwZo%2BQ1WCXr0GZEgn6ZbuXclckVcWsuhm6McwnUcxkuCLeAwJEDj39gqGNPhgDqHxxwLRlXN3k2XsRHzOrDbUEP0ugiNxZqxyJ2%2FScyK8C0vO2gX3lce6aU%2FcQL8KUDEfGkrWs1cOV20y6NNnKh%2FrgzJDcOFkDVJcCpx2sxlRIgwzBGor1yt9SM0dIWznoD%2FsaqTBsz6BiSrm38cqmmN0wig%2F82Qvs50TSppsw1l5bPkJnEE9Aoim1chf7WwOT38M1PpNSFmsE9SRnmu%2FB%2Fy6cLB%2Fc9tvBHLg1%2BJMeM83nrL29l%2BG1X%2F4TmXhpusg3LAE1By6gCYVKTnqP2blz6QxyDa0b2imEOWZOH8Jz7DQrflCbcjPal6qGO8sE4JCuDmz8Uxqj9u2Gf%2FgwpekQ5UZFPaOXsg78Vv13gJIzV%2BIS66ob43QpXgBDm4oLX1cXvKXHHFw223I1aWSqZ1sM3g44BlZ29b4L7Op5yPX54BqLiIEJfYXt1uw69DZnygXPYYH%2Fli7kx44lsWBMiJZEfTYmlNLoz%2BCbl3%2B8zlPheHqJeqvX1y1f9QM%2BieCZB5%2Bjpv6N6vGWgYrRPVBNT9IR7BQAFBBSiajXRnZyoKw%2BKn6OcHoE80JDILdkodeFh93MbbHAQ1IGnEKEBKoDZOYGrZyYQ1dJlYYMXKD%2BOR2tGMdGCMEQnyRblbRSh7WDPvDBOuzV9FYCsvMRNEGOTc0HT%2FnkbFhTdnWyAt11gQiWFm2WNZHdUlOjrFY0GfYWyh6NZHjQ59CliRQ%2F5Bo6MAcpFpE4%2BJIyr%2F1VSR1c37hfCpiJZml88LAuFym0jkW3mvFO4KhZo5%2FRRGn5yxQlAjF8BhDmV7K9vKga11tLlsUIn1GVx4saum01kYoMjNkefdXGfUJyfWdBKF9iLpjbQf1QU00N2qM5Dvy6GK6wjWuHSMDdz4WMO9pai%2Fzo3xA1mZ7%2Fm9j1%2F06MLmcpPUwEo9MjYS5cZYj5hK9rd3uiSytqQ2GyGjc4Aqmr7e3hEoTejBdHJfmcmN2SdBHSoz%2BTisOrZkdDsD77mmf%2FX2Squ1g%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Fri, 28 Mar 2025 02:17:31 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=86400, public
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Lato:400,700

142.250.74.10

200 OK

1.6 kB

URL GET
fonts.googleapis.com/css?family=Lato:400,700
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT

File type
ASCII text, with very long lines (1588), with no line terminators
Size
1.6 kB (1556 bytes)
Hash
773216660268a6008bd6fae9c2dfcd0f
14fd680e323867c66d00962ec0eafc87e5bb6fd3
22a29e1129011731e40c11d6742243ce0f95030dc7a430a4c94118b49805dafd

HTTP Headers

GET /css?family=Lato:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.smoffrs.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 28 Mar 2025 02:17:32 GMT
date: Fri, 28 Mar 2025 02:17:32 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET xn--31-mlcaxniu6i.xn--p1ai/include/mainpage/uymkjp.php?rg=epox

92.53.96.165

200 OK

84 B

URL User Request GET
xn--31-mlcaxniu6i.xn--p1ai/include/mainpage/uymkjp.php?rg=epox
IP
92.53.96.165:443
ASN
#9123 TimeWeb Ltd.

Certificate
IssuerLet's Encrypt
Subjectxn--31-mlcaxniu6i.xn--p1ai
Fingerprint86:22:8A:31:13:D8:52:50:46:B7:A9:FC:1E:2A:51:68:F3:84:FC:6C
ValidityFri, 17 Jan 2025 06:03:24 GMT - Thu, 17 Apr 2025 06:03:23 GMT

File type
HTML document, ASCII text, with no line terminators
Size
84 B (84 bytes)
Hash
53485340c25077bdaf16e314590302eb
8f19497bae948f4ab24b378e717ed2f6d5338ef6
578a9d54c98b0659b18257ab3c553287c830f7ba7e7ba98992c2790ace9cdfef

HTTP Headers

GET /include/mainpage/uymkjp.php?rg=epox HTTP/1.1
Host: xn--31-mlcaxniu6i.xn--p1ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.26.3
date: Fri, 28 Mar 2025 02:17:28 GMT
content-type: text/html; charset=UTF-8
content-length: 84
X-Firefox-Spdy: h2

GET grayvsgray.pw/favicon.ico

88.214.27.56

404 Not Found

315 B

URL GET
grayvsgray.pw/favicon.ico
IP
88.214.27.56:443
ASN
#209272 Alviva Holding Limited

Requested by
https://grayvsgray.pw/
Certificate
IssuerSectigo Limited
Subjectgrayvsgray.pw
Fingerprint7F:B9:74:BA:4C:EA:1F:77:FB:1B:D7:88:62:E0:9C:E0:AE:4D:37:EB
ValidityThu, 06 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: grayvsgray.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://grayvsgray.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 28 Mar 2025 02:17:29 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET www.smoffrs.ru/s/42cf1c2250951

81.30.157.12

200 OK

43 kB

URL User Request GET
www.smoffrs.ru/s/42cf1c2250951
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Certificate
IssuerLet's Encrypt
Subjectsmoffrs.ru
Fingerprint18:23:26:08:0D:D9:5D:F3:99:DA:F0:4F:A5:63:AB:85:21:34:9B:36
ValidityFri, 21 Mar 2025 16:35:12 GMT - Thu, 19 Jun 2025 16:35:11 GMT

File type

Size
43 kB (42858 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/42cf1c2250951 HTTP/1.1
Host: www.smoffrs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Fri, 28 Mar 2025 02:17:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: s=Kan1qKjmfpycYJmLumAQX52KWudBhGzoMxayVSKb8caGUFTzJRUhqgY%2FOGI03wxf07ENJV1dIXCBsfUKvAf0fSB%2BLvYRH%2BMr%2FTdQAmRnYdMztdA5xsumdcTUeGRlIxktO4PvwPxthJvwAHoRJ2PV74tQkV2e2BfGYXhARts1fWjzTLIRhnUqmDLV%2BaGdko2QKqvTRTrR2Bak0KuFHd7wc6xmtYur01Mm7gdmT1yu71p8nv1e5XotrpNZ9uGWVaAZ0VqkcvMETQjrBF8KMBShv6M4Znm3XXzKnU1VG%2F0D0YUrmUrtUyciUypzMlwGXDy01MUa22V3XE5qycBYQ4s%2FevmloY5GDN4OBPPIOtRI8kRRT0cxtkgwHMarubOTcSqqYB595%2BAfBn6j45ArJFuK%2B0GgNlvTiMZxFlW9HjlFk1fSnDb2p9IMQ74UKBf6QEM3uamYDyRl%2BRuz37cpVKMrqUXVsWIAjDO9oie1IrcnIhZBOMrltLqDdKCijp2qDCS9T9H3ud%2Fptz8yM%2FDTk9PVM7hSL23byHsZtkusJF9yopd2x9tfbii%2BvYzSw12Bvj7WiC8bdTFJuz%2BSfdSBgIBcBTcMmTAoHLi5ERBkLK0qGSOCe4kEwdqIqB%2FVnuKx2rQOoCCQM83kWnMywLSr0QSSdhC560BPTz%2B6JzP%2FExuafjYrb3z5FuAQyr6QtqGPEmDP3Wt4G5Q2%2F6Hx7HrnDAEMOOH2DSyIBtv81hupXwy98gbJFHmSvSc%2FfbCNFgpZb5QZpqlfNsy1Bb2xQl0akQQn1Ll2KvAxxg6NLgWTvytOFywyRvxen9FFbKQig1iHkZfLCf4XaMnZmqgsBOtNONrN4frxkazjULH%2Bfgvd0SRiCFbSfIQ6hy9ygX2yC4cVfjUU5oiQwOsO8DLaPGCkhUCyQnUp6KQkQru1YSP7w1X7Go4uiq9P6pHEM1AYZsM2hrkZ%2FeVY7pXSl9VeSYOtMeIScvlQW%2B6j1z3tMl8r51FLnQVHA1BxFuavsp4m5TwZo%2BQ1WCXr0GZEgn6ZbuXclckVcWsuhm6McwnUcxkuCLeAwJEDj39gqGNPhgDqHxxwLRlXN3k2XsRHzOrDbUEP0ugiNxZqxyJ2%2FScyK8C0vO2gX3lce6aU%2FcQL8KUDEfGkrWs1cOV20y6NNnKh%2FrgzJDcOFkDVJcCpx2sxlRIgwzBGor1yt9SM0dIWznoD%2FsaqTBsz6BiSrm38cqmmN0wig%2F82Qvs50TSppsw1l5bPkJnEE9Aoim1chf7WwOT38M1PpNSFmsE9SRnmu%2FB%2Fy6cLB%2Fc9tvBHLg1%2BJMeM83nrL29l%2BG1X%2F4TmXhpusg3LAE1By6gCYVKTnqP2blz6QxyDa0b2imEOWZOH8Jz7DQrflCbcjPal6qGO8sE4JCuDmz8Uxqj9u2Gf%2FgwpekQ5UZFPaOXsg78Vv13gJIzV%2BIS66ob43QpXgBDm4oLX1cXvKXHHFw223I1aWSqZ1sM3g44BlZ29b4L7Op5yPX54BqLiIEJfYXt1uw69DZnygXPYYH%2Fli7kx44lsWBMiJZEfTYmlNLoz%2BCbl3%2B8zlPheHqJeqvX1y1f9QM%2BieCZB5%2Bjpv6N6vGWgYrRPVBNT9IR7BQAFBBSiajXRnZyoKw%2BKn6OcHoE80JDILdkodeFh93MbbHAQ1IGnEKEBKoDZOYGrZyYQ1dJlYYMXKD%2BOR2tGMdGCMEQnyRblbRSh7WDPvDBOuzV9FYCsvMRNEGOTc0HT%2FnkbFhTdnWyAt11gQiWFm2WNZHdUlOjrFY0GfYWyh6NZHjQ59CliRQ%2F5Bo6MAcpFpE4%2BJIyr%2F1VSR1c37hfCpiJZml88LAuFym0jkW3mvFO4KhZo5%2FRRGn5yxQlAjF8BhDmV7K9vKga11tLlsUIn1GVx4saum01kYoMjNkefdXGfUJyfWdBKF9iLpjbQf1QU00N2qM5Dvy6GK6wjWuHSMDdz4WMO9pai%2Fzo3xA1mZ7%2Fm9j1%2F06MLmcpPUwEo9MjYS5cZYj5hK9rd3uiSytqQ2GyGjc4Aqmr7e3hEoTejBdHJfmcmN2SdBHSoz%2BTisOrZkdDsD77mmf%2FX2Squ1g%3D%3D; expires=Sat, 29 Mar 2025 02:17:31 GMT; Max-Age=86400; path=/; domain=smoffrs.ru
cache-control: must-revalidate, no-cache, no-store, private
pragma: no-cache
expires: 0
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.smoffrs.ru/favicon.ico

81.30.157.12

404 Not Found

993 B

URL GET
www.smoffrs.ru/favicon.ico
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerLet's Encrypt
Subjectsmoffrs.ru
Fingerprint18:23:26:08:0D:D9:5D:F3:99:DA:F0:4F:A5:63:AB:85:21:34:9B:36
ValidityFri, 21 Mar 2025 16:35:12 GMT - Thu, 19 Jun 2025 16:35:11 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1034), with no line terminators
Size
993 B (993 bytes)
Hash
d905c1e34b39376dc0120a422e2afd07
8c37ad2ecf8eacc6ed4f91240de03b44f712fd8f
1bf5e245475d8aac551c216ee6f97bd55da4f969d90f7bda54b4a03cd0d14df2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.smoffrs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.smoffrs.ru/s/42cf1c2250951
Cookie: s=Kan1qKjmfpycYJmLumAQX52KWudBhGzoMxayVSKb8caGUFTzJRUhqgY%2FOGI03wxf07ENJV1dIXCBsfUKvAf0fSB%2BLvYRH%2BMr%2FTdQAmRnYdMztdA5xsumdcTUeGRlIxktO4PvwPxthJvwAHoRJ2PV74tQkV2e2BfGYXhARts1fWjzTLIRhnUqmDLV%2BaGdko2QKqvTRTrR2Bak0KuFHd7wc6xmtYur01Mm7gdmT1yu71p8nv1e5XotrpNZ9uGWVaAZ0VqkcvMETQjrBF8KMBShv6M4Znm3XXzKnU1VG%2F0D0YUrmUrtUyciUypzMlwGXDy01MUa22V3XE5qycBYQ4s%2FevmloY5GDN4OBPPIOtRI8kRRT0cxtkgwHMarubOTcSqqYB595%2BAfBn6j45ArJFuK%2B0GgNlvTiMZxFlW9HjlFk1fSnDb2p9IMQ74UKBf6QEM3uamYDyRl%2BRuz37cpVKMrqUXVsWIAjDO9oie1IrcnIhZBOMrltLqDdKCijp2qDCS9T9H3ud%2Fptz8yM%2FDTk9PVM7hSL23byHsZtkusJF9yopd2x9tfbii%2BvYzSw12Bvj7WiC8bdTFJuz%2BSfdSBgIBcBTcMmTAoHLi5ERBkLK0qGSOCe4kEwdqIqB%2FVnuKx2rQOoCCQM83kWnMywLSr0QSSdhC560BPTz%2B6JzP%2FExuafjYrb3z5FuAQyr6QtqGPEmDP3Wt4G5Q2%2F6Hx7HrnDAEMOOH2DSyIBtv81hupXwy98gbJFHmSvSc%2FfbCNFgpZb5QZpqlfNsy1Bb2xQl0akQQn1Ll2KvAxxg6NLgWTvytOFywyRvxen9FFbKQig1iHkZfLCf4XaMnZmqgsBOtNONrN4frxkazjULH%2Bfgvd0SRiCFbSfIQ6hy9ygX2yC4cVfjUU5oiQwOsO8DLaPGCkhUCyQnUp6KQkQru1YSP7w1X7Go4uiq9P6pHEM1AYZsM2hrkZ%2FeVY7pXSl9VeSYOtMeIScvlQW%2B6j1z3tMl8r51FLnQVHA1BxFuavsp4m5TwZo%2BQ1WCXr0GZEgn6ZbuXclckVcWsuhm6McwnUcxkuCLeAwJEDj39gqGNPhgDqHxxwLRlXN3k2XsRHzOrDbUEP0ugiNxZqxyJ2%2FScyK8C0vO2gX3lce6aU%2FcQL8KUDEfGkrWs1cOV20y6NNnKh%2FrgzJDcOFkDVJcCpx2sxlRIgwzBGor1yt9SM0dIWznoD%2FsaqTBsz6BiSrm38cqmmN0wig%2F82Qvs50TSppsw1l5bPkJnEE9Aoim1chf7WwOT38M1PpNSFmsE9SRnmu%2FB%2Fy6cLB%2Fc9tvBHLg1%2BJMeM83nrL29l%2BG1X%2F4TmXhpusg3LAE1By6gCYVKTnqP2blz6QxyDa0b2imEOWZOH8Jz7DQrflCbcjPal6qGO8sE4JCuDmz8Uxqj9u2Gf%2FgwpekQ5UZFPaOXsg78Vv13gJIzV%2BIS66ob43QpXgBDm4oLX1cXvKXHHFw223I1aWSqZ1sM3g44BlZ29b4L7Op5yPX54BqLiIEJfYXt1uw69DZnygXPYYH%2Fli7kx44lsWBMiJZEfTYmlNLoz%2BCbl3%2B8zlPheHqJeqvX1y1f9QM%2BieCZB5%2Bjpv6N6vGWgYrRPVBNT9IR7BQAFBBSiajXRnZyoKw%2BKn6OcHoE80JDILdkodeFh93MbbHAQ1IGnEKEBKoDZOYGrZyYQ1dJlYYMXKD%2BOR2tGMdGCMEQnyRblbRSh7WDPvDBOuzV9FYCsvMRNEGOTc0HT%2FnkbFhTdnWyAt11gQiWFm2WNZHdUlOjrFY0GfYWyh6NZHjQ59CliRQ%2F5Bo6MAcpFpE4%2BJIyr%2F1VSR1c37hfCpiJZml88LAuFym0jkW3mvFO4KhZo5%2FRRGn5yxQlAjF8BhDmV7K9vKga11tLlsUIn1GVx4saum01kYoMjNkefdXGfUJyfWdBKF9iLpjbQf1QU00N2qM5Dvy6GK6wjWuHSMDdz4WMO9pai%2Fzo3xA1mZ7%2Fm9j1%2F06MLmcpPUwEo9MjYS5cZYj5hK9rd3uiSytqQ2GyGjc4Aqmr7e3hEoTejBdHJfmcmN2SdBHSoz%2BTisOrZkdDsD77mmf%2FX2Squ1g%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: openresty
date: Fri, 28 Mar 2025 02:17:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept
cache-control: no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2

GET openfpcdn.io/botd/v1

108.157.229.67

200 OK

15 kB

URL GET
openfpcdn.io/botd/v1
IP
108.157.229.67:443
ASN
#16509 AMAZON-02

Requested by
https://grayvsgray.pw/
Certificate
IssuerAmazon
Subjectopenfpcdn.io
FingerprintDB:8B:1E:08:FC:EE:6F:56:28:0B:74:80:37:E0:DE:69:D3:59:96:8D
ValidityWed, 27 Nov 2024 00:00:00 GMT - Sat, 27 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15005)
Size
15 kB (15196 bytes)
Hash
234a8c1c15df9b03c65e9e14c82fc872
e5ca36727846aede7dfbc07e88b2b025eb0cae90
29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89

HTTP Headers

GET /botd/v1 HTTP/1.1
Host: openfpcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://grayvsgray.pw
DNT: 1
Connection: keep-alive
Referer: https://grayvsgray.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
server: CloudFront
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 Mar 2025 00:47:26 GMT
cache-control: public, max-age=606554, s-maxage=10260
etag: W/"5co2cnhGrt59+8B+iLKwJesMrpA"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26999728b9b80253ea8308df470deba.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: z07_r51G-HAfASDA8F-Ddq0lmWV6ztZYvR66bQd5bHM2d9EmSvnihw==
age: 5403
X-Firefox-Spdy: h2

GET www.smoffrs.ru/bundle/trafee/prelands/43/assets/css/style.css

81.30.157.12

200 OK

5.6 kB

URL GET
www.smoffrs.ru/bundle/trafee/prelands/43/assets/css/style.css
IP
81.30.157.12:443
ASN
#24961 WIIT AG

Requested by
https://www.smoffrs.ru/s/42cf1c2250951
Certificate
IssuerLet's Encrypt
Subjectsmoffrs.ru
Fingerprint18:23:26:08:0D:D9:5D:F3:99:DA:F0:4F:A5:63:AB:85:21:34:9B:36
ValidityFri, 21 Mar 2025 16:35:12 GMT - Thu, 19 Jun 2025 16:35:11 GMT

File type
ASCII text, with very long lines (5659), with no line terminators
Size
5.6 kB (5646 bytes)
Hash
b631f6eb77d78248377f0c2e5a6f10f3
ac554cfc3d057906a93ebc748d71e3af9bc7d3ac
9ebcafbc57ff0eecac3e2febcd4e1d71691b1167f790c876b69b6e2dd763134c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle/trafee/prelands/43/assets/css/style.css HTTP/1.1
Host: www.smoffrs.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.smoffrs.ru/s/42cf1c2250951
Cookie: s=Kan1qKjmfpycYJmLumAQX52KWudBhGzoMxayVSKb8caGUFTzJRUhqgY%2FOGI03wxf07ENJV1dIXCBsfUKvAf0fSB%2BLvYRH%2BMr%2FTdQAmRnYdMztdA5xsumdcTUeGRlIxktO4PvwPxthJvwAHoRJ2PV74tQkV2e2BfGYXhARts1fWjzTLIRhnUqmDLV%2BaGdko2QKqvTRTrR2Bak0KuFHd7wc6xmtYur01Mm7gdmT1yu71p8nv1e5XotrpNZ9uGWVaAZ0VqkcvMETQjrBF8KMBShv6M4Znm3XXzKnU1VG%2F0D0YUrmUrtUyciUypzMlwGXDy01MUa22V3XE5qycBYQ4s%2FevmloY5GDN4OBPPIOtRI8kRRT0cxtkgwHMarubOTcSqqYB595%2BAfBn6j45ArJFuK%2B0GgNlvTiMZxFlW9HjlFk1fSnDb2p9IMQ74UKBf6QEM3uamYDyRl%2BRuz37cpVKMrqUXVsWIAjDO9oie1IrcnIhZBOMrltLqDdKCijp2qDCS9T9H3ud%2Fptz8yM%2FDTk9PVM7hSL23byHsZtkusJF9yopd2x9tfbii%2BvYzSw12Bvj7WiC8bdTFJuz%2BSfdSBgIBcBTcMmTAoHLi5ERBkLK0qGSOCe4kEwdqIqB%2FVnuKx2rQOoCCQM83kWnMywLSr0QSSdhC560BPTz%2B6JzP%2FExuafjYrb3z5FuAQyr6QtqGPEmDP3Wt4G5Q2%2F6Hx7HrnDAEMOOH2DSyIBtv81hupXwy98gbJFHmSvSc%2FfbCNFgpZb5QZpqlfNsy1Bb2xQl0akQQn1Ll2KvAxxg6NLgWTvytOFywyRvxen9FFbKQig1iHkZfLCf4XaMnZmqgsBOtNONrN4frxkazjULH%2Bfgvd0SRiCFbSfIQ6hy9ygX2yC4cVfjUU5oiQwOsO8DLaPGCkhUCyQnUp6KQkQru1YSP7w1X7Go4uiq9P6pHEM1AYZsM2hrkZ%2FeVY7pXSl9VeSYOtMeIScvlQW%2B6j1z3tMl8r51FLnQVHA1BxFuavsp4m5TwZo%2BQ1WCXr0GZEgn6ZbuXclckVcWsuhm6McwnUcxkuCLeAwJEDj39gqGNPhgDqHxxwLRlXN3k2XsRHzOrDbUEP0ugiNxZqxyJ2%2FScyK8C0vO2gX3lce6aU%2FcQL8KUDEfGkrWs1cOV20y6NNnKh%2FrgzJDcOFkDVJcCpx2sxlRIgwzBGor1yt9SM0dIWznoD%2FsaqTBsz6BiSrm38cqmmN0wig%2F82Qvs50TSppsw1l5bPkJnEE9Aoim1chf7WwOT38M1PpNSFmsE9SRnmu%2FB%2Fy6cLB%2Fc9tvBHLg1%2BJMeM83nrL29l%2BG1X%2F4TmXhpusg3LAE1By6gCYVKTnqP2blz6QxyDa0b2imEOWZOH8Jz7DQrflCbcjPal6qGO8sE4JCuDmz8Uxqj9u2Gf%2FgwpekQ5UZFPaOXsg78Vv13gJIzV%2BIS66ob43QpXgBDm4oLX1cXvKXHHFw223I1aWSqZ1sM3g44BlZ29b4L7Op5yPX54BqLiIEJfYXt1uw69DZnygXPYYH%2Fli7kx44lsWBMiJZEfTYmlNLoz%2BCbl3%2B8zlPheHqJeqvX1y1f9QM%2BieCZB5%2Bjpv6N6vGWgYrRPVBNT9IR7BQAFBBSiajXRnZyoKw%2BKn6OcHoE80JDILdkodeFh93MbbHAQ1IGnEKEBKoDZOYGrZyYQ1dJlYYMXKD%2BOR2tGMdGCMEQnyRblbRSh7WDPvDBOuzV9FYCsvMRNEGOTc0HT%2FnkbFhTdnWyAt11gQiWFm2WNZHdUlOjrFY0GfYWyh6NZHjQ59CliRQ%2F5Bo6MAcpFpE4%2BJIyr%2F1VSR1c37hfCpiJZml88LAuFym0jkW3mvFO4KhZo5%2FRRGn5yxQlAjF8BhDmV7K9vKga11tLlsUIn1GVx4saum01kYoMjNkefdXGfUJyfWdBKF9iLpjbQf1QU00N2qM5Dvy6GK6wjWuHSMDdz4WMO9pai%2Fzo3xA1mZ7%2Fm9j1%2F06MLmcpPUwEo9MjYS5cZYj5hK9rd3uiSytqQ2GyGjc4Aqmr7e3hEoTejBdHJfmcmN2SdBHSoz%2BTisOrZkdDsD77mmf%2FX2Squ1g%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Fri, 28 Mar 2025 02:17:31 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=86400, public
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET

IP

ASN

Requested by