Report - s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f

Report Overview

Visited public
2025-03-13 17:39:11
Tags
URL
s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Finishing URL
s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
IP / ASN
185.126.114.174
#3236 Server.ua LLC
Title
s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-12	467 B	3.0 kB	142.250.74.74
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-12	1.6 kB	74 kB	142.250.74.163
s-7e-ae72b9.sales-ypcl.com	unknown	2025-02-27	2025-03-03	2025-03-13	5.9 kB	604 kB	185.126.114.174
use.fontawesome.com	942	2012-10-18	2017-01-30	2025-03-12	485 B	987 kB	172.67.142.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-13	medium	sales-ypcl.com	Sinkholed
2025-03-13	medium	sales-ypcl.com	Sinkholed
2025-03-13	medium	sales-ypcl.com	Sinkholed
2025-03-13	medium	sales-ypcl.com	Sinkholed
2025-03-13	medium	sales-ypcl.com	Sinkholed
2025-03-13	medium	sales-ypcl.com	Sinkholed
2025-03-13	medium	sales-ypcl.com	Sinkholed
2025-03-13	medium	sales-ypcl.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	s-7e-ae72b9.sales-ypcl.com/assets/76def97f/yii.js	ScriptElement	20 kB	2023-03-07	2025-06-02
Pretty URL s-7e-ae72b9.sales-ypcl.com/assets/76def97f/yii.js IP 185.126.114.174 ASN #3236 Server.ua LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:58 Last Seen2025-06-02 20:24 Times Seen59 Hash 43abc1f0d941b2dbed47eedd48ca64fe 44a33fcefaa0ebdfde43bf426d6cb07e78096f3e bb7a8c984417a77f846d70464f10364b4e5cb40c50ad1140b805bf43f2984b4d Loading...

	s-7e-ae72b9.sales-ypcl.com/assets/aa66b36a/jquery.js	ScriptElement	268 kB	2023-03-07	2025-06-11
Pretty URL s-7e-ae72b9.sales-ypcl.com/assets/aa66b36a/jquery.js IP 185.126.114.174 ASN #3236 Server.ua LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08 Last Seen2025-06-11 22:38 Times Seen776 Hash 09dd64a64ba840c31a812a3ca25eaeee fd81582bf1b15e6747472df880ca822c362a97d1 0d9027289ffa5d9f6c8b4e0782bb31bbff2cef5ee3708ccbcb7a22df9128bb21 Loading...

	use.fontawesome.com/releases/v5.3.1/js/all.js	ScriptElement	986 kB	2023-03-07	2025-05-07
Pretty URL use.fontawesome.com/releases/v5.3.1/js/all.js IP 172.67.142.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-07 17:37 Times Seen99 Hash d0482db440697a659af4980d2e841891 d7ff2806086f5924e06910e90a79b44492b52450 8cb270b4d9485a93b31df98113fda8723ffc067fa7bfa90cedd47b76f7b10be1 Loading...

HTTP Transactions (13)

URL IP Response Size

s-7e-ae72b9.sales-ypcl.com/css/site.css

185.126.114.174

200 OK

7.0 kB

URL GET
s-7e-ae72b9.sales-ypcl.com/css/site.css
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
ASCII text, with very long lines (7391), with no line terminators
Size
7.0 kB (7000 bytes)
Hash
53cf70351750a9f91ae36f1d3a5807fb
88798a1dcbc1ab3a72e7adeee16ea53df79a8eac
ccd677f0378617b7a881456361626019def95d4a427cd9bd262c0aaef32dc419

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/site.css HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:49 GMT
content-type: text/css
content-length: 7000
last-modified: Tue, 25 Feb 2025 18:36:06 GMT
etag: "67be0d96-1b58"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s-7e-ae72b9.sales-ypcl.com/assets/aa66b36a/jquery.js

185.126.114.174

200 OK

268 kB

URL GET
s-7e-ae72b9.sales-ypcl.com/assets/aa66b36a/jquery.js
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
JavaScript source, ASCII text
Size
268 kB (268039 bytes)
Hash
09dd64a64ba840c31a812a3ca25eaeee
fd81582bf1b15e6747472df880ca822c362a97d1
0d9027289ffa5d9f6c8b4e0782bb31bbff2cef5ee3708ccbcb7a22df9128bb21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/aa66b36a/jquery.js HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:49 GMT
content-type: application/javascript
content-length: 268039
last-modified: Tue, 25 Feb 2025 18:37:41 GMT
etag: "67be0df5-41707"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.3.1/js/all.js

172.67.142.245

200 OK

986 kB

URL GET
use.fontawesome.com/releases/v5.3.1/js/all.js
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65351)
Size
986 kB (986033 bytes)
Hash
d0482db440697a659af4980d2e841891
d7ff2806086f5924e06910e90a79b44492b52450
8cb270b4d9485a93b31df98113fda8723ffc067fa7bfa90cedd47b76f7b10be1

HTTP Headers

GET /releases/v5.3.1/js/all.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s-7e-ae72b9.sales-ypcl.com
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Mar 2025 17:38:49 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"d0482db440697a659af4980d2e841891"
last-modified: Fri, 22 Sep 2023 01:45:29 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1069
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fkWZVr%2F6H9VyvVqlb6CzMH53whrEzcGYFc1RXLGc2NMl8LjGPYAtVwYP0UPr%2F5bM2Hfke2VrfYVp1xZFKATvOmrboob12wo2%2F%2FIKoxV3YWcWtoRnooqmx563f8okehJUvVUNNu5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91fd4ea57a12b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59111&min_rtt=59111&rtt_var=22167&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3199&recv_bytes=1085&delivery_rate=63334&cwnd=251&unsent_bytes=0&cid=12589d29a325d1dc&ts=109&x=0"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lato:400,700,400italic

142.250.74.74

200 OK

2.3 kB

URL GET
fonts.googleapis.com/css?family=Lato:400,700,400italic
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (2383), with no line terminators
Size
2.3 kB (2335 bytes)
Hash
8329972ada3ca58c7d0ca8446bcdda03
0cc7547805b612d7a9f066fcfe1a9cbb1d42871d
3c09009f23f7dc5448f16e5c25d6a03f47b25645041416a15956840c657a2a72

HTTP Headers

GET /css?family=Lato:400,700,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 13 Mar 2025 17:38:50 GMT
date: Thu, 13 Mar 2025 17:38:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f

185.126.114.174

200 OK

1.9 kB

URL User Request GET
s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
HTML document, ASCII text, with very long lines (1966), with no line terminators
Size
1.9 kB (1855 bytes)
Hash
9d79535d772e43b2820c187d3df9f024
9f75ecf4280efb94b2daa58f8a1249db708760e5
c25c2e2e71244ac8df5444ba6d035231f9ef223c832e7783eddc46a5a4b9c103

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:49 GMT
content-type: text/html; charset=UTF-8
set-cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D; path=/; HttpOnly
content-encoding: gzip
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s-7e-ae72b9.sales-ypcl.com/assets/26065b13/css/bootstrap.css

185.126.114.174

200 OK

146 kB

URL GET
s-7e-ae72b9.sales-ypcl.com/assets/26065b13/css/bootstrap.css
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
ASCII text, with very long lines (540)
Size
146 kB (146010 bytes)
Hash
2a31dca112f26923b51676cb764c58d5
f597f59f955cda06e5d7a79342d9e0c22b5ec6d2
7e630d90c7234b0df1729f62b8f9e4bbfaf293d91a5a0ac46df25f2a6759e39a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/26065b13/css/bootstrap.css HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:49 GMT
content-type: text/css
content-length: 146010
last-modified: Tue, 25 Feb 2025 18:37:41 GMT
etag: "67be0df5-23a5a"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s-7e-ae72b9.sales-ypcl.com/assets/e5f48d40/flatly/bootstrap.min.css

185.126.114.174

200 OK

127 kB

URL GET
s-7e-ae72b9.sales-ypcl.com/assets/e5f48d40/flatly/bootstrap.min.css
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
ASCII text, with very long lines (65152)
Size
127 kB (127321 bytes)
Hash
b053ba621cf19e20793c1ef8cd227a15
82e20e669509d01218e6e3e15227541df9e9e76f
af55a28d6fd234c80ec24e4b0e4ed0447afaa156186d858cc3fd643977d825f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/e5f48d40/flatly/bootstrap.min.css HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:50 GMT
content-type: text/css
content-length: 127321
last-modified: Tue, 25 Feb 2025 18:37:41 GMT
etag: "67be0df5-1f159"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s-7e-ae72b9.sales-ypcl.com/assets/b6581143/css/font-awesome.min.css

185.126.114.174

200 OK

31 kB

URL GET
s-7e-ae72b9.sales-ypcl.com/assets/b6581143/css/font-awesome.min.css
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/b6581143/css/font-awesome.min.css HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:50 GMT
content-type: text/css
content-length: 31000
last-modified: Tue, 25 Feb 2025 18:37:41 GMT
etag: "67be0df5-7918"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s-7e-ae72b9.sales-ypcl.com/favicon.png

185.126.114.174

404 Not Found

153 B

URL GET
s-7e-ae72b9.sales-ypcl.com/favicon.png
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
HTML document, ASCII text, with no line terminators
Size
153 B (153 bytes)
Hash
b0b2fed831a9cb80d807395d537ef64a
17ce9b3f777940f3af9c61f3a796876537dc61d7
c9793fdce88b9f17cce824954c0309c65809a01d9850b8176b3473597a531669

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.png HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:51 GMT
content-type: text/html
content-length: 153
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s-7e-ae72b9.sales-ypcl.com/assets/76def97f/yii.js

185.126.114.174

200 OK

20 kB

URL GET
s-7e-ae72b9.sales-ypcl.com/assets/76def97f/yii.js
IP
185.126.114.174:443
ASN
#3236 Server.ua LLC

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerLet's Encrypt
Subjectsales-ypcl.com
Fingerprint6D:9F:D4:6D:C3:AC:D7:D1:ED:23:54:84:CF:C4:02:72:43:7F:F1:14
ValidityThu, 27 Feb 2025 08:35:24 GMT - Wed, 28 May 2025 08:35:23 GMT

File type
JavaScript source, ASCII text
Size
20 kB (20203 bytes)
Hash
43abc1f0d941b2dbed47eedd48ca64fe
44a33fcefaa0ebdfde43bf426d6cb07e78096f3e
bb7a8c984417a77f846d70464f10364b4e5cb40c50ad1140b805bf43f2984b4d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/76def97f/yii.js HTTP/1.1
Host: s-7e-ae72b9.sales-ypcl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Cookie: _csrf-frontend=9f245aa9a0edf46d138feeeee335f52a34e120e3e0bfdb408773e7691c331b2aa%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22hKW3iR-0PO7mCmooKxK8Bvw3Eb2Nz7xj%22%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.3
date: Thu, 13 Mar 2025 17:38:49 GMT
content-type: application/javascript
content-length: 20203
last-modified: Tue, 25 Feb 2025 18:37:41 GMT
etag: "67be0df5-4eeb"
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.163

200 OK

24 kB

URL GET
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s-7e-ae72b9.sales-ypcl.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:22:14 GMT
expires: Fri, 13 Mar 2026 09:22:14 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 29797
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

142.250.74.163

200 OK

23 kB

URL GET
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s-7e-ae72b9.sales-ypcl.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:27:19 GMT
expires: Fri, 13 Mar 2026 09:27:19 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
age: 29492
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2

142.250.74.163

200 OK

24 kB

URL GET
fonts.gstatic.com/s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://s-7e-ae72b9.sales-ypcl.com/tr/c/ccabcbf6ebb8dedc7e3931df2b781d8c/c:67d2822600f088e5d649259b/45090d36eecf87270dfb341a8e130a1f
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24408, version 1.0
Size
24 kB (24408 bytes)
Hash
efee2d080d7bebdd2e0aeb2e030813a0
f8d38f9f9584e48c2e469877ebd94232265585f1
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

HTTP Headers

GET /s/lato/v24/S6u8w4BMUTPHjxsAXC-q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s-7e-ae72b9.sales-ypcl.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24408
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:18:56 GMT
expires: Fri, 13 Mar 2026 09:18:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:14:26 GMT
content-type: font/woff2
age: 29995
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections