{"report_id":"eae0063c-de7f-4599-a001-b1c4c8a4ef10","version":6,"status":"done","tags":["phishing","microsoft","outlook"],"date":"2023-11-29T15:11:57Z","url":{"schema":"http","addr":"bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b,8d23fb3,492093b\u0026p1=//catalyst-builders.com//SHFSHFBS6FSYFBE783RERER7B/GFV34UBSFYG7ERYUFYHBFHD/HDH434HU/wpfile/7959/Mduffy/bWR1ZmZ5QG1wLmJhbms=","fqdn":"bmwag-rt-prod2-t.campaign.adobe.com","domain":"adobe.com","tld":"com"},"ip":{"addr":"52.49.81.35","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"final":{"url":{"schema":"https","addr":"ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank","fqdn":"ca99noif99yutq4.hkhhrjwvhb.ru","domain":"hkhhrjwvhb.ru","tld":"ru"},"title":"ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T10:04:54Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"bmwag-rt-prod2-t.campaign.adobe.com","ip":{"addr":"63.35.80.202","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"1986-11-17","domain_rank":0,"first_seen":"2020-10-06 11:33:48","last_seen":"2023-11-28 05:10:30","alert_count":0,"request_count":1,"received_data":998,"sent_data":659,"comment":"","tags":null,"fingerprints":null},{"fqdn":"catalyst-builders.com","ip":{"addr":"64.6.254.94","port":0,"asn":11989,"as":"WEBINT","country":"United States","country_code":"US"},"domain_registered":"2014-04-12","domain_rank":0,"first_seen":"2016-07-28 12:12:32","last_seen":"2023-11-28 19:23:03","alert_count":1,"request_count":1,"received_data":346,"sent_data":587,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":439,"first_seen":"2012-09-30 02:15:09","last_seen":"2023-11-29 05:10:22","alert_count":0,"request_count":1,"received_data":26134,"sent_data":477,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ca99noif99yutq4.hkhhrjwvhb.ru","ip":{"addr":"172.67.163.110","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2023-11-01","domain_rank":0,"first_seen":"2023-11-09 01:17:02","last_seen":"2023-11-28 19:36:33","alert_count":2,"request_count":3,"received_data":24268,"sent_data":1523,"comment":"","tags":null,"fingerprints":null},{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":0,"first_seen":"2021-10-20 07:02:03","last_seen":"2023-11-29 08:11:22","alert_count":0,"request_count":9,"received_data":458697,"sent_data":5686,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9d70a26d0d606743bbef9fd7cf8a357c","sha1":"d474df7e924855215a31cc465d748de6de0d6bb2","sha256":"537b4829557d0baa82a8498696dd679e66eae81443c1841862211768e92b46ec","sha512":"20b06a75ff43330619d43b40d6b0269e1a43c84e6d7358ef25074a48380c283aecddc2d84032695549d54a4efff9ba9d5a11e55faad68a996abfb7d3a97495f0","ssdeep":"","tlshash":"02f0496eb0192472a0382e223717b3cabb2bb15463b33493b22d4554f011ceb82a7e84","size":651,"data":"","first_seen":"2024-08-20T17:27:27.884609Z","last_seen":"2024-08-20T17:27:27.884609Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"1c862db5f2555377c2dc1e62ed7b3981","sha1":"c29e6dc25c08a70995127ec13ded6f80d9a36174","sha256":"27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac","sha512":"31143265b96385ef4b575b72591775139057dff85891be61591e3d55259b6d1dc95d86a0feec40c801d38e64278cfbe50c3c2a16757f986ad40f716935bf2bb2","ssdeep":"","tlshash":"0c8000ac38802000803328e8002fa8aaa020083030800e022a02e8888cb222c822a8ae","size":26,"data":"","first_seen":"2023-04-11T21:13:06Z","last_seen":"2026-04-04T00:32:36.367731Z","times_seen":264189,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6142a5f5c66e2c1be52ee9506a565962","sha1":"c3b39e8352efd1e0619b6dd62af8b2a917622868","sha256":"51cd12da61a7401c73472b2ac77067adfa30e9fc0545b4b7c240e9154e011fc7","sha512":"3de194e4c8f32703cfee9e2a48230d21301e28a39beefb36dcb2b8df26b962b3a508e7fd8fe55aca2f619293e293cdf64459bf5d91526cbceda770396765d5e2","ssdeep":"768:3YpyCIUTKuBT1ytljuXeMDKLFn76p+B5nLZ73akHgMO4B4oq0HVi:30nKuBT1Yj7MDCKp","tlshash":"9ff229993187343187ee41e0207b67877339ba3ae58cc840d85bc97539bcd8ad137ba9","size":34254,"data":"","first_seen":"2023-11-07T13:44:12Z","last_seen":"2023-11-30T20:53:42Z","times_seen":32842,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"javascriptURL","is_inline":false,"md5":"69165ebff8690c39998558705627e927","sha1":"b86888593992fa44c3d1fe1c665367cb214e5416","sha256":"0de7a49f6d21fbef846aba4bd271502d7ec9489bfbb3fd96f5ff7cf19140875e","sha512":"5ba1e5e8c8d56c3f9e73156c711a2a9e69dc86f53f47ce07bd59f79e9f8190e0a63a46c05270582b3afdc144f98d15622a902864c5635409e682c317640a2371","ssdeep":"","tlshash":"0750000030c00000003000000c33c030000000000000000000003c003000f00000c030","size":8,"data":"","first_seen":"2023-04-10T23:38:56Z","last_seen":"2026-04-03T23:38:25.549189Z","times_seen":13732,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"63af85111ab805c044f58e38ca2b5d3b","sha1":"0ce447e37f21c5e67655949269e1d5a1ffd0aeb9","sha256":"c63b37801c5e84ea4688fb5781f34caa0791a4816a36ced5dbef9013d92a2719","sha512":"801a724525c522a5b3b02130041be592c174f764c7be81b9ea4957a8b9117aae9c1bc1b2b22b10b2b31479584d62c05de87500f0f81a0e867e87be82ff3f224a","ssdeep":"","tlshash":"aee07d1b3db353b16b43fd29917bdd0fcb73449d7603e02b0c84548ea67805961134e4","size":318,"data":"","first_seen":"2024-08-20T17:27:27.886588Z","last_seen":"2024-08-20T17:27:27.886588Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cb8d7beda458f0159065395cd4b818ed","sha1":"30054a66fac2e40318950f6f201bcb6b2d5289d0","sha256":"80bbdf5b0a812643f9b53c9858c36d50e93eba64cba08c220b6238692128c8c8","sha512":"23994880d0e88edcc6ca2700e829f44778809c83d87e61248408455bcf95282404aa98cc837aed384df81e42be0e9fa6804d13168872d7fa7d53e4e1d487e0cb","ssdeep":"","tlshash":"b96107f08af50209956a7752174f2300397222af4c48b1793d8cda4e9f2d4af11b2bfc","size":3460,"data":"","first_seen":"2024-08-20T17:27:27.88735Z","last_seen":"2024-08-20T17:27:27.88735Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUoZGVjb2RlVVJJQ29tcG9uZW50KGVzY2FwZShhdG9iKGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIlF0dmxlZ1RZb0hkR0tNbiIpLmdldEF0dHJpYnV0ZSgiaUVzS1hvekdFcEZ6VUVuIikpKSkpO3BYd216a3JGYnV6UkRHanhOcUhKPSJKUmtIclByR3ZUdnh4RmciOw==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"1fa48e48fef0251056fe56bb9dd5cb21","sha1":"190da336c96e305daba07ea9f5ef2b8b19061b00","sha256":"b297debb2cfba7de2bc3baa1aeaef6b4e6a17092f49104dc86e4e3193ed86f05","sha512":"6de2fe5a1a3beb886ceaaddb533052bc183d4e007bfdfd0ebb5279befa1afeaa25d4c603d98762173f7ce88dd32fdb275f4bb316bfa24d95d1b935d2b9c1b2e2","ssdeep":"","tlshash":"8bc08037420576fd5d2e3319d35477d158d8572cdc497c511c0d0c0453cc86255404d0","size":163,"data":"","first_seen":"2024-08-20T17:27:27.888171Z","last_seen":"2024-08-20T17:27:27.888171Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=82dbc8fd78da56a5","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5536dcd404ecd8c5e82c9c5a56f5781b","sha1":"257072205403627a080da3213ed68519fb6689b5","sha256":"2d42a4458c780dedb4a373663c612fe292553c658812508584c3f9f96bcdd4e8","sha512":"a699316bff5d4d314563973417d0646e2c4b3e40292bc321e238154e3476a392d6caed65db6205b450405913f8224d25daf5683696205e4ab1fcd01b0c35eb9e","ssdeep":"1536:Y1zyZLlkbLaTGLh2XNNDc/kyl6tzeayLoQ69pl6bltbM571fHlwdvVBNYQD:p026Lh2XNikyl6tzdzQiD6bl25tlGpD","tlshash":"fc0474cc7b81ac9545337d7870273216b09f3e456c7c19d9ea00b1d42afa35a82d7aee","size":179611,"data":"","first_seen":"2023-11-29T15:50:51Z","last_seen":"2023-11-29T16:40:21Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":[{"md5":"0fb4f922c050a2687bf0047ef322ad03","sha1":"2cba1d0d1924dfc5db8a869237cbe31f64654088","sha256":"394b9b7cc128901117e30c4a9b50ad3bb9d1b2c15bd377c58b275649eee96b74","sha512":"3d37ef1e7be1cdcdcab6ace7cfb6669fdb6ea893675a1903cf751633e405ac330cdf65f26c9bfcc8519347103d1bba68e1ac63e8ae958c35c3cdc7dbf484a1c0","ssdeep":"","tlshash":"21f00d8ec08333847f9a3bdd31097d980a5d1bc35558dd1c750464f01fd5762208e501","size":640,"data":"","first_seen":"2024-08-20T17:27:27.888907Z","last_seen":"2024-08-20T17:27:27.888907Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T00:31:23.380315Z","times_seen":665367,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5253435fb4d76f7a2bf16c11d8105f64","sha1":"3d81122ef8fc1c6b4ac50740277831730e3a358c","sha256":"47ec3c190b42624a908a93a2de7877e310996b1cc79dd9c25cd7a01011746f7a","sha512":"d4c3083db997fc291f92d936f233cfb12b6a9249d1895ed570fa3c6b4784f4c66dc44be72de00cd712af5a05505e19a749d93274038e56e40a4f7b1258f2b99e","ssdeep":"","tlshash":"5b11e2ddaf7560b5937124ef9aaf11079153fe48a4059c0a473081c53f62ad1558bf78","size":1037,"data":"","first_seen":"2024-08-20T17:27:24.188512Z","last_seen":"2024-08-20T17:27:27.89027Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"write":[{"md5":"a5bc16ede13539bfd1c98a4f62eec4cf","sha1":"3c7e7e5660501e05f85afde3f5877b39eacfdb63","sha256":"b42d5f76d7a9ba3630203ace0fb21ebfbae5c556cc99869f8fc8841bf0ef0f92","sha512":"ea6bf8a4206851e522043cdcc81555a37e3634c896146340fbeb75f3c3cede4b46b06623cce6e79545a88e529b38f24c27e22905456a43831ef48da333578557","ssdeep":"","tlshash":"3171aba1d4f63a3318b3d9c22196632777b261a6c642a3c1d7ed2267dad8c527203f46","size":3692,"data":"","first_seen":"2024-08-20T17:27:27.890863Z","last_seen":"2024-08-20T17:27:27.890863Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a27c88365ce7cd8f68390c4c024e29e1","sha1":"1d15a8d192608f93096ef8d9aa623c360dbb7351","sha256":"0ca2b3df8f04565300bafcd6c929a1d310d2a761ff9f8dda200f3f6cffab50ce","sha512":"1ce1d149845e13e3f312f848dcbd973d241a0815da5aa7202a2db68160a84a21e9585bc115a3020ffc995139a8a25f44c0f28f51e5f9a9099753708e937d6584","ssdeep":"","tlshash":"e671c264acf3509185cbd30cbbe0ed861be0b1a3919a5656bb4c874ec7857ec8957f02","size":3574,"data":"","first_seen":"2023-11-07T13:07:13Z","last_seen":"2024-08-20T20:33:21.268002Z","times_seen":72071,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b,8d23fb3,492093b\u0026p1=//catalyst-builders.com//SHFSHFBS6FSYFBE783RERER7B/GFV34UBSFYG7ERYUFYHBFHD/HDH434HU/wpfile/7959/Mduffy/bWR1ZmZ5QG1wLmJhbms=","fqdn":"bmwag-rt-prod2-t.campaign.adobe.com","domain":"adobe.com","tld":"com"},"ip":{"addr":"63.35.80.202","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-29T15:11:43.790919036Z","timestamp":1701270703790,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /r/?id=h2ccc12b,8d23fb3,492093b\u0026p1=//catalyst-builders.com//SHFSHFBS6FSYFBE783RERER7B/GFV34UBSFYG7ERYUFYHBFHD/HDH434HU/wpfile/7959/Mduffy/bWR1ZmZ5QG1wLmJhbms= HTTP/1.1\r\nHost: bmwag-rt-prod2-t.campaign.adobe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Wed, 29 Nov 2023 15:11:39 GMT\r\nLocation: https:////catalyst-builders.com//SHFSHFBS6FSYFBE783RERER7B/GFV34UBSFYG7ERYUFYHBFHD/HDH434HU/wpfile/7959/Mduffy/bWR1ZmZ5QG1wLmJhbms=\r\nP3P: CP=\"CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV\"\r\nPermissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()\r\nReferrer-Policy: strict-origin\r\nServer: Apache\r\nSet-Cookie: AMCV_B52D1CFE5330949C0A490D45%40AdobeOrg=MCMID%7C48920306971846901751998397550607990783; Domain=adobe.com; Path=/; Expires=Mon, 23-Dec-2024 15:11:39 GMT\nnlid=2ccc12b|8d23fb3; Domain=adobe.com; Path=/\nnllastdelid=8d23fb3; Domain=adobe.com; Path=/; Expires=Mon, 23-Dec-2024 15:11:39 GMT\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains;\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Robots-Tag: noindex\r\nContent-Length: 17\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":17,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"edf537e37d4549950774190c58f93b76","sha1":"4e2078632eccec8993f151be9338bbcb88ce6f58","sha256":"afff9c63cfeacd26e5d4000edf576f1386d6729dca783eb45004f484a73a3514","sha512":"086b7b7a07f837f40038d0ba0724240ee66c0319524baaa9cde4405db6712a0a129ab3f40ad4886fdb77cad78503697af8945b82dbeebdc13ff71a7c3ac5361b","ssdeep":"","tlshash":"786000020000082020832802280008020000008808b0020800282b2002882223000202","first_seen":"2023-04-11T15:33:14Z","last_seen":"2025-02-27T15:25:40.670806Z","times_seen":16650,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"catalyst-builders.com//SHFSHFBS6FSYFBE783RERER7B/GFV34UBSFYG7ERYUFYHBFHD/HDH434HU/wpfile/7959/Mduffy/bWR1ZmZ5QG1wLmJhbms=","fqdn":"catalyst-builders.com","domain":"catalyst-builders.com","tld":"com"},"ip":{"addr":"64.6.254.94","port":0,"asn":11989,"as":"WEBINT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-29T15:11:44.169485192Z","timestamp":1701270704169,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET //SHFSHFBS6FSYFBE783RERER7B/GFV34UBSFYG7ERYUFYHBFHD/HDH434HU/wpfile/7959/Mduffy/bWR1ZmZ5QG1wLmJhbms= HTTP/1.1\r\nHost: catalyst-builders.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 29 Nov 2023 15:13:06 GMT\r\nServer: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4\r\nX-Powered-By: PHP/7.4.27\r\nrefresh: 0;url=https://ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank\r\nKeep-Alive: timeout=30, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"cdn.jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank","date":"2023-11-29T15:11:50.901Z","timestamp":1701270710901,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2023 Q3","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 27 Sep 2023 18:13:13 GMT","end":"Mon, 28 Oct 2024 18:13:12 GMT"},"fingerprint":{"sha1":"05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09","sha256":"0F:90:CD:B5:CD:3B:AE:F1:BB:01:3A:4D:6D:2E:A6:BA:98:C6:1B:1B:75:BE:DD:CB:39:33:E8:D1:21:F1:9F:EF"}}},"request":{"raw":"GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ca99noif99yutq4.hkhhrjwvhb.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.0.2\r\nx-jsd-version-type: version\r\netag: W/\"260c5-fByeBXPlzqi603M74vxjqoxo6o0\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\nage: 14793948\r\nx-served-by: cache-fra-eddf8230097-FRA, cache-bma1661-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 25360\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25360,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65306)","md5":"abe91756d18b7cd60871a2f47c1e8192","sha1":"7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d","sha256":"7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b","sha512":"bac54101debafcda5535f0607b5f60c2cda3e896629e771ad76ac07b697e77e4242d4f5f886d363b55fc43a85ea48a6bfc460a66f2b1fc8f56b27ba326e3a604","ssdeep":"1536:d0bwW83RipVVsEBpy0cuJcf22RWb5CyVUpz600I4fM:d0bwlyVUpz600I4fM","tlshash":"09e3a3d7f581241dd4a7c259a0d1bffd052f4586e3025babb0277bb88b8a6c70963e4c","first_seen":"2023-04-05T03:16:49Z","last_seen":"2026-04-03T22:25:14.885702Z","times_seen":94470,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":38,"dns":11,"connect":8,"send":0,"wait":8,"receive":2,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/","fqdn":"ca99noif99yutq4.hkhhrjwvhb.ru","domain":"hkhhrjwvhb.ru","tld":"ru"},"ip":{"addr":"172.67.163.110","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-29T15:11:51.031752107Z","timestamp":1701270711031,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /ou0cv/ HTTP/1.1\r\nHost: ca99noif99yutq4.hkhhrjwvhb.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\nset-cookie: PHPSESSID=qdqfqsfa12qrppat5gg7jqhqic; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=rYkKsfZO%2FWyx5NtYnzsdffhtUWuDTzrEbE2eOHtp2mViAJPg4AmDXOkBH5bcP6u%2FkorvAHq9mLgVYiE10Uz%2FU1Y%2FNHPy0EX2FZGeUUlaZJ2VUQ0J3ch6pOUYj8q3O%2FOBCMST2ZB6aeV%2FuYGARCkRCQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 82dbc8f36d5f56c0-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":15509,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with very long lines (5233), with no line terminators","md5":"45a5379132c82c7418da3c86ac68a42e","sha1":"34a34d2350ac250d6b2f0d424fdf20828df17561","sha256":"552157441d921b1a27ba6f9ad6929310d50b1b1f5c7cf906116310428f984e75","sha512":"7575203efbdfa0478b16ebfcb4ecaa7a5a03a8081d6588b893a0373007fef198e9f41c431c34a05460c2daf9a60838e4cec4c742c01f4db4d06ca480f29b4c1a","ssdeep":"96:7AR78SwvrRu0bId1Id0JPUCxNHxyYkJTNQ+AVUAYweaGoVgRDJuuz0qIyvMkD:7ASDTRNId1Id0lUCvYYkJTNQjUAYweRv","tlshash":"83b1a4b18f2507bdef59ab4ebb1124fb6964fee90c01a83994744e09d53e1309a4d74c","first_seen":"2023-11-29T16:11:58Z","last_seen":"2023-11-29T16:11:58Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/82dbc8fd78da56a5/1701270707091/7WEP4wDJ3cof5zO","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","date":"2023-11-29T15:11:52.466Z","timestamp":1701270712466,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/i/82dbc8fd78da56a5/1701270707091/7WEP4wDJ3cof5zO HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:48 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\ncf-ray: 82dbc9066b2c56a5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":61,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 23 x 50, 8-bit/color RGB, non-interlaced\\012- data","md5":"5e3be95febf1739149a2fe47203634b8","sha1":"68dde899928c4c0ea7b88156f78913d9505b7448","sha256":"f3322f67b57fd7423a46e66fd2e9c1e2a68c92331c37f49e05762fc50a1ab771","sha512":"05947da0a8b9636fe1ab2738375007da5865784b0bbbf2d8b0d19a227c376dbe4259dcdf35cc5b757e87ce12dd121b7ea07e08a108b09e2f464619c6c9dd4948","ssdeep":"","tlshash":"baa002df7391ac38d9464277b6360191f972052802110105ca45d8292b263ad82c4a46","first_seen":"2023-05-05T01:05:38Z","last_seen":"2025-04-30T05:19:18.938065Z","times_seen":80,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/211521666:1701267981:6n0SrvsumMKMby3bROWHziRNE_tHQmiB2lh836mjs1o/82dbc8fd78da56a5/147144915ef7566","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","date":"2023-11-29T15:11:52.922Z","timestamp":1701270712922,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/flow/ov1/211521666:1701267981:6n0SrvsumMKMby3bROWHziRNE_tHQmiB2lh836mjs1o/82dbc8fd78da56a5/147144915ef7566 HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal\r\nContent-type: application/x-www-form-urlencoded\r\nCF-Challenge: 147144915ef7566\r\nContent-Length: 25990\r\nOrigin: https://challenges.cloudflare.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:48 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\ncf-chl-gen: UWpq8FP3/ULEDC9nwq3Z8Moio75I7udOHmeH7RPQEGL63gA27Vwa3q/50Zuu9lQd$3avES4K9csnrVJIuUeoTYw==\r\nserver: cloudflare\r\ncf-ray: 82dbc9093e7a56a5-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17784,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (17784), with no line terminators","md5":"0c37334814b6144f9b4c168cb4b23734","sha1":"e9ebbd423062d9d9eae9e95d68a0b361277f6abc","sha256":"f4914a60601ccc88b2ef3d4e367a0eb3cf5eb2b6c9d3d4a18c24d6bd1955214f","sha512":"f0ecac986e979af3f6671b0a482d0ddf9302bd4c7c266360c1c0023cafbb004346921c4f5b9f73b2b54b6a85a219e4be0cc06f2c176e3cd286de52b3737161ce","ssdeep":"384:/x1wFhOYWEAHHTpv7JePb2ptr4HROi9CyTGNXUmz3jbx8D1:/fwFhDATxHn4RC0m7j1g1","tlshash":"4a82d0e31bd5767b061ef1d4d7f280ec5958cf4ae46db83208d03246cd6a46a402bf79","first_seen":"2023-11-29T16:11:58Z","last_seen":"2023-11-29T16:11:58Z","times_seen":1,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/211521666:1701267981:6n0SrvsumMKMby3bROWHziRNE_tHQmiB2lh836mjs1o/82dbc8fd78da56a5/147144915ef7566","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","date":"2023-11-29T15:11:51.321Z","timestamp":1701270711321,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/flow/ov1/211521666:1701267981:6n0SrvsumMKMby3bROWHziRNE_tHQmiB2lh836mjs1o/82dbc8fd78da56a5/147144915ef7566 HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal\r\nContent-type: application/x-www-form-urlencoded\r\nCF-Challenge: 147144915ef7566\r\nContent-Length: 2895\r\nOrigin: https://challenges.cloudflare.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:47 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\ncf-chl-gen: woTBahJo/wFsCmpyUT0yPSSQrKKfATyWRz6W2KBVKdoJ5E6iC13duVYWdbuChxDxYUJ5Kbx0R1u6ClcytLMFplaQB8+94NwG7YvJUQVVQznOpx8yBZBJL+k8f+JWWrjtBgJ+PT+vYPZtmiZs/VTbf41i4jyt5X2mkdO4/p9VbsDSq4qFgJ7uPaF8pwoDjYWAa9EfQjBHO1E/ZeIqvStB8797sSWAp8NCe7RV7xVyRMCEdRtEEaumOK060Lcku3Cj9xJBWxuDJdq/IM1BHd6AmbvfKAhL6DSt0mW/Ai/MY9nKKUgyFnai+Ue4qTS8e/aci3lgi3bhYMqBLJpLVa7vnqk6EwHwpnXmcwDsHSf49cAPdGeECoiJraIi/+WL/I2cok660UfUXmV0zbHYBIpDsZGSur6bo0rhBQ8c05Ku6QLfHJagRnBfA9Xmeoa+pnl0AtXXbj7GggmNieIk4YIm4b0rQP2Na2YMfpm5xboqtD8=$JaRDD74arzeLfPf649Y2EQ==\r\nserver: cloudflare\r\ncf-ray: 82dbc8ff3aa356a5-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":114720,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7137e8d2a1f5b819ce535ce86ea402f4","sha1":"c53712165a60f8680bb1dcd34e7f23a4cf5dfc74","sha256":"73a97c76e82d488e570179196f6e644884f2bb07d6da89bd0a1b7b0ba9de4c5f","sha512":"c243a40be1b3c561e89ef9599d89c726f40420cc5c96ac2ad4163296ed07618b69dc7b225b661729d63faba3cf45ce1760ab86d652394e9bcbe428312ac6c5c1","ssdeep":"3072:45mfvG8FzPdP1FU8URtyiY9fO6GG8eH/upqOw/:45mmkPdP1FMyR9GDDpqZ","tlshash":"bcb3123af02a1939cf4189ae5e7dba6b11848f69181a70a46bc415efd0dfd482cfe548","first_seen":"2023-11-29T16:11:58Z","last_seen":"2023-11-29T16:11:58Z","times_seen":1,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ca99noif99yutq4.hkhhrjwvhb.ru/favicon.ico","fqdn":"ca99noif99yutq4.hkhhrjwvhb.ru","domain":"hkhhrjwvhb.ru","tld":"ru"},"ip":{"addr":"172.67.163.110","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank","date":"2023-11-29T15:11:51.024Z","timestamp":1701270711024,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hkhhrjwvhb.ru","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Nov 2023 21:04:59 GMT","end":"Tue, 30 Jan 2024 21:04:58 GMT"},"fingerprint":{"sha1":"92:B6:16:E9:7F:60:57:1A:6C:84:9A:F4:C4:B5:37:75:E3:3A:34:17","sha256":"D1:F0:36:13:12:94:BD:F8:7B:DA:2B:52:31:A4:9A:85:15:6C:6D:76:1A:8E:D1:4C:AF:AC:20:B5:CE:BC:66:AC"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ca99noif99yutq4.hkhhrjwvhb.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/\r\nCookie: PHPSESSID=qdqfqsfa12qrppat5gg7jqhqic\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\nvary: Accept-Encoding\r\ncf-cache-status: BYPASS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Wg%2BbZEncpr%2BFpi%2BuGAMh2IZDkGROnHAgkUcyoIGEUR%2FjwqTPesj0S5azCondIVZHMAa7hLqpPU2yAJ4n5q%2BwjcK%2BfGRKecmccCHTmzf7MfcgwocNylqJ%2B9GHWwxy8f9rUR20McAU%2B5ssgXtCQMyagw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 82dbc8fd6c50712b-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1236,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators","md5":"8c16945397b2ea2fa974494c910f6d08","sha1":"87289c714f1955cc0a4b8d0f5319bf0dcf771141","sha256":"16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6","sha512":"c57c43f89f7120d957597532db1634c5085a982de4cf3a1e4251a6593af28262362cbb1163a81e47c2a46c0cada341839ac2824e25b94dfbc8c2c116b84f9f90","ssdeep":"","tlshash":"c621423ec1c1920a94171198f7d1b278265ac341db930fb4364d7068f6cd0ee56a3fc4","first_seen":"2023-04-05T04:31:49Z","last_seen":"2025-03-27T15:32:37.859784Z","times_seen":16264,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=82dbc8fd78da56a5","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","date":"2023-11-29T15:11:51.114Z","timestamp":1701270711114,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=82dbc8fd78da56a5 HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nserver: cloudflare\r\ncf-ray: 82dbc8fdf94856a5-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":179611,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5536dcd404ecd8c5e82c9c5a56f5781b","sha1":"257072205403627a080da3213ed68519fb6689b5","sha256":"2d42a4458c780dedb4a373663c612fe292553c658812508584c3f9f96bcdd4e8","sha512":"a699316bff5d4d314563973417d0646e2c4b3e40292bc321e238154e3476a392d6caed65db6205b450405913f8224d25daf5683696205e4ab1fcd01b0c35eb9e","ssdeep":"1536:Y1zyZLlkbLaTGLh2XNNDc/kyl6tzeayLoQ69pl6bltbM571fHlwdvVBNYQD:p026Lh2XNikyl6tzdzQiD6bl25tlGpD","tlshash":"fc0474cc7b81ac9545337d7870273216b09f3e456c7c19d9ea00b1d42afa35a82d7aee","first_seen":"2023-11-29T15:50:51Z","last_seen":"2023-11-29T16:40:21Z","times_seen":5,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/82dbc8fd78da56a5/1701270707094/b2aaa08d98cdb048c695672bd7ce42ba05859624702cbd4b2f3bb850bf80f735/B0rn0n0v4B4v6YZ","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","date":"2023-11-29T15:11:52.720Z","timestamp":1701270712720,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/pat/82dbc8fd78da56a5/1701270707094/b2aaa08d98cdb048c695672bd7ce42ba05859624702cbd4b2f3bb850bf80f735/B0rn0n0v4B4v6YZ HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 401 Unauthorized\r\ndate: Wed, 29 Nov 2023 15:11:48 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\nwww-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gsqqgjZjNsEjGlWcr185CugWFliRwLL1LLzu4UL-A9zUAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApsOXvs4inomvHEEJWeAmbewj10vTdOMUJh5YooYpzkcTFx8O1fGckZDmN__WSsDanz_dK-uZ_ETYKIumajyX7F3zXM4AXeZC2iYL_e3-Pi1TmaGIMJZdPWVVC9cf8AFwX7fRkcgCHxky-BRBi2T8ry--e2NK119BZC3f1t7LwQTVpP1LL3UYxZNFWJTGISYzuWNO5NvmWgGr2V4bint7BqWVsBG5VguykSCXBQX0WyMxge5W5z-tspRPjpXtc35sgdq737t6ATIZ2BVH0nyYaECjgMbN-BY6w9Y_jz03Ce0StP3YSZijpo1lfW2_lIX3SvsNX-SYCOkZ-9685ZUBSQIDAQAB, max-age=20, PrivateToken challenge=AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tILKqoI2YzbBIxpVnK9fOQroFhZYkcCy9Sy87uFC_gPc1ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAyAcIyqXWj0XAym0z5V844rFA0WOzLVwj0uCwmVj6zC4qOH40oBiGHrMNMBnDyk95jvnBAuHeEs855e7nA4l4DPJ4jUWKZbua8BxGAzjn74A1BV81a52F1zvBPUm-VEJXPAPXQehXphSv51uR7HKtfcM5oaS33TGDSy-6xv0r84xjMuTBvwPgXGehxpi1MCGGE5yWkzKN5Zzllk7m6Nkiv6learV-Uz7tzaoPbdZkBk1bFXxm2q07jWavoBZ-JEuEJyjQ00PSTz2Zjpbct6AlR3eCS9sbmXtb5XxSs7JMsvoa8uojD7a5m2SEJIwaf8xKL6wtxkaPonUfvsLj4JoJZQIDAQAB, max-age=20\r\nserver: cloudflare\r\ncf-ray: 82dbc907fcf956a5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"401","status_text":"Unauthorized","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"very short file (no magic)","md5":"ff44570aca8241914870afbc310cdb85","sha1":"58668e7669fd564d99db5d581fcdb6a5618440b5","sha256":"6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5","sha512":"3c266c0035de59eab2a0dd31b3dcb4a9dd157b310289e5db9ab4f8c2fddb7433466d48f25da7ad735a1cb8f2935aa612ad1f62f0efcece3933ba9979082e2304","ssdeep":"","tlshash":"c700000000000003c00000300000003000000000000000000003000000000000000000","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:23.376528Z","times_seen":399802,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/9914b343/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank","date":"2023-11-29T15:11:50.926Z","timestamp":1701270710926,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"GET /turnstile/v0/g/9914b343/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ca99noif99yutq4.hkhhrjwvhb.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 82dbc8fccedfb518-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34254,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (34253)","md5":"6142a5f5c66e2c1be52ee9506a565962","sha1":"c3b39e8352efd1e0619b6dd62af8b2a917622868","sha256":"51cd12da61a7401c73472b2ac77067adfa30e9fc0545b4b7c240e9154e011fc7","sha512":"3de194e4c8f32703cfee9e2a48230d21301e28a39beefb36dcb2b8df26b962b3a508e7fd8fe55aca2f619293e293cdf64459bf5d91526cbceda770396765d5e2","ssdeep":"768:3YpyCIUTKuBT1ytljuXeMDKLFn76p+B5nLZ73akHgMO4B4oq0HVi:30nKuBT1Yj7MDCKp","tlshash":"9ff229993187343187ee41e0207b67877339ba3ae58cc840d85bc97539bcd8ad137ba9","first_seen":"2023-11-07T13:44:12Z","last_seen":"2023-11-30T20:53:42Z","times_seen":32842,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/","fqdn":"ca99noif99yutq4.hkhhrjwvhb.ru","domain":"hkhhrjwvhb.ru","tld":"ru"},"ip":{"addr":"172.67.163.110","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-29T15:11:44.410Z","timestamp":1701270704410,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hkhhrjwvhb.ru","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Nov 2023 21:04:59 GMT","end":"Tue, 30 Jan 2024 21:04:58 GMT"},"fingerprint":{"sha1":"92:B6:16:E9:7F:60:57:1A:6C:84:9A:F4:C4:B5:37:75:E3:3A:34:17","sha256":"D1:F0:36:13:12:94:BD:F8:7B:DA:2B:52:31:A4:9A:85:15:6C:6D:76:1A:8E:D1:4C:AF:AC:20:B5:CE:BC:66:AC"}}},"request":{"raw":"GET /ou0cv/ HTTP/1.1\r\nHost: ca99noif99yutq4.hkhhrjwvhb.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\nset-cookie: PHPSESSID=qdqfqsfa12qrppat5gg7jqhqic; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nvary: Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=rYkKsfZO%2FWyx5NtYnzsdffhtUWuDTzrEbE2eOHtp2mViAJPg4AmDXOkBH5bcP6u%2FkorvAHq9mLgVYiE10Uz%2FU1Y%2FNHPy0EX2FZGeUUlaZJ2VUQ0J3ch6pOUYj8q3O%2FOBCMST2ZB6aeV%2FuYGARCkRCQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 82dbc8f36d5f56c0-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5233,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with very long lines (5237), with no line terminators","md5":"1ffaae11bd2cd84ee873883b12c9f499","sha1":"feecc63228ef856f84a9cb3b22f60f75ef1d4c6e","sha256":"9ea8335d75f08613978de945bafcd28e2d10d7da8aac08070e552d72cfa036d4","sha512":"00338fee80ffeafc9642efbd1c7e6290201f1f3312caec7fe1c0e98f3f0518bfbddcb26f106b24aeabb614e72c239142c18d166b915c1847d21fd41f43af48d6","ssdeep":"96:lAR78SwvrRu0bId1Id0JPUCxNHxyYkJTNQ+AVUAYweaGoVgRDJuuz0GIyvMkBT:lASDTRNId1Id0lUCvYYkJTNQjUAYweRJ","tlshash":"11b1a4b18f25067def59ab4ebb1124fb6964feea0c01a83994744e09d43e1309a4d74c","first_seen":"2023-11-29T16:11:58Z","last_seen":"2023-11-29T16:11:58Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11397,"timings":{"blocked":5022,"dns":5004,"connect":1,"send":0,"wait":1349,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank","date":"2023-11-29T15:11:50.899Z","timestamp":1701270710899,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"GET /turnstile/v0/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ca99noif99yutq4.hkhhrjwvhb.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\naccess-control-allow-origin: *\r\nlocation: /turnstile/v0/g/9914b343/api.js\r\ncache-control: max-age=300, public\r\nvary: accept-encoding\r\nserver: cloudflare\r\ncf-ray: 82dbc8fcaed0b518-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":34254,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":14,"dns":0,"connect":1,"send":0,"wait":7,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ca99noif99yutq4.hkhhrjwvhb.ru/ou0cv/#mduffy@mp.bank","date":"2023-11-29T15:11:51.039Z","timestamp":1701270711039,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ca99noif99yutq4.hkhhrjwvhb.ru/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncontent-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndocument-policy: js-profiling\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nreferrer-policy: same-origin\r\nserver: cloudflare\r\ncf-ray: 82dbc8fd78da56a5-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":73278,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (40091)","md5":"cdbb56d5dbf7adefe68df1d4a6d76ee3","sha1":"c143d7f32c1a5d20472e98e71adab91857ea6b55","sha256":"d25462fe065b18fd4d0da03625a166244e6fd9de6ee4a14bc3b999f4748141c6","sha512":"d43cddc4460c264e65f5653898732b0d387093b463ad814c27a85342b16f6babba005eef61d51cf617b0679d8aef07b4eddb1c4b679f0322b80cf6c661233a57","ssdeep":"1536:naTfc9IJbBeceIedkeO5gwyc99Kh0afdU6/jPNXhzNmU77JuI15fJRjDbY1GvIjY:ofoTV/Pws9/j1hd77Jv5fJRjDbYMvIjY","tlshash":"4963f7d98ebc7d29ab029a29b0ce51e3732d53471551e198b8dca190cfec04e26f1f79","first_seen":"2023-11-29T16:11:58Z","last_seen":"2023-11-29T16:11:58Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.2.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal","date":"2023-11-29T15:11:51.111Z","timestamp":1701270711111,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"Cloudflare Inc ECC CA-3","organization":"Cloudflare, Inc."},"validity":{"start":"Fri, 18 Aug 2023 00:00:00 GMT","end":"Sat, 17 Aug 2024 23:59:59 GMT"},"fingerprint":{"sha1":"5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E","sha256":"A2:A8:37:E9:57:D0:F0:FE:3B:6F:A8:23:58:80:DA:61:DD:F9:50:CF:F0:2D:27:D5:00:AA:21:A7:B4:75:80:AD"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f0pv3/0x4AAAAAAAM3WL3IZ3x66YzH/auto/normal\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 29 Nov 2023 15:11:46 GMT\r\ncontent-type: image/png\r\ncache-control: max-age=2629800, public\r\nserver: cloudflare\r\ncf-ray: 82dbc8fde94556a5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":61,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced\\012- data","md5":"9246cca8fc3c00f50035f28e9f6b7f7d","sha1":"3aa538440f70873b574f40cd793060f53ec17a5d","sha256":"c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84","sha512":"a2098304d541df4c71cde98e4c4a8fb1746d7eb9677ceba4b19ff522efdd981e484224479fd882809196b854dbc5b129962dba76198d34aaecf7318bd3736c6b","ssdeep":"","tlshash":"a5a002e763957d7bd94b133756651151f8324514171305458805d475161736c81c4a82","first_seen":"2023-08-25T15:09:14Z","last_seen":"2025-05-14T12:12:43.698394Z","times_seen":189286,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}