| the-shop.info/index.php?key=ks9jdu4ebxtygfagyr8k&visitor_id=807279743098433536&cost=0.000000&zoneid=6516974&campaignid=8133928&device=other&browser=chrome&os=android&osversion=android11&country=BE&language=nl&isp=orangebelgiumsa | 65.109.112.53 | | 0 B |
URL the-shop.info/index.php?key=ks9jdu4ebxtygfagyr8k&visitor_id=807279743098433536&cost=0.000000&zoneid=6516974&campaignid=8133928&device=other&browser=chrome&os=android&osversion=android11&country=BE&language=nl&isp=orangebelgiumsa IP65.109.112.53:0 ASN#24940 Hetzner Online GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /index.php?key=ks9jdu4ebxtygfagyr8k&visitor_id=807279743098433536&cost=0.000000&zoneid=6516974&campaignid=8133928&device=other&browser=chrome&os=android&osversion=android11&country=BE&language=nl&isp=orangebelgiumsa HTTP/1.1
Host: the-shop.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.24.0
Date: Thu, 25 Apr 2024 08:34:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=b7rnzwir; expires=Fri, 26-Apr-2024 20:34:11 GMT; Max-Age=129600; path=/; secure; SameSite=none
uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3; expires=Fri, 26-Apr-2024 20:34:11 GMT; Max-Age=129600; path=/; secure; SameSite=none
Location: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Strict-Transport-Security: max-age=31536000
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js | 104.17.24.14 | | 28 kB |
URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP104.17.24.14:0
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 38791
expires: Tue, 15 Apr 2025 08:34:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2BYvHlEJlrFOUiLHvT4lL59NJs2IeasWgfppEcdun3WnAWHI6soJnCqOXZRgHDgKV0ID0gqaX%2BrviDNCjB%2Fxf4okTWA8GD1yivIn9JmmNm08Sxn6QwzMwQcHJcZsvO7%2F7tzHFqkL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 879cfe151cc956a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 | 188.114.97.1 | 200 OK | 10 kB |
URL User Request GET HTTP/2ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (9115), with CRLF line terminators Hash2cebf247e935fc94be61932984627de4 4eda7426cda039a36fcd9a2e503b46ac2d9c6905 3161fcba72a9ca7dc5fdc33e08bca1d96363df42e7401d8a301d32c054c66c35
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=seypvpiVAfE%2B02wEJc7EKJSZsBSdo7LPuKJvId%2BEHhXMw1VS3XfPGAYjv1EiH4GCEBse7IAOg1M8vJ8KfsyYwh474NxFncNw3PcnBgO3pMdAniS%2F7YQK1wdXULMtqERbP%2F25WA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cfe135da5b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ftgheeudxnlc.shop/index/isp-loading1.gif | 188.114.97.1 | 200 OK | 1.5 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/isp-loading1.gif IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeGIF image data, version 89a, 25 x 25 Hashe77529aa1a83920de7897a4c5c5f9707 d78e86f851a13d500ffc9e84baab79b502392cbd 735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/isp-loading1.gif HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/gif
content-length: 1457
last-modified: Wed, 17 Feb 2021 14:05:24 GMT
etag: "602d22a4-5b1"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q11aqwpPDvrz2j%2Fr8NCQROuCfjZQ2wAFcZT16PjL87HW5sAIg1ARlsCdk7%2Bszt9W1aIz8AEuzfYCrdVKgxPb1SOzakP48bHHOHeF9oWkqZgBhvLoju7cmMS26toRHavPgtRILw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe14fe1b7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/ultra.png | 188.114.97.1 | | 33 kB |
URL ftgheeudxnlc.shop/index/ultra.png IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 150 x 190, 8-bit/color RGBA, non-interlaced Hash563bac82cb3328779786343daa4e656d 08b970ddb76ffe00fd5d5c7f74f01867b261728a a0bba5e6432d864e5d19d153b198b0a57b4d3ae15d13903db644891d36d9586d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/ultra.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 33372
last-modified: Wed, 17 Feb 2021 14:04:58 GMT
etag: "602d228a-825c"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EpfKJvGTVyaebu0cQ%2Fj6L9Gj7LL2J%2B30Kd2DAHcQN87NPjLnsufHOMJ43O%2FPJoZItrRX18JaFZKkeTuuREgplJ%2B%2FSei%2FecDxc86ro18oq%2B8QenkmB0%2FGXicezh0eslbMvkcamg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe14fe1a7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/isp-greenchk-1.jpg | 188.114.97.1 | | 646 B |
URL ftgheeudxnlc.shop/index/isp-greenchk-1.jpg IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 25x22, components 3 Hash3d0f87c98f70c57b535974b34862a8e9 ee98b5772fb273a6a97f023194696bb025ae85c6 8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/isp-greenchk-1.jpg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/jpeg
content-length: 646
last-modified: Wed, 17 Feb 2021 14:05:26 GMT
etag: "602d22a6-286"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9zW%2BJ4v9roHukSbcbrd%2BLuqaOL3ryL8b4q%2BPS8fuQ4q81KO%2BWG6eM4c7NWN110sJC%2FEqfpJYEpDSr8yN%2F7FV7hqjuxlt8yMY2w%2BKmx3kTOXL86jTiuDoaBdKz0Vj89EYh28WUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe14fe1c7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/isp-iphone11-2.png | 188.114.97.1 | 200 OK | 9.1 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/isp-iphone11-2.png IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 220 x 168, 8-bit colormap, non-interlaced Hash553384b165d1fa8e805fb062509221e8 1272815c6a64243da403bf998eaa7475aacbd210 fb9ca7349d5d4200bf5ded9b571a849a3cdce6c2237e26cb4c10464762124197
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/isp-iphone11-2.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 9135
last-modified: Wed, 17 Feb 2021 14:05:24 GMT
etag: "602d22a4-23af"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Q9UzVOHUa%2FqLa4sdi500HeF8g6cTSkTY5wftJHbbBkf3MYGtK9%2BEP345JMwO6XMiB%2B6BRTkyQCLc8L1xWWvr9pyNDyM%2FY5P5g%2BX6XNQobhnn4SYKUumM%2FByvQAqVk20qRZYLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe150e287131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/note10.png | 188.114.97.1 | 200 OK | 33 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/note10.png IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 402 x 376, 8-bit colormap, non-interlaced Hash5aacc9ad24e522ec83285215d77124ad 85cd5284dd95c796d7400784a191cfb9d40eae58 7531d18074d86eba9d0ed1b39cc7fd94eb5f2474300157e3ec40fe54f4000451
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/note10.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 32602
last-modified: Wed, 17 Feb 2021 14:04:58 GMT
etag: "602d228a-7f5a"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bCT8koFjIarAjHgyxWP%2BKw5F6pC8jBr9wnDXOAQc4n0AOX6EgNbrGmpfjRrezcHzOSzz319mIEDwKCDhKDwBbY98%2B58rcfKt5CaCqu%2BO4Nl7LhT2x3aPriaQ3O9qr69Q4HXWoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe150e2a7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/t-v6-1.png | 188.114.97.1 | 200 OK | 6.4 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/img/t-v6-1.png IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced Hashf9dbc65a0a0a7a49a9a7c2ad4235c19e 0ef0d4aba0b8d3e3961ec30ac49e4d88ee79a13a 1687947df9d65fc9950e8bbad9a2b569e100a8fa61c3e18d168dbee3c1ed51e0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/t-v6-1.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 6445
last-modified: Wed, 17 Feb 2021 14:05:32 GMT
etag: "602d22ac-192d"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z51G5T5QLfRasCOS04hHU8kdG5xo3zhLUpCpp2qWtXgsVRlAS%2BSa5yXJcUxjEKuaqQ6%2B%2B%2FjygqeDc9bQeQrPGtp5Y0Ltw7yhFmLmcyucbKn3MLsWwwemkDHULSH20WXgUMt%2BgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe150e2c7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/t-v6-2.png | 188.114.97.1 | 200 OK | 6.6 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/img/t-v6-2.png IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced Hash2bc416642a102c374e8e4f92834d2781 a510890ab5ec292fae76940aa1916953c7338e20 852f0cbd525e418f72b996e330696a8a38f872b1e2bb182b18a73c1080fa7058
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/t-v6-2.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 6564
last-modified: Wed, 17 Feb 2021 14:05:32 GMT
etag: "602d22ac-19a4"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LTbUqjGA2mNN7arFt3HvChVXrIaqwVyhpUdzwKxXpm92POEvrDjxOmct%2FfgGbkaqHUXpi6jow1ag4j5VJpLzQ5v6tmmXbWMbh3JrplTpO843WEmZRqtEHJQUxIX8Ovd3%2BO6KHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe150e2d7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/s20_comment1.jpg | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/img/s20_comment1.jpg IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 150x269, components 3 Hashf90f9eefd62b5275e7ffac00b9b52686 c7414e8b7aabc3dd21045fddd63c6e7f5b8bbeec 9239ec9a7f86227854f61bb3c1134b8f1a3f0815d1909795b321d48fdf8f9d37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/s20_comment1.jpg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/jpeg
content-length: 16101
last-modified: Fri, 23 Sep 2022 06:56:50 GMT
etag: "632d58b2-3ee5"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRBqNhBmtyhvhC0TSWj2w%2F2H%2BwsyTNH09a373qeuuHLFJcoigXEjo1bdBM4b6OBkld3qHiet%2BzGbIVLnRZH0aoKFUeVaJJXX8w4yoAgSOX65Q%2FQsBL49DrlaPFp0Ll25pe5LWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe150e2e7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/t-v6-3.png | 188.114.97.1 | 200 OK | 5.9 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/img/t-v6-3.png IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced Hashfbddf5ad7297aaded0b36312c047913d f0f8ccd0f582130ed30bea86defb89c6f50a913c b984d9455bf8cb336cc821285d7c66812f4a38ca9483e63d50baed48dd3fd036
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/t-v6-3.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 5857
last-modified: Wed, 17 Feb 2021 14:05:30 GMT
etag: "602d22aa-16e1"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=my%2BC%2FTor9ekBajOOw9P6HvK%2FxhrB2miBZqDRU7ErulXLcUeQarRemX7rEs%2FNS9mVID%2B9u5XPGydb3Ys4f05%2FcGhixUD3TvZVjVR0Rvr5%2Bsgn8wbyFLArWWFvdk9%2B0RVU90Okqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe150e307131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/t-v6-4.png | 188.114.97.1 | | 8.1 kB |
URL ftgheeudxnlc.shop/index/img/t-v6-4.png IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced Hash7db7d39fe8d41804a38d77b9673f503e daf3a78eca57ab6949437ee822f99a077ba1ff3a 8057f27640708e6209c8a19cdd2cd2cc3ecaeef8f5940f54f73b14bd04ed0e0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/t-v6-4.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 8106
last-modified: Wed, 17 Feb 2021 14:05:30 GMT
etag: "602d22aa-1faa"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HysVGXpGdfQzjp0uYClhKu91FpLW82xUlM8N7yt9qYiXSshSv8xwojB9k8U5gTOim0y9n5I8aXRtGJYFkIY57YFyV%2BzamuKCqH1apygpD%2FEKR8n8PYxYO0MTr8chvfipd8xPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe150e337131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/s20_comment2.jpg | 188.114.97.1 | 200 OK | 18 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/img/s20_comment2.jpg IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 200x200, components 3 Hasha9e4cd59be6114dfdec76393397498b6 452e793400244e4e2ff2adae1d3cb216511e487a 9b6384ca70110d9caf641050b2f9979bc832b64cff4affe3888a508d8efa876e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/s20_comment2.jpg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/jpeg
content-length: 18039
last-modified: Fri, 23 Sep 2022 06:56:50 GMT
etag: "632d58b2-4677"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A932wr%2BqreD5FB74p5g310Pu5XNCw1WJqmnDeNr90UxzNHNj4RaIR2l9B6A91DbNqq%2FYtBxreousgvfirgaZKDH9vfDZiNy%2B9OtM0iUTjxZbKScL%2FZ8lQSagiSdTNxkxDFgseQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe151e367131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/t-v6-5.png | 188.114.97.1 | | 8.3 kB |
URL ftgheeudxnlc.shop/index/img/t-v6-5.png IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced Hashb472a2b485b9d5791bf192e620105733 99fa90c0304b8c684186910ac94ce0efb155e03c 8a2fc773bf2eab9e1059be22277b4475df051990a69cdff90ac134c73075dd32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/t-v6-5.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 8288
last-modified: Wed, 17 Feb 2021 14:05:28 GMT
etag: "602d22a8-2060"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZbyuqJtsgnrk0%2FEA0Av6TjXtVCsp3X02rVP2XpKC%2BCO85uAcSDJThG64hAYRUiA%2BSr6nTfOO7Wzgse85hYjoXuxNwFzy23O3zaUuQsABwC88f04hx8Xg%2BNL4HbB2ZWUHfjz4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe151e377131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/f_guarantee.png | 188.114.97.1 | | 5.5 kB |
URL ftgheeudxnlc.shop/index/f_guarantee.png IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 94 x 93, 8-bit colormap, non-interlaced Hashe96328a64e57e815f2ae881b330227b1 4b11d64b73ff7b3394278384576074da1f48ccee c49aa7c724f6637b861177d2da95e1da011570a970b38ce3043bf019f0f6d2b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/f_guarantee.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 5476
last-modified: Wed, 17 Feb 2021 14:05:36 GMT
etag: "602d22b0-1564"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=txOXMoK%2BKHNXmyERNk4eUmkFZtGpjKVPYQ8jJcD7YVq%2FKNSGjjupQq5gAiO64ocvwUs9Ss4%2FUG9Xo8n8krNNANKm%2BaXiG1ZB4zXcK1hTsyXfH8tJ3lxYei1I1NhTqMvaHFHLlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe151e387131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/f_secure_1.png | 188.114.97.1 | | 7.9 kB |
URL ftgheeudxnlc.shop/index/f_secure_1.png IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 138 x 133, 8-bit colormap, non-interlaced Hashd20b7ca43d07211b60f8739c775a151e 153c13946ef3d3e6bcf3759eb4b5f072bf15a972 ca7696ce16353b1551bfe7eb4bab73d051c224f3dbb57b881af26c5823d6b7b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/f_secure_1.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 7929
last-modified: Wed, 17 Feb 2021 14:05:36 GMT
etag: "602d22b0-1ef9"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BfJNWFzFxrKYdAsm0XQ3WnAxMTnKh2h74YPSRueRLd5C%2BdTL%2B9Qb1xu7kVTK0p%2FvRyghXQRAU6sWYSG%2BkJsdVQ4vAeQltWgMenCa590IkxIULapKeNK6VZS74I%2FpOn2s1q3f1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe151e3a7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/img/s20.png | 188.114.97.1 | 200 OK | 24 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/img/s20.png IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 120 x 159, 8-bit/color RGB, non-interlaced Hashd384805b7283cb4a55e9285b3d1f5ebc a4ed4ba011ef70bdade55c6e1facbf31744b3943 6d882c4051b58d76f18cfae2171be93e1edd2c2614b69360d1a2e78a07d97e9b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/img/s20.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 23506
last-modified: Fri, 23 Sep 2022 06:56:48 GMT
etag: "632d58b0-5bd2"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aG7l5hPigwcGm7YGIkeForeGh7q7%2BBLQI%2BJNxtTxYr8MsK7ifDYWqENN8vC%2FHOWX%2BHnRwZ%2Btfixyj8PYzt3ir9nv%2F4BaUjczM5zjkfB3S3cciVr%2FHPm6UpC8PovR3iWiE29qWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe161f6f7131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/favicon-isp.png | 188.114.97.1 | 200 OK | 2.2 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/favicon-isp.png IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash60eb0dc8cc7745e3d0da9f35c7016a20 c7adf7f8946f44e59546db8ee3f881c3b48401fb ccbe0999fcbaed0e3d8a5121a9f5ac5af3306526cce928beadbc0c340770088a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/favicon-isp.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: image/png
content-length: 2174
last-modified: Wed, 17 Feb 2021 14:05:54 GMT
etag: "602d22c2-87e"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JpOabUI0Sf68iu%2F1wa6IYlRyZVBI996Zsz3fYyEhA0X5G0kM%2FdcbtBId7ESWRj4b9L6Az0%2BaN2sWTR6p5cQz5m4vwbE65v3fd087zV1YmxS8eH10wRsBGu%2FDM9nqufYPvw%2FjKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe16f8b77131-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ip.nf/me.json | 3.73.104.221 | 200 OK | 254 B |
IP3.73.104.221:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectip.nf FingerprintC3:D4:14:31:CF:C1:4F:5D:C4:46:F3:03:87:08:27:54:F2:B7:6D:46 ValiditySun, 14 Apr 2024 23:40:49 GMT - Sat, 13 Jul 2024 23:40:48 GMT
Hash7ee77928b92f62af3fe4b740de6f1a40 9c66c2951deb18e4a4550dd0ba3a553757bab9b0 394b5969965237c7dea346b42d7abdac52c05ce3f416b7e0c0da59a42d99ebbd
GET /me.json HTTP/1.1
Host: ip.nf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ftgheeudxnlc.shop
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://ftgheeudxnlc.shop
content-type: application/json
date: Thu, 25 Apr 2024 08:34:11 GMT
x-robots-tag: noindex
content-length: 254
X-Firefox-Spdy: h2
|
|
| ftgheeudxnlc.shop/index/isp-v1-css1.css | 188.114.97.1 | | 11 kB |
URL ftgheeudxnlc.shop/index/isp-v1-css1.css IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeASCII text, with very long lines (5413), with no line terminators Hashfa29b2799f0c48641707a6600f300b1b 3304fe5ec1c395ce763304871c1cdcef8c64d422 6a357b121ec2e27a52ce36b55991668351a342d6fb31e5480dcfb7e9c8a6a7a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/isp-v1-css1.css HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 14:05:22 GMT
etag: W/"602d22a2-1525"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5NBN8%2FS1ISVCUH146L%2F%2BXSKHS%2B92RP7MejlXpdZvR83gVLxY98KErLJ1N4Vlm9C2iLr3eXk82%2FrR3cM2lumqngKdqZXBdFBcOAMezrlckmuYZA6F1BcG4S%2FUubQ3tSzkxLu1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe14fe0f7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/flags/no.svg | 188.114.97.1 | | 7.3 kB |
URL ftgheeudxnlc.shop/index/flags/no.svg IP188.114.97.1:0
CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/flags/no.svg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: text/html
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nIEw50H455lvxHw9FHFVNt5AZuXy%2FMVB9J4o6nBA21COowByQ24vDjtHSy4V64hpdYvgvzcwGb%2Fui%2Bwl3iPXLSf6KgjqVygsxnmxp8GS7Rw8LJrO8R6h9Q5CkEynoJ%2BSbEeJjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe17895e7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/lng/en.json | 188.114.97.1 | 200 OK | 4.0 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/lng/en.json IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeASCII text, with very long lines (4340), with no line terminators Hashf5f6090f5eefe1e10578a0c3bf46f438 a4e1e0ed8293554341a5b0b15cd73b8668180625 bcde2e2dadce01ff8dc5e9e308533f6aa0bc393d1d1efb26e4de71eaefa20574
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/lng/en.json HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: application/json
last-modified: Wed, 17 Feb 2021 14:05:14 GMT
etag: W/"602d229a-f7c"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGPqA6LVCz9MlSFoVEs14vy%2BZrhjgO8oq16yONeCMa7dHa0ir0ImgpDLN%2FhKDLudGbKmZmAD2%2BYDVr9BxtbUrRsD5oWAf7z3t6p55JeRzxWfEEXzkWqgDR6kXzAi4o8xv%2BeFvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cfe161f707131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ftgheeudxnlc.shop/index/isp-v1-css6.css | 188.114.97.1 | 200 OK | 6.1 kB |
URL GET HTTP/3ftgheeudxnlc.shop/index/isp-v1-css6.css IP188.114.97.1:443
Requested byhttps://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3 CertificateIssuerLet's Encrypt Subjectftgheeudxnlc.shop Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60 ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT
File typeASCII text, with very long lines (6136), with no line terminators Hash6f0064c409b280fed19870bc73c1e640 a84836eac80ff8fa93ac0ca959320078b3e12ca1 e16f96f67d08a4c2ab07cdaf98bfa33059a18f152479c2d6cb27f6e6b89967b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index/isp-v1-css6.css HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=174d148e032e469c51&isp=Blix%20Group%20As&uclick=b7rnzwir&uclickhash=b7rnzwir-b7rnzwir-1nvr-xs8w-heej-46oj-468r-baa6e3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:34:11 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 14:05:22 GMT
etag: W/"602d22a2-17ea"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SGOAOJCno70vBiVpQuuWPAUtb7HqNBW5waTq9J48LrNBjZaTGexBwAQ07unM2yU2adqSwlUlR8c4IMPYADcchVMX0atPq0jHNLi0tS3OYhfwXJ3VINxc0chSD%2B7wjrjvosjzxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cfe14fe0e7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|