Report - sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/

Report Overview

Submitted URL
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
IP
185.178.208.182
ASN
#57724 Ddos-guard Ltd
Submitted
2023-05-28 18:06:20
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-05-28	3.6 kB	230 kB	216.58.207.227
perevodclub.ru	unknown	unknown	2019-04-23	2023-02-21	525 B	2.9 kB	185.178.208.182
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-05-28	498 B	12 kB	142.250.74.106
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-28	1.3 kB	2.8 kB	142.250.74.3
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru	unknown	2018-12-01	2023-04-12	2023-05-28	20 kB	1.8 MB	185.178.208.182

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/avatars/s/0/1.jpg?1557311257
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2743.jpg?1684678106
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2744.jpg?1684678421
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2740.jpg?1684676990
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2742.jpg?1684677706
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2741.jpg?1684677402
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2739.jpg?1684677033
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/vendor-compiled.js?_v=1f1a9cd1
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/job.php
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/preamble-compiled.js?_v=1f1a9cd1
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.min.js?_v=1f1a9cd1
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/KST/TagsCloud/jquery.tagcanvas.min.js
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/core-compiled.js?_v=1f1a9cd1
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.1.0.js?_v=1f1a9cd1
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.wheel.js?_v=1f1a9cd1
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/styles/fonts/fa/fontawesome-webfont.woff2?v=4.7.0
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
2023-05-28	medium	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/notice.min.js?_v=1f1a9cd1

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/core-compiled.js?_v=1f1a9cd1	161 kB	2023-05-28	2023-05-28
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/core-compiled.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-28 20:06:23 Last Seen2023-05-28 20:06:23 Times Seen2 Hash 57626797b8d9eb21e7810a78139ff4e2 0d495db08b751aeaac4ac4a20b47a40a45b3e28b fb8c77746d32cf44ce0250a1d3aa06ab5b940d6e628c24e418b7a7be97247d18 Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/notice.min.js?_v=1f1a9cd1	4.4 kB	2023-05-28	2023-05-28
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/notice.min.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-28 20:06:23 Last Seen2023-05-28 20:06:23 Times Seen1 Hash d8106214678a80f4cd913936cf54a794 f409b6c10b381c26d345c68dc3bdb95ecaf1bc8b fc7d24535c9e6f7141141258a51db9dbb27373047d5e0d50a8a0cd31fa83022a Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.1.0.js?_v=1f1a9cd1	4.8 kB	2023-03-08	2023-10-26
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.1.0.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:46:07 Last Seen2023-10-26 09:03:59 Times Seen6 Hash dcbee2a39e3242a0e0e4d2e38bf7f9b5 9fafbf1cb605a84b72d5fef94e3647f63a21ba5a 4973c5e772fbb86045dab9a665dd42364952ea2c8c88149b95b79d02515b65de Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.min.js?_v=1f1a9cd1	20 kB	2023-05-06	2023-05-28
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.min.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 07:58:33 Last Seen2023-05-28 20:06:23 Times Seen4 Hash dd8df5511bff7defcdff651b2e203ff0 4d72d4fcabdcaf32e4cd538b950a5353e68cd13b 8d4060adb60e167a633f29938e483f058cc0e6703268c326e15da56763290ee6 Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/KST/TagsCloud/jquery.tagcanvas.min.js	39 kB	2023-05-28	2023-11-25
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/KST/TagsCloud/jquery.tagcanvas.min.js IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-28 20:06:23 Last Seen2023-11-25 22:54:01 Times Seen6 Hash 84cbcd985336fbe43b57dd3e5287ebc4 957f3403c77001e623693014527934686e109f90 7e4fbc7fb98398659240d76fc2bca8a25f22ba5f77f70511231dbc72e05b5026 Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/	1.3 kB	2023-05-28	2023-05-28
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/ IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-28 20:06:23 Last Seen2023-05-28 20:06:23 Times Seen1 Hash 3fbad42cde561963e4548fdd5f69f4ae 838cf5a187089500866edb2c9eaeff5f062bb7a7 fece6f2c9aa7b015d6f38455dbc7b3db72681d573d860b17d29c56b114847dcf Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/preamble-compiled.js?_v=1f1a9cd1	20 kB	2023-05-28	2023-11-25
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/preamble-compiled.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-28 20:06:23 Last Seen2023-11-25 22:54:00 Times Seen15 Hash bcd1ee37ff1198103eda1c8903f51cb3 b7f074a70ac89b0166fff7739314d1120c13a226 82ea3a5ace9b58f9e2f3fc59948b361fef6d2f8312900ddfe7f56d1176068e56 Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/jquery/jquery-3.2.1.min.js?_v=1f1a9cd1	87 kB	2023-03-07	2024-04-26
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/jquery/jquery-3.2.1.min.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 17:17:17 Times Seen62781 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/vendor-compiled.js?_v=1f1a9cd1	55 kB	2023-05-28	2023-10-20
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/vendor-compiled.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-28 20:06:23 Last Seen2023-10-20 22:33:33 Times Seen4 Hash 27ef442a089f04df5768059b9f3c2b1f ad7cd5fcb04d215014eb1e483618eb18bf42ca8a 79ca9185aba1ee0d948a12ac804747c987336525f527c1a4055dfd48e8a498a9 Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.wheel.js?_v=1f1a9cd1	3.6 kB	2023-05-06	2023-05-28
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.wheel.js?_v=1f1a9cd1 IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 07:58:33 Last Seen2023-05-28 20:06:23 Times Seen3 Hash e46d5bbd78a3e9970f10b7526297d0e2 402d81c5f9ef0433baddca73f90cba7275c2b763 e5d2051cdf8953360d54cf7601fda9df0061f76c07c7bd5e76cea7ee215473d2 Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/	4.6 kB	2023-05-28	2023-05-28
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/ IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-28 20:06:23 Last Seen2023-05-28 20:06:23 Times Seen1 Hash b3ab22f250145cf470c67c835daeef3e 7b0838964415d5533748317ae760af566188adc4 b4c7c20c965af58a78a005dded632564fd8ed0b45a97711532636e39c62c408b Loading...

	sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/	331 B	2023-05-28	2023-11-25
Pretty URL sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/ IP 185.178.208.182 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-28 20:06:23 Last Seen2023-11-25 22:54:00 Times Seen3 Hash 42916e98c557b70d3ac73ce6e96d947a 5e6cc6a6c5cbcce0907edaf9fc4f1c1ba2e46987 b959b2511899a5b1bfab9510306e21c7af409de575cfa9d3236bc28675d546f7 Loading...

HTTP Transactions (41)

URL IP Response Size

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4195d3f97e59fc4f34d523d0195d8d0b
244cd9dd441c530c8e03405819eb759e95f25cb0
1fc6101023c68883ddf2cb7eb133e96a3e3cf96d7657223e38621f9fc9a7653d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 18:06:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5eb2d0db01496946784367a1c6a22c28
2d0a58aa819ca13f208af62e0c21996bd123de9f
8c16e79ed32ccf5baf793a07ad6128fa85ea0f0877da7da7145ae6a33e811a1a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 18:06:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/avatars/s/0/1.jpg?1557311257

185.178.208.182

200 OK

1.5 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/avatars/s/0/1.jpg?1557311257
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 48x48, components 3\012- data
Size
1.5 kB (1487 bytes)
Hash
6ebc0068ae078c449bd7a9cb40e9e52a
ba1a92c23862456cc3d82143a1fb7af5ccb02063
11e04c8c69be0cfec0d0c1a817fbe99f6b3490caf5883556905a283748d6bda4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/avatars/s/0/1.jpg?1557311257 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: image/jpeg
content-length: 1487
last-modified: Wed, 08 May 2019 10:27:37 GMT
etag: "5cd2af19-5cf"
expires: Sun, 04 Jun 2023 18:06:03 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/css.php?css=public%3AFTSlider.less%2Cpublic%3Anode_list.less%2Cpublic%3Anotices.less%2Cpublic%3Areme_core.less%2Cpublic%3Axc_thread_icon.less%2Cpublic%3Aextra.less&s=3&l=2&d=1676916874&k=f3c18f8db0519f6480319d0e3f830866ee069ace

185.178.208.182

200 OK

4.5 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/css.php?css=public%3AFTSlider.less%2Cpublic%3Anode_list.less%2Cpublic%3Anotices.less%2Cpublic%3Areme_core.less%2Cpublic%3Axc_thread_icon.less%2Cpublic%3Aextra.less&s=3&l=2&d=1676916874&k=f3c18f8db0519f6480319d0e3f830866ee069ace
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (6283)
Size
4.5 kB (4548 bytes)
Hash
a5a98cfbb19004e8168d7ec00a623d74
c0f16cfe531497981f5825046617848608189e31
4950f24354ca1e38f5f181499e5e7f0a0c01f5625e7a5c579673ccf400da7f64

HTTP Headers

GET /css.php?css=public%3AFTSlider.less%2Cpublic%3Anode_list.less%2Cpublic%3Anotices.less%2Cpublic%3Areme_core.less%2Cpublic%3Axc_thread_icon.less%2Cpublic%3Aextra.less&s=3&l=2&d=1676916874&k=f3c18f8db0519f6480319d0e3f830866ee069ace HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: text/css; charset=utf-8
content-length: 4548
x-powered-by: PHP/7.1.33
x-frame-options: SAMEORIGIN
expires: Mon, 27 May 2024 18:06:03 GMT
last-modified: Mon, 20 Feb 2023 18:14:34 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000;
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/styles/nubia/xenforo/xenforo-logo.png

185.178.208.182

200 OK

16 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/styles/nubia/xenforo/xenforo-logo.png
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 2308 x 756, 8-bit colormap, non-interlaced\012- data
Size
16 kB (15792 bytes)
Hash
9da7e837381bf6e684f121e9bbf25c92
eec8045eea132a1a1c4071aba1b9f9aff1d175d2
82e92b9c60b120c1a88be99b31fe4f60f0200bd54f0ed1bd1044f46e3159bd8e

HTTP Headers

GET /styles/nubia/xenforo/xenforo-logo.png HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: image/png
content-length: 15792
last-modified: Sat, 26 Jan 2019 04:40:58 GMT
etag: "5c4be4da-3db0"
expires: Sun, 04 Jun 2023 18:06:03 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Afont_awesome.css&s=3&l=2&d=1676916874&k=d61898372e0f0542f737922448499bd02d593f4f

185.178.208.182

200 OK

46 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Afont_awesome.css&s=3&l=2&d=1676916874&k=d61898372e0f0542f737922448499bd02d593f4f
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (63362)
Size
46 kB (45591 bytes)
Hash
b3279d2f9f0c35208336e0b095938050
53339319778a938c3fc4ba4f4f3d2bd5aede78a7
374c5d5c53346e42179f5eb55cc1d8f3055c95e646b7b7a8819fece6beda1770

HTTP Headers

GET /css.php?css=public%3Anormalize.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Afont_awesome.css&s=3&l=2&d=1676916874&k=d61898372e0f0542f737922448499bd02d593f4f HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: text/css; charset=utf-8
content-length: 45591
x-powered-by: PHP/7.1.33
x-frame-options: SAMEORIGIN
expires: Mon, 27 May 2024 18:06:03 GMT
last-modified: Mon, 20 Feb 2023 18:14:34 GMT
cache-control: public
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000;
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2743.jpg?1684678106

185.178.208.182

200 OK

133 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2743.jpg?1684678106
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 396 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
133 kB (133300 bytes)
Hash
e5efbe8148a4ae50addc40580093d794
497ad686f697fd16df2cf14a7298aeff90d399f7
1c11ae478410fe2f7d6ed16b2bb5d69de91d36ffbfe1ef2b86939c22af086523

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/FTSlider/2743.jpg?1684678106 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: image/jpeg
content-length: 133300
last-modified: Sun, 21 May 2023 14:08:27 GMT
etag: "646a25db-208b4"
expires: Sun, 04 Jun 2023 18:06:03 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2744.jpg?1684678421

185.178.208.182

200 OK

178 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2744.jpg?1684678421
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 396 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
178 kB (178005 bytes)
Hash
c1aef1a34daaf05c4f9d4d5ccacf9cdb
9f80488f4a11febf8a1ef6dcd7fcba01e833fa57
36584c0b7b8b9c201cd186bc4c4959842d7a3d05fdbd4935a8c864767d93e14d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/FTSlider/2744.jpg?1684678421 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: image/jpeg
content-length: 178005
last-modified: Sun, 21 May 2023 14:13:41 GMT
etag: "646a2715-2b755"
expires: Sun, 04 Jun 2023 18:06:03 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2238.jpg?1684678086

185.178.208.182

200 OK

17 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2238.jpg?1684678086
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16565 bytes)
Hash
53a48b63f68a47fbe831497e5a379022
a1bd1dfcfc81d852f8d9212535886e816524a6f7
8b4ce9bcfebf5123dbe432458c99d4f6b345b304ea8e030e1c638515ef2fe37a

HTTP Headers

GET /data/resource_icons/2/2238.jpg?1684678086 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/jpeg
content-length: 16565
last-modified: Sun, 21 May 2023 14:08:06 GMT
etag: "646a25c6-40b5"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bb63f1caaf551e76a88f326c8db516ce
513533cccfb522767abf37082518f766adc3c070
cfe2e32528181d9ff75d3946d789811d6d2c71e153c39aa72c0a586b922ebeb7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 18:06:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Size
48 kB (48412 bytes)
Hash
31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 11:49:35 GMT
expires: Fri, 24 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 281789
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2236.jpg?1684677375

185.178.208.182

200 OK

19 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2236.jpg?1684677375
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (19317 bytes)
Hash
abc0ccc0fcd094eee1a0186c61ecbcfd
be6fda9e5dab2b4e1b253bcf74b1a0cfc0269443
b410adc232498c84eb00a825d5cb0e093ff26fc053a4c42ffbb6334b93f2d8ac

HTTP Headers

GET /data/resource_icons/2/2236.jpg?1684677375 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/jpeg
content-length: 19317
last-modified: Sun, 21 May 2023 13:56:15 GMT
etag: "646a22ff-4b75"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 18:06:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26616, version 1.0\012- data
Size
27 kB (26616 bytes)
Hash
a91884dde05099b030787565e5def49d
036a2f70043f893c5c2598380128d10a7b8d565d
600130a0fc244c82240330b3d0e4d9a592ca6523cf0509f16e3e1a3da0eebbab

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26616
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 May 2023 20:18:32 GMT
expires: Thu, 23 May 2024 20:18:32 GMT
cache-control: public, max-age=31536000
age: 337652
last-modified: Tue, 02 May 2023 15:07:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Size
48 kB (48412 bytes)
Hash
31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 11:49:35 GMT
expires: Fri, 24 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 281789
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26616, version 1.0\012- data
Size
27 kB (26616 bytes)
Hash
a91884dde05099b030787565e5def49d
036a2f70043f893c5c2598380128d10a7b8d565d
600130a0fc244c82240330b3d0e4d9a592ca6523cf0509f16e3e1a3da0eebbab

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26616
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 May 2023 20:18:32 GMT
expires: Thu, 23 May 2024 20:18:32 GMT
cache-control: public, max-age=31536000
age: 337652
last-modified: Tue, 02 May 2023 15:07:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Size
48 kB (48412 bytes)
Hash
31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 May 2023 11:49:35 GMT
expires: Fri, 24 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 281789
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26616, version 1.0\012- data
Size
27 kB (26616 bytes)
Hash
a91884dde05099b030787565e5def49d
036a2f70043f893c5c2598380128d10a7b8d565d
600130a0fc244c82240330b3d0e4d9a592ca6523cf0509f16e3e1a3da0eebbab

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26616
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 May 2023 20:18:32 GMT
expires: Thu, 23 May 2024 20:18:32 GMT
cache-control: public, max-age=31536000
age: 337652
last-modified: Tue, 02 May 2023 15:07:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2235.jpg?1684676768

185.178.208.182

200 OK

21 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2235.jpg?1684676768
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (21104 bytes)
Hash
b1fedfdbe2071c3e667dbaf2e09902f0
5946ae96a09827d1423953003222e319bce438de
9ab595c3afb7f5c590f888c3d5bb8cf5881a39844ec36d514826e2fbe6c515eb

HTTP Headers

GET /data/resource_icons/2/2235.jpg?1684676768 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/jpeg
content-length: 21104
last-modified: Sun, 21 May 2023 13:46:08 GMT
etag: "646a20a0-5270"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2740.jpg?1684676990

185.178.208.182

200 OK

193 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2740.jpg?1684676990
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 396 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
193 kB (192810 bytes)
Hash
c7b0312dbcc707d8265be3043bbd062b
8d0880ea9e3a8d2f3ea4d1a7746c69843d758410
35a860027a0fcbe0b983b18d2c22f29da07196627079bc9d52e4403f3c6b0558

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/FTSlider/2740.jpg?1684676990 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: image/jpeg
content-length: 192810
last-modified: Sun, 21 May 2023 13:49:51 GMT
etag: "646a217f-2f12a"
expires: Sun, 04 Jun 2023 18:06:03 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 3
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2742.jpg?1684677706

185.178.208.182

200 OK

185 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2742.jpg?1684677706
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 396 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
185 kB (184764 bytes)
Hash
136e95e8acb1b4ad2158f03667224bae
1629797172ec0697d9e8f2b4dd177eb18f191602
b09d6795b711163b702c96a1acd1c1c48b43715d2227bbc460ad17f05ce1e244

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/FTSlider/2742.jpg?1684677706 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/jpeg
content-length: 184764
last-modified: Sun, 21 May 2023 14:01:47 GMT
etag: "646a244b-2d1bc"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2741.jpg?1684677402

185.178.208.182

200 OK

161 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2741.jpg?1684677402
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 396 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
161 kB (161206 bytes)
Hash
b3299dfcc15c62a8180e5812064b54f6
fc4ffa110b1042012a8ea7622fbae82658b220ba
9b3cd0567bdc092e32d4ebe921c268df047b26fc794cc6351a7bcc9f7cbab310

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/FTSlider/2741.jpg?1684677402 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/jpeg
content-length: 161206
last-modified: Sun, 21 May 2023 13:56:42 GMT
etag: "646a231a-275b6"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

perevodclub.ru/styles/FTSlider/preload.gif

185.178.208.182

200 OK

2.5 kB

URL GET HTTP/2
perevodclub.ru/styles/FTSlider/preload.gif
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectperevodclub.ru
FingerprintBE:3A:08:32:1C:2D:DD:21:16:09:93:79:0E:2B:71:08:9B:6C:A3:88
ValiditySun, 23 Apr 2023 22:38:26 GMT - Sat, 22 Jul 2023 22:38:25 GMT

File type
GIF image data, version 89a, 24 x 24\012- data
Size
2.5 kB (2545 bytes)
Hash
894503d39a9de6f407f60d5b2edcd376
a7c2564e11efe7417c785f4b6e7b55b9b06b04ae
785aff58a2e88bb5d7cbc3808d8ad8ad9a46dd65b181886af7cc97882a16eecd

HTTP Headers

GET /styles/FTSlider/preload.gif HTTP/1.1
Host: perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Wed, 24 May 2023 14:24:44 GMT
content-type: image/gif
content-length: 2545
last-modified: Sun, 24 Mar 2019 15:25:58 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "5c97a186-9f1"
expires: Wed, 31 May 2023 00:09:03 GMT
age: 358880
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2237.jpg?1684677658

185.178.208.182

200 OK

22 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2237.jpg?1684677658
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (21895 bytes)
Hash
b3bd39addcda5867b99ff7df526d4be6
245e4490482ea80b38743c51ae6a5b0f168588ed
9bdbd43e8db00f20545a825372028b7e30b86899e24b15b8f5595dfbc78f3872

HTTP Headers

GET /data/resource_icons/2/2237.jpg?1684677658 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/jpeg
content-length: 21895
last-modified: Sun, 21 May 2023 14:00:58 GMT
etag: "646a241a-5587"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2739.jpg?1684677033

185.178.208.182

200 OK

132 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/FTSlider/2739.jpg?1684677033
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 396 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
132 kB (131852 bytes)
Hash
d6c333abf823ea6a603a63a08fca4ec7
c5330b071bce8178c87ee016c194c926a6d9e820
1e509ba22e743bb2035bcbfbef69956d64d28de6657047e87a9d6382ffeab823

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /data/FTSlider/2739.jpg?1684677033 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/jpeg
content-length: 131852
last-modified: Sun, 21 May 2023 13:50:33 GMT
etag: "646a21a9-2030c"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/styles/FTSlider/title.png

185.178.208.182

200 OK

945 B

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/styles/FTSlider/title.png
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
PNG image data, 4 x 6, 8-bit/color RGBA, non-interlaced\012- data
Size
945 B (945 bytes)
Hash
a83282c8550044ea15a99c1f94d84eb7
5fe2e8a6adb1f39132a05c8bedc016e1f61dafa1
5ddc5dd963fa8b74ecd7f9b94783881f55c5b7179f0621e026880ee7dc0df376

HTTP Headers

GET /styles/FTSlider/title.png HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/css.php?css=public%3AFTSlider.less%2Cpublic%3Anode_list.less%2Cpublic%3Anotices.less%2Cpublic%3Areme_core.less%2Cpublic%3Axc_thread_icon.less%2Cpublic%3Aextra.less&s=3&l=2&d=1676916874&k=f3c18f8db0519f6480319d0e3f830866ee069ace
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: image/png
content-length: 945
last-modified: Sun, 24 Mar 2019 15:25:58 GMT
etag: "5c97a186-3b1"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/jquery/jquery-3.2.1.min.js?_v=1f1a9cd1

185.178.208.182

200 OK

87 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/jquery/jquery-3.2.1.min.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /js/vendor/jquery/jquery-3.2.1.min.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 12 Dec 2018 09:20:22 GMT
etag: W/"5c10d2d6-15283"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/vendor-compiled.js?_v=1f1a9cd1

185.178.208.182

200 OK

55 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/vendor/vendor-compiled.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type

Size
55 kB (55414 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/vendor/vendor-compiled.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 12 Dec 2018 09:20:22 GMT
etag: W/"5c10d2d6-d876"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/favicon.ico

185.178.208.182

404 Not Found

153 B

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/favicon.ico
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
153 B (153 bytes)
Hash
bcc88bb66ed955242c6d722a4b02e287
11644d240504277e77c707d64d4a032e23a073c3
138fd31626cff5b1edbb92e9eebef1d61461100e57701d17915226fa133294a8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: ddos-guard
date: Sun, 28 May 2023 18:06:05 GMT
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/job.php

185.178.208.182

200 OK

14 B

URL POST HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/job.php
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
a07773d3ff34ad28195394cb2227c7d3
8f9d755b3c7e168e2b27c64497851869d04b41a6
80998abe1702f445d246267f0b5dc5061bc993ab54feb82d8518f67863d6560b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /job.php HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Origin: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:05 GMT
content-type: application/json; charset=UTF-8
x-powered-by: PHP/7.1.33
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Sun, 28 May 2023 18:06:05 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
strict-transport-security: max-age=31536000;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/preamble-compiled.js?_v=1f1a9cd1

185.178.208.182

200 OK

20 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/preamble-compiled.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type

Size
20 kB (19692 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/xf/preamble-compiled.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 12 Dec 2018 09:20:22 GMT
etag: W/"5c10d2d6-4cec"
expires: Sun, 04 Jun 2023 18:06:03 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.min.js?_v=1f1a9cd1

185.178.208.182

200 OK

20 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.min.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (20130), with no line terminators
Size
20 kB (20130 bytes)
Hash
dd8df5511bff7defcdff651b2e203ff0
4d72d4fcabdcaf32e4cd538b950a5353e68cd13b
8d4060adb60e167a633f29938e483f058cc0e6703268c326e15da56763290ee6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/FTSlider/jquery.fts.min.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sun, 24 Mar 2019 15:28:22 GMT
etag: W/"5c97a216-4ea2"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/KST/TagsCloud/jquery.tagcanvas.min.js

185.178.208.182

200 OK

39 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/KST/TagsCloud/jquery.tagcanvas.min.js
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (566)
Size
39 kB (39175 bytes)
Hash
84cbcd985336fbe43b57dd3e5287ebc4
957f3403c77001e623693014527934686e109f90
7e4fbc7fb98398659240d76fc2bca8a25f22ba5f77f70511231dbc72e05b5026

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/KST/TagsCloud/jquery.tagcanvas.min.js HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 12 Apr 2018 07:27:34 GMT
etag: W/"5acf0a66-9907"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/core-compiled.js?_v=1f1a9cd1

185.178.208.182

200 OK

161 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/core-compiled.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (578)
Size
161 kB (160952 bytes)
Hash
57626797b8d9eb21e7810a78139ff4e2
0d495db08b751aeaac4ac4a20b47a40a45b3e28b
fb8c77746d32cf44ce0250a1d3aa06ab5b940d6e628c24e418b7a7be97247d18

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/xf/core-compiled.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 12 Dec 2018 09:20:22 GMT
etag: W/"5c10d2d6-274b8"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 3
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.1.0.js?_v=1f1a9cd1

185.178.208.182

200 OK

4.8 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.1.0.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (5253), with no line terminators
Size
4.8 kB (4786 bytes)
Hash
d1c523cdbbc57550192ac34e904dedee
e9ae73f76ed1a8752cfaee6eafd94185c39c1181
b180800a7d69913f3c639f30dbd90c5a52cb25a5cef9e7fbc8947ac3c186eeee

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/FTSlider/jquery.fts.1.0.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sun, 24 Mar 2019 15:28:22 GMT
etag: W/"5c97a216-12b2"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.wheel.js?_v=1f1a9cd1

185.178.208.182

200 OK

3.6 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/FTSlider/jquery.fts.wheel.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (3798), with no line terminators
Size
3.6 kB (3580 bytes)
Hash
fcdd0088a170ce935131c2d07e75a4f6
5c4ed7058dd316b7aaec989d95fbdd7d0d62dd25
5d5d2ca76fd50dfae575cdfc3fe3d693cf86df7e563e6e671c1dd13edcc4f505

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/FTSlider/jquery.fts.wheel.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:04 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sun, 24 Mar 2019 15:28:22 GMT
etag: W/"5c97a216-dfc"
expires: Sun, 04 Jun 2023 18:06:04 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/styles/fonts/fa/fontawesome-webfont.woff2?v=4.7.0

185.178.208.182

200 OK

77 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/styles/fonts/fa/fontawesome-webfont.woff2?v=4.7.0
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /styles/fonts/fa/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:03 GMT
content-type: font/woff2
last-modified: Wed, 12 Dec 2018 09:20:22 GMT
etag: W/"5c10d2d6-12d68"
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400,600,700

142.250.74.106

200 OK

11 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:AC:74:E6:97:66:CD:D0:F1:EA:0D:01:37:89:65:2E:98:22:84:6C
ValidityMon, 08 May 2023 08:24:50 GMT - Mon, 31 Jul 2023 08:24:49 GMT

File type
ASCII text
Size
11 kB (11008 bytes)
Hash
e0e2280ca8a768a3f15e573a23c54cae
7f3068e8f9945f2623f9c8c9f2a159869f9fccfd
1ba6e02aa649aea52d79959ec42d68b9275396417950a5034ff5ea51b18fc2c8

HTTP Headers

GET /css?family=Open+Sans:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 28 May 2023 18:06:03 GMT
date: Sun, 28 May 2023 18:06:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/

185.178.208.182

200 OK

155 kB

URL User Request GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type

Size
155 kB (154850 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:02 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/7.1.33
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
content-encoding: gzip
vary: Accept-Encoding
set-cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; Domain=.perevodclub.ru; HttpOnly; Path=/; Expires=Mon, 27-May-2024 18:06:02 GMT
xf_csrf=dx2qdIu9aqVm-2fO; path=/; secure
xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo; path=/; secure; HttpOnly
strict-transport-security: max-age=31536000;
X-Firefox-Spdy: h2

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2239.jpg?1684678391

0.0.0.0

0 B

URL GET
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/data/resource_icons/2/2239.jpg?1684678391
IP
0.0.0.0:0
ASN
#0

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /data/resource_icons/2/2239.jpg?1684678391 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/notice.min.js?_v=1f1a9cd1

185.178.208.182

200 OK

4.4 kB

URL GET HTTP/2
sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/js/xf/notice.min.js?_v=1f1a9cd1
IP
185.178.208.182:443
ASN
#57724 Ddos-guard Ltd

Requested by
https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Certificate
IssuerLet's Encrypt
Subjectsberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
Fingerprint13:67:E0:EA:10:35:A3:CF:9A:5F:8E:A9:DB:84:2F:76:73:03:C1:38
ValidityWed, 12 Apr 2023 20:21:18 GMT - Tue, 11 Jul 2023 20:21:17 GMT

File type
ASCII text, with very long lines (4543), with no line terminators
Size
4.4 kB (4440 bytes)
Hash
16f229c07ac76072afdfb57e5ff65a01
726d655709fd5310aa1f211b5f68a6e8b8d9a5b7
8c2e4ad329d46032addc773c43ef22811bc2d1c0f36ad194f832f374afe6c9c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/xf/notice.min.js?_v=1f1a9cd1 HTTP/1.1
Host: sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sberbank.sber.sber.avito.sber.lanznwyziyid4yw.app.perevodclub.ru/
Cookie: __ddg1_=sv3DDjESXKRDA96cSP8j; xf_csrf=dx2qdIu9aqVm-2fO; xf_session=YyYylhnTPcsViT38oRUR2AikPcndi9Lo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 May 2023 18:06:05 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 12 Dec 2018 09:20:22 GMT
etag: W/"5c10d2d6-1158"
expires: Sun, 04 Jun 2023 18:06:05 GMT
cache-control: max-age=604800
strict-transport-security: max-age=31536000;
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML