Report - l41r0.shop/

Report Overview

Visited public
2024-05-29 16:56:37
Tags
URL
l41r0.shop/
Finishing URL
l41r0.shop/
IP / ASN
172.67.204.163
#13335 CLOUDFLARENET
Title
Газпром-Инвест Официальный сайт

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-05-29 18:22:34	509 B	24 kB	142.250.74.106
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-05-29 18:38:42	2.2 kB	331 kB	104.17.25.14
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2024-05-29 18:47:52	404 B	32 kB	151.101.130.137
l41r0.shop	unknown	unknown	No data	No data	14 kB	2.4 MB	104.21.85.110
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-05-29 18:23:20	3.7 kB	233 kB	216.58.207.227
ipinfo.io	8136	2013-04-23	2013-12-16 08:25:53	2024-05-27 18:53:37	407 B	678 B	34.117.186.192

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-29 16:56:11	medium	Client IP	34.117.186.192	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
2024-05-29 16:56:11	medium	Client IP	34.117.186.192	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom
2024-05-29	medium	l41r0.shop/	Gazprom

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	l41r0.shop/	ScriptElement	539 B	2023-09-16	2025-03-18
Pretty URL l41r0.shop/ IP 104.21.85.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 05:55 Last Seen2025-03-18 23:04 Times Seen11576 Hash 468a5049db1adf2d5f4f7c420aeec45f 56f1d3150e5a056be36805153c4ca952df1a5069 0b8f88f3590bd4f0ea8ecd461c920a744f12f337a857c497b93f2b306626993e Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 03:51 Times Seen115828 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js	ScriptElement	41 kB	2023-04-05	2025-06-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 23:55 Last Seen2025-06-23 03:39 Times Seen12196 Hash dd2250b414858d83d5bff500e9c418d8 e6efd1a460c2f6c5d94924079e0f2029b46272cb 54a80c57a4102dcfca059ae31110176b10e52706b4dc15bb6a621f38909ea64b Loading...

	l41r0.shop/l/gaz/js/intlTelInput.min.js	ScriptElement	30 kB	2023-04-07	2025-06-22
Pretty URL l41r0.shop/l/gaz/js/intlTelInput.min.js IP 104.21.85.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 08:40 Last Seen2025-06-22 08:24 Times Seen13664 Hash 9c8154f4404aec64d3fccdf1375da301 4bfc43bdaf6c1e8654e13873c5a99f6369677f35 a7fdd130131c8899e7cda1f6afb542aeb729b8dc5423f00353c682b5460c643c Loading...

	l41r0.shop/l/gaz/js/landing_url2.js	ScriptElement	257 B	2023-09-16	2025-06-03
Pretty URL l41r0.shop/l/gaz/js/landing_url2.js IP 104.21.85.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:55 Last Seen2025-06-03 07:58 Times Seen11563 Hash 2afba324c360fd0ed40f992335bb8c92 699177e3e1a216e054f249ac2f498e26ada9d9a1 9db54e0a4b17459fb1c5f1991a75f3f57e1204b160b90638409391f6234471cd Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-06-23
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 03:56 Times Seen222460 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js	ScriptElement	60 kB	2023-03-07	2025-06-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10 Last Seen2025-06-23 00:53 Times Seen11922 Hash b5730588db13e71c65bdb1d234089260 282209ef6065e8451a5623c1b208d256d7b14c27 77e1728245a0c2de7d0859163ee081e1113aa75fd6894602cb5eb0d7e739bca9 Loading...

	l41r0.shop/l/gaz/js/index.js	ScriptElement	992 B	2023-09-16	2025-06-03
Pretty URL l41r0.shop/l/gaz/js/index.js IP 104.21.85.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:55 Last Seen2025-06-03 07:58 Times Seen11566 Hash 1adfefb340541281830ef6167ef51db5 6e63bd31cb65aca647043cfd03630fd8f06da6aa 963362ac5b92fb739eff1dce8f8e48238c7b6597d2b8c1b87d18b055277cb05b Loading...

	l41r0.shop/l/gaz/js/errors.js?t=2	ScriptElement	4.2 kB	2023-09-16	2025-06-03
Pretty URL l41r0.shop/l/gaz/js/errors.js?t=2 IP 104.21.85.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:55 Last Seen2025-06-03 07:58 Times Seen11564 Hash d8bacacbb94df09ddf8d3609d0d18feb ba0208dfefe91cc867282f5bff6bd01de3275d11 566e2f0b77fd55ac4ac6170043c91efe2df9204882d5e030ac2b1169fd167dc1 Loading...

	l41r0.shop/	ScriptElement	298 B	2023-09-16	2025-06-03
Pretty URL l41r0.shop/ IP 104.21.85.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 05:55 Last Seen2025-06-03 07:58 Times Seen11532 Hash c50bdad10d5fe5ba42c30f80ca8ecbfe 50aedce3f6a2194c7fbe87d2fd538614de8d3e4c 732bf6f9fc306d0e15b283137fb020243e02abe7086aa26ea169ddba6df3f4d0 Loading...

	cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js	ScriptElement	251 kB	2023-03-07	2025-06-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24 Last Seen2025-06-22 14:24 Times Seen13909 Hash badf39299033bb934da6325eea28ce72 bf68e8fd78007eb5539e08f0621a75c76c977f22 2c70f3d32d8ed2924ff688ad77a9b8f65663a433b5b0e5f4ba38879956961652 Loading...

HTTP Transactions (49)

URL IP Response Size

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 May 2024 16:56:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1868890
expires: Mon, 19 May 2025 16:56:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tf1BHeY0ewUPSTm%2BftchRckO5jamgBDMFpArmd0NVyyzyOKiAzjNNF1jDrJBCcH7h1LiKL5lyvmSDIykBQHNz20aJorAkJVrSbR5skD7h%2F5mwIgm4MJNrM0qqdtNZteCc4bblCUd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88b80426281b56aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js

104.17.25.14

200 OK

7.7 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41067)
Size
7.7 kB (7685 bytes)
Hash
b5c1f83e8e2c9fad4a9c7a7e8c34b2fa
a1c7a35489061767940a66b546466ff5212a4625
67adfdac93b9ec1899cd00e55ac1b217e109dc5b379c3e2940f91f8a64f2dd2f

HTTP Headers

GET /ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 May 2024 16:56:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 7685
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ea7-a0d3"
last-modified: Mon, 04 May 2020 16:11:19 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 663357
expires: Mon, 19 May 2025 16:56:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOmbfzc0jxaFaB5HzzAd6AEXKA3LtU%2B7mRHCjFJxoaIijDoICXlOx%2FEZGd5sX%2FpzawnMHzK6H8udG%2FWyAat0a%2B8OGOn5KLG6dfnvoTjklBWCkJcSxXljw255%2FbnJqQfNXGLnHF6L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88b80426281e56aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (59812)
Size
14 kB (14192 bytes)
Hash
b5730588db13e71c65bdb1d234089260
282209ef6065e8451a5623c1b208d256d7b14c27
77e1728245a0c2de7d0859163ee081e1113aa75fd6894602cb5eb0d7e739bca9

HTTP Headers

GET /ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 May 2024 16:56:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 14192
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60f76446-3770"
last-modified: Wed, 21 Jul 2021 00:03:18 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 687785
expires: Mon, 19 May 2025 16:56:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0e8rmIVrDSEAmJzVrcSkc6uKdLFjjEB2fnkQLKtORUlquOlGj392i%2B5TisV4xRTWOyglcvf1n4XVwzMmd0F2wTsZ63GDX4yuesnCyze%2F40IBlKi%2B1SZQelHpMfT4JqGE7FFiPDvw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88b80426282056aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://l41r0.shop/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 29 May 2024 16:56:09 GMT
age: 2857951
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 1582575
x-timer: S1717001770.959288,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET l41r0.shop/l/gaz/img/rus.png

104.21.85.110

200 OK

2.3 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/rus.png
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
PNG image data, 162 x 56, 8-bit colormap, non-interlaced
Size
2.3 kB (2336 bytes)
Hash
3019a0f4b4dce8e60124f6f0a43c18b5
59d55a14fa68c7d11044fb0daa78617629372b8e
071b949e723dee01c3dcec2832dba89ac844b30564249ec3e5d1500d10e3f05a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/rus.png HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/png
content-length: 2336
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-920"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=slvMHzUO%2FyJCbiqaJ4dj0eFmDDnC9NUh799EyZGbSqeHnRMj9YiPslg8TfhuYEFfQm3W4MVcB6LXvJebwW7DErezsFUtKJFhPGB0Y9GF65yM3DJw8XwT2sbJCq55"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425b87bb515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/logo.png

104.21.85.110

200 OK

1.1 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/logo.png
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
PNG image data, 114 x 56, 4-bit colormap, non-interlaced
Size
1.1 kB (1065 bytes)
Hash
04385fdb7e2e6f1404f87d7c9f10f00a
e1aa2aca309de313e591d4ae0fa2ef66b5fb7a23
fcba35abb4f62bcb7cbba58e9c7c488f5a49b4f3e99cd469dcc3a47f2df44b5c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/logo.png HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/png
content-length: 1065
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-429"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zDg9wfRH3VMC2PER6hpQXrSSlKvWs8gZUMNN8ebHvwYoe2NuwHjLnx47nymvSCoxVmzM2TPrAMpDfQKfNG3Xh3A0eNhOCXQP0AFbgMsXC8GeDFgUr10Wz%2BD4f61o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425b878b515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/photo.jpg

104.21.85.110

200 OK

32 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/photo.jpg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 738x808, components 3
Size
32 kB (32109 bytes)
Hash
3fdae4cd437f4c40b9c08785782fa5ce
9a0f1b6f6bd9dccc1932ba1dc3ed0983e900efd3
8cf9de22d548227ffb3aebe51d012b0352ceeee02e36d215f7b80d0c9bc50d43

