cs-skinsmoneiye.buzz Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cs-skinsmoneiye.buzz/auth.php
Submission: On May 04 via manual (May 4th 2023, 3:04:43 pm UTC) from SK — Scanned from NL

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 28 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is cs-skinsmoneiye.buzz.
TLS certificate: Issued by GTS CA 1P5 on May 2nd 2023. Valid for: 3 months.

This is the only time cs-skinsmoneiye.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	2606:4700:303... 2606:4700:3036::ac43:bfed	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	3

1 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

cs-skinsmoneiye.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:3036::ac43:bfed (United States)

ASN13335 (CLOUDFLARENET, US)

20gjrehsmgj.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	20gjrehsmgj.ru 20gjrehsmgj.ru	353 KB
1	cs-skinsmoneiye.buzz cs-skinsmoneiye.buzz	657 B
28	2

	Domain	Requested by
26	20gjrehsmgj.ru	cs-skinsmoneiye.buzz 20gjrehsmgj.ru
1	cs-skinsmoneiye.buzz
28	2

This site contains no links.

Subject Issuer	Validity	Valid
cs-skinsmoneiye.buzz GTS CA 1P5	`2023-05-02` - `2023-07-31`	3 months	crt.sh
20gjrehsmgj.ru GTS CA 1P5	`2023-04-25` - `2023-07-24`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://cs-skinsmoneiye.buzz/auth.php
Frame ID: 5FE4EF52F9D0CD9505EE00BE475ABC31
Requests: 1 HTTP requests in this frame

Frame: https://20gjrehsmgj.ru/04d4e829ca865a0be
Frame ID: A940DB486154D771A4A81F971BDC3257
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Steam Community

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

28
Requests

96 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

354 kB
Transfer

1122 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request auth.php Show response cs-skinsmoneiye.buzz/	273 B 657 B	338ms 245ms	Document text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cs-skinsmoneiye.buzz/auth.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash `497e547cff16b565e9ce105cbf6673913f68ddc42b853c3b361c36c3bf71cd25` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7c21a3292bbb0b90-AMS content-encoding br content-type text/html; charset=UTF-8 date Thu, 04 May 2023 15:04:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FYufJgnxdazZ56yvknM0qWw3gmbeEZ8WUZ6fz5jxUCsTEgOCL%2BFzBQ%2F5Q2JIzA74D2N%2FEuNN5DqXrFQxd9VwT2CX7fr0MuTLqzNTVdqAR9rIYG0nOijtCXIm%2F4N4n4ooytBoHEFsw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.33
GET H2	200	04d4e829ca865a0be Show response 20gjrehsmgj.ru/ Frame A940	282 KB 60 KB	347ms 158ms	Document text/html	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/04d4e829ca865a0be Requested by Host: cs-skinsmoneiye.buzz URL: https://cs-skinsmoneiye.buzz/auth.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3f856bb0edd82669e50d4e93de214c4319d6454d748fc774b9d32e059fd458f0` Request headers Referer https://cs-skinsmoneiye.buzz/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7c21a32bff680bad-AMS content-encoding br content-type text/html; charset=UTF-8 date Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2FYkc1NwiFhO4fR%2BzP0o%2BAxBPdUBdiCuNIMrfCvKP42qcDxsItc%2FEfAMjxFIRTHj%2FZQGuIsaNolOO0e5WiCB%2BOeykylAFTUu1J9eNLI3u5%2B3qwwSqNPWB%2BwZUVUkKeSqXHL1ivYuvCTNgYRkCQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	jquery.min.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	88 KB 32 KB	371ms 355ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/jquery.min.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6xOu1jyc0axTqzhMLn8SQGj4FXga4r699JYefoDwAWXwwLpkC5QDo7TkwTaQeoi5xB1DbC9LaTzdk6uf9XqUfg1w4t9W2Xs%2FbZYNo%2F6S4wwpaZrY8tb2Juq4Wy5b%2BUfXHj5ZKX9jW2tnnv4Fw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32d18d40bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	motiva_sans.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	2 KB 872 B	467ms 450ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/motiva_sans.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5ba105ab97911702836ce55b8ebe1023d16d905eb71692fa4a6b5aa2ed106030` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNowh%2FpQ2v%2FI3lTqNymKaZSi3NZZ6Mnz9Fx9%2BQ4Q%2FbxcrjRvg0WVai1iYxcipqbNdveA7J9sLQw6wGx1Cp12Efo2ug9a7Pn1XUZVSfKs2%2FiJUo6p%2B3%2FQ80LsCBLEiWY9Ld%2FmoOFRJjxhCqXE4g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18c90bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	buttons.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	32 KB 4 KB	325ms 309ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/buttons.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b7e6c7cd83bc30722a2eed06be0bad0c8bf8a60573c29dfafec295a3af7626f8` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGC9YU7UvhOMfyFpABBXlEhLMx%2Bt47k0HwmuWRiOAG%2FRYmnGIklMYg0BTy3qTDx6%2BCZhT324CIMXLYLEpA4utGRDMMWevJzjkfc5vzBOJTAl529Cg3TlM7nnzgEaGkzyV7oE5vkeyL38cP%2FmJA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18ca0bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	shared_global.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	77 KB 20 KB	380ms 364ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/shared_global.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `db447ad3d4ef2fccd617673e13557483a11e46efbcad54721067f2dc41a2575d` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EF8RBVWORSxYqpsxrBJQvcj8DkLqmURLr2jkfQtpgbFAWWAVPN6xl4xVD6oz%2Bi8MfP73T3uwVi5yS%2Fj3e7vCkMxhJBX5dT4GfEHPyuHMKcuL3Tppe4KUQDZepYnLRvQ6%2F1pKCMTOd0uMPCbmVg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18cc0bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	home.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	13 KB 3 KB	266ms 250ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/home.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7b7bea6753be1080020589a71b1232894b9804bb5abf44d4ba0c9684b2c1c764` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TTuNU5hRksAXYChuylA7dMp%2BUyAnoK%2FWjR6jlph4UAKXARg9yPRFGtoVv0aqkRjPOR7%2FdpjvXahkUMFn1ruYhyuWa%2BAIMaAhH3bFO9a4GPNvyrOFnTJdFFOLNvDpeSPQYr1UQkiRqzfWY2BNA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18cd0bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	login.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	16 KB 4 KB	293ms 277ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/login.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0692e18228a8add9baae52e75661a7256f72eb37c96a534d14de85a8d2a03ff9` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Xah4gAZd7CcEy0gcEevXjkBNXJtmZmTzmv2gzjfokQFnXpkgtBDwxep8Dm7j52YXBRfukH7efeiaHD2eFcVulqt%2F8ZLIhs0IAxAYX%2FhFX0QyCR%2Bpc0yWLYn57Vfy0nH4cJdqv30dFE0gwrFRg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18ce0bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	openid.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	44 KB 15 KB	358ms 343ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/openid.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5ac013696416bf6ed365f0f70c6b43c1e33bf0ab00f51683415d51037630372e` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CdvmrMzdvIwzYd%2FXp9j1oo61kw81EXHQ1fX4JUlRlpP6cS9Q6FBmHvkXXNIQbM%2FA5MKMzAmOuTVFkOrozRUYnTUC92hog4d3JKT8fKeRd%2B5b4IPoEm5i30i1yW4gUxyGfxDi2jJKZIj6K9YTXg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18d00bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	shared_responsive.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	17 KB 6 KB	322ms 307ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/shared_responsive.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c77624e728a6b3fe836ba22ed564e30caa9232230083c076cf57d252c6cffe81` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q07GVdFErBnHMhzvRGbobAiyDW%2FTvYfH58%2FleN%2BvR%2FoMA3tw%2B1ZFB%2FFxzM4H09EO%2BIankMbzoYZ5KAV%2BJJhry3UK3EliiE%2FYEtZBcJMGW5HbfOWFPoFLR4Gymx79coSWT%2FVH03sFDj4jDh%2BaLQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18d20bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	header.css 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	12 KB 4 KB	267ms 252ms	Stylesheet text/css	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/header.css Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dabd6257e554a585319c9e4c3e3f39d454ab82c0d95dd86f478be8f0d7fe71aa` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DAXrtT1cqXpGrWlv0l81I6FBb%2FEZ4cblFJpJ0Djbmfqv9UcZE0vqr57%2Fs66KyJH8TXXvQPXSQfg9cfwF0cPirQAfB65x%2FsHtStq5FUo2qZ1bR1Fp57uO2AfmG5Jiy7WQOB27vidKbAme1Cb2A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7c21a32d18d30bad-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	_combined.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	70 KB 19 KB	367ms 363ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/_combined.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `886cf3523cea9de24f91bc8bbe89efff4a0dbc107759aa86bc6923e9c6b8be58` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9s5oPmBJ%2BTyFBQP0zAUR7lYLue8zXEYqYZ0mYhKsFvRtd8xucSHRvTC3kjaEDlIj%2BY%2BzjYu9SOQiwtJgTTISfXTv3wco2fWG4T4V1LXyvVwXKW7qDiufs%2BR%2BnarDU29F9Nje0mNPCThC09waw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32dffcc012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	tool.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	271 KB 92 KB	464ms 461ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/tool.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `47a3d6182786a8eb03749bfcd9f0ca6f72017758643b9b9a1e5d1a650c571dfe` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwlZWUU4U59RkXZ0uSN2PpbRAH9Un2QKwAkAV5kF9DAtt35EbU295tDiU91%2FE8%2BcTW9QqGgcpBCTxzm1vM27fkEwsPJVb6DKZWORHilEwyZMxqmlzSp%2BEhXmU5CNO0e2sWTPbYYlDCGPiKHSvw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32dffcd012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	jquery-1.11.1.min.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	94 KB 34 KB	339ms 336ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/jquery-1.11.1.min.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rI%2F2lVVhn4IqTWOv2w1Fz9CyPfkyGlAL3Lq7gbyL%2F8jpHFAEImJmQonOo1eKoZMoRAkkgJpgb%2FdtGlyL7run2WGH%2FZh%2BH1r8vvbj1lYWCVq1ndS9qVeJn19tq5vN9e4DC9oFXZC%2BMexNPpHwoQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32dffce012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	tooltip.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	7 KB 3 KB	260ms 256ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/tooltip.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f891697b1b70ea37798b640358b24f6163c6d27e57eebec458aa40879b076d8f` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXHSJOzxILh3ILP%2BpF8mxIE2rcXXTSiN1G7GVPPZwof5LgD1IcVDqutCGQ7OHgMEmqNFJ3x03GXoM08nkfS6hg20BtyIBv%2Bq0OSyCjEepZST1hveA8DOeS8MxgrFgx4mNBqJdB%2FpMdiWVxc47w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32dffd0012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET		shared_global.js 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	0 0

GET H3	200	logins.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	46 KB 9 KB	394ms 389ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/logins.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1a5c4c834e53551df9f37d51ff1fa022b70f63f46fa538e6d992578f64dbaaf` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zILhvOrjtEzvl%2BhXq89e1TDfPzraM2%2Bctz9PWCQDRFDt9QLDtTXhgcyd5dEc69QI9jntTrrob%2FblljvyAhf8ojbekxo9oebK0TdgxJauUIXawYQ9r%2FRRopEV8nPRU3eDV0zq5hubfyORdN%2B6Zg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32dffd3012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	modalv2.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	2 KB 1 KB	246ms 245ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/modalv2.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4840bbc3612c4efb77e9353d3f67493c5ea49519d0d8eca8b630e758eaaf30c7` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iSapWmAAoPfxr0TfAZ7wQmUqUf1ydvrQzaRuL97He40rsMy1sqKsLOLDvqtjHNKGuM9zL%2BDMa74VY2V74phB6Bfh0CX3TI5QTTwFjI%2Bbv%2FafcIwxhFbrLrkBuks4e16XX%2FnohVwXLQARYRSFig%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32dffd6012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	shared_responsive_adapter.js Show response 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	12 KB 4 KB	266ms 265ms	Script text/javascript	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/shared_responsive_adapter.js Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b55cd6f63141dddd3a145ec703028c532a4a16d604b74c50ecf876023a2b7ecc` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:39 GMT content-encoding br cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B5PsGu2l6B%2B7%2B5xfyBXiVRN2B0rETzVASKLruQcCP740zk2JFqGVxPoE7wfMc%2FVPJvN2pDboqL65RIFT2g6vxV2xcL7lyo9oxtuU7zOiQuPokdDbegsbbFKeVE8Rg%2B7CIi71Wh5wLi2asVFaqQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 7c21a32dffd7012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	logo_valve_footer.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	2 KB 2 KB	253ms 253ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/logo_valve_footer.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8b97ba0dac22fe6704c1f6d95fe79613f33017804f256abb9006df0442491787` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:40 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFnYiR56V%2BxTQMy%2Bry%2FktTKB8R5N%2FyXjNTfYBKey%2Bgo4It3N2evYQ6gNo2XWKstuGX78fOjQ8XSL%2BqYQ4Z3YZqstl%2BYxszaNgNTFINAv%2BKck2%2F9LD7BP%2Bjvir6mgujgbogOR2PHVfgMEtSCvNA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a33129a6012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	header_menu_hamburger.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	4 KB 4 KB	266ms 265ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/header_menu_hamburger.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:40 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqfihGyMPcgUEFEacu%2FvRX%2BZ6Fa1zwsJwdhOIvOxt33kVWmc9LeibAjbiXDJdi3Ian43cbzL50O6pv4EyybsLCPryTUI2YDwI8Mbiv8LNK8Xva%2BFr27SYftNacrDP%2BuW4AJ4HQJTGoe9nXKorQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a332ba7d012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	header_logo.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	11 KB 11 KB	244ms 243ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/header_logo.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:40 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2BLuKGawOv%2FZPDz%2FpaydQ3uEHHgnRCLmaF7HWozxgrR3EQKPirR5hkS5tV7PKaj2nsUvkhTLi%2BMen5MYes%2FcZxa7haEVM7DRFxeDU18orgSt82mxGcrAI5RMM7a44j1EmovbU6In7qB2F8X8QA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a3346b6f012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	globalheader_logo.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	6 KB 7 KB	230ms 229ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/globalheader_logo.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5438b6377ef91265bc90d9ee9c75cf703514d03f0ff9a51bed3bb4ab5a3bb699` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:40 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cg4C9jaJHtBQwKNertTTuANLtQiY%2FANYzt%2BIfV1SSMrjPtjqPYUt5Iy7oVl2wss6qr8NkTRHWWE4sTSRvoE%2BOA9VZauknhY00TPPXN4BKPdAuiSKtywq8McsZMuxbhKhV5M0rHAv1ZRwF9kbhg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a335fc52012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	sits_landing.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	5 KB 6 KB	275ms 275ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/sits_landing.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `483ed1c78b7394366985110fe15e4aaf941882427515e5dfe7f582827a15378c` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:41 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CNqTbbw2pwPfMeGvKYZZgFo8DsRdbLGfAfsVcAK5s%2B7tIgFE14qczmJX4K0R0tIlzMwoBQz66naRVihg%2FPlB87P5AnOE4OguJCu22D1pZWWzHcSfrbQzNzsQB7AFA1IP39cBkpAk8Ta14CSvqA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a3376d7f012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	icon_info.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	3 KB 4 KB	250ms 249ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/icon_info.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0ad9ddd2543a22ec2270326fb195c2bb6fb1b46186e89e885a83ae24386176f2` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:41 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYAotmY4eQYEpozFv84WpG6pkBt2gY5xTaBtbLlT5AeCdfNvUmb0jYkaJnv6Uxo%2BA2CmJBrKmXPuDoc6ipU1w2iJpwPstNvfn9EN7DofFXJ93xbCgYzZzr9BZYPkNDscqfCA8uwU48Dg3Bt02g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a3391ece012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	blue_refresh_icon.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	500 B 962 B	272ms 272ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/blue_refresh_icon.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `97b179c7e553d74ed86b7663fa0722b76854f0ef2398fe6fbadd98f2d0c1cdfa` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:41 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ex0DYqM4zYiSghSkyqBRn0%2FfBsaaYOakPumYEndZC2GtHDOb73nXTaKNwcapfG1cMXwFuuIt2D1TbbrKJ6BcM01c0i%2F5%2FdXsku%2FyT64C60I3OGT218bShQ9SgM2iFEhq%2BSkGn9Jb3Q%2BiSXvoag%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a33abfc6012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	throbber.gif 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	3 KB 4 KB	231ms 230ms	Image image/gif	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/throbber.gif Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0c4d1b66cbed8c0ba7bfe1d047409e80b99684794ba66e9556503890eae17f2d` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:41 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=db4%2F6jeOfsHmyD%2BVi8goK1gPGoa%2BaSiJSO%2FutWjTemmilihvswmRcvMiGx%2FzkUqq5b9D%2BbIbFq0RA7NQp1BItvfJuS0LBN7D5%2BbpH88xq4Pu%2FKQZtD8ljwIuUv%2B1aQ%2B%2B2yW8jVLZ5PubPMlG4w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 cf-ray 7c21a33c995d012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	footerLogo_valve.png 20gjrehsmgj.ru/2f35b25f6/7899f/ Frame A940	4 KB 4 KB	284ms 278ms	Image image/png	2606:4700:3036::ac43:bfed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://20gjrehsmgj.ru/2f35b25f6/7899f/footerLogo_valve.png Requested by Host: 20gjrehsmgj.ru URL: https://20gjrehsmgj.ru/04d4e829ca865a0be Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:bfed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1` Request headers accept-language nl-NL,nl;q=0.9 Referer https://20gjrehsmgj.ru/04d4e829ca865a0be User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 15:04:42 GMT cf-cache-status MISS last-modified Thu, 04 May 2023 15:04:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TWEg9VEUjqvdmqSQiFuiibjBRFNoGAvpVEhhq2u%2BIkn9zBfuslm9vAG92ZnupYaFLVzoS8Q73bBil4hSFNj4D4Z7hylVMcxEmyPkawxiOEZi76V7nhuqw%2FuNdowaQjnY%2FtKL%2BiVFayplvN6OzQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 7c21a33e2a4e012e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 20gjrehsmgj.ru
URL: https://20gjrehsmgj.ru/2f35b25f6/7899f/shared_global.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20gjrehsmgj.ru
cs-skinsmoneiye.buzz
20gjrehsmgj.ru
188.114.96.3
2606:4700:3036::ac43:bfed
0692e18228a8add9baae52e75661a7256f72eb37c96a534d14de85a8d2a03ff9
0ad9ddd2543a22ec2270326fb195c2bb6fb1b46186e89e885a83ae24386176f2
0c4d1b66cbed8c0ba7bfe1d047409e80b99684794ba66e9556503890eae17f2d
3f856bb0edd82669e50d4e93de214c4319d6454d748fc774b9d32e059fd458f0
47a3d6182786a8eb03749bfcd9f0ca6f72017758643b9b9a1e5d1a650c571dfe
483ed1c78b7394366985110fe15e4aaf941882427515e5dfe7f582827a15378c
4840bbc3612c4efb77e9353d3f67493c5ea49519d0d8eca8b630e758eaaf30c7
497e547cff16b565e9ce105cbf6673913f68ddc42b853c3b361c36c3bf71cd25
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5438b6377ef91265bc90d9ee9c75cf703514d03f0ff9a51bed3bb4ab5a3bb699
5ac013696416bf6ed365f0f70c6b43c1e33bf0ab00f51683415d51037630372e
5ba105ab97911702836ce55b8ebe1023d16d905eb71692fa4a6b5aa2ed106030
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8
7b7bea6753be1080020589a71b1232894b9804bb5abf44d4ba0c9684b2c1c764
886cf3523cea9de24f91bc8bbe89efff4a0dbc107759aa86bc6923e9c6b8be58
8b97ba0dac22fe6704c1f6d95fe79613f33017804f256abb9006df0442491787
97b179c7e553d74ed86b7663fa0722b76854f0ef2398fe6fbadd98f2d0c1cdfa
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1
b55cd6f63141dddd3a145ec703028c532a4a16d604b74c50ecf876023a2b7ecc
b7e6c7cd83bc30722a2eed06be0bad0c8bf8a60573c29dfafec295a3af7626f8
c77624e728a6b3fe836ba22ed564e30caa9232230083c076cf57d252c6cffe81
dabd6257e554a585319c9e4c3e3f39d454ab82c0d95dd86f478be8f0d7fe71aa
db447ad3d4ef2fccd617673e13557483a11e46efbcad54721067f2dc41a2575d
e1a5c4c834e53551df9f37d51ff1fa022b70f63f46fa538e6d992578f64dbaaf
f891697b1b70ea37798b640358b24f6163c6d27e57eebec458aa40879b076d8f
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

cs-skinsmoneiye.buzz Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

28 Requests

96 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

354 kBTransfer

1122 kBSize

0 Cookies

0 Outgoing links

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

cs-skinsmoneiye.buzz Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

96 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

354 kB
Transfer

1122 kB
Size

0
Cookies

28 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!