Report - uc-grand.ru/swiss/

Report Overview

Submitted URL
uc-grand.ru/swiss/
IP
82.146.34.63
ASN
#29182 JSC IOT
Submitted
2024-03-27 05:17:47
Access
public
Website Title
Startseite | Swiss Post
Final URL
uc-grand.ru/swiss/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
uc-grand.ru	unknown	2022-02-09	2022-02-10	2024-03-27	5.6 kB	100 kB	82.146.34.63
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-03-27	443 B	3.4 kB	104.17.25.14
pro.fontawesome.com	5887	2012-10-18	2018-03-17	2024-03-27	994 B	280 kB	172.64.147.188

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-26	medium	uc-grand.ru/swiss/	PostFinance

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed
2024-03-27	medium	uc-grand.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	uc-grand.ru/swiss/js/html5shiv.min.js	2.7 kB	2023-03-07	2024-03-27
Pretty URL uc-grand.ru/swiss/js/html5shiv.min.js IP 82.146.34.63 ASN #29182 JSC IOT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:23:44 Last Seen2024-03-27 06:55:47 Times Seen113 Hash 7b7a4e3a218061d489d18edc20018200 c30ffb887c1b5a7e0fd6ed2772559b0025ed4c38 dd09d170aca1c1eb67a16f0e23fda993989a3333a0c495080b4e83e8e270c3dd Loading...

	uc-grand.ru/swiss/js/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-27
Pretty URL uc-grand.ru/swiss/js/jquery-3.5.1.min.js IP 82.146.34.63 ASN #29182 JSC IOT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-27 00:50:13 Times Seen12896 Hash 9ac39dc31635a363e377eda0f6fbe03f 29fa5ad995e9ec866ece1d3d0b698fc556580eee 9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38 Loading...

	uc-grand.ru/swiss/js/bootstrap.min.js	62 kB	2023-03-08	2024-03-27
Pretty URL uc-grand.ru/swiss/js/bootstrap.min.js IP 82.146.34.63 ASN #29182 JSC IOT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:39:12 Last Seen2024-03-27 06:55:47 Times Seen49 Hash 9af25b9669a891d6261023d690dd17f0 49f880b8572c1fad1993212c4b9292ca7abea995 da5a8e7b12eb38994c867304d3325b93b8b7cb4002499e9e9547c010a1420f2a Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js	8.5 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-04-24 18:13:54 Times Seen2936 Hash ae3f52c2166f5c09f5f3ceeda2c15f01 7d5b0613ee02bc0f39f546443f338c806634c5f6 6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37 Loading...

	uc-grand.ru/swiss/	0 B	2023-03-07	2024-04-27
Pretty URL uc-grand.ru/swiss/ IP 82.146.34.63 ASN #29182 JSC IOT Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 07:34:00 Times Seen37114212 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (16)

URL IP Response Size

uc-grand.ru/swiss/

82.146.34.63

200 OK

1.8 kB

URL User Request GET HTTP/1.1
uc-grand.ru/swiss/
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.8 kB (1762 bytes)
Hash
6fa7d8b46fd3e947f400f314166ddd5f
d40c7093add6dd8c68053d2b70cffa4a73b033d7
e0926b5003019805562b5e1f1f88084bb492142cdc3639fd01c4b35c08bd7b30

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PostFinance
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/ HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:21 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1762
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js

104.17.25.14

200 OK

2.4 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (8392)
Size
2.4 kB (2420 bytes)
Hash
ae3f52c2166f5c09f5f3ceeda2c15f01
7d5b0613ee02bc0f39f546443f338c806634c5f6
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37

HTTP Headers

GET /ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Mar 2024 05:17:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 2420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-210b"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1756911
expires: Mon, 17 Mar 2025 05:17:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BulGvctoHqNDLQuug7VeEfHz%2FApiLa2I5g8f43bj3s%2BLL9zC%2FwNfDmLPsi163zj2aDtPHLAB2Hens7KoMK6dMGG9M0%2B4dvu%2FuVPecqaK7QiAVkojZfo2Re3EWRIMUzWHtL4Ont32"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86ace9e6bfa2b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uc-grand.ru/swiss/css/bootstrap.css

82.146.34.63

200 OK

25 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/css/bootstrap.css
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (560), with CRLF line terminators
Size
25 kB (25189 bytes)
Hash
12b5ffee37610c9c7a5455ebd23c688c
8308e2048266bd2d5cfa7386244cb2758c30e96a
fabaae213beaecc60a58cad108f98599e44b0d760e44135154fa785160b24210

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/css/bootstrap.css HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 07:53:52 GMT
ETag: "31bd2-5d4d10e04c400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 25189
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

uc-grand.ru/swiss/css/test.css

82.146.34.63

200 OK

635 B

URL GET HTTP/1.1
uc-grand.ru/swiss/css/test.css
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
ASCII text, with CRLF line terminators
Size
635 B (635 bytes)
Hash
6ecac2fcca07ece71f950baa48d7bbce
c51c73d24476dfe9fd9cef1d5a173cd807af5a3f
2cd37283582423ab991c6500037315c63f9a32f0d15b423018e6baa022ad8c4d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/css/test.css HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 07:54:26 GMT
ETag: "74c-5d4d1100b9080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 635
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

uc-grand.ru/swiss/js/html5shiv.min.js

82.146.34.63

200 OK

1.4 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/js/html5shiv.min.js
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
JavaScript source, ASCII text, with very long lines (2639), with CRLF line terminators
Size
1.4 kB (1351 bytes)
Hash
7b7a4e3a218061d489d18edc20018200
c30ffb887c1b5a7e0fd6ed2772559b0025ed4c38
dd09d170aca1c1eb67a16f0e23fda993989a3333a0c495080b4e83e8e270c3dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/js/html5shiv.min.js HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 07:54:56 GMT
ETag: "aad-5d4d111d55400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1351
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

uc-grand.ru/swiss/js/bootstrap.min.js

82.146.34.63

200 OK

16 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/js/bootstrap.min.js
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
JavaScript source, ASCII text, with very long lines (62126), with CRLF line terminators
Size
16 kB (16028 bytes)
Hash
9af25b9669a891d6261023d690dd17f0
49f880b8572c1fad1993212c4b9292ca7abea995
da5a8e7b12eb38994c867304d3325b93b8b7cb4002499e9e9547c010a1420f2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/js/bootstrap.min.js HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 07:59:32 GMT
ETag: "f3d1-5d4d12248c100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16028
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

uc-grand.ru/swiss/js/jquery-3.5.1.min.js

82.146.34.63

200 OK

31 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/js/jquery-3.5.1.min.js
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators
Size
31 kB (30913 bytes)
Hash
9ac39dc31635a363e377eda0f6fbe03f
29fa5ad995e9ec866ece1d3d0b698fc556580eee
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/js/jquery-3.5.1.min.js HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 07:58:56 GMT
ETag: "15d84-5d4d120237000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30913
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

uc-grand.ru/swiss/js/respond.min.js

82.146.34.63

200 OK

4.3 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/js/respond.min.js
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2331)
Size
4.3 kB (4330 bytes)
Hash
1aeb56950c9c406317d69ac4dbc0c709
93c99261b01910ce97d0d6fb191ed1f632aa8e7b
358b02f42f6f709e1eba648a5752134144b0419b75bcc8c876f074f187a61f75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/js/respond.min.js HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4330
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

uc-grand.ru/swiss/image/a.png

82.146.34.63

200 OK

677 B

URL GET HTTP/1.1
uc-grand.ru/swiss/image/a.png
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
PNG image data, 42 x 25, 8-bit/color RGBA, non-interlaced
Size
677 B (677 bytes)
Hash
9f6f7e9e5648010f14d43d89b8119767
a98ce94f89f151b331b7a7a244ed63ce99199e8b
f1e8231c6f3bf3a4cbfc92a5f8beaff846a3014c21fe8396ed212bb0d0244db9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/image/a.png HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 08:04:12 GMT
ETag: "2a5-5d4d132f93700"
Accept-Ranges: bytes
Content-Length: 677
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

uc-grand.ru/swiss/image/swiis-logo.png

82.146.34.63

200 OK

4.8 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/image/swiis-logo.png
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
PNG image data, 414 x 122, 8-bit colormap, non-interlaced
Size
4.8 kB (4845 bytes)
Hash
051be99aacc4696a903bd32e25c49b1d
856c0c5da2ebc1fc61a86bce04976644be99ee2c
490ed4cd487facdb15cde073a96adbb1abf8912ddbfa22fd04a22c70a3326560

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/image/swiis-logo.png HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Sun, 17 Oct 2021 02:42:38 GMT
ETag: "12ed-5ce8361a82380"
Accept-Ranges: bytes
Content-Length: 4845
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

uc-grand.ru/swiss/image/MasterCard.png

82.146.34.63

200 OK

2.1 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/image/MasterCard.png
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced
Size
2.1 kB (2077 bytes)
Hash
b2702b4b6944f05e00e7a9065c9d071b
a40d684e4e7e4cb085c37bd942874a3d60f719b5
8c4f22dc313ee84b9c84d4295b3593584159ab23c8a1f095b366aff8ca05f196

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/image/MasterCard.png HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 08:03:50 GMT
ETag: "81d-5d4d131a98580"
Accept-Ranges: bytes
Content-Length: 2077
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

uc-grand.ru/swiss/image/VISAA.png

82.146.34.63

200 OK

2.6 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/image/VISAA.png
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced
Size
2.6 kB (2600 bytes)
Hash
725caa991a29101f5da78da2fc1e1e63
cf4f10dfd71289c43273496120b79ef01a437d19
ef844111dee838dc5c8d388a96108379b2c97ced776fc95b2fa32b28f7ef6bde

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/image/VISAA.png HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 08:03:44 GMT
ETag: "a28-5d4d1314df800"
Accept-Ranges: bytes
Content-Length: 2600
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

uc-grand.ru/swiss/image/b.png

82.146.34.63

200 OK

643 B

URL GET HTTP/1.1
uc-grand.ru/swiss/image/b.png
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
PNG image data, 42 x 25, 8-bit/color RGBA, non-interlaced
Size
643 B (643 bytes)
Hash
0b26f7938650cb2a84556610eaf87937
f3cacc72714c070c36ae4326ec861116418c2915
58ead390cc509331a0ef667a2ed6df336c32af6d03f3c4342d84412f776188ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/image/b.png HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Last-Modified: Wed, 05 Jan 2022 08:04:02 GMT
ETag: "283-5d4d13260a080"
Accept-Ranges: bytes
Content-Length: 643
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

pro.fontawesome.com/releases/v5.10.0/webfonts/fa-solid-900.woff2

172.64.147.188

200 OK

123 kB

URL GET HTTP/2
pro.fontawesome.com/releases/v5.10.0/webfonts/fa-solid-900.woff2
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 123004, version 330.15728
Size
123 kB (123004 bytes)
Hash
88fd444847dc842d15e229df26571b03
bde84da4343e573a148af56adde21bddf74bb2a6
d27aa8bf9677cf4ef12acd7b37afc20f1f661d7c163b929ae9caf103b01fce37

HTTP Headers

GET /releases/v5.10.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: pro.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://uc-grand.ru
DNT: 1
Connection: keep-alive
Referer: https://pro.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 27 Mar 2024 05:17:22 GMT
content-type: font/woff2
content-length: 123004
x-amz-id-2: RsfU6OFN8xTkFcEATYRRoUHUGp+981A8/+6nmyr49gp3n63GqdbgrXkP3xFT54siamb6QX6nxFM=
x-amz-request-id: E9WDW6KKTKMDF2GK
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 28 Jun 2021 16:56:06 GMT
etag: "88fd444847dc842d15e229df26571b03"
cache-control: max-age=31556926
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 86ace9e7ef7f5689-OSL
X-Firefox-Spdy: h2

uc-grand.ru/swiss/image/1.jpg

82.146.34.63

200 OK

4.3 kB

URL GET HTTP/1.1
uc-grand.ru/swiss/image/1.jpg
IP
82.146.34.63:443
ASN
#29182 JSC IOT

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerLet's Encrypt
Subjectuc-grand.ru
Fingerprint62:02:F5:AE:10:B8:7B:E9:15:10:6D:AF:09:AE:ED:5B:BC:10:08:BB
ValidityWed, 21 Feb 2024 02:53:13 GMT - Tue, 21 May 2024 02:53:12 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2331)
Size
4.3 kB (4330 bytes)
Hash
1aeb56950c9c406317d69ac4dbc0c709
93c99261b01910ce97d0d6fb191ed1f632aa8e7b
358b02f42f6f709e1eba648a5752134144b0419b75bcc8c876f074f187a61f75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swiss/image/1.jpg HTTP/1.1
Host: uc-grand.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/swiss/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 27 Mar 2024 05:17:22 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=31536000; preload
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4330
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

pro.fontawesome.com/releases/v5.10.0/css/all.css

172.64.147.188

200 OK

156 kB

URL GET HTTP/2
pro.fontawesome.com/releases/v5.10.0/css/all.css
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uc-grand.ru/swiss/
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65393)
Size
156 kB (156228 bytes)
Hash
aa1272633e7e552395d147a499bad186
ddbccb0011dd4868a013b1dcbdb836b7213eb41d
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

HTTP Headers

GET /releases/v5.10.0/css/all.css HTTP/1.1
Host: pro.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://uc-grand.ru
DNT: 1
Connection: keep-alive
Referer: https://uc-grand.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Mar 2024 05:17:22 GMT
content-type: text/css
x-amz-id-2: TEZYS+YUikcuELMJtBsosgagPMS3D+GsxClys8cL2XI2GxHI2UyOELkr7zhQHtpY9bCkqDEyOSU=
x-amz-request-id: 7F26GPYQ5VNNCF7D
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 28 Jun 2021 16:54:32 GMT
etag: W/"aa1272633e7e552395d147a499bad186"
cache-control: max-age=31556926
cf-cache-status: HIT
server: cloudflare
cf-ray: 86ace9e70f375689-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers