| glovis.brightnexst.ru/pax6lf1/ |  104.21.41.104 | 200 OK | 777 kB |
URL User Request GET glovis.brightnexst.ru/pax6lf1/ IP104.21.41.104:443
CertificateIssuerGoogle Trust Services Subjectbrightnexst.ru Fingerprint58:7C:16:03:8B:9A:9A:91:1D:FF:48:45:A0:D4:F5:D1:93:96:6B:B0 ValidityMon, 10 Mar 2025 21:35:10 GMT - Sun, 08 Jun 2025 22:33:42 GMT
File typeHTML document, ASCII text, with very long lines (65360) Size777 kB (776987 bytes) Hasha52cfc33d6405953c210941169097d70 10b49375b6daaa4734e3f75d42093e0886caa4df 254cc0f1c48458d068c22c0f842b654c7d1a8887e5a00a282b28ce9e4dc56be2
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code | | urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /pax6lf1/ HTTP/1.1
Host: glovis.brightnexst.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 28 Mar 2025 02:03:45 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v4yANzfWzTOh%2FcBgKeXcG66K3r2SqzIjxb17i5HPo%2FAnre2qOv5fk8ZsTZvY5CPol3JE6n0GaPCJQe3eMe4b7ItMtoJrFfiyfpGX3KkRBF%2BoNrPsHePuwrXN1YAL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Ilg4NS9FNmpPS2wxT2ZQcmswWjR1M1E9PSIsInZhbHVlIjoiT2VSbTZSeHkyZmlaK016WVlBdWMvRGxTc0xoeDY0MTgvYjd4OGdGYXpiZFpxQklianV4MVlIRW82ZzFGSWoyVWhVaHdOaHRmUDNMWktIeHliWHFSM3ZyWlBKb1hwRFpFN0JXQ0VzbThlUkpwelhtTmcrcktRSFhVT2JjS3dUL2giLCJtYWMiOiI3MGRhMmVhMzM2MjA5YWQ5NzhhNTg5MjE3MTZhMTY1NTIyNTA2NzRmOGQ1NTdhMjIyN2U0MzQ1MjAzMmY0NjUxIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 04:03:44 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IitUVU12SEU0NXRNRWVxR1ltMFpQemc9PSIsInZhbHVlIjoiL01wMDRnZk1SQkh0bjlrMUg2R0pOd0VlT2xiWjR6VEx4b2FGdlB0WG9RdHBsR0pJRFBQOTBJUHFsZWJMMnl0NlFQd3dZUjd3dGRBTWRjMWhpTjJ6Mmt6M1dlVkJCUnYrQlppNXZEV2E4Wjh1MXVmV2JySldjdnJ5dDdWcVZmWnUiLCJtYWMiOiJkMDIwNTgyZTg3ZDM0ZmVjMjNjZGFjYTNlMTUyYjQ3NTI3YjYzZGU4NDkzNzg1M2JmMzMzOWE0OGYzNTE3OTcwIiwidGFnIjoiIn0%3D; expires=Fri, 28-Mar-2025 04:03:44 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 92738d852af2b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1352&rtt_var=615&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1407&delivery_rate=2061209&cwnd=251&unsent_bytes=0&cid=793f10c4bdc77897&ts=128&x=0", cfL4;desc="?proto=TCP&rtt=6436&min_rtt=483&rtt_var=11930&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3206&recv_bytes=1135&delivery_rate=7240000&cwnd=254&unsent_bytes=0&cid=c2d0cc0167dd8ee0&ts=225&x=0"
X-Firefox-Spdy: h2
|
| code.jquery.com/jquery-3.6.0.min.js |  151.101.194.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.194.137:443
Requested byhttps://glovis.brightnexst.ru/pax6lf1/ CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glovis.brightnexst.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 28 Mar 2025 02:03:45 GMT
age: 4369083
x-served-by: cache-lga21931-LGA, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1381219
x-timer: S1743127426.745183,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
| glovis.brightnexst.ru/favicon.ico | 104.21.41.104 | 404 Not Found | 0 B |
URL GET glovis.brightnexst.ru/favicon.ico IP104.21.41.104:443
Requested byhttps://glovis.brightnexst.ru/pax6lf1/ CertificateIssuerGoogle Trust Services Subjectbrightnexst.ru Fingerprint58:7C:16:03:8B:9A:9A:91:1D:FF:48:45:A0:D4:F5:D1:93:96:6B:B0 ValidityMon, 10 Mar 2025 21:35:10 GMT - Sun, 08 Jun 2025 22:33:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /favicon.ico HTTP/1.1
Host: glovis.brightnexst.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glovis.brightnexst.ru/pax6lf1/
Cookie: XSRF-TOKEN=eyJpdiI6Ilg4NS9FNmpPS2wxT2ZQcmswWjR1M1E9PSIsInZhbHVlIjoiT2VSbTZSeHkyZmlaK016WVlBdWMvRGxTc0xoeDY0MTgvYjd4OGdGYXpiZFpxQklianV4MVlIRW82ZzFGSWoyVWhVaHdOaHRmUDNMWktIeHliWHFSM3ZyWlBKb1hwRFpFN0JXQ0VzbThlUkpwelhtTmcrcktRSFhVT2JjS3dUL2giLCJtYWMiOiI3MGRhMmVhMzM2MjA5YWQ5NzhhNTg5MjE3MTZhMTY1NTIyNTA2NzRmOGQ1NTdhMjIyN2U0MzQ1MjAzMmY0NjUxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitUVU12SEU0NXRNRWVxR1ltMFpQemc9PSIsInZhbHVlIjoiL01wMDRnZk1SQkh0bjlrMUg2R0pOd0VlT2xiWjR6VEx4b2FGdlB0WG9RdHBsR0pJRFBQOTBJUHFsZWJMMnl0NlFQd3dZUjd3dGRBTWRjMWhpTjJ6Mmt6M1dlVkJCUnYrQlppNXZEV2E4Wjh1MXVmV2JySldjdnJ5dDdWcVZmWnUiLCJtYWMiOiJkMDIwNTgyZTg3ZDM0ZmVjMjNjZGFjYTNlMTUyYjQ3NTI3YjYzZGU4NDkzNzg1M2JmMzMzOWE0OGYzNTE3OTcwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Fri, 28 Mar 2025 02:03:46 GMT
content-type: text/html; charset=UTF-8
cf-ray: 92738d8c4d5156ca-OSL
server: cloudflare
cf-cache-status: MISS
age: 6
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Swby0yPZQuu%2Fb0MrlR2sdHJXWILpBLN9Y0FKvd7sDLVyTXUj%2BsnzrPATC6EEsmufNco4EFV%2FPNEYRF031i9GNnq4n%2F46VLBPdqcDYCoWyuUPj7%2FSlUvijteOIpI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=1180&min_rtt=1107&rtt_var=561&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2113&delivery_rate=1711583&cwnd=251&unsent_bytes=0&cid=fc4a3c53d63ec1ca&ts=23&x=0"
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
|