Report - 06ng.andendonsi.ru/S1apslY/

Report Overview

Visited public
2025-03-05 21:54:26
Tags
suspicious
Submit Tags
URL
06ng.andendonsi.ru/S1apslY/
Finishing URL
06ng.andendonsi.ru/S1apslY/
IP / ASN
104.21.80.1
#13335 CLOUDFLARENET
Title
Hope Haven Orphanage
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-05	474 B	17 kB	142.250.74.10
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-05	1.1 kB	82 kB	142.250.74.35
06ng.andendonsi.ru	unknown	2024-12-05	2025-03-05	2025-03-05	1.7 kB	559 kB	104.21.48.1
war.ravaluod.ru	unknown	2025-01-15	2025-03-05	2025-03-05	904 B	1.6 kB	104.21.16.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	06ng.andendonsi.ru/S1apslY/	Eval	6.1 kB	2025-03-05	2025-03-05
Pretty URL 06ng.andendonsi.ru/S1apslY/ IP 104.21.48.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-05 21:54 Last Seen2025-03-05 21:54 Times Seen1 Hash 0dbcb13ef58cfdb4a237f619e1e824bb f5aee5e8a8687d1669e159e0fe374a5453790f79 dff3743fd09c579e4ec24e01b70ca90d733c0bc0163dbaa0652a80b66997859e Loading...

	06ng.andendonsi.ru/S1apslY/	Eval	1.7 kB	2025-03-05	2025-03-05
Pretty URL 06ng.andendonsi.ru/S1apslY/ IP 104.21.48.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-05 21:54 Last Seen2025-03-05 21:54 Times Seen1 Hash bb0a0910c4f3a01ce061471225306d98 e8f4c698e2aa829fef5753c8dee6839a2e4b08a8 f254cfcb876134c0dbd753a2b05cfe5e0aa406862596908faab324f81eecf088 Loading...

	06ng.andendonsi.ru/S1apslY/	ScriptElement	556 kB	2025-03-05	2025-03-05
Pretty URL 06ng.andendonsi.ru/S1apslY/ IP 104.21.48.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-05 21:54 Last Seen2025-03-05 21:54 Times Seen1 Hash 4d99b9d7c0264977292133310c328137 bd3dad2b3628890218dfb762f241333743e80728 75f3d7d642841ef26e0fd5528e895002da7ad46baeb4495e2075d0d0ef44d9f1 Loading...

	06ng.andendonsi.ru/S1apslY/	ScriptElement	39 kB	2025-03-05	2025-03-05
Pretty URL 06ng.andendonsi.ru/S1apslY/ IP 104.21.48.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 21:54 Last Seen2025-03-05 21:54 Times Seen1 Hash 618ffeabedb65a2d68fa6fc9cc0ef40f ab45dbbeb1a9321f8e89872d10e319ed7b8225aa 5ed5b25c6aaa060e2f2fc0efac36e3ce211c183df63eb4beb7e57e6c5e742e8d Loading...

	06ng.andendonsi.ru/S1apslY/	ScriptElement	143 kB	2025-03-05	2025-03-05
Pretty URL 06ng.andendonsi.ru/S1apslY/ IP 104.21.48.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 21:54 Last Seen2025-03-05 21:54 Times Seen1 Hash 99f41d58d99c1e4522ae6dda5921168f e92b57c1a5efad3c0c5c18500580c466ae2f5041 9aeedf685ecd5257b170b77c0093cc171c8c8d87e613adad4cf6bce48bbdd040 Loading...

		Size	First Seen	Last Seen
	#1 Write - 4496bd56575150a977724a52c2101a65	152 kB	2025-03-05 21:54	2025-03-05 21:54
Pretty Observations First Seen2025-03-05 21:54 Last Seen2025-03-05 21:54 Times Seen1 Hash 4496bd56575150a977724a52c2101a65 034694f7f52f304bc4ee94a9da8e7becd3de5ac0 f8a054f051f30efad9b1c8b67504dcba6b0e6f4d499d341f44b9f42254e42f53 Loading...

	#2 Write - cf4995ed8fd7b124f7d2214ce92c4194	3.2 kB	2025-01-29 09:41	2025-04-11 23:43
Pretty Observations First Seen2025-01-29 09:41 Last Seen2025-04-11 23:43 Times Seen626 Hash cf4995ed8fd7b124f7d2214ce92c4194 1674e8a7d37c02438a65efb2fd2fa2da71f0b222 c8c9f830541ce8f8e61e254d86086e117712e23e0b15aca53e31ce8a6ce21236 Loading...

HTTP Transactions (7)

URL IP Response Size

GET war.ravaluod.ru/tarboz!4hwxvw

104.21.16.29

200 OK

1 B

URL GET
war.ravaluod.ru/tarboz!4hwxvw
IP
104.21.16.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://06ng.andendonsi.ru/S1apslY/
Certificate
IssuerGoogle Trust Services
Subjectravaluod.ru
Fingerprint3F:5D:EC:5B:F0:98:10:58:D8:4B:CD:68:8F:27:D4:CD:73:A0:54:28
ValidityThu, 16 Jan 2025 06:30:55 GMT - Wed, 16 Apr 2025 07:29:28 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz!4hwxvw HTTP/1.1
Host: war.ravaluod.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://06ng.andendonsi.ru/
Origin: https://06ng.andendonsi.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 21:54:12 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wcGgttui61Q%2FrNldtQAFX7%2BANBKZ71NvTBwaPYMZcbQy0KueH9zkWocIVEEGXRIGtQuf6B%2BC2atIJ3Ru1ozPN3JHtp%2B9tq4hpAMeS2c14UvgdqXxup2QB7QWrToEoyjetg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91bcd9b92a1b712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5178&min_rtt=481&rtt_var=8769&sent=11&recv=15&lost=0&retrans=0&sent_bytes=3967&recv_bytes=1304&delivery_rate=7240000&cwnd=257&unsent_bytes=0&cid=0347465d446de046&ts=608&x=0"
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap

142.250.74.10

200 OK

17 kB

URL GET
fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://06ng.andendonsi.ru/S1apslY/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (1572)
Size
17 kB (16755 bytes)
Hash
318e394ccd19cc3651a0f3adfd1a447a
c4f6b0745412fd11e753bcff94c5a8b8201a1b80
fc3a0a9b74cc30a1f95d2a61b6ccb6a3d2f6f48b5c0064ddc1f772a3be196013

HTTP Headers

GET /css2?family=Roboto:wght@300;400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://06ng.andendonsi.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Mar 2025 21:54:12 GMT
date: Wed, 05 Mar 2025 21:54:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://06ng.andendonsi.ru/S1apslY/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://06ng.andendonsi.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Feb 2025 10:03:46 GMT
expires: Fri, 27 Feb 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 561026
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://06ng.andendonsi.ru/S1apslY/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://06ng.andendonsi.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Feb 2025 10:03:46 GMT
expires: Fri, 27 Feb 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 561026
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 06ng.andendonsi.ru/S1apslY/

104.21.48.1

200 OK

556 kB

URL User Request GET
06ng.andendonsi.ru/S1apslY/
IP
104.21.48.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectandendonsi.ru
Fingerprint16:21:62:DF:41:8E:9D:7C:9F:93:F5:B8:8A:6F:90:36:89:DA:93:E2
ValiditySun, 02 Feb 2025 20:57:06 GMT - Sat, 03 May 2025 21:55:45 GMT

File type
HTML document, ASCII text, with very long lines (65364)
Size
556 kB (555995 bytes)
Hash
900d12413d3828fb4784b338a8ea37c3
ee759f26bbff5586b0bc89d4756969c32d3eef0c
d420ce37c4a3f9a8a44e25b15c37201835333d63d433c1fdfa1cde8b88235ca3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /S1apslY/ HTTP/1.1
Host: 06ng.andendonsi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 21:54:06 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XXOYFj9sqM6twjXRAGerfpj1cmofohM%2FWFysEOkC6SXXRh6LFB8Q6NadaLqZfuASr1%2B2R4yijP1EFkFv%2FY%2BdaBfXdpPWAlANfg5RiPNip2RFOXGEtQpogGPPYB9VWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Ii91YVY4aGkvUGVyUTRwTFBNSGFFU2c9PSIsInZhbHVlIjoieEdIUkVrMEZOb0twRGVLRmRoeEozYUpTRVVwUFAyR2JHaW9mbCt6cWM5NDhHRzhpYjFwMld6SnBqNzN2T3g2Z1ZPbUpuUy9Ic3lrbURwRUNBWVR0LzNTME92L0hrTFpORFdCeHNVam1YREcrNkpqVWU5S0crdkZLRWdGK2JSWU4iLCJtYWMiOiIwMDc1ODFhOWJhYzA2YmJlMDExMWJmYWE5ZWQ2ZWFmMjFlYzUzNDk4NDY3OTQ2OTUwNzQ5YjUzY2NhMmY0YTk3IiwidGFnIjoiIn0%3D; expires=Wed, 05-Mar-2025 23:54:06 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImwrbTJraXBSL3pMWkdnT3RFR3pVM2c9PSIsInZhbHVlIjoia3F1VnRUNVpWM0ZWRHZFNElWT0pqSWdqVkVESjc2RUN6bk14NEljaGJ5bUpMSkZia2JzUXphN2swTjREVWx5dWNVc1ZBZUM2RWlPNm9OZi8xWXFWNXRLUXlJL2xqKzRrYkN2OWF2R0lBVklLb2JGRU5NOWZ2dFpCU2owWjRrNFQiLCJtYWMiOiJiYmEyZWQzODQwNTBhMWQ1OGQyNGZiZjY0MDQyYTBmYzhmNTYwODRjNmJlMWVjZWU3ZDNkMDdlYjE5NjQ2YjQ1IiwidGFnIjoiIn0%3D; expires=Wed, 05-Mar-2025 23:54:06 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 91bcd9938e2656be-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=100220&min_rtt=90116&rtt_var=4552&sent=697&recv=342&lost=0&retrans=0&sent_bytes=929423&recv_bytes=11007&delivery_rate=1177355&cwnd=225&unsent_bytes=0&cid=ff1ebac27530d709&ts=335566&x=0", cfL4;desc="?proto=TCP&rtt=5802&min_rtt=524&rtt_var=10551&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3207&recv_bytes=1133&delivery_rate=6454680&cwnd=254&unsent_bytes=0&cid=eafda21ee845d56f&ts=632&x=0"
X-Firefox-Spdy: h2

GET 06ng.andendonsi.ru/favicon.ico

104.21.48.1

404 Not Found

0 B

URL GET
06ng.andendonsi.ru/favicon.ico
IP
104.21.48.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://06ng.andendonsi.ru/S1apslY/
Certificate
IssuerGoogle Trust Services
Subjectandendonsi.ru
Fingerprint16:21:62:DF:41:8E:9D:7C:9F:93:F5:B8:8A:6F:90:36:89:DA:93:E2
ValiditySun, 02 Feb 2025 20:57:06 GMT - Sat, 03 May 2025 21:55:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 06ng.andendonsi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://06ng.andendonsi.ru/S1apslY/
Cookie: XSRF-TOKEN=eyJpdiI6Ii91YVY4aGkvUGVyUTRwTFBNSGFFU2c9PSIsInZhbHVlIjoieEdIUkVrMEZOb0twRGVLRmRoeEozYUpTRVVwUFAyR2JHaW9mbCt6cWM5NDhHRzhpYjFwMld6SnBqNzN2T3g2Z1ZPbUpuUy9Ic3lrbURwRUNBWVR0LzNTME92L0hrTFpORFdCeHNVam1YREcrNkpqVWU5S0crdkZLRWdGK2JSWU4iLCJtYWMiOiIwMDc1ODFhOWJhYzA2YmJlMDExMWJmYWE5ZWQ2ZWFmMjFlYzUzNDk4NDY3OTQ2OTUwNzQ5YjUzY2NhMmY0YTk3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImwrbTJraXBSL3pMWkdnT3RFR3pVM2c9PSIsInZhbHVlIjoia3F1VnRUNVpWM0ZWRHZFNElWT0pqSWdqVkVESjc2RUN6bk14NEljaGJ5bUpMSkZia2JzUXphN2swTjREVWx5dWNVc1ZBZUM2RWlPNm9OZi8xWXFWNXRLUXlJL2xqKzRrYkN2OWF2R0lBVklLb2JGRU5NOWZ2dFpCU2owWjRrNFQiLCJtYWMiOiJiYmEyZWQzODQwNTBhMWQ1OGQyNGZiZjY0MDQyYTBmYzhmNTYwODRjNmJlMWVjZWU3ZDNkMDdlYjE5NjQ2YjQ1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 05 Mar 2025 21:54:07 GMT
content-type: text/html; charset=UTF-8
cf-ray: 91bcd99aace90b06-OSL
server: cloudflare
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=93gp0cgHbsrkhSY%2FOPIjUnlzJkhyNdgwIbtA2pn9zbRbcURykOXu2oSxSlCcgKCrx%2BEYsdhV8p33Idb3GPrAHMvKN%2BO%2FnJGtek842miDFZIAB78Z0IYQ8QCU%2B%2FQr4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=99366&min_rtt=90118&rtt_var=3297&sent=228&recv=171&lost=0&retrans=0&sent_bytes=284067&recv_bytes=11197&delivery_rate=561177&cwnd=110&unsent_bytes=0&cid=5042cddd4a1e913b&ts=344720&x=0"
cf-cache-status: MISS
content-encoding: br

GET war.ravaluod.ru/tarboz!4hwxvw

104.21.16.29

200 OK

1 B

URL GET
war.ravaluod.ru/tarboz!4hwxvw
IP
104.21.16.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://06ng.andendonsi.ru/S1apslY/
Certificate
IssuerGoogle Trust Services
Subjectravaluod.ru
Fingerprint3F:5D:EC:5B:F0:98:10:58:D8:4B:CD:68:8F:27:D4:CD:73:A0:54:28
ValidityThu, 16 Jan 2025 06:30:55 GMT - Wed, 16 Apr 2025 07:29:28 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz!4hwxvw HTTP/1.1
Host: war.ravaluod.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://06ng.andendonsi.ru/
Origin: https://06ng.andendonsi.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 21:54:12 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=an4b6W1urT21VlP1zoCuUa2FkaRPLfNbyzeogIF1U%2Faa8eY4NsKVNBkj6RDfDaOEIRzvbKu149vtj%2BfTGHos2CHZTu4bpLCPnddCOXS7dEh3W5cLLgCJm%2FK1dpTb%2BSbUMJU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91bcd9b89951712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=7480&min_rtt=531&rtt_var=12577&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3271&recv_bytes=1304&delivery_rate=6552036&cwnd=254&unsent_bytes=0&cid=0347465d446de046&ts=402&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (7)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET