rgestates.com/tmp/auth/sf_rand_string_lowercase6/anRlbmVuQHNncmxhdy5jb20=
95.217.142.125200 OK 0 B URL User Request GET HTTP/2 rgestates.com/tmp/auth/sf_rand_string_lowercase6/anRlbmVuQHNncmxhdy5jb20=
IP 95.217.142.125:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subject*.rgestates.com
Fingerprint05:FD:D3:52:79:15:A5:77:FE:82:69:04:F3:91:CC:36:B7:F1:74:5B
ValiditySun, 23 Apr 2023 06:49:16 GMT - Sat, 22 Jul 2023 06:49:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /tmp/auth/sf_rand_string_lowercase6/anRlbmVuQHNncmxhdy5jb20= HTTP/1.1
Host: rgestates.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
refresh: 0;url=https://cnsskg.omenmy.ru/Mjtenen@sgrlaw.com
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
expires: Sun, 09 Jul 2023 21:25:23 GMT
content-length: 0
date: Fri, 09 Jun 2023 21:25:23 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
cnsskg.omenmy.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d4c72695c61b4f7
188.114.96.1 42 B URL cnsskg.omenmy.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d4c72695c61b4f7
IP 188.114.96.1:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert quad9 Sinkholed
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d4c72695c61b4f7 HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsskg.omenmy.ru/Mjtenen@sgrlaw.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:24 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 06 Jun 2023 11:54:00 GMT
etag: "647f1e58-2a"
server: cloudflare
cf-ray: 7d4c726a7a4cb4ee-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Fri, 09 Jun 2023 23:25:24 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
cnsskg.omenmy.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1596342893:1686342158:dAaVH_kBiZZZ-1J9Vts58rpi7RtbjCx-VS5_GjbiAfQ/7d4c72695c61b4f7/7c68301d52b1101
188.114.96.1 43 kB URL cnsskg.omenmy.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1596342893:1686342158:dAaVH_kBiZZZ-1J9Vts58rpi7RtbjCx-VS5_GjbiAfQ/7d4c72695c61b4f7/7c68301d52b1101
IP 188.114.96.1:0
File type ASCII text, with very long lines (2660), with no line terminators
Hash 79997b0b95c70e7467c86a5d1b1f5a68
5500befe571e9ad30cf8aa67e20eca97fc0ceb86
f370ac6746eba93020cc3f5cc14d36b3acf34a2cbfa030f9ee3b5a02f44617ed
Analyzer Verdict Alert quad9 Sinkholed
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1596342893:1686342158:dAaVH_kBiZZZ-1J9Vts58rpi7RtbjCx-VS5_GjbiAfQ/7d4c72695c61b4f7/7c68301d52b1101 HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsskg.omenmy.ru/Mjtenen@sgrlaw.com
Content-type: application/x-www-form-urlencoded
CF-Challenge: 7c68301d52b1101
Content-Length: 2800
Origin: https://cnsskg.omenmy.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:27 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_chl_rc_m=;Expires=Thu, 08 Jun 2023 21:25:27 GMT;SameSite=Strict
cf-chl-out: MBLIo5qXlrxtvn/ccsleIYTEu/XsP1klVJSIUIEQY52ATvSJ4K/K1mnoUda4a6BELdzgIx1Pb+zYtoc+hxUOxQ==$kCBMg0hYc/sj0s/XSgTB6g==
cf-chl-out-s: 39xf+ZCM1MfF9ehgC0UrMbNjnI0dcqn4DyoYLiE2BiPlWmSKu5TGBCaKX2W5JcXG$+imocZiOXdDmbQYo7L/IWw==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qG1XIhRJkUcwkn1KPGi4tTWBsuNRxXZGtbizyU%2BLobllcUNUtxaLcLk5Ey0LC2QuBgptUuDbcB7nRqui0HW1LZRAQOv624oMuBtuFhhmuVr78n4td9%2FUj1C4%2FNR5kQTFL0aA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c727ceb2eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/APP-TMUQQV/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be29a
188.114.96.1200 OK 192 kB URL GET HTTP/3 cnsskg.omenmy.ru/APP-TMUQQV/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be29a
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 192 kB (191558 bytes)
Hash 8e6b0f88563f9c33f78bce65cf287df7
ef7765cd2a7d64ed27dd7344702597aff6f8c397
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a
Analyzer Verdict Alert quad9 Sinkholed
GET /APP-TMUQQV/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be29a HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Fri, 16 Jun 2023 21:25:26 GMT
last-modified: Wed, 07 Jun 2023 13:57:36 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mplV03WmuDIHnruFUw2VwQAwZQylbzoc20fEQacZBqE0CoDNIYnSDLD1CiSBc37scJjU1DLdnR%2BpFerB3rmdMOAvOzLT5nr8KoBbgCF1gxjdo7esX%2FbHmvxyc1rOMMzx%2FIbB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72867c5fb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/axios/dist/axios.min.js
104.16.124.175302 Found 32 kB URL GET HTTP/2 unpkg.com/axios/dist/axios.min.js
IP 104.16.124.175:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.4.0/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H2H0KN0H0DD1XC4AYKBMA2TK-fra
cf-cache-status: HIT
age: 195
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d4c72849ef70b61-OSL
X-Firefox-Spdy: h2
cnsskg.omenmy.ru/2
188.114.96.1200 OK 38 kB IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /2 HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2F4xhKBilqoR9ZeGeCCRwCy5iYmbDfKwA%2BkW2%2BaoW7LGEgVMW33YpehOkUe%2Bh7V8veDIv15Z0HwQPuc4hEoZRZsi5HfopjjHcXDesYqod1UsTiSA92s70r91cCRuMR%2FJrd8F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c7285dafcb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/Mjtenen@sgrlaw.com
188.114.96.1403 Forbidden 7.6 kB URL User Request GET HTTP/2 cnsskg.omenmy.ru/Mjtenen@sgrlaw.com
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7801), with no line terminators
Hash 45467205fe2ac024ed368a72e8b4feeb
44693607da737786d7082fbeb5dbb1c1e4918052
714361ef7c24d73ea41cc96e3157d6d926d5cd8254f3e185d2cacaa886cd4112
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /Mjtenen@sgrlaw.com HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Fri, 09 Jun 2023 21:25:24 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DqMR9MhAG6kW3Cw4WwQGbxLcoBcIwjhDl7qadf2TyeBpvU%2BVLT2q3YV1dJnoCG31x3zctWHKGs0%2B%2BcaB1Brfus1fyutO%2BE%2BSJ9H1D%2BuVaS9TCkJ6LS7W3V0%2F0tmQdV5gtd67"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d4c72695c61b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cnsskg.omenmy.ru/jm/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd54
188.114.96.1200 OK 6.1 kB URL GET HTTP/3 cnsskg.omenmy.ru/jm/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd54
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type ASCII text, with very long lines (6175), with no line terminators
Hash 0b3cd9bfcbe6444742df90b00f63efc3
0c978b0541c9659215908034b6299f78135c935c
2065edfabc7924bff8e65b4b4ade30bb341d70ab350518bfbad98e1d4f35266f
Analyzer Verdict Alert quad9 Sinkholed
GET /jm/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd54 HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 16 Jun 2023 21:25:26 GMT
last-modified: Wed, 07 Jun 2023 13:57:36 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wR7e28GqG3E7U%2FP9AnDo%2BirWOwAcrvOxHupgdambLZqXRjR3MCEIWAT%2FvA0MkPZViri%2FVjBFq%2BG7pNyv5BX%2BbwYqdp0v1IU2tSIBBMmgFR9Iae6kpON0K%2Fm0oHSN8C%2FLfRG1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72843866b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/e/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be2c2
188.114.96.1200 OK 513 B URL GET HTTP/3 cnsskg.omenmy.ru/e/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be2c2
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (529), with no line terminators
Hash adc405f5fd089662209870ca5d2106f7
3a8b776df84bf251afc6ddd802cc5bbeddfb0e36
e7bacc97751689afaae192e103fe9851664365c57c7d783560860ad456db7e49
Analyzer Verdict Alert quad9 Sinkholed
GET /e/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be2c2 HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Fri, 16 Jun 2023 21:25:26 GMT
last-modified: Wed, 07 Jun 2023 13:57:36 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6WAjFDlGwivmkBsGzDpIuPibT40Kt8x8C8Dqb%2Bhm%2BAlmVzDbsoRz%2B8uh4Vx36ganF3PDA%2FZlrfQQZdxz6pgDcNfamwlAKKVce6BFdIo4XqgO6psf0dms56Wk1GWDoEui8D%2Bv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72864c23b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/api-as1f?email=jtenen@sgrlaw.com&data=logo
188.114.96.1200 OK 168 B URL GET HTTP/3 cnsskg.omenmy.ru/api-as1f?email=jtenen@sgrlaw.com&data=logo
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 859e58c4190bd867e36877e4381b1492
e00ab18f9567e6742ffd6851e051baeb32a734d0
447828aaeefdd42ceed4f8fb6f6c32d1ff15815d1f8db9c1e8c953d7553ba3c2
GET /api-as1f?email=jtenen@sgrlaw.com&data=logo HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:29 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Ie%2BMpdNfi06%2FG5d4lzojoEtHnQMZ7gfuffPFc7z%2FUOelflE9y9sdflqY1ED4fuaQzkg0fEp9K4rla%2FL8UHJgAWeAOq2sctuK%2BR8o9HZqriIzRnHgBCTzbYbx7jYT6DeBaQR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72866c4fb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/favicon.ico
188.114.96.1404 Not Found 1.2 kB URL GET HTTP/3 cnsskg.omenmy.ru/favicon.ico
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1276), with no line terminators
Hash 24b426fea67958554911ff4c943fdfe4
b92889146d4c1bbddccabe58ca15c814ea066f72
335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2P%2BeYzU6ihc8YH3ljYVNgrwu9iI7yyjMbdZnmIW27SIRIq%2FXteortCiDZmZgUvql2DcCfvh53cVWd4mVLqYRMLy%2BXPxSrx0lGbIA7tVXyMBmM5ovNQUMaUcCXpfXw2wITql"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d4c72863bf6b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/api-as1f?email=jtenen@sgrlaw.com&data=background
188.114.96.1200 OK 176 B URL GET HTTP/3 cnsskg.omenmy.ru/api-as1f?email=jtenen@sgrlaw.com&data=background
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash dab880007b1a9ddc8d983109e6b6490b
03bfad5d0de95d09d5add511be7c58c971c265d8
5ba7613b529682802fe8f81b86cdfd829ee7f5cf31b0f8f3b3c9c944ae81ae09
GET /api-as1f?email=jtenen@sgrlaw.com&data=background HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:30 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H9AFGkvfTsZjiDt0I%2FhWohRNhz0U29sq8m7F%2FKT7CpOl8zXMlvtU31fnGAaf9tL3ezMBfIETe1MXa22gbmcvwndt3W62rbZSNVARCiZD2NItI8f%2BTV%2FBxevkaUvAWkv5qcqF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72866c51b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
aadcdn.msauthimages.net/dbd5a2dd-immyiqo4rthtcxqlpjlafr4xbdmw96jcklwv6vplcm0/logintenantbranding/0/bannerlogo?ts=637970262525979269
152.199.23.72200 OK 5.8 kB URL GET HTTP/2 aadcdn.msauthimages.net/dbd5a2dd-immyiqo4rthtcxqlpjlafr4xbdmw96jcklwv6vplcm0/logintenantbranding/0/bannerlogo?ts=637970262525979269
IP 152.199.23.72:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D
ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT
File type PNG image data, 280 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash e81fb8e097233b997b4ad50256cbeaaf
03f86187bde757968c2290c55500945ebd606b04
c95899237de533c75e42c9ea43738e9815286f50e0bdbccca9301effc0492bd5
GET /dbd5a2dd-immyiqo4rthtcxqlpjlafr4xbdmw96jcklwv6vplcm0/logintenantbranding/0/bannerlogo?ts=637970262525979269 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: public, max-age=86400
content-md5: 6B+44JcjO5l7StUCVsvqrw==
content-type: image/*
date: Fri, 09 Jun 2023 21:25:29 GMT
etag: 0x8DA8692DB405B71
last-modified: Thu, 25 Aug 2022 12:10:52 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
vary: Origin
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: dfe9befb-101e-007e-5e18-9b1f96000000
x-ms-version: 2009-09-19
content-length: 5835
X-Firefox-Spdy: h2
aadcdn.msauthimages.net/dbd5a2dd-immyiqo4rthtcxqlpjlafr4xbdmw96jcklwv6vplcm0/logintenantbranding/0/illustration?ts=637423456046478583
152.199.23.72200 OK 174 kB URL GET HTTP/2 aadcdn.msauthimages.net/dbd5a2dd-immyiqo4rthtcxqlpjlafr4xbdmw96jcklwv6vplcm0/logintenantbranding/0/illustration?ts=637423456046478583
IP 152.199.23.72:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint6B:EB:AC:06:FC:06:82:11:17:1C:6B:72:7D:B5:95:2D:CF:E7:A3:5D
ValidityWed, 08 Mar 2023 11:16:34 GMT - Sat, 02 Mar 2024 11:16:34 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x900, components 3\012- data
Size 174 kB (173485 bytes)
Hash 6c28203267f1978d33a8c38234d7c62c
63ef1737fb4738b6ac4a5ab7c6a0ca65e9ecdcd9
513bf3e9d62a6d660499dcb37471fe48b2a44b87f8fd8a8f315df10a6d760221
GET /dbd5a2dd-immyiqo4rthtcxqlpjlafr4xbdmw96jcklwv6vplcm0/logintenantbranding/0/illustration?ts=637423456046478583 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cache-control: public, max-age=86400
content-md5: bCggMmfxl40zqMOCNNfGLA==
content-type: image/*
date: Fri, 09 Jun 2023 21:25:30 GMT
etag: 0x8D895418D870F8F
last-modified: Mon, 30 Nov 2020 15:06:45 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
vary: Origin
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 5c363d68-101e-005c-3918-9b71a0000000
x-ms-version: 2009-09-19
content-length: 173485
X-Firefox-Spdy: h2
cnsskg.omenmy.ru/ic/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be295
188.114.96.1200 OK 17 kB URL GET HTTP/3 cnsskg.omenmy.ru/ic/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be295
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
Analyzer Verdict Alert quad9 Sinkholed
GET /ic/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be295 HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:29 GMT
content-type: image/x-icon
cache-control: public, max-age=604800
expires: Fri, 16 Jun 2023 21:25:27 GMT
last-modified: Wed, 07 Jun 2023 13:57:36 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NgBhgOCXya3fjFRfXBaZ0dOh0K5sHIH8C4sli7ucUoDU6MuanFWJ6dNtdi0erJL9FgBVQGa%2Bcv8qBNtEieoN1CCocFurohTUfZg68rkNA8btHDAzmQ7KBnBSxRMI0r1%2B1xLD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c7288e855b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/boot/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd50
188.114.96.1200 OK 51 kB URL GET HTTP/3 cnsskg.omenmy.ru/boot/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd50
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type ASCII text, with very long lines (50758)
Hash 67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Analyzer Verdict Alert quad9 Sinkholed
GET /boot/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd50 HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 16 Jun 2023 21:25:26 GMT
last-modified: Wed, 07 Jun 2023 13:57:36 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FLyW%2BRWuR6SDKyBfWWTLCUWMGsM%2FuSmwyke81s0ktfxx5OgvfmW8tLHotRDcGWFBYiyniq0GiXVuFeKa8V1JRH%2FT6oXJVSLInKkiludj6W%2FR%2FQMeQfE0e8BzcFhiAbd%2F%2FYtT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72843865b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/jq/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd4e
188.114.96.1200 OK 86 kB URL GET HTTP/3 cnsskg.omenmy.ru/jq/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd4e
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Analyzer Verdict Alert quad9 Sinkholed
GET /jq/e77a30f20eeaed7ab1fa8b273c1a2415648398c64dd4e HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 16 Jun 2023 21:25:26 GMT
last-modified: Wed, 07 Jun 2023 13:57:36 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hC1kkzIfTio%2FLjFqKkvBiSFaENd8dZ8c0NlcoTG8jTgP69u8mi%2B94WC6Q%2BTuSdjK7br7TPD2%2F4j%2BC1bWfVLxxPCBbhIr85fhNEZTHmta9iHPAsHv3nSSKgdRXwUHCA296c3I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72843864b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
188.114.96.1200 OK 24 kB URL User Request GET HTTP/3 cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (22448)
Hash 328d23005ed2f67b2fd82c48333d0d91
0d62bdbc33018db5e829347f53aa5116406700b9
964577ffaa6bdd45138758fb9d5bb96a6066437476d7154bdb3ffd60e36056a1
Analyzer Verdict Alert quad9 Sinkholed
GET /beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsskg.omenmy.ru/Mjtenen@sgrlaw.com?__cf_chl_tk=RXNcdgXgizINZ28y7rrfojkAWxn9xq5W6UryTUnLCdc-1686345924-0-gaNycGzNC5A
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g7XG1jNqFQTBNyV5Bmh0J4opQqAHENRHuic2D77qcgMW8uLjLCVZ%2BA0BXukqonK3ZiTK3YRWAXi%2BXvf0p5k3DU1zL6GLyHK5albGCUdbLR9YMhIgBDK7PwJlNJOF843Jy5vH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c7282fea5b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/Mjtenen@sgrlaw.com
188.114.96.1302 Found 24 kB URL User Request POST HTTP/3 cnsskg.omenmy.ru/Mjtenen@sgrlaw.com
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
POST /Mjtenen@sgrlaw.com HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsskg.omenmy.ru/Mjtenen@sgrlaw.com?__cf_chl_tk=RXNcdgXgizINZ28y7rrfojkAWxn9xq5W6UryTUnLCdc-1686345924-0-gaNycGzNC5A
Content-Type: application/x-www-form-urlencoded
Content-Length: 3126
Origin: https://cnsskg.omenmy.ru
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: text/html; charset=UTF-8
location: ./beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
set-cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; path=/; expires=Sat, 08-Jun-24 21:25:27 GMT; domain=.omenmy.ru; HttpOnly; Secure; SameSite=None
PHPSESSID=3ba7589089166fff87bc26296a0793aa; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOoBb19MxU9mKiK8bjOk7xwaJaQ%2Fp7sxLZ1RHbjxzzBZf6xk7eNY4Pbsu84kFtgvIahYHGsVBayLJ2%2FL0%2BtKgaQhoqnbCcPNuf6Z5lG52PS17aFW13e7IEWNhfRlsbHhAHmW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c727e4d5ab4ee-OSL
alt-svc: h3=":443"; ma=86400
cnsskg.omenmy.ru/o/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be2bb
188.114.96.1200 OK 3.7 kB URL GET HTTP/3 cnsskg.omenmy.ru/o/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be2bb
IP 188.114.96.1:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerGoogle Trust Services LLC
Subjectomenmy.ru
Fingerprint5B:0F:7E:70:ED:95:D4:24:0D:01:71:DA:FB:B5:79:F4:4D:09:C6:FF
ValidityThu, 25 May 2023 10:26:14 GMT - Wed, 23 Aug 2023 10:26:13 GMT
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3695), with no line terminators
Hash d633a913e6f3b1f45774b9874dfc85e0
5ba1344048578062c93cfddfdf8458477eaca476
c1fbfbd9a81fc4d9c9539a65bdfb4c6738926b8d4681b0346706196413e92714
Analyzer Verdict Alert quad9 Sinkholed
GET /o/e77a30f20eeaed7ab1fa8b273c1a2415648398c6be2bb HTTP/1.1
Host: cnsskg.omenmy.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Cookie: cf_clearance=V9GzjyCYssXKcxPTUQPdPLw8T.2p6WvInS_VwkWlO0g-1686345924-0-160; PHPSESSID=3ba7589089166fff87bc26296a0793aa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Fri, 16 Jun 2023 21:25:26 GMT
last-modified: Wed, 07 Jun 2023 13:57:36 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enR745OK8pFnfUcyB1Vn75c7VR%2FLZqqxVI9Rfr7aFh0ZdR7SxJj8zXd90vV0S3Va6mouiwhqRPICxyvtXGMnIU%2BQL08Nwyd97bo87ZhOig1VWfw9NvHb7iH5tCyUJjHZh%2BlT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d4c72864c1eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
unpkg.com/axios@1.4.0/dist/axios.min.js
104.16.124.175200 OK 32 kB URL GET HTTP/2 unpkg.com/axios@1.4.0/dist/axios.min.js
IP 104.16.124.175:443
Requested by https://cnsskg.omenmy.ru/beebb091955c06fa68b3eb8afc0bae51648398c6412c9PASbeebb091955c06fa68b3eb8afc0bae51648398c6412ca
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT
File type ASCII text, with very long lines (31803)
Hash 6470a918ba1fd4b8d0882df0269ddb82
97814fdab64aa7d1b30f082f9eb272d4b1ce18a2
fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e
GET /axios@1.4.0/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnsskg.omenmy.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 09 Jun 2023 21:25:28 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7c62-l4FP2rZKp9GzDwgvnrJy1LHOGKI"
via: 1.1 fly.io
fly-request-id: 01GZP8TZEXW4PFCT61FHX2WRTS-fra
cf-cache-status: HIT
age: 3045020
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d4c7284bf170b61-OSL
content-encoding: br
X-Firefox-Spdy: h2