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/photo.jpg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/jpeg
content-length: 32109
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-7d6d"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CYxZSYB3GTTG4JmNcZrhU%2FOiIhPuWhglBFOVWqD8%2Bh%2FnppK7ESx13Xsi%2BaxGsPNgqubk0L1j68D%2Fs2qtHiWwf0%2FLy95PR%2F9eELrWZH3gYhQBMjM%2Bm1jq4%2FkqYrBD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425c881b515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/js/index.js

104.21.85.110

200 OK

2.4 kB

URL GET HTTP/3
l41r0.shop/l/gaz/js/index.js
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
2.4 kB (2400 bytes)
Hash
1adfefb340541281830ef6167ef51db5
6e63bd31cb65aca647043cfd03630fd8f06da6aa
963362ac5b92fb739eff1dce8f8e48238c7b6597d2b8c1b87d18b055277cb05b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/js/index.js HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-3e0"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OD%2FBpnSfGSYGU8Kz51Cu507VZWRDLmE13DuiSRjV3eFJE8j3ipyh%2FsIXgeMdE6G8bwMiGOLc5hDEW302Fv8e4kPJxYL53igbWre8CFACXmWKuScxgbzVlaNtQapM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425d89db515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/image%2053.jpg

104.21.85.110

200 OK

61 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/image%2053.jpg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3
Size
61 kB (60749 bytes)
Hash
ff3619179edca92ec7c521620ba4da04
8a361aeca8645a9fe5bab1e1baaf14c79b9beb7f
6b0379257e26ed216b6e14110fe1bef430ef1254d2c8c1668732fbafaec754c6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/image%2053.jpg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/jpeg
content-length: 60749
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-ed4d"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IJougXwJsENle6bvlt1NGhE8DeZjB5wx2iG3nAtdKiQ%2BjZRZweENHRO8q273zDqlj8%2B7pfEyPzxabqzoww03jv96PS6Aqyielyq1HZf9GqWZZiPf6VFgrJgfsROW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425c88eb515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/image%2052.jpg

104.21.85.110

200 OK

42 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/image%2052.jpg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3
Size
42 kB (41866 bytes)
Hash
f0c662297936ce98871f3893f31a8453
fb2739f2545cae2ca591259677416a9d5a91274d
f122b6d4e754445720d6231bee649a99cd53adeb131fabccb058cd9d5d21a68e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/image%2052.jpg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/jpeg
content-length: 41866
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-a38a"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6K6lii8LiCoz4SAiPCpR1TDvRdCcHUr54fswnIAc76mSegKEgGHefwZcA%2Bpusz5gbkhZe2VxyeaV%2BPZrVopTODSE4KXcB9jawnFuAOJ1UlcCR85wbbihhBiGZ2I1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425c88fb515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/image%2051.jpg

104.21.85.110

200 OK

65 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/image%2051.jpg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3
Size
65 kB (65334 bytes)
Hash
b9380925144986fcdef1f5cb82a2e1b7
e333dd7a6e3cb5cfa0ae9670ccf5793af8d6777c
99de95d603e85d20ba9d8bc90a314ab139342b0e58ab78b2c6c17cbab56cd2bc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/image%2051.jpg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/jpeg
content-length: 65334
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-ff36"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sPAloawrf3tW2P8ETkecFVchnczp6P78KmFO6B1Ztn%2B%2BUGGsm2RGBbuKcMr%2BLjjYXLvauryhNSolU1U4mcT4fLR9pqAssgyntrdT3y0uSaWgr6aZh5SDWMQ6AI7Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425c88bb515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/license.jpg

104.21.85.110

200 OK

504 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/license.jpg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1343x1900, components 3
Size
504 kB (503545 bytes)
Hash
23f74188101be1f61d925652a5a4a125
f7fa278087d032a53275eb4d58e770fb16cc77cc
2039b2ae5b6876263012ee356c4a6dd0c70b595109347f9bee8dd55d60d5558b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/license.jpg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/jpeg
content-length: 503545
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-7aef9"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PQzgH1A7ZjvkQbpDeI%2BW6DhScdO1jryRElK0P82QSc2sCapN%2BZ6lJPU2ESCzbhPOL0ChkvQdTO2d0q9Rv457%2Bd5oM1eZkpSipAcWq3A5pNNC1ijX2fpEizvnL1tD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425c889b515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/js/intlTelInput.min.js

104.21.85.110

200 OK

20 kB

URL GET HTTP/3
l41r0.shop/l/gaz/js/intlTelInput.min.js
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26995)
Size
20 kB (19640 bytes)
Hash
5c903c8ffd747d2b7db2d362d573bff8
9c0a0caf1658891a03c6030b2a1cbe945719b420
b8f6de98e9dfdcfe1e69e2c779b2f03c2ef56116eedd6341bcee226d87819c6b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/js/intlTelInput.min.js HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-7351"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RzWZDohfH2dWcfPw%2Fopo5JecU2%2FcDAhv5G%2BrZZFqz7WA0nFbZNV9tBYtx1e5elQ%2BxzCdtVS%2BZRpI45%2B60bhyRdRm7t3GDmWWo%2BSP5WdoUV9fA13K9EBGCJCJidLW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425d8a1b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

216.58.207.227

200 OK

30 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29752, version 1.0
Size
30 kB (29752 bytes)
Hash
ab1fc8621287e4ea9319a3136812cf80
fb4ed2e52e2a8d7ac50a7618a0c2ea5507a24ef3
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:20:05 GMT
expires: Sun, 25 May 2025 08:20:05 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
content-type: font/woff2
age: 376566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 34852, version 1.0
Size
35 kB (34852 bytes)
Hash
0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

HTTP Headers

GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:29:21 GMT
expires: Sun, 25 May 2025 08:29:21 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
age: 376010
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2

216.58.207.227

200 OK

21 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20860, version 1.0
Size
21 kB (20860 bytes)
Hash
15b0d42b9ec6606a60edbdcced868466
73ca3f9f966f6722e78409b22db328ce4da475a9
f1400c92345dcd9dbf746acab2c60e8580aa959473e9e56c8772cadcf7734b76

HTTP Headers

GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:40:23 GMT
expires: Sun, 25 May 2025 08:40:23 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:15:59 GMT
content-type: font/woff2
age: 375348
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET l41r0.shop/l/gaz/img/img2.svg

104.21.85.110

200 OK

23 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/img2.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
23 kB (23002 bytes)
Hash
53a632a7497ecd4803fb4208c9f6843a
c19a1766603c6a401b4352852fbdf6fda05f14a3
5c9c89052bff64e0821767b5219b15f86122901a8de1aec3d9a439cfe8c07ca7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/img2.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-4c63"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H1DL4GovLs4Q9XjUGj4bjMAap9wv66iVFfT%2BMcmBzyMAC1Np4qJV1MsLjXkYYK4ON02zHnstGpyWkb5iDzeZ8N9aDwfoe59LCfiBs%2FkjgtZJ0weDZaDyQHneX6sh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425b87eb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:21:11 GMT
expires: Sun, 25 May 2025 08:21:11 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 376500
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26736, version 1.0
Size
27 kB (26736 bytes)
Hash
8404cfed82d322c1be8e149fd9f40eb8
3e3657246db3b889e68d520904ac294a230db56d
8f76526e440538ec1300aa89f671acd1b746925833f7160f6c0e29443008f97f

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:29:22 GMT
expires: Sun, 25 May 2025 08:29:22 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:00:28 GMT
content-type: font/woff2
age: 376009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET l41r0.shop/

104.21.85.110

200 OK

45 kB

URL User Request GET HTTP/2
l41r0.shop/
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
45 kB (44854 bytes)
Hash
20a61b21f6a51240f8ede962dbb5d869
73b7bd7a08257d0b1e3a695187831f7b0aa9b62e
9f93c478c10c3c03c21a0a8136512d437470efd2110267f711e8b96d38e516fb

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET / HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 May 2024 16:56:09 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: sid=deleted; expires=Tue, 30 May 2023 16:56:08 GMT; Max-Age=0; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnBQLoYeKBg0lLxdI3XmbrRqM5hoXgXts1mmibCBe55aKof2gYj7HHjF1XYShxuhxDc%2Fjzc0OSx5KImJw6hdHcSdPmimy7Y1mYszvFtl9eVQFmUxrMX1BG10mzCh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88b8042278ad0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:21:11 GMT
expires: Sun, 25 May 2025 08:21:11 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 376500
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET ipinfo.io/json

34.117.186.192

200 OK

280 B

URL GET HTTP/2
ipinfo.io/json
IP
34.117.186.192:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://l41r0.shop/
Certificate
IssuerLet's Encrypt
Subjectipinfo.io
FingerprintC3:D1:C0:FE:0C:C8:E1:18:4F:C8:22:D0:9C:FF:D9:F4:EF:72:CD:6B
ValidityFri, 19 Apr 2024 20:17:23 GMT - Thu, 18 Jul 2024 20:17:22 GMT

File type
JSON text data
Size
280 B (280 bytes)
Hash
adf22d9a8ca3a97a9ff78909b8702358
f5046826566a7e98d6b5e5c7b0a65677c3bde708
756edd1454b049c1370e83c864bc93dfdd82f44d8f9752b3068e5a11867a5de3

HTTP Headers

GET /json HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l41r0.shop/
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Wed, 29 May 2024 16:56:11 GMT
content-type: application/json; charset=utf-8
content-length: 280
access-control-allow-origin: *
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET l41r0.shop/l/gaz/img/flags.png

104.21.85.110

200 OK

71 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/flags.png
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
PNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced
Size
71 kB (70857 bytes)
Hash
416250f60d785a2e02f17e054d2e4e44
21572c9751e5a3dc20395befa0fcb349c32c4811
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/flags.png HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:12 GMT
content-type: image/png
content-length: 70857
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-114c9"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8z%2BA%2BdUPsMnkXxtKImzm8JuWwosKME7NsJ0Ae2qJ8%2BwkdFx9mT7CzGsZYUvtp10ANnL0yu79h9EHGGG1WV0%2Bpj6nhT0c%2BRsRTqyfH6pFqPcYQ06wrtKfzuf4t07k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b804315c4cb515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/videos/gaz-platform-preview.mp4

104.21.85.110

206 Partial Content

370 kB

URL GET HTTP/3
l41r0.shop/l/gaz/videos/gaz-platform-preview.mp4
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
370 kB (370327 bytes)
Hash
3a5bac44c90aab294dd064ce07ad6e1e
900944336d8beedd246f477f425b13f3c0f8996c
c53c571fb46973698115b15b7f465d71a27e222b4fa634994874eb31ecd87fd8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/videos/gaz-platform-preview.mp4 HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Wed, 29 May 2024 16:56:12 GMT
content-type: video/mp4
content-length: 33432152
last-modified: Sun, 05 Mar 2023 06:50:20 GMT
etag: "64043bac-1fe2258"
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-33432151/33432152
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W8crxfK%2BPaM0oawyR9Rce5GDmabuoXzmFokPMrji62%2Ff5pg6bEaI6DyshAQtw3BbOgW8m%2FEne5cpWEEXePLTgByy4ua3dTEM5wulPG7qyKJUAAubX0YB%2F8WJEfdp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b804310bd9b515-OSL
alt-svc: h3=":443"; ma=86400

GET cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css

104.17.25.14

200 OK

25 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text
Size
25 kB (25254 bytes)
Hash
a69aa970266649e0b08c2cb4bc166568
d9314a52085a2bb6d284421bb18a4c546ecb73d4
ad32b1248207ba91fb945a37d38e7c9deafcba849245872203482db42930d491

HTTP Headers

GET /ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: text/css; charset=utf-8
content-length: 1970
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60c32345-7b2"
last-modified: Fri, 11 Jun 2021 08:48:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2405562
expires: Mon, 19 May 2025 16:56:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWa0cGA2r2%2F6UmQ5noJloU3%2BQ0tmSIUYZ9ClbqS%2BEoidYox1UKxdajoDWxwyOe89UD8bX9SiT5rYqGl249woRhVX%2Fwd7GAwA2YzyQIb0L7PzJbigMrpVXwOV7ANBHCAjrU70qqMY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88b80427889d56cc-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite1.svg

104.21.85.110

200 OK

1.9 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite1.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1900 bytes)
Hash
faf11e7e9b672843ec985034750011da
b6a19a665f2909fdb7ed320e15ee9a3b5030b82c
16701c77b1ecd98f81456241913ba0e2efc81f96eccb2ab7f13dbde6215804be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite1.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-76c"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nKr0EGmw%2Bq0hhP5W%2BT5NQ%2FkHoZnRTX95Qv9Ryy8dF9onTD0vhHTCJaswpSv1CoZg6%2Bz0dwG6%2FvKBvW6uDcv1bz2hnMV3OMgwhGHUZGB2nuDHlzsqfTvxEUw7b0CJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f7927b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css

104.21.85.110

200 OK

889 kB

URL GET HTTP/3
l41r0.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type

Size
889 kB (889339 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/css/bundle.e15e13582eb553ce5360.css HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: text/css
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-d91fb"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z3A%2Ff8SHlUFeMk2AMncY1d6qR4t%2F%2BYvYL2iiCJr54dlOf94DL8xazAK84SRX1zuXunM%2Fm%2F4hPeaYtkBYUFfcdSuONafW1cV6Ll2UGy%2BPd98vp6WFdBNa6PSnkAbQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425b86cb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/js/errors.js?t=2

104.21.85.110

200 OK

4.2 kB

URL GET HTTP/3
l41r0.shop/l/gaz/js/errors.js?t=2
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
Algol 68 source, ASCII text, with very long lines (4347), with no line terminators
Size
4.2 kB (4177 bytes)
Hash
2f52730c897b1de658bc92e9af67c649
1cd94cedb0bd60ca20e611ad155a2a374aafd8bd
7017bdaceccee43521c8f6878203580013c8f2f458acee34fe7b7803b5151740

HTTP Headers

GET /l/gaz/js/errors.js?t=2 HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1051"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2n9MWfQd8SRMgHx3qMiMClWHXbqf4dH%2B7bBsIJt%2BAZKFdfhSp9LKe66Od%2FCqOEouaMclFRNVarI7FAfVRC97igA%2FGnNZrllYQNuchSKYgGrTMyusp18S9TyELKyi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425d8a5b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite7.svg

104.21.85.110

200 OK

7.7 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite7.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
7.7 kB (7709 bytes)
Hash
9cd03b34315fb1d8b2e5ea5d645eb561
145842ca640d6b8b05396c0adb0b720e8dd0c97d
0c6a7f69a2b4cd2ee3d7536f54706d729b2da67633315499ee892d920b441d73

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite7.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1e1d"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fBa5SRY%2BlF%2BpkQ8ud58MmPXNMdb8oAPgXU7BFrWpwMJlnEFG0axLyAb2KHCq0bfgfmJbUOMAtDsSOHQOcr7scXKnQIP6QKURFZOia2VZVkY8l%2BCtnHVCFHHvZwdn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f7929b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite3.svg

104.21.85.110

200 OK

7.6 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite3.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
7.6 kB (7636 bytes)
Hash
f772a2c3f7fd89a8cdf974fd2ca17f33
5fe1a611a98559d40a179dfdd52798b70f6f9ddb
e1f2ece7be9caba38e3a609cd685202a69ca9ec1d402589a46be8fdbd31be35d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite3.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1dd4"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0SiMO%2BQuna6smHVRDYdYNbRVB1rbU0P6Qu9jbtvPFtg3O8RHZuIn84rAARtW6u3g0AgpITc4eQEhxdC0odSc2wPB%2BhRSfqSM9EuJRjz%2Bvp7Slcm86270RwZ2CJt9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f6903b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite11.svg

104.21.85.110

200 OK

17 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite11.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
17 kB (16735 bytes)
Hash
0d31c1df315404c74ab459b7dcdf0445
93182488675530bb2df97dd74acd47fd5f537ebd
ed1b1f5e3a2769494eec30f7c4d37a434861f8eef21280f23e4a1df95a35e654

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite11.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-415f"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2BNn3GxC97PpZgnK6oCaU0c623vV8%2B8nAdselLwYR3NDVs0vYHRO9Cq%2B9KobzMHOrGFnTCP1%2FbxUL6kQDo1npUahuEjIv4WJYoeVnnfsVFsiMpJmexiTw1tQJ9rP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f791bb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite8.svg

104.21.85.110

200 OK

46 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite8.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
46 kB (45668 bytes)
Hash
df93c5e07081b864c87d0946fe166bd4
06376f1fadeacbf1d4425dbe6647d3c07eb654f4
9dd34c6d50df718d2bd6c5cc7d89733c3bed24cc3badb3ffef0f91cef47f4c5a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite8.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-b264"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jRWEuB2maf%2BQshK6XlOm7qUruBSvT2CR0%2F17qDBlVaXZv0P0R860SX540ag2FyIwdOY4kIflL8k26vvW6auCg4mOKTVyC0RCoWF9PUFYqAAR2%2BqQtB%2FUPBGTKwjm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f7917b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite10.svg

104.21.85.110

200 OK

3.2 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite10.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.2 kB (3226 bytes)
Hash
91d85ff0298bab27a1b4e34c04c34e4d
d01ca7a27b32224355407e3acf1f7916fd6947ab
49926b18d29097ca07044c52ec08c2a8ee90975f4f65a584c4e69d2bc52e6b03

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite10.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-c9a"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ETNekq2c90H9HG3FBwin1T7qiSAxx2R%2FPnZsJnHimOIUe1GoBQ0wlKupM6W63MSZJ0gATnSZF2nX6kYAND2FziXV%2Fc8un29b4RyKS%2BbtC3huJXrncPNXr9hvb6K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f7921b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18200, version 1.0
Size
18 kB (18200 bytes)
Hash
8c7519686a5ddf20a3981e660a5f2610
3e0d73d14e4892b36fb5c6a9854c7d2e6bec005a
caeaf02fa4a8a45438c270767c4e50fc7f3ed5f94a4c90984eaacb87c2e8a693

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l41r0.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18200
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 May 2024 08:45:04 GMT
expires: Sun, 25 May 2025 08:45:04 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:10:53 GMT
content-type: font/woff2
age: 375067
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET l41r0.shop/l/gaz/js/landing_url2.js

104.21.85.110

200 OK

257 B

URL GET HTTP/3
l41r0.shop/l/gaz/js/landing_url2.js
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
ASCII text, with no line terminators
Size
257 B (257 bytes)
Hash
f776ce66f65c39ec530a3bd2d09c9933
ebe59a2d5aaa6b873174e30e6e7f2cdfe7bcb2e4
4a2953bfe6a4596f47493279dd3f86935bf92e02cd00f6782245badb1c9991b2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/js/landing_url2.js HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-101"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X1Kbljtf%2BkOcsFxKWQj1RdfIpfvWfuixpIrf0OcxvykAp%2B8GKwEEnv2S9bUkgUjE00VJsgJPwmk9BVloVuqqzFn%2BRCy%2FyguWVCLNV0ZXSY5ng1HIg8Rws2sDS6ta"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425d8a7b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/favicon.ico

104.21.85.110

200 OK

1.2 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/favicon.ico
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
213beed7102b1e9a334ca0e45a90870d
b92df83ff543e68aad4f796826ea93fbd45e7855
8d753707c334888732d902d8680d85a6cf1e458fcced2494875e9812eae03490

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/favicon.ico HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:12 GMT
content-type: image/x-icon
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-47e"
expires: Fri, 28 Jun 2024 16:56:12 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pqopK2H%2FANFbb9FfVuyKM6bZbefmVG%2F8iyWT8UzEUL0%2FvIldypsWRqWAFTC0vNlcxzO0P1luuHiUdrM0B82TUdmBCUuCCkau3Zvo3y3CoUrMFQA%2B7mnkkzV08rke"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b804344924b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite4.svg

104.21.85.110

200 OK

11 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite4.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
11 kB (10883 bytes)
Hash
eef5d4eb7bfe0b509764cce858ec1d2f
872c396247d1db1a2c915484095771640cd47244
e57a4152ea0e055f1bdd8f0336a7cd6c0df80dfc06a660f54bc64c19482ee643

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite4.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-2a83"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BrGoreEx0btPjdD%2FSoZ%2B7OMagDeVjAd6kZzyTw9oaCi4L727XXMi6qmvQdt7qiTdg6i6Olgd5UYZQw9BBU4i5lKlIcEO%2FXZz9T43B0V1oPRUP2qHsHN3T%2BWoJJle"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f690db515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/gaz-platform-preview_Moment.jpg

104.21.85.110

206 Partial Content

64 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/gaz-platform-preview_Moment.jpg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [ - TIFF image data, big-endian, direntries=2], baseline, precision 8, 1280x720, components 3
Size
64 kB (63509 bytes)
Hash
790ef6a72d4013a04cd6627584bd15db
03a70228cf7fce0b855a4c41ad0ee6c0ad493c6b
1764af2a5a4d6675c2491ffb9ada3a4f444d3a6745f2c042df95d5fb085df0b1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/gaz-platform-preview_Moment.jpg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Wed, 29 May 2024 16:56:12 GMT
content-type: image/jpeg
content-length: 1564162
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-17de02"
expires: Fri, 28 Jun 2024 16:56:12 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
content-range: bytes 0-1564161/1564162
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E60W%2BQiTYFFqlGMS7Bk%2FYybKOHUq2bdPsPdedNn6sx6ofL8NM0p6t6V2sMomnkpcy695C53xRqd%2FNOR74dvHT%2BcrZ3aSILbu%2BaHrUdZbrzHjPfkccF%2BSceL8m7wA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b804354a99b515-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite2.svg

104.21.85.110

200 OK

9.9 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite2.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
9.9 kB (9932 bytes)
Hash
8d5bb2fc82b75a4c8984bc346c9dc70c
ddc24335ecb65a4026bd99fb04ba2c61c840e902
a7f862e53881475164e35ce88648d046119a849d198dcf104c2b711cb4db160c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite2.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-26cc"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ondUWcgOWigZGNcO7zd83GKGJPU%2ByZDLjFI6P3ZGpH03sD4%2F8RvHsu7xjsxLq7Y85ooQ%2F8uTPUKbOVFVpoJiGBtVKU%2FoGndJbjVqDxv3zMX4%2Foji91qyw72jqMsi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f690ab515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js

104.17.25.14

200 OK

251 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1435)
Size
251 kB (251088 bytes)
Hash
badf39299033bb934da6325eea28ce72
bf68e8fd78007eb5539e08f0621a75c76c977f22
2c70f3d32d8ed2924ff688ad77a9b8f65663a433b5b0e5f4ba38879956961652

HTTP Headers

GET /ajax/libs/intl-tel-input/17.0.15/js/utils.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 46616
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61a59596-b618"
last-modified: Tue, 30 Nov 2021 03:08:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1853635
expires: Mon, 19 May 2025 16:56:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKHa2AfX0FIhrx9XCKzjdj2CUGBwwhKKX2v4RJyREuv%2BSVC0BYg2K%2BNg45BIT9%2FOMdQle9kb0y8RZy70u6RIT5x33Wf95ix%2FY5YDW5dtIRPN2YvQHrdCrdljMvZip6x0Mj4uPyrB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 88b80437cab956cc-OSL
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/uniq

104.21.85.110

200 OK

2 B

URL GET HTTP/3
l41r0.shop/uniq
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /uniq HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: sid=deleted; expires=Tue, 30 May 2023 16:56:10 GMT; Max-Age=0; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gbOHw38piKDON%2B%2FWcHgKOiomRRudviyRKR%2FgtiBZXP4x7I63kaJMHaHgwn35XAp0E6JJOnc3xbkVGr72MYnaV2GpOyfJwCbkpnfq4byLGusOzC5EHzNLt%2BBm6Vg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88b8042ed83bb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite6.svg

104.21.85.110

200 OK

10 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite6.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
10 kB (10056 bytes)
Hash
577c76d3485408273e65c1f426004c12
564b0efe86ca0c405e7843e953d2608eb34157be
56e699128aff9d28a360999931de0694df469a397d1d73be4b263a1a3561d36b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite6.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-2748"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kC08dd1FcGivagdy%2BXCdwVJagxZvvtYz9wgC9AGxyRNhyfzXj0vWkCfUKKEvh4U0oXJCNeTS0gqQmoiW4aqnlGTFrEVAEtyvyi3%2BOLHeEmZb6tGOL1yknlSDBIB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f6908b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/css/errors.css

104.21.85.110

200 OK

2.4 kB

URL GET HTTP/3
l41r0.shop/l/gaz/css/errors.css
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
ASCII text, with very long lines (2479), with no line terminators
Size
2.4 kB (2364 bytes)
Hash
541902e6f5b3104a2a19061a35871980
4ca48511e25ee4e3beb5b820055a31dcbd4154f9
90fd262aad643912cca5c94572e863a37c1837066b6c19b45fd12ec9980d93f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/css/errors.css HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: text/css
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-93c"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EnF0WYrXigPNrnIaUkgT5dPfZ7oUYRcsfct%2FWA8KpIjUXrCPJ61yk94aY3eEC1Mzs98Wlav7Kw8SCpQzzQWhWHTD3i%2B9mW1f4LIO%2BBSUQ6rWOUBT%2BgIZZiifVsH%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425b869b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite9.svg

104.21.85.110

200 OK

3.1 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite9.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3147 bytes)
Hash
a94d5ef8ada6b57084e1367ed8c26c63
2f7a0bf12410dabfee8c9213691a0a294aeaef24
b278a847c81a737362db49bcd557a8fc987f84d9cad706e2d6e33ba163891dc3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite9.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-c4b"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8DGCjhNRv9BXbtEhW5d%2BgaNdV7RClF75BLAtctRogXk9djLZRWOFoPfcf1qrxRjQp34tgm174sOgIdbcdSRzJU28jz6Udble4ZBZ097XeGSetfI9YpzCSNc5Hd9h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f6906b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/img.svg

104.21.85.110

200 OK

60 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/img.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
60 kB (60346 bytes)
Hash
51120bbddd53794d1dd188eeacd1259c
ec43bc418d3644250cafeeada7d5d1133f60c4bb
4bd591ba5310c896b04e725fb1621dc2e66c3e57e97a160efb90848cb6146e70

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/img.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-ebba"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCFlpfnMG615m9dt1sRPf5wttviruxAr2v0bM8B3knifyJ4iSt0Y%2BNkPfmchJ1Y%2FgCypyvyi7gFfKlaRwyFrQ6EniXZxhKXH5k%2FBHWCWODG3wfWchTahdcjG8DPg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425b87cb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext

142.250.74.106

200 OK

23 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77
ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT

File type
ASCII text, with very long lines (1572)
Size
23 kB (23277 bytes)
Hash
bde226289812362a62c84ef7429458b6
2be4372515908a31cc206a73532e7a33a9457a83
39f1a91928f8e02d7e73a50cf4b418145902978de383df1f8119b93769170db9

HTTP Headers

GET /css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 May 2024 16:56:10 GMT
date: Wed, 29 May 2024 16:56:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET l41r0.shop/l/gaz/img/img3.svg

104.21.85.110

200 OK

28 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/img3.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
28 kB (28217 bytes)
Hash
0685ab7a7f1613725ac083f51d62dd9e
e9aeb297b2447e9b871fb32dd309434634b705be
693d77da621b2eb643d726ac6cf9bdbd9972311cabbe612700046a5138b32305

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/img3.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:10 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-6e39"
expires: Fri, 28 Jun 2024 16:56:10 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44HTwZGZZ8SnjMoxMZPd5kRqUibnliWmV2bp8y5ZyVzeSabGPkBVlkZsst87hGDXWcoQNQDAwBVK63s%2Flus%2BCwqBcBUtbxWlsBSuO8mVE1rCxRPO8D%2BC%2BImtt9%2BW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b80425b880b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite5.svg

104.21.85.110

200 OK

4.5 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite5.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
4.5 kB (4460 bytes)
Hash
c3bac6d32fe9c133103b2ee76637790e
3feffee9c8136843bcd768659faf4ec01cecd000
4bc5d08ef99bdc338169bf0f0b0643e3beb9bce4c8fd2dceb8b774f4e55fff90

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite5.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-116c"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UeHosb74EvdMPYxwYu5CFUNvI4%2FE1f6AaKILs9yJKAw%2BhoDSgtna6rRYNpe4EdkxlUPWvyzlwyP5o5yzVbpm0EToTKaZE1ZvbsLzDcWhd4cdFtjIjCxKqD%2FrydbO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f58edb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET l41r0.shop/l/gaz/img/sprite12.svg

104.21.85.110

200 OK

8.4 kB

URL GET HTTP/3
l41r0.shop/l/gaz/img/sprite12.svg
IP
104.21.85.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://l41r0.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectl41r0.shop
FingerprintA6:69:C1:5B:AB:1C:EF:68:51:B4:3B:E3:A0:6C:8F:68:EE:70:5A:29
ValidityWed, 15 May 2024 22:49:44 GMT - Tue, 13 Aug 2024 22:49:43 GMT

File type
SVG Scalable Vector Graphics image
Size
8.4 kB (8395 bytes)
Hash
97007a20477ee22dde36c451b89fec63
d2e12aa2962b81a1c71f5aeed6db68fa232ec002
5f2ec5272e46c1da2968cf6ae69d199180e22eeb5873e19af8c38616a019d456

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom

HTTP Headers

GET /l/gaz/img/sprite12.svg HTTP/1.1
Host: l41r0.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l41r0.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 29 May 2024 16:56:11 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-20cb"
expires: Fri, 28 Jun 2024 16:56:11 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kP50JTOoYWg8FzPjPGpSGrfWEhtBKyB2eKw9VZ3yF4onErMUYhM1JAYTohGWTEBVG9IEIDTV6CShXV7rMFB2jsSnz%2F7qD%2BOAQdmx72kTZ5sbM7RXs0j46%2FxpAM%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88b8042f58f7b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by