Report - the-shop.info/index.php?key=21ltcce0i96lhgaanr0u&visitor_id=809590855508692992&cost=0.000000&zoneid=6962929&campaignid=8152546&device=other&browser=firefox&os=android&osversion=android14&country=IT&language=it&isp=colttechnologyservicesgrouplimited/

Report Overview

Submitted URL
the-shop.info/index.php?key=21ltcce0i96lhgaanr0u&visitor_id=809590855508692992&cost=0.000000&zoneid=6962929&campaignid=8152546&device=other&browser=firefox&os=android&osversion=android14&country=IT&language=it&isp=colttechnologyservicesgrouplimited/
IP
65.109.112.53
ASN
#24940 Hetzner Online GmbH
Submitted
2024-05-01 21:55:23
Access
public
Website Title
Survey Rewards
Final URL
ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
44

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ftgheeudxnlc.shop	unknown	2024-02-08	2024-02-08	2024-04-18	13 kB	267 kB	104.21.95.248
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-01	433 B	29 kB	104.17.25.14
ip.nf	224481	2014-08-31	2015-01-08	2024-04-20	463 B	652 B	3.73.104.221
the-shop.info	unknown	unknown	No data	No data	703 B	639 B	65.109.112.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed
2024-05-01	medium	ftgheeudxnlc.shop	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-05-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-15 20:42:20 Times Seen98362 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#	127 B	2023-04-12	2024-05-10
Pretty URL ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-12 07:17:56 Last Seen2024-05-10 09:38:18 Times Seen23 Hash 40f531d9f27ab827d364376c31156051 248cecd33a5ebf4e876d66b159c85258d80b4b7f 82133e0b8e1406c12e82e0bf58d908224ea4af0e4a626a8bde8755fa073440c3 Loading...

	ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#	440 B	2023-04-12	2024-05-10
Pretty URL ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-12 07:17:56 Last Seen2024-05-10 09:38:18 Times Seen23 Hash 1be0db31a5462a27e19424b51c9b0e4d f624cff5508d26fa47b2a4b59bb5de6ba847b127 effb3f573aac77369b1692bd74dd417fcedf34693fc0324f3c0f7c03055e1adc Loading...

	ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#	160 B	2024-03-01	2024-05-10
Pretty URL ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-01 22:20:19 Last Seen2024-05-10 09:38:18 Times Seen5 Hash c00d0420e74b957e5ea7ca38a033dc06 f342703d94816469882408821e668ba5e7185fe4 2fafe8ba11aaefe8fc28336fd6b232eb02bf363376940ab275f5e99241bc9cd8 Loading...

	ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#	38 B	2023-03-08	2024-05-10
Pretty URL ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 05:35:53 Last Seen2024-05-10 09:38:18 Times Seen25 Hash cf9a7d5aa6d6a17bbb015a91b8915214 262169704f2d7805101d5c6fda2000d40090ef78 7d6afee95e158912baa960924add50f8e0a92f2d125e33b838da576127009c2a Loading...

	ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#	1.7 kB	2023-10-31	2024-05-10
Pretty URL ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-31 08:21:45 Last Seen2024-05-10 09:38:18 Times Seen8 Hash d4e10f74251b613d69552d449d73d47f fa183cf151ae6047c018caa65dd69dd55b12de99 8d1adf635a200bb0efda41d2bffaccbf520425dd09ab6eb626bad45f28e9fdaa Loading...

	ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#	40 B	2023-03-07	2024-05-15
Pretty URL ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:07 Last Seen2024-05-15 19:37:10 Times Seen4811 Hash 6bd43cf0ae158526c6ab93dc3be79f28 15c289e342bd3fdf5b1e95f7abf25a2bc78bf357 7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38 Loading...

	ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2#	1.2 kB	2023-10-31	2024-05-10
Pretty URL ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-31 08:21:45 Last Seen2024-05-10 09:38:18 Times Seen8 Hash d3fe951b1cb96951eba027126105664a f7da0b2c83458cdbef877d35f39a9753cd6a61f4 8341ea2d13202092b89a3e119a1d82eb3e2ed4bebfa4f7c2f3b038982831118c Loading...

		Size	First Seen	Last Seen
	#1 Write - b3d5d6780b21287073e53417923ca021	13 B	2023-10-31	2024-05-10
Pretty Observations First Seen2023-10-31 08:21:45 Last Seen2024-05-10 09:38:18 Times Seen14 Hash b3d5d6780b21287073e53417923ca021 413d6c579a76a40a61ac17514de3ca938c27238e 348916288230e6b8b2c9a9696a61f6548e1700788cb87b497fc11fe11f20e06d Loading...

	#2 Write - 07811dc6c422334ce36a09ff5cd6fe71	4 B	2023-03-11	2024-05-15
Pretty Observations First Seen2023-03-11 11:15:57 Last Seen2024-05-15 20:22:45 Times Seen2313 Hash 07811dc6c422334ce36a09ff5cd6fe71 7e79a3af2634de6635e59c9404d251b3955d39f9 6557739a67283a8de383fc5c0997fbec7c5721a46f28f3235fc9607598d9016b Loading...

HTTP Transactions (25)

URL IP Response Size

the-shop.info/index.php?key=21ltcce0i96lhgaanr0u&visitor_id=809590855508692992&cost=0.000000&zoneid=6962929&campaignid=8152546&device=other&browser=firefox&os=android&osversion=android14&country=IT&language=it&isp=colttechnologyservicesgrouplimited/

65.109.112.53

302 Found

0 B

URL User Request GET HTTP/1.1
the-shop.info/index.php?key=21ltcce0i96lhgaanr0u&visitor_id=809590855508692992&cost=0.000000&zoneid=6962929&campaignid=8152546&device=other&browser=firefox&os=android&osversion=android14&country=IT&language=it&isp=colttechnologyservicesgrouplimited/
IP
65.109.112.53:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectthe-shop.info
Fingerprint8C:87:EE:C0:F4:90:24:F9:64:3B:1F:88:D3:D3:F4:D7:19:C7:E5:9E
ValidityMon, 08 Apr 2024 18:30:37 GMT - Sun, 07 Jul 2024 18:30:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index.php?key=21ltcce0i96lhgaanr0u&visitor_id=809590855508692992&cost=0.000000&zoneid=6962929&campaignid=8152546&device=other&browser=firefox&os=android&osversion=android14&country=IT&language=it&isp=colttechnologyservicesgrouplimited/ HTTP/1.1
Host: the-shop.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.24.0
Date: Wed, 01 May 2024 21:54:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=e2a79zci; expires=Fri, 03-May-2024 09:54:58 GMT; Max-Age=129600; path=/; secure; SameSite=none
uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2; expires=Fri, 03-May-2024 09:54:58 GMT; Max-Age=129600; path=/; secure; SameSite=none
Location: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Strict-Transport-Security: max-age=31536000

ftgheeudxnlc.shop/index/ultra.png

104.21.95.248

200 OK

33 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/ultra.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 150 x 190, 8-bit/color RGBA, non-interlaced
Size
33 kB (33372 bytes)
Hash
563bac82cb3328779786343daa4e656d
08b970ddb76ffe00fd5d5c7f74f01867b261728a
a0bba5e6432d864e5d19d153b198b0a57b4d3ae15d13903db644891d36d9586d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/ultra.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 33372
last-modified: Wed, 17 Feb 2021 14:04:58 GMT
etag: "602d228a-825c"
cf-cache-status: HIT
age: 5012
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8r4iO9cw1DzTkuNKU6wZiRlvJ%2FnHMP5hvAXM85WQRF3aZwovlnz6TaH0o7%2FGWXZ0HeVNmLq3xERBHvIacTUjDVfWPkpV%2BtCKT3fMQq2mGUfjmqX6LJFOQSBah76kBajcmwSHrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ed456ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/note10.png

104.21.95.248

200 OK

33 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/note10.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 402 x 376, 8-bit colormap, non-interlaced
Size
33 kB (32602 bytes)
Hash
5aacc9ad24e522ec83285215d77124ad
85cd5284dd95c796d7400784a191cfb9d40eae58
7531d18074d86eba9d0ed1b39cc7fd94eb5f2474300157e3ec40fe54f4000451

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/note10.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 32602
last-modified: Wed, 17 Feb 2021 14:04:58 GMT
etag: "602d228a-7f5a"
cf-cache-status: HIT
age: 5012
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7auL0Bufz2BfFSvRjPWCa%2BuhiKvQ9SvTiZqy7fV48KXIpl5G%2Fcvz%2Fg%2FLkbiWK8csm4ycEdWVfyVVZfu77CAtvJer9zPRF1x4aduaxm1RrVnD7GzEo2gHEa47myfwru8BfIiMgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ee356ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/img/s20_comment1.jpg

104.21.95.248

200 OK

16 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/s20_comment1.jpg
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 150x269, components 3
Size
16 kB (16101 bytes)
Hash
f90f9eefd62b5275e7ffac00b9b52686
c7414e8b7aabc3dd21045fddd63c6e7f5b8bbeec
9239ec9a7f86227854f61bb3c1134b8f1a3f0815d1909795b321d48fdf8f9d37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/s20_comment1.jpg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/jpeg
content-length: 16101
last-modified: Fri, 23 Sep 2022 06:56:50 GMT
etag: "632d58b2-3ee5"
cf-cache-status: HIT
age: 5011
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hm4ttyzIO0hNqZPIdQYDkYFh%2B8ClfLFC8ohnLJgsgWKdD2iXeswzKC8Jbb%2Fn3b4suFkjNE0pP9gDxeNTG6qQixpd%2BYspSWHp2lH3%2FqubaU%2FG7NqI75wv1kq8gz6Q1wImvMV8iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ee856ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/img/s20_comment2.jpg

104.21.95.248

200 OK

18 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/s20_comment2.jpg
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 200x200, components 3
Size
18 kB (18039 bytes)
Hash
a9e4cd59be6114dfdec76393397498b6
452e793400244e4e2ff2adae1d3cb216511e487a
9b6384ca70110d9caf641050b2f9979bc832b64cff4affe3888a508d8efa876e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/s20_comment2.jpg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/jpeg
content-length: 18039
last-modified: Fri, 23 Sep 2022 06:56:50 GMT
etag: "632d58b2-4677"
cf-cache-status: HIT
age: 5011
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqRaG5biskLk%2BF6yuMxg6NTPeULXS%2FunY9rbMGmox%2FlWEHAJsks5mIq5tK02kLB2bnFtPHEKzmaspz6hIBDhY1OYLZP4xt1mpdA3zTTW2FvEOT5OCxBxLU6urfsqJ5rBwBDXZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5eec56ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/isp-logo.png

104.21.95.248

200 OK

2.5 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/isp-logo.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
2.5 kB (2506 bytes)
Hash
41f5877335f188c5e1e249c307b467a9
1d2c947b98fde0825c4ac752b4b686d8c7dd45ad
3e76fb1bd400d464ae7efd63266e36b6166ccf908de94a0c5e6b066a14e5f188

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/isp-logo.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 2506
last-modified: Wed, 17 Feb 2021 14:05:24 GMT
etag: "602d22a4-9ca"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J1sOR3Hhkkyh5t21wBB%2BSoUJDt4tE5O%2B4Y4b5x2tXG5gfia6WTaFs7GCLhJ6Y5eHowxCdblw4l%2BnyiZy2v3xwqKCOGcKgg8Ugs6REQwug8G7rFWf8vlLfLTtloSKD0qAh60D4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c4eca56ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/isp-loading1.gif

104.21.95.248

200 OK

1.5 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/isp-loading1.gif
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
GIF image data, version 89a, 25 x 25
Size
1.5 kB (1457 bytes)
Hash
e77529aa1a83920de7897a4c5c5f9707
d78e86f851a13d500ffc9e84baab79b502392cbd
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/isp-loading1.gif HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/gif
content-length: 1457
last-modified: Wed, 17 Feb 2021 14:05:24 GMT
etag: "602d22a4-5b1"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rdd6xjNkGIt1qFVRc9fVCwUTIztPNNk%2B3nUIcEY9yOe6u59KP0vg7UP1Qq96vkgrX8hfJZsAlzGccxXumi4%2Flhef0EQdFjYGtNqvFPcjxQ1iNT8BOz3TYuLo6X%2BZ8gtT29LhwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ed556ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/isp-greenchk-1.jpg

104.21.95.248

200 OK

646 B

URL GET HTTP/3
ftgheeudxnlc.shop/index/isp-greenchk-1.jpg
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 25x22, components 3
Size
646 B (646 bytes)
Hash
3d0f87c98f70c57b535974b34862a8e9
ee98b5772fb273a6a97f023194696bb025ae85c6
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/isp-greenchk-1.jpg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/jpeg
content-length: 646
last-modified: Wed, 17 Feb 2021 14:05:26 GMT
etag: "602d22a6-286"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IM2JLlRyReJXuVooYxWjS6t%2BwZUxW%2B0EcZCCc%2BIv0zSJv%2Btxwop5Qa7VntIatSQHxcdkn7BCprO18vlRyl8Qijf4VN38uNfsYSmGOITg1UBUxFMRKbbofFYk%2FfDRTE9Oby61Cg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ed856ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/img/t-v6-1.png

104.21.95.248

200 OK

6.4 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/t-v6-1.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
6.4 kB (6445 bytes)
Hash
f9dbc65a0a0a7a49a9a7c2ad4235c19e
0ef0d4aba0b8d3e3961ec30ac49e4d88ee79a13a
1687947df9d65fc9950e8bbad9a2b569e100a8fa61c3e18d168dbee3c1ed51e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/t-v6-1.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 6445
last-modified: Wed, 17 Feb 2021 14:05:32 GMT
etag: "602d22ac-192d"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fCdPSUvC%2BIMPr7%2FoZY7CJJZI%2FNRZ%2BToJYYlk8pFBiPyfOBOcIbJW4JsiiA8xoCVB03gyh5a65%2BjM016izoaHvMgW7WdDyTzGo35ZqnrCTLdoDhPJ%2BBI%2BIMuCGDv%2BVbQl8k76TA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ee456ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/img/t-v6-3.png

104.21.95.248

200 OK

5.9 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/t-v6-3.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
5.9 kB (5857 bytes)
Hash
fbddf5ad7297aaded0b36312c047913d
f0f8ccd0f582130ed30bea86defb89c6f50a913c
b984d9455bf8cb336cc821285d7c66812f4a38ca9483e63d50baed48dd3fd036

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/t-v6-3.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 5857
last-modified: Wed, 17 Feb 2021 14:05:30 GMT
etag: "602d22aa-16e1"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OxtN4qpSaYaFBk86vdnIfKy1eDQoZX0r4%2BifNl2NjmueNICYJ%2FK6oCLmZWdj6KkyLifYnWAIaT0AsIkAWabNFTia75UKvpRX1c3eE1lpQfW406PHJfDKcaPL1dkPL1xKstjU5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5eea56ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/isp-iphone11-2.png

104.21.95.248

200 OK

9.1 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/isp-iphone11-2.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 220 x 168, 8-bit colormap, non-interlaced
Size
9.1 kB (9135 bytes)
Hash
553384b165d1fa8e805fb062509221e8
1272815c6a64243da403bf998eaa7475aacbd210
fb9ca7349d5d4200bf5ded9b571a849a3cdce6c2237e26cb4c10464762124197

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/isp-iphone11-2.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 9135
last-modified: Wed, 17 Feb 2021 14:05:24 GMT
etag: "602d22a4-23af"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=96yq2qsXcxSIO2Cs5R%2FDs8cFskXHHXlYbjcS0O0vnj4lJGibfnhIT0C3aCSTCouE1hwjuHDwJ8u4q4%2B3Ljk96x%2Ffz1dJ29j4A6rjtkWnAopOyWOBmaNF%2F%2Fz4G2I4FEed8Zj2MQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ee256ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/img/t-v6-2.png

104.21.95.248

200 OK

6.6 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/t-v6-2.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
6.6 kB (6564 bytes)
Hash
2bc416642a102c374e8e4f92834d2781
a510890ab5ec292fae76940aa1916953c7338e20
852f0cbd525e418f72b996e330696a8a38f872b1e2bb182b18a73c1080fa7058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/t-v6-2.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 6564
last-modified: Wed, 17 Feb 2021 14:05:32 GMT
etag: "602d22ac-19a4"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ugA30aEqixf34idcxftMu4xEXhzBsx%2Fb8OPNtS43xqTmVvVnvkI9iLlxFsrgBeIpzMPFB7yrLk9bUszy0uD6UhNmf8KoNg%2BVCKLeo9e4Y6XhXQ7ObpQOBqOra2wnLWh5lVFN%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5ee556ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/img/t-v6-4.png

104.21.95.248

200 OK

8.1 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/t-v6-4.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
8.1 kB (8106 bytes)
Hash
7db7d39fe8d41804a38d77b9673f503e
daf3a78eca57ab6949437ee822f99a077ba1ff3a
8057f27640708e6209c8a19cdd2cd2cc3ecaeef8f5940f54f73b14bd04ed0e0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/t-v6-4.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 8106
last-modified: Wed, 17 Feb 2021 14:05:30 GMT
etag: "602d22aa-1faa"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sLEovq8k9CxwIqbMVwE6QF%2FWaOSviSx4dB3aPuVF7fg%2FanW6nM6GVhRNPYdnZk%2FTRNUL%2BBF%2Futkoe2CTa%2BB3upeFi6WABi5RZneS8VvlCNF1XK3eZyn5u7aT9HtLhz9InygoLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5eeb56ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/f_guarantee.png

104.21.95.248

200 OK

5.5 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/f_guarantee.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 94 x 93, 8-bit colormap, non-interlaced
Size
5.5 kB (5476 bytes)
Hash
e96328a64e57e815f2ae881b330227b1
4b11d64b73ff7b3394278384576074da1f48ccee
c49aa7c724f6637b861177d2da95e1da011570a970b38ce3043bf019f0f6d2b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/f_guarantee.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 5476
last-modified: Wed, 17 Feb 2021 14:05:36 GMT
etag: "602d22b0-1564"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xGmGz5cn4l6hdbGZW9YXvJqC5IGB7E1MR0hcjNZTiWA62K4nB%2BkMTVBSvoFcXy56a%2BO0lcWDGv2%2BfD2x77esinARY1twpFc4VQzki%2Bg6ddeW8u5yNGjy9pWWoXv2LhKGHduFGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c6eee56ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/img/t-v6-5.png

104.21.95.248

200 OK

8.3 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/t-v6-5.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Size
8.3 kB (8288 bytes)
Hash
b472a2b485b9d5791bf192e620105733
99fa90c0304b8c684186910ac94ce0efb155e03c
8a2fc773bf2eab9e1059be22277b4475df051990a69cdff90ac134c73075dd32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/t-v6-5.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 8288
last-modified: Wed, 17 Feb 2021 14:05:28 GMT
etag: "602d22a8-2060"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g9y0mmrmJnQTAZfF5sSfzCqn5oeDbvMumadN2TLCmRZnyQ5Z%2BmaHAVVkFaRdtzampLj19Q0wtxhhhbPKlLh05aJOa4wZsEhDnIA4Llj%2FVQBxySF8wiy84WTqPri8LzIvSPu9dA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c5eed56ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/f_secure_1.png

104.21.95.248

200 OK

7.9 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/f_secure_1.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 138 x 133, 8-bit colormap, non-interlaced
Size
7.9 kB (7929 bytes)
Hash
d20b7ca43d07211b60f8739c775a151e
153c13946ef3d3e6bcf3759eb4b5f072bf15a972
ca7696ce16353b1551bfe7eb4bab73d051c224f3dbb57b881af26c5823d6b7b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/f_secure_1.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 7929
last-modified: Wed, 17 Feb 2021 14:05:36 GMT
etag: "602d22b0-1ef9"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5bwcHAJNES2x23oJ7Ggaf7qUeuE8w6lFbCaBPfnIznUrr8MXZTmc2g2mPUL0Po3RfsHngYjY3t6lNhUmUK5FQAZqEo82fOtb7ETZ3cTaHkxZqp3EnH1sC3%2B%2FUuoePLsLDZKEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c6eef56ae-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 92593
expires: Mon, 21 Apr 2025 21:54:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGB3ms5795nWK9wkwO%2BGThJPDugWX%2Bz%2F%2BBAOs4VEVVt73qb5%2BLGrgpBU4OKiaxhvzQ9Rnm0oUwVcrOeBXzGTg78kzQIih6N0%2BRlHUpXQFylSvTzJZHhw11BnYSU7kPO9%2BY3Ce4tB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87d3035c8f8bb503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ftgheeudxnlc.shop/index/img/s20.png

104.21.95.248

200 OK

24 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/img/s20.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 120 x 159, 8-bit/color RGB, non-interlaced
Size
24 kB (23506 bytes)
Hash
d384805b7283cb4a55e9285b3d1f5ebc
a4ed4ba011ef70bdade55c6e1facbf31744b3943
6d882c4051b58d76f18cfae2171be93e1edd2c2614b69360d1a2e78a07d97e9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/img/s20.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: image/png
content-length: 23506
last-modified: Fri, 23 Sep 2022 06:56:48 GMT
etag: "632d58b0-5bd2"
cf-cache-status: HIT
age: 5011
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2BgE2jF9QmIyzxaHNVQEYG9SAm4MAdREMfP9RTrYwJhU2Mrr7XyswoxMDhjhS4E9uqFdpJpPzbDHWSaFsW5%2BQvmKysbpiJDty%2B2tjvuPLLCWZggHNx1BaIljlFIny61qpo0RLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035e183156ae-OSL
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/favicon-isp.png

104.21.95.248

200 OK

2.2 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/favicon-isp.png
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
2.2 kB (2174 bytes)
Hash
60eb0dc8cc7745e3d0da9f35c7016a20
c7adf7f8946f44e59546db8ee3f881c3b48401fb
ccbe0999fcbaed0e3d8a5121a9f5ac5af3306526cce928beadbc0c340770088a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/favicon-isp.png HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:59 GMT
content-type: image/png
content-length: 2174
last-modified: Wed, 17 Feb 2021 14:05:54 GMT
etag: "602d22c2-87e"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nO3lgbk%2FzmN8B4CYB%2FVAPmyGcdDF6RZ9YHDSljNfets9wBQ3SzBInVVDdZjnEjK8XqTGe8ki8GJuABDDyQaScXS%2Fx3j1XuSmVG354CjeIs9qXLDnn2VI9otOFQqiIuOt9ND7GA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035f394256ae-OSL
alt-svc: h3=":443"; ma=86400

ip.nf/me.json

3.73.104.221

200 OK

254 B

URL GET HTTP/2
ip.nf/me.json
IP
3.73.104.221:443
ASN
#16509 AMAZON-02

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectip.nf
FingerprintC3:D4:14:31:CF:C1:4F:5D:C4:46:F3:03:87:08:27:54:F2:B7:6D:46
ValiditySun, 14 Apr 2024 23:40:49 GMT - Sat, 13 Jul 2024 23:40:48 GMT

File type
JSON text data
Size
254 B (254 bytes)
Hash
7ee77928b92f62af3fe4b740de6f1a40
9c66c2951deb18e4a4550dd0ba3a553757bab9b0
394b5969965237c7dea346b42d7abdac52c05ce3f416b7e0c0da59a42d99ebbd

HTTP Headers

GET /me.json HTTP/1.1
Host: ip.nf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ftgheeudxnlc.shop
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://ftgheeudxnlc.shop
content-type: application/json
date: Wed, 01 May 2024 21:54:59 GMT
x-robots-tag: noindex
content-length: 254
X-Firefox-Spdy: h2

ftgheeudxnlc.shop/index/isp-v1-css6.css

104.21.95.248

200 OK

6.2 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/isp-v1-css6.css
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
ASCII text, with very long lines (6122), with no line terminators
Size
6.2 kB (6183 bytes)
Hash
20f9457b505b3fb4c7989733569158ec
9310522ab509b2b81f313473752ab5951c36aa0c
ca3ea6d1fe5120e313bcbce9d4801fe23d609beedc46da2ce0fa34fc7d224c54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/isp-v1-css6.css HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 14:05:22 GMT
etag: W/"602d22a2-17ea"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mOohRPIWL0L8xRJnjr%2FI5tPdM6ugYBnUQoIKOI4m2Z7HVHzMSThDNaWAoliw1fqmQA4sEoElpUBP%2BKCOEJIU9x76uptb9hc6Ac4R6Nrj1%2BbUh7xp4NvUSgcgytT%2FjIUjT4Mx4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c3ec356ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/flags/no.svg

104.21.95.248

404 Not Found

8.1 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/flags/no.svg
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
8.1 kB (8134 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/flags/no.svg HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 01 May 2024 21:54:59 GMT
content-type: text/html
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wlcEvvqLsCkyAI1A4udEPVegxC5rdV4xy6CZBck8L%2F7CFpnBgV2Q2T14C2JFrrLyCjhrUCtdiZKmglIw4VKsNHk4BPa%2BBuTbjdn%2Bckr47YamJinGqNIbnPkqgl3wMXvD%2BnmAWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035fd9ae56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/lng/en.json

104.21.95.248

200 OK

11 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/lng/en.json
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
JSON text data
Size
11 kB (10857 bytes)
Hash
b7022c2bef695b0501b732f8654aed52
00ce95f23c13ee54128889293cf6598e9a5c2df7
0457252191a18498b6ea4810c6dce3ba475dde952e85a18b5d4dcc67863549c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/lng/en.json HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: application/json
last-modified: Wed, 17 Feb 2021 14:05:14 GMT
etag: W/"602d229a-f7c"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scUKDRsBN2fadgth4rfftUFWKfJ%2FULNJlS7IYi%2Bqu51tSsFU44CbbA77VuDPo4S%2FSI2yS2xLBJa9WzlGKwTI4QZveKkI9KTr3os1Zr7MsX2bJZv69Dqp7KHujOF4BelcJ4dayg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d3035e283b56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2

104.21.95.248

200 OK

34 kB

URL User Request GET HTTP/2
ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type

Size
34 kB (34315 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2 HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qrjSCquWec5wHWXIS1JX1Ue8F5emtw45lj2kkF%2FEZzr8ZpI6Tub4kjgq1mTQEfxI0ZihO3PhvlsXScCGKPRqHtrKPPyYFKTPLXTSPhH6BJ%2Fi25zX9ftYyLr17EcY9Rotc4yR5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d3035a5d24b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ftgheeudxnlc.shop/index/isp-v1-css1.css

104.21.95.248

200 OK

5.4 kB

URL GET HTTP/3
ftgheeudxnlc.shop/index/isp-v1-css1.css
IP
104.21.95.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Certificate
IssuerLet's Encrypt
Subjectftgheeudxnlc.shop
Fingerprint6D:47:E0:CB:6D:60:6F:F7:94:04:0A:FB:B5:E7:7B:B4:C6:45:E3:60
ValiditySun, 07 Apr 2024 12:35:05 GMT - Sat, 06 Jul 2024 12:35:04 GMT

File type
ASCII text, with very long lines (5415), with no line terminators
Size
5.4 kB (5413 bytes)
Hash
2678c7ec26525c6e9cb3be600759c2e8
9645ee8d735b2a1fe2b1b298baf964d64bcf89c5
404e4b9aff110997a0bbecef33738ef571ac4ffc3572c268233508a7ba8f10e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/isp-v1-css1.css HTTP/1.1
Host: ftgheeudxnlc.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ftgheeudxnlc.shop/index/index.php?lpkey=176714b5603f109598&isp=Blix%20Group%20As&uclick=e2a79zci&uclickhash=e2a79zci-e2a79zci-6ji4-fe-i4-ci-oj-58f5e2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 01 May 2024 21:54:58 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 14:05:22 GMT
etag: W/"602d22a2-1525"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jDWYTcHgVhTXxGUcnjkmsDHJTIjtXXP0%2FYmtMyxhJPhye0HkJfMqCTtN57vu9WwRfmBO4uSVSrKfwyJu4axKJjLUv4iWTBIn%2FXzFu1kjaJSyKcX%2Bh4mDjA8i6ti3%2FHCMk3E4Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d3035c3ec656ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML