Report - dais7nsa.shop

Report Overview

Visitedpublic

2024-09-10 18:41:55

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dais7nsa.shop	unknown	2024-08-01	2024-09-02 08:34:00	2024-09-06 08:20:13	4.6 kB	27 kB	188.114.96.1
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-09 18:12:09	981 B	2.7 kB	23.36.76.249
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-09 18:12:09	1.3 kB	3.5 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed
2024-09-10	medium	dais7nsa.shop	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake
2024-08-02	medium	dais7nsa.shop	ClearFake

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	dais7nsa.shop/	ScriptElement	393 B	2023-04-05	2025-03-02
URL dais7nsa.shop/ IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-04-05 Last Seen 2025-03-02 Times Seen 143291 Size 393 B (393 bytes) MD5 34ad0a116707d3b794129a6720af92d7 SHA1 424de9dbb8bc774e2a2d4ade100d90f5ac0ecbf4 SHA256 d011a9449a990f2086894be870adc6fbb53595dc593b410a83e45e40bfbc7262 Format Code Loading...

HTTP Transactions (17)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-08

Last Seen2024-09-19

Times Seen25465

Size504 B (504 bytes)

MD585b35ef8e54cfd751670f6a6d56541bd

SHA1162e94ccf2a785ea99c41f45c3a76815a2f8ae5f

SHA2563f59c24a6538550f52a4c9b39d9f57b023c9d44d50a846e742b763f74dfc179d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3F59C24A6538550F52A4C9B39D9F57B023C9D44D50A846E742B763F74DFC179D"
Last-Modified: Sun, 08 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3367
Expires: Tue, 10 Sep 2024 19:37:36 GMT
Date: Tue, 10 Sep 2024 18:41:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen23843

Size504 B (504 bytes)

MD56bd7ab339c70a2fbeee4c8c0acd11d01

SHA1d73d3395447b2a06e32c1e3efb673107259de9d2

SHA256fdfd7bc2cf6ecc38fb1098f0fdb33cc28a034bb850556c8be63823f4c4718be2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FDFD7BC2CF6ECC38FB1098F0FDB33CC28A034BB850556C8BE63823F4C4718BE2"
Last-Modified: Tue, 10 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8185
Expires: Tue, 10 Sep 2024 20:57:54 GMT
Date: Tue, 10 Sep 2024 18:41:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen8473

Size504 B (504 bytes)

MD5c02cbc5c5d1b0406dcc246d4bd1a6d2b

SHA14926c8ef9661a0a06ddca8476543ba0016f6db23

SHA2566d53e4415d0c45468d4481cf09e5ea095019a86af85ccd64064eb060ab802455

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6D53E4415D0C45468D4481CF09E5EA095019A86AF85CCD64064EB060AB802455"
Last-Modified: Tue, 10 Sep 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4839
Expires: Tue, 10 Sep 2024 20:02:08 GMT
Date: Tue, 10 Sep 2024 18:41:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen14499

Size504 B (504 bytes)

MD549e3d04c2eb4d704e7e7c90e2dc519c0

SHA133f04bc1c596585870c7b00e24bf9bef4d01dc8e

SHA2561a381b926d3ed1420dc33ec68eb8ff332a94ff175191a0564c07552b80c7a3d7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A381B926D3ED1420DC33EC68EB8FF332A94FF175191A0564C07552B80C7A3D7"
Last-Modified: Tue, 10 Sep 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13005
Expires: Tue, 10 Sep 2024 22:18:14 GMT
Date: Tue, 10 Sep 2024 18:41:29 GMT
Connection: keep-alive

GET dais7nsa.shop/

188.114.96.1

301 Moved Permanently

6.3 kB

URL

dais7nsa.shop/

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size6.3 kB (6319 bytes)

MD57d13f0030f97d3601112fa2e8451cb59

SHA12809b6e6016809bf3825a6c804b05206702399fb

SHA2564696bed16dc4dc98e8c84acd98584f297bafc21bc4e287d2e8f1596297ebc0f3

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 502 Bad Gateway
date: Tue, 10 Sep 2024 18:41:29 GMT
content-type: text/html; charset=UTF-8
content-length: 6319
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hnPBXLDNfpezMFJNzdk%2BVqXxcmAm8JLXcDcmQ3qoBil8nw3mnAtrKBKWgLeWC0T1hRN6shMU%2BDSavvYTKXNXUpCMCggNcddr4tu%2BuTzz%2Bi6eS5tPxMVCPmiWKOBjPchY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8c118d716ee43678-FRA
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET dais7nsa.shop/

188.114.96.1

301 Moved Permanently

167 B

URL

dais7nsa.shop/

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-05

Last Seen2025-03-02

Times Seen190492

Size167 B (167 bytes)

MD50104c301c5e02bd6148b8703d19b3a73

SHA17436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 10 Sep 2024 18:41:30 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 10 Sep 2024 19:41:30 GMT
Location: https://dais7nsa.shop/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrdFw0IruZU9V0vHmiBpJXTHnOWMh7xW8u5cgsaYJbdVXhd7j9%2F9Zt%2F017Q3Tk2ZKSyn2QtxyyXGsiT3E4EczbTI7L136IHbaDFsUvIo%2Fa%2BIuaHEpGTjt5M0OEPRwHIa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8c118d731c320b56-AMS
alt-svc: h2=":443"; ma=60

GET dais7nsa.shop/

188.114.96.1

301 Moved Permanently

6.3 kB

URL

dais7nsa.shop/

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2024-09-19

Last Seen2024-09-19

Times Seen1

Size6.3 kB (6319 bytes)

MD5b0bf72855d2d1f5b545a97493f89fa16

SHA19699a22087d0e865376d31d63fc5e5554fe5955e

SHA2562130dbd7d7e76296d87951a10b93203109accb724a2eed4bdae2f1f90caf46cd

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 502 Bad Gateway
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: text/html; charset=UTF-8
content-length: 6319
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IbsQ2O3q%2FO35DVpKJgOstinVCXg5AbEfFoXrqbyP6ku8Vx2a8jwvemLZSewAiPmReF2c7cKYevQbZd1Hf4ZlSXnLrV%2Fpv6dJ2tSFij%2FbYYj4v8s0bCPZn5j8IEaj34EG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8c118d7379073678-FRA
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET dais7nsa.shop/cdn-cgi/styles/main.css

188.114.96.1

200 OK

3.1 kB

URL

dais7nsa.shop/cdn-cgi/styles/main.css

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://dais7nsa.shop/

Resource Info

File typegzip compressed data, from Unix

First Seen2023-05-05

Last Seen2025-02-28

Times Seen497

Size3.1 kB (3122 bytes)

MD5aab0c5da39e59bde7895a582bba5ff89

SHA15d1c97cbfc8e24d33ef3f02c6ea02888b3755f1a

SHA2568b811fe6a9b5fae3fb915359f8a945cfd5596a0d07be6294c5fa8b95f8f82ae7

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/main.css HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dais7nsa.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: text/css
last-modified: Wed, 04 Sep 2024 18:14:57 GMT
etag: W/"66d8a3a1-1f4d"
server: cloudflare
cf-ray: 8c118d74ca7b3678-FRA
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 10 Sep 2024 20:41:30 GMT
cache-control: max-age=7200, public
content-encoding: gzip
X-Firefox-Spdy: h2

GET dais7nsa.shop/cdn-cgi/images/cf-icon-browser.png

188.114.96.1

200 OK

484 B

URL

dais7nsa.shop/cdn-cgi/images/cf-icon-browser.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://dais7nsa.shop/

Resource Info

File typePNG image data, 100 x 80, 8-bit colormap, non-interlaced

First Seen2023-04-16

Last Seen2025-08-02

Times Seen9991

Size484 B (484 bytes)

MD559caf3c7eb63af78f12db37f41433779

SHA18024e688e78e910ae1ea3bc25be7a7ab65444b02

SHA25678a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-browser.png HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dais7nsa.shop/cdn-cgi/styles/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: image/png
content-length: 484
last-modified: Wed, 04 Sep 2024 18:14:57 GMT
etag: "66d8a3a1-1e4"
server: cloudflare
cf-ray: 8c118d750ac63678-FRA
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 10 Sep 2024 20:41:30 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

GET dais7nsa.shop/cdn-cgi/images/cf-icon-cloud.png

188.114.96.1

200 OK

1.5 kB

URL

dais7nsa.shop/cdn-cgi/images/cf-icon-cloud.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://dais7nsa.shop/

Resource Info

File typePNG image data, 152 x 77, 8-bit colormap, non-interlaced

First Seen2023-04-09

Last Seen2025-08-02

Times Seen10036

Size1.5 kB (1484 bytes)

MD53ec81e5e3a4de9fec46ce9e6999b9e27

SHA18f03b6857ab8d31feb65f97b1ae6b678efdc2ddd

SHA2563a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-cloud.png HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dais7nsa.shop/cdn-cgi/styles/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: image/png
content-length: 1484
last-modified: Wed, 04 Sep 2024 18:14:57 GMT
etag: "66d8a3a1-5cc"
server: cloudflare
cf-ray: 8c118d750aca3678-FRA
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 10 Sep 2024 20:41:30 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

GET dais7nsa.shop/cdn-cgi/images/cf-icon-server.png

188.114.96.1

200 OK

1.4 kB

URL

dais7nsa.shop/cdn-cgi/images/cf-icon-server.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://dais7nsa.shop/

Resource Info

File typePNG image data, 95 x 75, 8-bit colormap, non-interlaced

First Seen2023-04-16

Last Seen2025-08-02

Times Seen10043

Size1.4 kB (1384 bytes)

MD52c11e67182601007f577f8bf2c72fee8

SHA101dc915d4745f00632021c05d3eef634747a9c3d

SHA25641553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-server.png HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dais7nsa.shop/cdn-cgi/styles/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: image/png
content-length: 1384
last-modified: Wed, 04 Sep 2024 18:14:57 GMT
etag: "66d8a3a1-568"
server: cloudflare
cf-ray: 8c118d750acc3678-FRA
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 10 Sep 2024 20:41:30 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

GET dais7nsa.shop/cdn-cgi/images/cf-icon-error.png

188.114.96.1

200 OK

854 B

URL

dais7nsa.shop/cdn-cgi/images/cf-icon-error.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://dais7nsa.shop/

Resource Info

File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced

First Seen2023-04-21

Last Seen2025-08-02

Times Seen10046

Size854 B (854 bytes)

MD5e5577f04b6d92590410e26bd2292933b

SHA116946b2c99d98a57f83eac170ce94b012b7d1a7b

SHA25667f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dais7nsa.shop/cdn-cgi/styles/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: image/png
content-length: 854
last-modified: Wed, 04 Sep 2024 18:14:57 GMT
etag: "66d8a3a1-356"
server: cloudflare
cf-ray: 8c118d751ad43678-FRA
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 10 Sep 2024 20:41:30 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.249

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.249

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen11566

Size504 B (504 bytes)

MD59166ec047d1a1a5f81e7d3837eabbc9a

SHA17ed1e5b331a854776d5c422d2ded1329b74c7044

SHA25663274b199d0425d6b2283c6a23df2ab604b62be6614d18b74decff86727eb1ca

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "63274B199D0425D6B2283C6A23DF2AB604B62BE6614D18B74DECFF86727EB1CA"
Last-Modified: Tue, 10 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5118
Expires: Tue, 10 Sep 2024 20:06:49 GMT
Date: Tue, 10 Sep 2024 18:41:31 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.249

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen11566

Size504 B (504 bytes)

MD59166ec047d1a1a5f81e7d3837eabbc9a

SHA17ed1e5b331a854776d5c422d2ded1329b74c7044

SHA25663274b199d0425d6b2283c6a23df2ab604b62be6614d18b74decff86727eb1ca

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "63274B199D0425D6B2283C6A23DF2AB604B62BE6614D18B74DECFF86727EB1CA"
Last-Modified: Tue, 10 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5118
Expires: Tue, 10 Sep 2024 20:06:49 GMT
Date: Tue, 10 Sep 2024 18:41:31 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.249

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen11566

Size504 B (504 bytes)

MD59166ec047d1a1a5f81e7d3837eabbc9a

SHA17ed1e5b331a854776d5c422d2ded1329b74c7044

SHA25663274b199d0425d6b2283c6a23df2ab604b62be6614d18b74decff86727eb1ca

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "63274B199D0425D6B2283C6A23DF2AB604B62BE6614D18B74DECFF86727EB1CA"
Last-Modified: Tue, 10 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5118
Expires: Tue, 10 Sep 2024 20:06:49 GMT
Date: Tue, 10 Sep 2024 18:41:31 GMT
Connection: keep-alive

GET dais7nsa.shop/cdn-cgi/images/cf-icon-ok.png

188.114.96.1

200 OK

946 B

URL

dais7nsa.shop/cdn-cgi/images/cf-icon-ok.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://dais7nsa.shop/

Resource Info

File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced

First Seen2023-04-16

Last Seen2025-08-02

Times Seen10043

Size946 B (946 bytes)

MD5dfaf0fbb758c874be231335db178381d

SHA18f2597eb7ba4c89892aac0559816db3f5280b23e

SHA256ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dais7nsa.shop/cdn-cgi/styles/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: image/png
content-length: 946
last-modified: Wed, 04 Sep 2024 18:14:57 GMT
etag: "66d8a3a1-3b2"
server: cloudflare
cf-ray: 8c118d750ac83678-FRA
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 10 Sep 2024 20:41:30 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2

GET dais7nsa.shop/favicon.ico

188.114.96.1

404 Not Found

275 B

URL

dais7nsa.shop/favicon.ico

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://dais7nsa.shop/

Resource Info

File typeHTML document, ASCII text, with no line terminators

First Seen2024-09-06

Last Seen2024-09-19

Times Seen3

Size275 B (275 bytes)

MD5498253dd2aee16a3fefb8e3b95493a2f

SHA14df2ac7a7424286b51e5eafdaa8e471c35522444

SHA256ffc7a9b07c82853dea88ef026a03bfc949d4a724d743483973e5ecf509d67b07

Certificate Info

IssuerGoogle Trust Services

Subjectdais7nsa.shop

FingerprintAD:09:10:37:83:6C:AD:4F:CF:25:3D:8A:F1:EE:F7:CC:28:D6:58:B0

ValidityThu, 01 Aug 2024 17:56:46 GMT - Wed, 30 Oct 2024 17:56:45 GMT

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	ClearFake
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dais7nsa.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dais7nsa.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 10 Sep 2024 18:41:30 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LI5iQ50kmII5aKyPvaMTBK0k4ZmT2uZmM3LRqtnAeCC4hPYi6yCRmo%2BuuTUr5Qeri%2F4NVOotxfFNaEZJW4OhcHGm6IlD0CBOOlNYMp0UyC69XDHKy7f67vtJRKIH3WQc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c118d756b453678-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2