Report - accesspoint6.matne.ru/$bsdfona@slurpmail.net

Report Overview

Submitted URL
accesspoint6.matne.ru/$bsdfona@slurpmail.net
IP
104.26.10.176
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-23 19:20:03
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.76.226
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	326 B	730 B	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	658 B	1.3 kB	93.184.220.29
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	745 B	1.1 kB	104.16.124.175
cloudflare.hcaptcha.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	555 B	654 B	104.18.19.132
accesspoint6.matne.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	430 kB	104.26.11.176
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.9 kB	34.160.144.191
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	50 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	1.5 kB	18.165.201.103

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-23	medium	accesspoint6.matne.ru/$bsdfona@slurpmail.net	Malware
2022-09-23	medium	accesspoint6.matne.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=74f5a269295bb50b	Malware
2022-09-23	medium	accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f	Malware
2022-09-23	medium	accesspoint6.matne.ru/$bsdfona@slurpmail.net	Malware
2022-09-23	medium	accesspoint6.matne.ru/APP-2YQSYP/icox65duoruaqjvowsoous4j6	Malware
2022-09-23	medium	accesspoint6.matne.ru/boot/ro46uuwqjsj6svooaocxu5dio	Malware
2022-09-23	medium	accesspoint6.matne.ru/PS-632e06da327e2	Malware
2022-09-23	medium	accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/img/74f5a269295bb50b/1663960792807/TA9bD9_Jrf61LLc	Malware
2022-09-23	medium	accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/pat/74f5a269295bb50b/1663960792803/0b0349f85f8a051a3d2f8a5516f16197a8556aebfd08be9cb0c11992df7a2117/JAtVljIyaJ6WSm3	Malware
2022-09-23	medium	accesspoint6.matne.ru/jq/ujcojsx5soqdwoioar646ouuv	Malware
2022-09-23	medium	accesspoint6.matne.ru/o/oo6uvxcsajuq64wd5jiuoosro	Malware
2022-09-23	medium	accesspoint6.matne.ru/jm/uos6uqcvxsao6jwo4ojod5rui	Malware
2022-09-23	medium	accesspoint6.matne.ru/$bsdfona@slurpmail.net	Malware
2022-09-23	medium	accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b	Malware
2022-09-23	medium	accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f	Malware
2022-09-23	medium	accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663948800	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	accesspoint6.matne.ru/$bsdfona@slurpmail.net	1.7 kB	2023-03-07	2023-03-07
Pretty URL accesspoint6.matne.ru/$bsdfona@slurpmail.net IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:40 Last Seen2023-03-07 23:58:40 Times Seen1 Hash 4148c25464ede0daacb02cc62bebc53d ff765868ee5b3ebe58498c97c809a0535070e974 076783d2c7dcc42cb85760258e6355c44c9386d21e8d002b5f4b1b2702177a80 Loading...

	accesspoint6.matne.ru/$bsdfona@slurpmail.net	1.5 kB	2023-03-07	2023-03-07
Pretty URL accesspoint6.matne.ru/$bsdfona@slurpmail.net IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:40 Last Seen2023-03-07 23:58:40 Times Seen1 Hash a8bca17fef42f94ea632b64efa0a7a1d d522fe4faa1e540f6c5f4de64ae20857ed6e911a c5d618536e752d6fabb96db8344bc2073970965d9f2ecdd5521018113ef86bcd Loading...

	accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b	67 kB	2023-03-07	2023-03-07
Pretty URL accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:40 Last Seen2023-03-07 23:58:40 Times Seen1 Hash b079417f60920f74c04f4ccdb7eea5c7 397d6a0f905f8d85ae8c743ee3a8aae47aa4d957 b1855616540ed923df6f0233fb599be6219630fd3bf18956d674b653689c46eb Loading...

	accesspoint6.matne.ru/jm/uos6uqcvxsao6jwo4ojod5rui	3.8 kB	2023-03-07	2024-02-13
Pretty URL accesspoint6.matne.ru/jm/uos6uqcvxsao6jwo4ojod5rui IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32:14 Last Seen2024-02-13 19:07:13 Times Seen2627 Hash 5a411a32c1dd3c68421331f68fa054f3 fe13bd74f09c763d5523ae7c565cc4a058e1b0fe b889e81c63643daaea2bb1c8030fa7b92cf65881b73f6ae8607ebfef39b787de Loading...

	accesspoint6.matne.ru/PS-632e06da327e2	1.4 kB	2023-03-07	2023-03-07
Pretty URL accesspoint6.matne.ru/PS-632e06da327e2 IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:40 Last Seen2023-03-07 23:58:40 Times Seen1 Hash cebc5c578e054af9c4830d13cb177c30 f7f45593804a271ec0ed72d41d7278f4102c4f86 0e30137c5453dd92ebec6016e378a6fbf89a6a16e8c83a93b3f7028f966552fa Loading...

	accesspoint6.matne.ru/$bsdfona@slurpmail.net	472 B	2023-03-07	2024-01-09
Pretty URL accesspoint6.matne.ru/$bsdfona@slurpmail.net IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:32:11 Last Seen2024-01-09 16:14:11 Times Seen2 Hash 332981b5aa6fb2cee0c2754f36bcbc5c 5ebc131775ec890a3d733b9ede0ff6b025c7b4ec 65a99bebbba330c07974216fd4f5a132c8eb0abb6728ab0eef95969ace03ba87 Loading...

	cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload	288 kB	2023-03-07	2023-05-28
Pretty URL cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload IP 104.18.19.132 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:24 Last Seen2023-05-28 18:40:07 Times Seen2 Hash 83f4af49f5f87f551820f87136ac6f98 fb5682272444ee387b23bb0ee2a7171ae81821fd 4e626cb80c06ed2f4560b3b4fef501c83d601fde61cd7cc507d77d47c916f06b Loading...

	accesspoint6.matne.ru/$bsdfona@slurpmail.net	17 B	2023-03-07	2023-04-05
Pretty URL accesspoint6.matne.ru/$bsdfona@slurpmail.net IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2023-04-05 02:12:11 Times Seen1946 Hash 8ff8851cc2351b1ece0667fc38808aca 1948720040e391039821b5f1e0ffb994f42af529 39dc54b6b6d6d57f0d76b09b6e775fa9bf57418049cbb68c31fa4176a8b81175 Loading...

	unpkg.com/axios/dist/axios.min.js	21 kB	2023-03-07	2024-04-19
Pretty URL unpkg.com/axios/dist/axios.min.js IP 104.16.124.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-19 13:33:24 Times Seen564 Hash b73d3171d52de3b38a570bc2748bcf96 1423712131ca1c1471097aae1bf41332aaccb491 e373b70a5167485c73a265421bcfcd1fdddbae49c9c51605e6d2918a3de4ae0d Loading...

	accesspoint6.matne.ru/boot/ro46uuwqjsj6svooaocxu5dio	51 kB	2023-03-07	2024-04-27
Pretty URL accesspoint6.matne.ru/boot/ro46uuwqjsj6svooaocxu5dio IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-27 05:56:36 Times Seen244893 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	accesspoint6.matne.ru/jq/ujcojsx5soqdwoioar646ouuv	86 kB	2023-03-07	2024-04-27
Pretty URL accesspoint6.matne.ru/jq/ujcojsx5soqdwoioar646ouuv IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-27 05:56:36 Times Seen384952 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	accesspoint6.matne.ru/PS-632e06da327e2	1.1 kB	2023-03-07	2023-03-07
Pretty URL accesspoint6.matne.ru/PS-632e06da327e2 IP 104.26.11.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:40 Last Seen2023-03-07 23:58:40 Times Seen1 Hash 8a6c82ead8372fedf46fb04d1fda84a7 4960782e9467e20af2a13a22d86e285376c513ea d130bcdbeea774308b7bda976c98d2dac05607510be54431cc79f665234b1949 Loading...

	http:blank	600 B	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:58:40 Last Seen2023-03-07 23:58:40 Times Seen1 Hash 384e57e8b10dacb13f419c4b8374b8d8 222e9f7fe3f3346a796fafa52e890b38ee8f8f5c 2bf093afbd852f99f13d23845ed2281b246516098c962b787d59ead2afc6178f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0d6c25180b0b7d4399ca6dda24e36eb4	486 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 23:58:40 Last Seen2023-03-07 23:58:40 Times Seen1 Hash 0d6c25180b0b7d4399ca6dda24e36eb4 9ad64f052e067a6bec371869426ff72cf460a4ce 59c1896ece077d3afa1e88a020a634cfd47933d4d28aa8c39007ab7f026148bb Loading...

	#2 Eval - 70efa725f660990cc6701727e98c360b	769 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:07:04 Last Seen2023-07-11 03:19:46 Times Seen6035 Hash 70efa725f660990cc6701727e98c360b 04f4df4180629c6a1a8648630310794bfdb39eb8 cb2789441eb37a5d5520d68b778e5e1a0743c6d105076aa2e3be07147e0dc752 Loading...

		Size	First Seen	Last Seen
	#1 Write - 467d82ac802ebf5b672ecdb8e02505e6	3.6 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:02:24 Last Seen2023-07-11 15:29:01 Times Seen16478 Hash 467d82ac802ebf5b672ecdb8e02505e6 b3df725dd3285fd4618d65c08e83b8f08c8e4798 36d48aeb87174dbf8b0ea333d2042d9e198797bd33c3f849597981eacd619515 Loading...

HTTP Transactions (40)

URL IP Response Size

accesspoint6.matne.ru/$bsdfona@slurpmail.net

104.26.11.176

301 Moved Permanently

0 B

URL HTTP/1.1
accesspoint6.matne.ru/$bsdfona@slurpmail.net
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /$bsdfona@slurpmail.net HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 19:19:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 20:19:52 GMT
Location: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=98G7Be3bIRFhrea3Po9JL1h5M22q3MmOCeLRrTI7474bxlqAmzxxAdiW9dUr7YIwfBQ%2FMxjnuC98GD1q%2B9FT89elmcqgWEmVJkhAxmRnMCFspIdQVVoHX9larW60QLBDOXaN2e9p1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f5a2675906b503-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18216
Expires: Sat, 24 Sep 2022 00:23:28 GMT
Date: Fri, 23 Sep 2022 19:19:52 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

18.165.201.103

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.165.201.103:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 19:05:14 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: NQphE2qg8A0zf8XGi6mUr1KI7WaIV_poDLyNLgyTHeUM12Yh3wpAHQ==
Age: 878

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
afb65a07bf7214addf83d17a53acba32
a8e973204431320aa7b362a4e73944520c4b51b9
46e1a9e6c98245afb7fa84bc6d9ba6844105024e2d3f56e28748e6c321475d02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5828
Expires: Fri, 23 Sep 2022 20:57:00 GMT
Date: Fri, 23 Sep 2022 19:19:52 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: NTdFlRUGX9pF8G8GT8Eta2UbRP2uUkXhuyx+ZJSWjurhbiwz3WgmA3fBCDVAKrXhQB5ChM0U5Z6r54tvFZIbbg==
x-amz-request-id: J5Z1PX045GNC2YDF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 23 Sep 2022 18:44:34 GMT
age: 2118
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
3a0a2f649cdad49669659ffe0363d899
cb589fda3e2049d9b58bc6d6ba7868e56779f8fe
0f1f33f022da0b3c6df113e9a1f9764aecc3a255131eea79f698966202d5e1a8

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "0F1F33F022DA0B3C6DF113E9A1F9764AECC3A255131EEA79F698966202D5E1A8"
Last-Modified: Thu, 22 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18395
Expires: Sat, 24 Sep 2022 00:26:27 GMT
Date: Fri, 23 Sep 2022 19:19:52 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=74f5a269295bb50b

104.26.11.176

200 OK

42 B

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=74f5a269295bb50b
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=74f5a269295bb50b HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: image/gif
content-length: 42
last-modified: Wed, 21 Sep 2022 17:11:28 GMT
etag: "632b45c0-2a"
server: cloudflare
cf-ray: 74f5a269ca97b50b-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Fri, 23 Sep 2022 21:19:52 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=74f5a269295bb50b

104.26.11.176

200 OK

42 B

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=74f5a269295bb50b
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=74f5a269295bb50b HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: image/gif
content-length: 42
last-modified: Wed, 21 Sep 2022 17:11:28 GMT
etag: "632b45c0-2a"
server: cloudflare
cf-ray: 74f5a269dab6b50b-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Fri, 23 Sep 2022 21:19:52 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f

104.26.11.176

200 OK

52 kB

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
52 kB (51578 bytes)
Hash
bda4640a0dfde515ca7765d37be05f7a
1dea6372d975341047e2bd83fd1b4a9458d5e3a9
825d90e5a7ce0772db544279f9402d193623c07d3f75a41cf4830aabbd9d4b58

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
CF-Challenge: e1c44d89c7d7e1f
Content-Length: 1746
Origin: https://accesspoint6.matne.ru
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Cookie: cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_chl_seq_e1c44d89c7d7e1f=IAy6U710B6R7jgV;SameSite=Strict;HttpOnly
cf_chl_gen: 00c37NxRxdlVva0g8xKUJvgjn+0BL712gz6n8bNOxlq7DewnK8noJ81Xp4B/YVKfvw4QiNPoJ6cMBVkFqA77yVYa0nEiJsWbHkIfsFTIsK0d6+08ceUxqr2DN2Ayqxfut0sKmiTCs5M7IwLeZOBr5GHrk11LbnDzjLfqMzQSYe9wxQxC0HbzlFuP3YFetysAZ6ej1fhcGlhYdodL3n7G1FTYXVY73MHGxS9afT0GNQJE8FJ54mr31BfdvxluP+MwXexY8QzRZpo2fbQsc6zZ3EGjLssVCo3zEXvtRypSz/h6LeLiTOiZrWzDwqkBpkaaomZujw0YBFV8ExhlcgvkLg==$o+I3xOArQy/VpQtRuGQ7lQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RFT0B6Art1wPhn8Pupaf%2FhMTsTSC9jt%2BXLRL9zq%2FApae0CTVH8B9oGyA2enn9vi2dK8906xknFYGxcQOuh82CgWwlvo6DdGCWGVIdTuvXt510gq%2Fe0KDm0H6nzmn9Hmv79xV%2BRLpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26aec6ab50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2680
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 19:19:53 GMT
Last-Modified: Fri, 23 Sep 2022 18:35:13 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

accesspoint6.matne.ru/$bsdfona@slurpmail.net

104.26.11.176

403 Forbidden

4.6 kB

URL HTTP/2
accesspoint6.matne.ru/$bsdfona@slurpmail.net
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2126)
Size
4.6 kB (4578 bytes)
Hash
66ecc2c03478c35d9451aaa37dd8035d
aa075a11e21de3feaeac6ecab6d45d630886e52f
c42c18701950dd7d60a8952821a642d29c22cca8046088620c4226bf336e8415

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /$bsdfona@slurpmail.net HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 403 Forbidden
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSwTG2qxOel%2FdaLOtDGG60r0Prsy0cKMBSYZAH8ejWe9HPqjunUYuRx92C%2B280eS79VvFjEIRXKk1F13gEzpxwCdFfpTCvbq2ixlkjt3X4%2BxOWixauNneNmlm3CauQIdCl2h2IATYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f5a269295bb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
fb8236c488fd9e6fd167e83756c4820e
f6c39229ec3236b9eef88198b923785035d41f7c
10d01c21ad626a9f30d289431b07fda820257857fb943c7312e0dd6640b46cb5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3977
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 19:19:54 GMT
Last-Modified: Fri, 23 Sep 2022 18:13:37 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 19:19:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 19:19:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 19:19:54 GMT
Connection: keep-alive

accesspoint6.matne.ru/APP-2YQSYP/icox65duoruaqjvowsoous4j6

104.26.11.176

200 OK

24 kB

URL HTTP/2
accesspoint6.matne.ru/APP-2YQSYP/icox65duoruaqjvowsoous4j6
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (24044 bytes)
Hash
68582ca7f6f4e29c258c50b36a1aec25
22ee2432a67d40dc6b19ff6da0aed10978534ced
9623670d273d665cde4082167a4f5c3a43be1753b433af98d2db69e64afaffab

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /APP-2YQSYP/icox65duoruaqjvowsoous4j6 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"19b99-62f2b474-1031d3;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDHQDbs4rMg58uP5OvuwB0h9OC3Ja1cDuc8l78%2F%2BR6VPc8X2TeP%2F2p00pjVgn6J0ijCv2m%2BiSUIqfT%2FXICbGBVupm889TXGyQ1fQVF3ni9LXH6m4PEGrpVOsEe%2FOT6oU%2Fu8ULorP0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a996b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (14579 bytes)
Hash
f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 92Pj9IQp3mBJQOW-XuHSK8laPqXOSBOmNbYcm4hSFzc1xqYscQKxMA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:05:08 GMT
age: 76486
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accesspoint6.matne.ru/boot/ro46uuwqjsj6svooaocxu5dio

104.26.11.176

200 OK

23 kB

URL HTTP/2
accesspoint6.matne.ru/boot/ro46uuwqjsj6svooaocxu5dio
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (50758)
Size
23 kB (22999 bytes)
Hash
8c3542a30700c34f0908741fa3785912
9d3db8cd2c5d4e2ff1de7fde92f60006e7f9d4d0
b640dee466394f9c9e4715c0b26486fa9aefb254907ad3535cc6abba297d0b03

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /boot/ro46uuwqjsj6svooaocxu5dio HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/x-javascript
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"c75f-62f2b474-1031e9;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJ9yS3lukHEULRzQxR52wMaS8Gme3wcRIoDNcCw4YqiwgR2mdDHMiLkg2QN6zJaweoSc0%2F35De9iZzFjguV%2FIHNmQa9q0jVOHmhtbLzvMK2HrnSRY3Jx0g9z4NRhnMveo97KdD1%2FVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a9a1b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10127 bytes)
Hash
b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KKYAef15NoI3It5UfVcqhPx50Fr6IK7O2VFasuAILVN9PP8CH1_7Ng==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:58:25 GMT
age: 76889
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8029 bytes)
Hash
02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5ur411n5hU7eWb68iExZCUrhpCybRyTBHCi72ra8dS2kd3UhW8sb1A==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:59:00 GMT
age: 76854
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5340 bytes)
Hash
3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:04:45 GMT
age: 76509
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accesspoint6.matne.ru/PS-632e06da327e2

104.26.11.176

200 OK

5.2 kB

URL HTTP/2
accesspoint6.matne.ru/PS-632e06da327e2
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (9497)
Size
5.2 kB (5184 bytes)
Hash
b5f4ddd2bf5909a31d261aeb4cbd4c23
ccf568a6ed33248842f9c1d8bdc2ac63f947a574
197a3602ab785a68fa0b7b67d025e0baf4018112270971018ed99e8812e90480

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /PS-632e06da327e2 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Connection: keep-alive
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O8T%2BRHfj4t14Ib4yo6CeATApCocHBLZk3391jaJ1vGz5axvrcXTB0NXObuqcRfbD1MX%2FJHfU9EnOr8sbUr3NCqil2HjR%2Fun8L%2FeBcQs0r%2BqCvjWgjOYtw05jS9vMzG85BXv3C70ejg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a27408d9b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/ASSETS/img/BIMG-632e06db42d7f.css

104.26.11.176

200 OK

306 kB

URL HTTP/2
accesspoint6.matne.ru/ASSETS/img/BIMG-632e06db42d7f.css
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size
306 kB (306493 bytes)
Hash
7d07c247e8dfd5bfaf9a7169b5c402bd
392cc7836ca5418f3e65cc67f5680b2a359399dc
345f500582fb5cfc20df5426c6b54bb0bcaa62eb0249a4a661dc9716a9edc006

HTTP Headers

GET /ASSETS/img/BIMG-632e06db42d7f.css HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:55 GMT
content-type: image/png
content-length: 306493
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:55 GMT
etag: "4ad3d-62f2b474-1031de;;;"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkSXbPKoKaNQ6tKD8fPIV%2Fx%2BSpIKH5RISiTI9Xv9VHwHgKDgOVqRvHShycWpM5U8ah%2BQ8%2BWgixmSTS3xT1MEwrOJdHAe0zJ1SqmgK7%2FMTnwlcR%2BLdh1SeB%2BiJpZkGHf5ECjAOC7mjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f5a27ab97bb50b-OSL
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ec986e3-2bce-4ded-85eb-e88df9893a30.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6505 bytes)
Hash
ff021fa15adb0d3a24158bc00cf0980a
265d3e98bcbf5f14f214102279a7911d6fd64048
211d709fb1851a62f856a78e3b115ef816f78ab9a28f870d48fa3d1912eac16a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ec986e3-2bce-4ded-85eb-e88df9893a30.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 6505
x-amzn-requestid: bc9cc556-8897-4484-ac07-f18e4f5250ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YvrfiFl4oAMF_Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63295930-7a627b7d7683919e41ca599b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 06:09:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UNlx91pOuttpN-IrQs_g-PRI8C_NmZDKdnOpfayCJ719fa6FwnOIGg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 02:01:19 GMT
age: 62322
etag: "265d3e98bcbf5f14f214102279a7911d6fd64048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/img/74f5a269295bb50b/1663960792807/TA9bD9_Jrf61LLc

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/img/74f5a269295bb50b/1663960792807/TA9bD9_Jrf61LLc
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/img/74f5a269295bb50b/1663960792807/TA9bD9_Jrf61LLc HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Cookie: cf_chl_prog=e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:53 GMT
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mz9HuuQoTJF0g%2BSwL%2BeMFvjayy%2FRknkhuP1LFCbdDH2Ig9DQ5%2BKIjoIPkdKE2fsI0EK5AgCH5eGXfI%2F%2Fa0UgHIrJ%2BNSYLFz%2FzQWfzSBDftnoyY2GPx3dj4CWbv8TF%2FvvkmoIFWhuHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26e1874b50b-OSL
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/pat/74f5a269295bb50b/1663960792803/0b0349f85f8a051a3d2f8a5516f16197a8556aebfd08be9cb0c11992df7a2117/JAtVljIyaJ6WSm3

104.26.11.176

401 Unauthorized

0 B

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/pat/74f5a269295bb50b/1663960792803/0b0349f85f8a051a3d2f8a5516f16197a8556aebfd08be9cb0c11992df7a2117/JAtVljIyaJ6WSm3
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/74f5a269295bb50b/1663960792803/0b0349f85f8a051a3d2f8a5516f16197a8556aebfd08be9cb0c11992df7a2117/JAtVljIyaJ6WSm3 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Connection: keep-alive
Cookie: cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 401 Unauthorized
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gCwNJ-F-KBRo9L4pVFvFhl6hVauv9CL6csMEZkt96IRcAFWFjY2Vzc3BvaW50Ni5tYXRuZS5ydQ==, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwuF3DfvFtkJqjuYhFPyDcsSB0ADWCJB1v5RT6Pxa2HdLu8baURg1Qjq4BLGRSE_9BKy-5zjLyqApqRm8Me-zZqZ0BjHm2a4IrE-SJR_IxIIKaiy-w5gANKs52QR9eW5afkQk3shg9ui6L7ERidJvD8O_M_FAWa3bgHKnnb-_uAIH4JV6wJnWVzZconzSPggQxJnhcKxJwHeCKoTVjdTEe8y8F92OsJ1_Fs_CHQcshabuN5YhCuzbMZTzly3a5r9uYii1fpXbbNoUKojCNfgTsKCIbKwDorjuMXGTM4zlmS_4neR9kzfNF6neysL7B4WOrQeqx7hUhyYvzDx7vaqFyQIDAQAB, max-age=15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fgepTvb966Ge2K8ne3jvSgJSLdVajtHaZIfBLiQ0gKUqTgw4Z8fm9kbGAZH0%2FQzRGtoynaDAQuJwTrY6azf8lmumeMCcCGfNptyqKboNYorOkfo8OeQ1%2BBmaAtIzh6vsdzMNcbqZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26b5d18b50b-OSL
X-Firefox-Spdy: h2

unpkg.com/axios@0.27.2/dist/axios.min.js

104.16.124.175

200 OK

0 B

URL HTTP/2
unpkg.com/axios@0.27.2/dist/axios.min.js
IP
104.16.124.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /axios@0.27.2/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accesspoint6.matne.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"511b-FCNxITHKHBRxCXquG/QTMqrMtJE"
via: 1.1 fly.io
fly-request-id: 01G4XGYHQSNPAHCE8P0B1F0WCG-fra
cf-cache-status: HIT
age: 9407536
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f5a274ef43b4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/jq/ujcojsx5soqdwoioar646ouuv

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/jq/ujcojsx5soqdwoioar646ouuv
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /jq/ujcojsx5soqdwoioar646ouuv HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/x-javascript
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"14e4a-62f2b474-1031eb;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lllyfcLde%2FAytM%2FEYI2DaF5z219gx1iALN%2FvtPDBY%2Bot7fwdRvELQzrj6WCfXGatJiE0LbWLxie86WElwLXdqd03VtEXUcSN6axMouYcc1gb509%2FvfUvL1G8azFS6Dy8g%2FfkD2WFfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a99eb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/api-6xiso4uro5qjovcwsouojau6d?email=bsdfona@slurpmail.net&data=background

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/api-6xiso4uro5qjovcwsouojau6d?email=bsdfona@slurpmail.net&data=background
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api-6xiso4uro5qjovcwsouojau6d?email=bsdfona@slurpmail.net&data=background HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:55 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kz9rK%2BDMVaf98a2GDuGtE3bpnF1nCHm06AIrFbDfbZ9oKnHf1mR6DM8FGEoNER4JFESii0wD3gXvBxsrOz8tfW%2FkjuG1gQXA%2Fm1pYrMVrNqU1MbUA3nyWPv8dqWKs7zJLaTaENbV8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2765bccb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload

104.18.19.132

200 OK

0 B

URL HTTP/2
cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
IP
104.18.19.132:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1
Host: cloudflare.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: application/javascript
cf-ray: 74f5a26a5d290b31-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=120
etag: W/"84729783ded6e9166650d2e40d1556b2"
last-modified: Thu, 11 Aug 2022 21:59:15 GMT
strict-transport-security: max-age=0
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-id: 10g5RVqLpYkU0aa-3kxGh5TDyliupy3A-DXslF07tUxdkEnx8Zz81g==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

accesspoint6.matne.ru/o/oo6uvxcsajuq64wd5jiuoosro

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/o/oo6uvxcsajuq64wd5jiuoosro
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /o/oo6uvxcsajuq64wd5jiuoosro HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"e43-62f2b474-1031e2;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sJ4bmdvR8FZYHz0ov%2ByGmjbrXIF49odme3Q9W0fMeBA60mz55%2FVRUcHNJMzUAjn1Hm0z1RtePHTS%2F%2Fl6GPwM9NjirJR%2FvNlxKFOhMREkVbvUUa%2F217TtgJAlEUk8ymSHnnUv3UtqtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a998b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/api-oo6o4uisocuarujvdo6s5xwqj?email=bsdfona@slurpmail.net&data=logo

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/api-oo6o4uisocuarujvdo6s5xwqj?email=bsdfona@slurpmail.net&data=logo
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api-oo6o4uisocuarujvdo6s5xwqj?email=bsdfona@slurpmail.net&data=logo HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zjbzu4anhso4sOr4s7YqsVGtZoXJ%2FNJirN0Dd2voXFgeGH9N%2FdyO5LLYeHMTGXZAx7%2B2TIn5ffkvqXzvp0IKIx0ZeDs7CdIRgJx2oJBY892bSx%2F6hqQscLg9lVCfORN1%2B614VGN2bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2764bc8b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/jm/uos6uqcvxsao6jwo4ojod5rui

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/jm/uos6uqcvxsao6jwo4ojod5rui
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /jm/uos6uqcvxsao6jwo4ojod5rui HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/x-javascript
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"eb5-62f2b474-1031e7;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TTihPhvLVR%2FD8ABmGhVCB3o785tSmWgvobGzcYSfT1%2BuQo%2BW8GMhjygBvm28gcOQRIsqqpq4DV9wCUuW0vhpyDCGBQ0WYKeMm5hWV7ctgDXdzh%2BcAPD3svKod4xCqS3N%2BjufoT8yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274b9a8b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/$bsdfona@slurpmail.net

104.26.11.176

302 Found

0 B

URL HTTP/2
accesspoint6.matne.ru/$bsdfona@slurpmail.net
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /$bsdfona@slurpmail.net HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 3116
Origin: https://accesspoint6.matne.ru
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/html; charset=UTF-8
location: ./PS-632e06da327e2
set-cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; path=/; expires=Sat, 23-Sep-23 20:19:53 GMT; domain=.matne.ru; HttpOnly; Secure; SameSite=None
PHPSESSID=ku524bvckf9in88vmi0ti28q06; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F4h3bvVspk9ONlHVpQoCT5jPkPp6ponXgt4Yszn6q44P9IVxRFPypIW1%2FvzXSN8wLR895eItHsaETj0os1b3nbkfqvyeoSxAarHfHLfEb58wkGu7zuaeeG9Sjp5cN6Ic6u5ES265Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2707b82b50b-OSL
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_rt_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49OFe8PCtwUOGoRU0o92iMKWIRKjbLAEpwyJR8kHhYLZvId7sBzHWxzuVLhWauzXQDa5dU4ehJh4msbKEjApxFUUzuW4G3sir3CHaQ%2FTXAB1xGEaWjwaovnKEG6I%2BhS8mwGJou66zg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a269dab1b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/favicon.ico

104.26.11.176

403 Forbidden

0 B

URL HTTP/2
accesspoint6.matne.ru/favicon.ico
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_rt_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 403 Forbidden
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C6riX8mhWHqoX6aJbyLchTdGjl%2F7E4ayDRLquLKyyKvgyWYQnMWqy%2FxyCSQ4QGmOMSFHH0p40MPQQnoPYGAqrvIeF2PtWIJEN2fIjdXsdmCJEJzQiVH7BejQRqmCO%2F14MaTc8KMpBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f5a26a1b23b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
CF-Challenge: e1c44d89c7d7e1f
Content-Length: 15784
Origin: https://accesspoint6.matne.ru
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Cookie: cf_chl_seq_e1c44d89c7d7e1f=IAy6U710B6R7jgV; cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:53 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_chl_rc_m=;Expires=Thu, 22 Sep 2022 19:19:53 GMT;SameSite=Strict
cf_chl_out: JVMuAqHSznKUlur0hfJKLaMedFNVWXaoYE2ypbURDyf/ul99RA90HLIFp8JVUCehYb6f6I4BoPeY88lTh9bQqQ==$rw/vhOzGOjdvpVQoHK2zlg==
cf_chl_out_s: hOxTdadTwIbV11L6gzFL+zJkRlLaPOodk50WfHuNzZFwpD1KdhGQd0KzZTatSEhDYiiEuuJrT8KU1etxc/UDtA==$J3VMUzaKpUssIrUb6SSLAA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMOx43R6CkgajA2iEXIKPKc68n5l6up4Gf5z9Dn1ZowUCegRFkrcbPPLxrQDcT13MisDwA3G%2B4Z5C5Rzs5N4KynqEZlDkOUNVq%2Bmah%2Fmi5kFI2N0P4C62%2FfuwoS%2B44%2BYO4wcXN5oIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26e893ab50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

unpkg.com/axios/dist/axios.min.js

104.16.124.175

302 Found

0 B

URL HTTP/2
unpkg.com/axios/dist/axios.min.js
IP
104.16.124.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@0.27.2/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GDNW5SZGNP11TZCQYZM0TDFZ-ams
cf-cache-status: HIT
age: 515
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f5a274df1bb4fa-OSL
X-Firefox-Spdy: h2

accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663948800

104.26.11.176

200 OK

0 B

URL HTTP/2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663948800
IP
104.26.11.176:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663948800 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-control-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wc%2FaXyeLb1Eu3DuC%2Ft6PaZlaxPXaFxxNhzpx84eYVzkcYX2gElutwkGFx%2F8LUuda0tn1MsecmE2hIcK8ejr7lfIYidbec6TIFUODksZP5hbSqT9l9N%2BW00p5bk19uYvGREPyLIJoug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2766bdab50b-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations