Anomaly
http://hydraruzxpnew4af.onion/user/SamaYaluchshaya
DNS tampering
France
Country
AS16276
Network
August 01, 2020, 01:52 PM UTC
Date & Time
Websites
Websites
Web Connectivity Test
Runtime: 9.2s

On August 01, 2020, 01:52 PM UTC, http://hydraruzxpnew4af.onion/user/SamaYaluchshaya presented signs of DNS tampering on AS16276 in France. This might mean that http://hydraruzxpnew4af.onion/user/SamaYaluchshaya was blocked, but [false positives](https://ooni.org/support/faq/#why-do-false-positives-occur) can occur. Please explore the network measurement data below.

Failures

HTTP Experiment
null
DNS Experiment
null
Control
null

DNS Queries

Resolver:
185.220.101.129
Query:
IN A hydraruzxpnew4af.onion
Engine:
system
Name
Class
TTL
Type
DATA
@
IN
CNAME
hydraruzxpnew4af.onion
@
IN
A
10.223.134.34

TCP Connections

Connection to 10.223.134.34:80 succeeded.

HTTP Requests

URL
GET http://hydraruzxpnew4af.onion/user/SamaYaluchshaya
Response Headers
Transfer-Encoding:
chunked
Vary:
Accept-Encoding
Server:
nginx
Connection:
close
Date:
Sat, 01 Aug 2020 13:52:33 GMT
Content-Type:
text/html; charset='utf-8'
Response Body
<html>
<head>
    <title>Вы не робот?</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <style>
        .page{
            padding: 20px;width: 300px; margin: 0 auto;
        }
        input[type=text]{
            width: 100px;
            height: 24px;
            margin-bottom: 5px;
        }
        img{
            float:left;
            margin-right: 10px;
        }
        input[type=submit]{
            color: #fff;
            background-color: #2b71b1;
            border-color: #0073cb;
            width: 100px;
            display: inline-block;
            margin-bottom: 0;
            font-weight: normal;
            text-align: center;
            vertical-align: middle;
            cursor: pointer;
            background-image: none;
            border: 1px solid transparent;
            white-space: nowrap;
            padding: 4px 12px;
            font-size: 12px;
            line-height: 1.42857143;
            border-radius: 2px;
        }
    </style>
</head>
<body>
<div class="page">
    <form action="/gate" method="post">
        <img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcgSlBFRyB2NjIpLCBxdWFsaXR5ID0gNTAK/9sAQwAQCwwODAoQDg0OEhEQExgoGhgWFhgxIyUdKDozPTw5Mzg3QEhcTkBEV0U3OFBtUVdfYmdoZz5NcXlwZHhcZWdj/9sAQwEREhIYFRgvGhovY0I4QmNjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj/8AAEQgAOQCkAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A74U6kpaACsbxBAb2bT7EgmKaYtKOxVRnB/HFbNQzJG+A52s/yg5wfUgfgDTWjAzfErAaQbZfla4ZYV9skZ/TNVtAjN7fzamRiJF+z24P9wHk/iaqeNpnMljaxnDyFsfU4X+prpLOBLSzht4xhUQACq2iA6bnYPVqlqGdsPH/AL1OyagCSkJABJOAOpNND461yvie8ub+/TRtPbDEbpWB7elNK4HRwahb3Mmy3fzjuwxTkLwTk/lj8asswGMkDJwM+tcToER0+/tJFUoXke1uFzxu6g11c0qiMef5avvJTLcdTg/lim1YCtr93NDpdx9kjaSbAUbe2e9c0nhfUIrUShIJ3+8y8q+fZh3rrJGigVJvMYqh+fZyGDcZPsDg1Pd3H2WMSlCybgG2/wAIPf6U02gOP0+e+Z2hsr6SKdOttdDJH0NaFlr1/FqUdlqduqNIcKydDU2v6cl8gubQlLyH5lfpn2rJmv8A7dBpF7gCaK7VZF+lVowO4pKYZUU4Lge1OBB5ByKyAWiikJAGT0oAWisyW7ZpCU4XtRQBoRuJFDDv2qSoUG2dgOjDNS0AFIyKxUsASpyvscY/kTS0jglCFbaSODjpQByuuDz/ABnpcJ6Ipbjt1/wroryB5xDJC+2SFw6nsw6EH6g/yrlriW8/t651S3jhkRM26NI4UKRjJ/PNSW2r6tCY4UFhOoX5YopckAds9K0aegHSz9Fb0apK5W+8WLA4SW1kjf8Aiiccj6HoRU1r4x0+XCyiSM4/u5qeRgdDLEs0exxkZB69wciuV0T5fFMtxKeZ2mjU57rg4/KtlPEWksyBbxCGOM9Mcd81z+oW6SnVBBIx2lbqNo2zwflbHvj+VVFdGAa5dxtqd3bacTLLMYpAydFkUtn9MVnWuh6jrFu97JcEpglS7ZJxnt26V1+j6TZWNgkunsrPJtZp5DksOM/TjNVhLb6fol8YJxLHiRlK9BljwPxp37Duc9ai80nTrfU4rnzrZ+Hhc9D0IrtY7lby1S5jBaLaG25rj71C+l6ZpUJDSyAO2OQK6vSI/slikHltuX5Sp/n9P88USEy3b3VrcRHyXVgvBTuv4Vwc/lp4oMCSKkBnWU8gBccmtDXNAvjqPn2IOJPvKr4K1XtdNurKOVLvTYbs/ek3TDeB24/CiNkM7W3NtNHujZJPUjmlgG2Z1X7uOnoa5XTZbeC7tLjSw8NvdMIZojyA5Bx/L9RXXxoI1wPxNRJWEPqhe3GT5aHp1Iqa7uPKXap+Y/pWbyT6n+ZqQD8KK0IbVREN4y3eigCbObj6LUtRQoUB3HLE5JqWgAopCaQuB0oAxYPDGnwIzSxfaZMsR5jHB5JHHanzaDpsm0LZQRj+LanOMdiMYrRGAMKAoJJwBjknJpafMwOL1mx020vYVa7dsHDQy5fC/wA8cVetv+EbmBhzbhV7yHaQfqatajp8sWsxapDD9pVV2yRDG4e49fpWDPJYrrMkuorLLE7fKGQ7kPcFDz+VaLVDLF/Hp+nSpcWNwshLbTbyssokX26469zUkWmTrrN82lARtEsZEJ4GJFJI56cgYqK+fTbg21pZQJbCVgWmMPlqADnO4gH29K09CuLe51LWEhKyPPJtCvl0MajGSemOTx+FPoBQXQ7y7J8tnsLc8vElwXIz228Yz7+nTtU2oJZ28UenRMn2bT186YtjLN1Cj3PU11u3K4PORgn1rOXSdOa4fz7G3aRiW3MgJbNRzdxGb4dSC4abUJJoZ76XJEQYfIOy/wD16h8VXBshFdxTLBeI/wAqKx+dfcfjWhqHh3Tpl3pZRxkf88h5ZH5VQtfDML6jDcveSzxxf8sp/mP0z6U01e4F/Rdctb8DzX8q6IGY34/Eeoq9d3UMKyGZ441UBg5b731rKv8AwzYSSySi0CLwcws24n/dAxSQ+G9Pi+drV5Zf4TMS6j/gORS90CnosTalqsl4EaOx+0GVCRjzGxgY9up/KupuJxCmep6AVSuCgCqiMgBztzgdMdPT2qEsWOScn3qW7gDMXYsx5NWbKHcfMfoOmait4TM+P4e5q865xCnA7+wpAMeSZ2JhXKetFWVUBQBwBRQAZx1YU0uP72fpUQo70APL+gpuaSloAKVVLdBTanT7tAAqAUpUHGVBx6ilooAp3WnWt0/mSQRPKOjOgY/rT4CkY8ry1jb0UYBqx3qreffj+tFwLVMkjWRcHr2PpTx90UdhQBAGkj++N6/3hUTpDI25H2NVz1qldfeP0oAcjTp/y0jYe5pk1xKBjeg/3arelOn6j6UAREknJJJ96dFG0r7VH1PpTB/Wr2nfeegCwojtowCQB605FUZYc7uc1W1L/VL9asw/6hP90UASDpRQOlFAH//ZOA==" alt="Captcha image">
        <input type="text" name="captcha" autofocus>
        <input type="hidden" name="captchaData" value="1596289953.36bc574b8162d12da1817da2cfc5f07f.dcb6b19c3442e8ea143c029f27c85b0a">
	<input type="hidden" name="ret" value="/user/SamaYaluchshaya">
        <input type="submit" value="Войти">
    </form>
</div>
</body>
</html>

URL
GET http://hydraruzxpnew4af.onion/user/SamaYaluchshaya
Response Headers
Transfer-Encoding:
chunked
Set-Cookie:
pregate=1596289951.42927bf88b36bd3dcb3483ca7527ba89.9d74dd4203e41b3ef242eda1aa39e6bb
Server:
nginx
Connection:
close
Location:
/user/SamaYaluchshaya
Date:
Sat, 01 Aug 2020 13:52:31 GMT
Content-Type:
application/octet-stream
Response Body

Report ID

20200801T135228Z_AS16276_GPzJiDzuCoFXPlqXYmhvPkplwsb5iwk2QLdYxBQ0fHzvYxlewD

Platform

android

OONI Probe version

2.5.2

Measurement Kit version

0.10.12

Raw Measurement Data