| u4xw8.shop/l/gaz/img/logo.png | 104.21.40.37 | 200 OK | 1.1 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/logo.png IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typePNG image data, 114 x 56, 4-bit colormap, non-interlaced Hash04385fdb7e2e6f1404f87d7c9f10f00a e1aa2aca309de313e591d4ae0fa2ef66b5fb7a23 fcba35abb4f62bcb7cbba58e9c7c488f5a49b4f3e99cd469dcc3a47f2df44b5c
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/logo.png HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/png
content-length: 1065
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-429"
expires: Wed, 15 May 2024 08:25:35 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 297918
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JV1N64JM0yMuvJZaXYTUchaeoIY%2BZwRf2EOhR3l%2BVSqCQ99fgLXy%2B%2F1fortN1VS0%2B%2FrW2bpPprd%2FBl5BR%2BBkaqJg4dAUFCZGZ0pM7xGQZJMet3gFMMh9HrIyGiW3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deed35690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js | 104.17.24.14 | 200 OK | 7.7 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js IP104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (41067) Hashb5c1f83e8e2c9fad4a9c7a7e8c34b2fa a1c7a35489061767940a66b546466ff5212a4625 67adfdac93b9ec1899cd00e55ac1b217e109dc5b379c3e2940f91f8a64f2dd2f
GET /ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 7685
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ea7-a0d3"
last-modified: Mon, 04 May 2020 16:11:19 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 269533
expires: Tue, 08 Apr 2025 19:10:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AHNQjAoYO%2F5B5uaYr2h2r0bx268u3phSsZIrjhP8GnpiLQ17M66szkjk0EHTBct51c4L7iyhYTIzLAVAoQegVw4nru3mNyeH3TvrppE6lJT0Lb%2BMsbMrL1TbowPca5DU%2BiOgJww%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f51e3cda0b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1214669
expires: Tue, 08 Apr 2025 19:10:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QP3vZ3sJJAieC0TLnfbA7L%2FlAWNYOFQ91UF2eJRmrd2z17XPSedB8O7kvOByMRwgmhbLge%2BsuvcSAWYqUcvuyyax%2FTdwcSzJDryESeDIVSEgw%2FMEvr7OUKWDUQMv49i8CWuk8YBN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f51e3cdb0b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js | 104.17.24.14 | 200 OK | 14 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js IP104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (59812) Hashb5730588db13e71c65bdb1d234089260 282209ef6065e8451a5623c1b208d256d7b14c27 77e1728245a0c2de7d0859163ee081e1113aa75fd6894602cb5eb0d7e739bca9
GET /ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 14192
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60f76446-3770"
last-modified: Wed, 21 Jul 2021 00:03:18 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 262614
expires: Tue, 08 Apr 2025 19:10:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1lANw1w2oWbVFnmqDlZdPMUP2%2BrI4sD75Tlvfn3ov4AKg3G2X0eHv4lccEHmkIbDwkK9OAXvIUMydQDOXEc7gM5VBqXGeG4EnTWGuNHJJ6FxK0wZXmFhN2jK4%2FSAspUqh4jjKOU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f51e3cdc0b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.2.137 | 200 OK | 31 kB |
URL GET HTTP/2code.jquery.com/jquery-3.6.0.min.js IP151.101.2.137:443
CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 18 Apr 2024 19:10:53 GMT
age: 5925073
x-served-by: cache-lga21931-LGA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 65412
x-timer: S1713467453.222104,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css | 104.17.24.14 | 200 OK | 2.0 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css IP104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
Hasha69aa970266649e0b08c2cb4bc166568 d9314a52085a2bb6d284421bb18a4c546ecb73d4 ad32b1248207ba91fb945a37d38e7c9deafcba849245872203482db42930d491
GET /ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: text/css; charset=utf-8
content-length: 1970
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60c32345-7b2"
last-modified: Fri, 11 Jun 2021 08:48:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1222272
expires: Tue, 08 Apr 2025 19:10:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QM7pzWGmoikUa8OE899D0lVeJ4o%2FSYKfAp1%2FxpD4Mn0OAb9zo3ulW9WylaSSLni64FIN%2Ba%2BQ%2Fxsk%2B7mv384nXlsfUfX18YnOs6Vtboi%2Ftpn0QB%2BJBwtWyRmYD4B0jnVHPjrQanv3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f51ecd630b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| u4xw8.shop/l/gaz/img/rus.png | 104.21.40.37 | 200 OK | 2.3 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/rus.png IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typePNG image data, 162 x 56, 8-bit colormap, non-interlaced Hash3019a0f4b4dce8e60124f6f0a43c18b5 59d55a14fa68c7d11044fb0daa78617629372b8e 071b949e723dee01c3dcec2832dba89ac844b30564249ec3e5d1500d10e3f05a
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/rus.png HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/png
content-length: 2336
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-920"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tyRgRUajAIsvFMwtEDBYKVqh12i9XaVtb4im0MLSPqte%2FkD9njZSB1DdEYpTVf6F2meWXB8MrUvtNpMQv1WElGsorP4g0wtbI%2BOafATywh9z73PSWjBE%2F1BMD6ax"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deed45690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/photo.jpg | 104.21.40.37 | 200 OK | 32 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/photo.jpg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 738x808, components 3 Hash3fdae4cd437f4c40b9c08785782fa5ce 9a0f1b6f6bd9dccc1932ba1dc3ed0983e900efd3 8cf9de22d548227ffb3aebe51d012b0352ceeee02e36d215f7b80d0c9bc50d43
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/photo.jpg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/jpeg
content-length: 32109
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-7d6d"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NwWMV50Pr%2BMIHLEZN1hms6spVx%2BRTRPkK1q%2BYFuCwG6CQcCPjC7Sgu8k3Cb73wNn4h3ue4zm0E5%2Bhm7kBIDXgyJ3JUwdMDuioOh9uxRnhR4NlXHPLRAdVsCG4d4D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deee15690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/img3.svg | 104.21.40.37 | 200 OK | 8.5 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/img3.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash0685ab7a7f1613725ac083f51d62dd9e e9aeb297b2447e9b871fb32dd309434634b705be 693d77da621b2eb643d726ac6cf9bdbd9972311cabbe612700046a5138b32305
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/img3.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-6e39"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ZxuL4E%2BrgPCt2uPi6SzysAF5LR98P%2BrgqIYq0JfM2FUuLHxa5nwjdUhzxDi5wKAQoIqO9nS6uLEbn6DaEUZkYL0OigYgJ7AVHrUTkJtec%2FM2fcBTbKVwvfWH51t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deee05690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/image%2051.jpg | 104.21.40.37 | 200 OK | 65 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/image%2051.jpg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3 Hashb9380925144986fcdef1f5cb82a2e1b7 e333dd7a6e3cb5cfa0ae9670ccf5793af8d6777c 99de95d603e85d20ba9d8bc90a314ab139342b0e58ab78b2c6c17cbab56cd2bc
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/image%2051.jpg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/jpeg
content-length: 65334
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-ff36"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PcqZoWkLruai1R%2B4d2pTMgtHIgGCOF4584Hxb81ETSkQ1VIhS6Xd1NFhTMhhgw4Evr8rmaumpNTPPwMumCWYyOiiMUWL%2F5t9USuOjVXCbmHL48rjjF0iXP6bBQwV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51dfeec5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/image%2053.jpg | 104.21.40.37 | 200 OK | 61 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/image%2053.jpg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3 Hashff3619179edca92ec7c521620ba4da04 8a361aeca8645a9fe5bab1e1baaf14c79b9beb7f 6b0379257e26ed216b6e14110fe1bef430ef1254d2c8c1668732fbafaec754c6
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/image%2053.jpg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/jpeg
content-length: 60749
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-ed4d"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hw0M9C55wOrv8oTFSHpxyz7UZKusHR%2FmvOPScuvgM4Ur%2FBT2rzVUE9D9AmPmIvwj0meSF2AD%2BkaQBZyQyN0eS%2BzGVmA49aa%2FK6vyUIbCiwjSqmssRtVgT6vWe%2Bx%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51dfeef5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/image%2052.jpg | 104.21.40.37 | 200 OK | 42 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/image%2052.jpg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3 Hashf0c662297936ce98871f3893f31a8453 fb2739f2545cae2ca591259677416a9d5a91274d f122b6d4e754445720d6231bee649a99cd53adeb131fabccb058cd9d5d21a68e
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/image%2052.jpg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/jpeg
content-length: 41866
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-a38a"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ%2Fmk4Z7OBOrcO%2Fx95MSHyK8sRa7rP%2BikP81ErQCggUkiORD0QlAB%2BW%2B1pEBE8jTqgCuLidzZII%2FdAGlI5t66i6R3og7CFC3brXrnWgdjfl4Q1VWZFK%2B4LOkgvq9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51dfef15690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 | 216.58.207.227 | 200 OK | 30 kB |
URL GET HTTP/2fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 29752, version 1.0 Hashab1fc8621287e4ea9319a3136812cf80 fb4ed2e52e2a8d7ac50a7618a0c2ea5507a24ef3 7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 03:15:26 GMT
expires: Wed, 16 Apr 2025 03:15:26 GMT
cache-control: public, max-age=31536000
age: 230127
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 | 216.58.207.227 | 200 OK | 35 kB |
URL GET HTTP/2fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 34852, version 1.0 Hash0e8eefb4549a2edf26c560cb9845952e 8d0b1718aacad934fd0043c87cbc54aa091396bf 7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:38:13 GMT
expires: Fri, 18 Apr 2025 02:38:13 GMT
cache-control: public, max-age=31536000
age: 59560
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2 | 216.58.207.227 | 200 OK | 21 kB |
URL GET HTTP/2fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 20860, version 1.0 Hash15b0d42b9ec6606a60edbdcced868466 73ca3f9f966f6722e78409b22db328ce4da475a9 f1400c92345dcd9dbf746acab2c60e8580aa959473e9e56c8772cadcf7734b76
GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:49:02 GMT
expires: Fri, 18 Apr 2025 02:49:02 GMT
cache-control: public, max-age=31536000
age: 58911
last-modified: Wed, 27 Apr 2022 16:15:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 216.58.207.227 | 200 OK | 48 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:35:00 GMT
expires: Fri, 18 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 59753
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 216.58.207.227 | 200 OK | 48 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:35:00 GMT
expires: Fri, 18 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 59753
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2 | 216.58.207.227 | 200 OK | 18 kB |
URL GET HTTP/2fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 18200, version 1.0 Hash8c7519686a5ddf20a3981e660a5f2610 3e0d73d14e4892b36fb5c6a9854c7d2e6bec005a caeaf02fa4a8a45438c270767c4e50fc7f3ed5f94a4c90984eaacb87c2e8a693
GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18200
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:56:03 GMT
expires: Fri, 18 Apr 2025 02:56:03 GMT
cache-control: public, max-age=31536000
age: 58490
last-modified: Wed, 27 Apr 2022 17:10:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 | 216.58.207.227 | 200 OK | 27 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 26736, version 1.0 Hash8404cfed82d322c1be8e149fd9f40eb8 3e3657246db3b889e68d520904ac294a230db56d 8f76526e440538ec1300aa89f671acd1b746925833f7160f6c0e29443008f97f
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:30:29 GMT
expires: Fri, 18 Apr 2025 17:30:29 GMT
cache-control: public, max-age=31536000
age: 6024
last-modified: Thu, 14 Dec 2023 02:00:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 | 216.58.207.227 | 200 OK | 27 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 26736, version 1.0 Hash8404cfed82d322c1be8e149fd9f40eb8 3e3657246db3b889e68d520904ac294a230db56d 8f76526e440538ec1300aa89f671acd1b746925833f7160f6c0e29443008f97f
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:30:29 GMT
expires: Fri, 18 Apr 2025 17:30:29 GMT
cache-control: public, max-age=31536000
age: 6024
last-modified: Thu, 14 Dec 2023 02:00:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| u4xw8.shop/l/gaz/img/license.jpg | 104.21.40.37 | 200 OK | 504 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/license.jpg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1343x1900, components 3 Size504 kB (503545 bytes) Hash23f74188101be1f61d925652a5a4a125 f7fa278087d032a53275eb4d58e770fb16cc77cc 2039b2ae5b6876263012ee356c4a6dd0c70b595109347f9bee8dd55d60d5558b
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/license.jpg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/jpeg
content-length: 503545
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-7aef9"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T2tdwr7yq86TR9K8pfnaly0lrScIrpOmQ6KWnBbdQjJ7MSq28wNnj3C8sdjJxqNB57u0%2BuFJSQbhMPCVQ6dWPuVhx%2BZNndLPC%2BuYQFCxpmc4TDNIrJgec%2BA8gK03"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51dfeea5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/js/intlTelInput.min.js | 104.21.40.37 | 200 OK | 12 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/js/intlTelInput.min.js IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26995) Hash5c903c8ffd747d2b7db2d362d573bff8 9c0a0caf1658891a03c6030b2a1cbe945719b420 b8f6de98e9dfdcfe1e69e2c779b2f03c2ef56116eedd6341bcee226d87819c6b
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/js/intlTelInput.min.js HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-7351"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t0uIkCTeuSXftT1aOyZBdj6lbjuAOyrS0B4LsqfT9COTBoizOx2A9TE%2BpyhkDx%2BaGHt5vfTEVSPM6T8%2FPyeG%2BnUMWUscllyMu76cJd9rXsBZlkmQzpJyqBymVPt%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51dfefb5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ipinfo.io/json | 34.117.186.192 | 200 OK | 280 B |
IP34.117.186.192:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
CertificateIssuerLet's Encrypt Subjectipinfo.io Fingerprint9D:3E:28:56:62:A9:9F:DE:23:E2:E3:28:72:EE:AE:0B:F3:A5:C0:63 ValidityTue, 05 Mar 2024 21:14:09 GMT - Mon, 03 Jun 2024 21:14:08 GMT
Hashadf22d9a8ca3a97a9ff78909b8702358 f5046826566a7e98d6b5e5c7b0a65677c3bde708 756edd1454b049c1370e83c864bc93dfdd82f44d8f9752b3068e5a11867a5de3
GET /json HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://u4xw8.shop/
Origin: https://u4xw8.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.24.0
date: Thu, 18 Apr 2024 19:10:54 GMT
content-type: application/json; charset=utf-8
content-length: 280
access-control-allow-origin: *
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| u4xw8.shop/l/gaz/img/sprite11.svg | 104.21.40.37 | 200 OK | 14 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite11.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash0d31c1df315404c74ab459b7dcdf0445 93182488675530bb2df97dd74acd47fd5f537ebd ed1b1f5e3a2769494eec30f7c4d37a434861f8eef21280f23e4a1df95a35e654
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite11.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-415f"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BrVAaKQg0GMehYKoXs4hblp3b5P%2B3grHYQ%2Bp8ZxIMeNtOZkQry11gO3%2B%2FWnAupubJqTl9IMAgrGY7ybe75Wjlepep8zS5meFAPuUK84brW89zghBzFOMhDOdN%2F%2Fm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049d25690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite10.svg | 104.21.40.37 | 200 OK | 11 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite10.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hashfa41411f38996d9a518a8146ab6ae209 d0c1b647b7a29e2002f89b15074c78a5c7bc2506 919543a4ed0fdcfcc462c0dfa7da7471913c25ea63efad12f4f8e1532ec34f1b
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite10.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-c9a"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8KDJkO%2FDH7LEfQkvrvuV5vWxLX0AYBTeo2j0izoqjBJiI0N0FVHwFK8Z0WofrFbapiIoz56cEtRll7azNH1ffUMVjlLvp5c61rs9oziKvHa88ocZVTgwqNJM2Fz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049dc5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite12.svg | 104.21.40.37 | 200 OK | 10 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite12.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash1485211ad1d53b026e468cbf96d186b1 f3704e1e63a905b87060eb6a3b05a4a0d1f4b0ce 42d12b02a2081435a2156ddcc6f9f932e23b9e1c8f0ba7041558fc139c0f69fa
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite12.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-20cb"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gvcqxBcji%2BpHK4w4OH%2FYr%2FW6h12GHuBc5rytm%2FGOmczaZ6v4glqvewncJCGXTFjop80XJtwejHj0%2BlhHJzabtEc%2FxYli6%2F1xF%2FRhPIEes2yAfIxiqmAEjvarYo9H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049db5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite8.svg | 104.21.40.37 | 200 OK | 24 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite8.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hashdf93c5e07081b864c87d0946fe166bd4 06376f1fadeacbf1d4425dbe6647d3c07eb654f4 9dd34c6d50df718d2bd6c5cc7d89733c3bed24cc3badb3ffef0f91cef47f4c5a
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite8.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-b264"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=79YU0Z9qoExQkZsfM6iXn4diTDmtz0jnmX8boiDB2S3EBw4ulJRvHFBJ4WMJZITuCaLXeZvPkpGOlrUomHLFDHMbAxCt9yf%2Bxi4hxkCvmY%2FQzVvuAFzKtjV2DQeF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049d85690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/flags.png | 104.21.40.37 | 200 OK | 71 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/flags.png IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typePNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced Hash416250f60d785a2e02f17e054d2e4e44 21572c9751e5a3dc20395befa0fcb349c32c4811 0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/flags.png HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:54 GMT
content-type: image/png
content-length: 70857
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-114c9"
expires: Sat, 18 May 2024 19:10:54 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FFK2z6n9xXb0GwF7Yv04%2FH4QC8VVQWXrz7y%2FqptzrskUboyucIn2jbeEuAMAV%2Bntw1PA%2FKMtAvEzETjohD7VPoZerax3RQFKWh2ZvLvHks5Td6TcGcSak0TkIWz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f522acb15690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js | 104.17.24.14 | 200 OK | 47 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js IP104.17.24.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1435) Hashbadf39299033bb934da6325eea28ce72 bf68e8fd78007eb5539e08f0621a75c76c977f22 2c70f3d32d8ed2924ff688ad77a9b8f65663a433b5b0e5f4ba38879956961652
GET /ajax/libs/intl-tel-input/17.0.15/js/utils.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 46616
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61a59596-b618"
last-modified: Tue, 30 Nov 2021 03:08:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 176759
expires: Tue, 08 Apr 2025 19:10:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0p3BJ3vCnTDCh9GgnSZ0%2BbSSUHDogWMWzEGqA%2Frlfet12viTedF00X5rAqXhL81EYkN%2Fp4Ha8tnBMdnoEkCjsXkRSVtVcb5BGH7yoV7vVVNWXof3EkvJuT1kn2M9tELw0cpUBue"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f5267d9456be-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/videos/gaz-platform-preview.mp4 | 104.21.40.37 | 206 Partial Content | 302 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/videos/gaz-platform-preview.mp4 IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeISO Media, MP4 v2 [ISO 14496-14] Size302 kB (302505 bytes) Hashb9bdb39b87ccac0f29a3feb1536bba2e babf12e826affae5f0b023d5e261f56a7a493e44 9e30afc870178d1c04b20f69d1480261c5093b5a09b2a7faf4eb376e8467c5f9
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/videos/gaz-platform-preview.mp4 HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: video/mp4
content-length: 33432152
last-modified: Sun, 05 Mar 2023 06:50:20 GMT
etag: "64043bac-1fe2258"
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-33432151/33432152
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jpqxfhOXUelI8wmrdK3J8SKH9P3D3HvIhPp9JWTgYnApUMOH3h41V2u2PKqsUPMhDHn3omFcLl1tNIj1zwef3nY9j8gDS%2B%2FCImBa7%2F5gITN%2FQjqNqp4u%2BP%2FfGCin"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f520ca765690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/gaz-platform-preview_Moment.jpg | 104.21.40.37 | 206 Partial Content | 40 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/gaz-platform-preview_Moment.jpg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [
- TIFF image data, big-endian, direntries=2], baseline, precision 8, 1280x720, components 3 Hash823c008962339b8e6c9d61f0b7a46623 12acecdbbbb60af2dd1ba470ee308c5a1993eee3 9a600de4cab817d7e3885d35003f57c4faf2db0327b88a8b94509ecd21411c2c
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/gaz-platform-preview_Moment.jpg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Thu, 18 Apr 2024 19:10:54 GMT
content-type: image/jpeg
content-length: 1564162
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-17de02"
expires: Sat, 18 May 2024 19:10:54 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
content-range: bytes 0-1564161/1564162
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B4o3jZJaEue2GltZ3G1%2BjsFQlr6G0Iqjn8aZ%2FddHEGl2d1%2BsyQjT8m4uroHLpkB9lqrlEErAps1bK%2FndMP1FlSt3tHfv527BmrKv956t3mdXjgl87st%2BgTYU%2B3gC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f5244ea15690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite6.svg | 104.21.40.37 | 200 OK | 14 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite6.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash577c76d3485408273e65c1f426004c12 564b0efe86ca0c405e7843e953d2608eb34157be 56e699128aff9d28a360999931de0694df469a397d1d73be4b263a1a3561d36b
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite6.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-2748"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g19ecTwU99eJROc44t7oSq9kY%2BwdvSdjHvRicWKe8yurSCoKwCEaIOmN9SnqPHkFjwHzrklhudwmmCth%2BP5pFiYYBNv7xUvh1DMlIq%2BFCM6Ua49na4dKYSt3O%2Fvr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049d65690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/css/errors.css | 104.21.40.37 | 200 OK | 2.4 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/css/errors.css IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeASCII text, with very long lines (2479), with no line terminators Hash541902e6f5b3104a2a19061a35871980 4ca48511e25ee4e3beb5b820055a31dcbd4154f9 90fd262aad643912cca5c94572e863a37c1837066b6c19b45fd12ec9980d93f4
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/css/errors.css HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: text/css
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-93c"
expires: Sat, 18 May 2024 12:11:20 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 25173
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rW2LyIj7ZZTDWWw5YcqAaMGod9zUZp9iRcCvc9Xwrg5ono1E6WJd%2FUNOgNha9Diuy4OvB5JxHXKOgZJXhhtR%2FjhG1RS5Y5twAmJE%2FK%2BwnBdKY0bWdy0ObKgv1L3R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deec85690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 104.21.40.37 | 200 OK | 45 kB |
URL User Request GET HTTP/2IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:10:52 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: sid=deleted; expires=Wed, 19 Apr 2023 19:10:51 GMT; Max-Age=0; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kITE8HSfLocjlpgPk3lBE1U%2BvlNf3NE81VPlIidRuWgxCTUWZ4pz%2FWqxkFaBMA45kYHYjrnQsVLOiQM4z4c7yJYRvvNeFQKtToR8zcWqXSKiryJ0qLwBoiNIkS1q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8766f51b2c76569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| u4xw8.shop/l/gaz/img/sprite9.svg | 104.21.40.37 | 200 OK | 3.1 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite9.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hasha94d5ef8ada6b57084e1367ed8c26c63 2f7a0bf12410dabfee8c9213691a0a294aeaef24 b278a847c81a737362db49bcd557a8fc987f84d9cad706e2d6e33ba163891dc3
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite9.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-c4b"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kPNTHygEQF4CwR5vKOExNXT0rCp5R984BB3t%2Bt2MBLT1%2FvaD9KOHk%2FbeKxXtVJfcEGKUcgbVqnihrk2zjtriJ6GxGXFg5NFhRJi%2FzHCTuRLrtuK0tgTRKixhAelc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049d05690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/favicon.ico | 104.21.40.37 | 200 OK | 1.2 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/favicon.ico IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash213beed7102b1e9a334ca0e45a90870d b92df83ff543e68aad4f796826ea93fbd45e7855 8d753707c334888732d902d8680d85a6cf1e458fcced2494875e9812eae03490
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/favicon.ico HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:54 GMT
content-type: image/x-icon
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-47e"
expires: Sat, 18 May 2024 19:10:54 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=duPbqD1UwarSllIClpW9tv4Vqk9%2BO8wEk7WjF82fExCAPZd9tMJ6wcOMViaAfzljc0UzrSFP%2Fmjef0m7%2F98ysp6Dgrtz%2F2bXbD2EwXPPyC9iKq%2FhHdGzW6IV8dDM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f5256fe05690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/js/index.js | 104.21.40.37 | 200 OK | 992 B |
URL GET HTTP/3u4xw8.shop/l/gaz/js/index.js IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1017), with no line terminators Hash594f69439ec054e6ff377fc1e804e29f 445eec27acea68eff2e90e801f0572d1a39b82e7 eae8b4577a65b270ee87aec23788fb25d766055de730f75af9f139a90b03f43a
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/js/index.js HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-3e0"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pHX8iVzXDYkb3MkZOs6zAVSNPMZbSlBzX7et0GFQn2h951%2BWqoAY9CcDb5QibfB1NJM3zQO245LWgIbCGixjSPQOPs9%2BEgc2DqYybVfW54uiNpddcr%2FmuqRoXlZC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51dfef45690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/img.svg | 104.21.40.37 | 200 OK | 60 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/img.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash51120bbddd53794d1dd188eeacd1259c ec43bc418d3644250cafeeada7d5d1133f60c4bb 4bd591ba5310c896b04e725fb1621dc2e66c3e57e97a160efb90848cb6146e70
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/img.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-ebba"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7rfWB52N8lsK%2BU1rXbZdyCKZGzKGMOKkMxpRB9oHxWjirhCZX5gXtGkER7kMoD0O3rSuuluSjJEJ7PGAvy4XNPLSM6%2Bvk%2BhJP9pjzWQzKwJK2fCqg9C4DzMfwxC6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deed85690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/js/landing_url2.js | 104.21.40.37 | 200 OK | 257 B |
URL GET HTTP/3u4xw8.shop/l/gaz/js/landing_url2.js IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeASCII text, with no line terminators Hashf776ce66f65c39ec530a3bd2d09c9933 ebe59a2d5aaa6b873174e30e6e7f2cdfe7bcb2e4 4a2953bfe6a4596f47493279dd3f86935bf92e02cd00f6782245badb1c9991b2
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/js/landing_url2.js HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-101"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iA%2BBmHztzsbxQX4ShueNZ9iyTZoTl1sCOgMrn6cHigPyqI5lbLElcJLAbPIZy%2BIEXV0EcmoMM%2FeO2%2FkScHr9HQoDD80YgwVRLgyrsGGQ1YnQfVmkQeXDvrCHUKNv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51e0f025690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext | 142.250.74.170 | 200 OK | 23 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext IP142.250.74.170:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeASCII text, with very long lines (1572) Hashbde226289812362a62c84ef7429458b6 2be4372515908a31cc206a73532e7a33a9457a83 39f1a91928f8e02d7e73a50cf4b418145902978de383df1f8119b93769170db9
GET /css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 19:10:53 GMT
date: Thu, 18 Apr 2024 19:10:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| u4xw8.shop/l/gaz/img/img2.svg | 104.21.40.37 | 200 OK | 20 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/img2.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash53a632a7497ecd4803fb4208c9f6843a c19a1766603c6a401b4352852fbdf6fda05f14a3 5c9c89052bff64e0821767b5219b15f86122901a8de1aec3d9a439cfe8c07ca7
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/img2.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-4c63"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fA8vRkKvZo984h12%2BGy6qgAn8euEPCaKNCkU47c29g2hAyfBpfQy2VHemfZhvl4IBDA%2F1XhBppHka4nS4pnVfJSENDjI9vfya3%2FpsZxhd50pLmBF3tKQ8CFLxdQE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deedd5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite3.svg | 104.21.40.37 | 200 OK | 7.6 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite3.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hashf772a2c3f7fd89a8cdf974fd2ca17f33 5fe1a611a98559d40a179dfdd52798b70f6f9ddb e1f2ece7be9caba38e3a609cd685202a69ca9ec1d402589a46be8fdbd31be35d
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite3.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1dd4"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9kY8n0XroT4qDkiZ4exH%2F9fmtoKHXBS3DJow0zVDbukWR%2FKPhcUemlzjcy9fm0KrW1Y32HTWtpk%2BIe0oIvp4xslWtTmMUlSGa%2FKhLjMEtLlzYeBZpVVt%2FGwWaA9L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049d35690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/uniq | 104.21.40.37 | 200 OK | 2 B |
IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /uniq HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: sid=deleted; expires=Wed, 19 Apr 2023 19:10:52 GMT; Max-Age=0; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S0cK4oBhwG10Z6Eijr7cKS7VBbgeoHaP1ezdvpOu1%2FsJu3THm06mFSTeBMN9Y9EPR1c5EY4ddTMnFIUCBSGkmxDYk6xFuU3NdpgpxqTbqLbb501FTvDCCMTBi%2BNw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8766f51fb8ff5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite7.svg | 104.21.40.37 | 200 OK | 7.7 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite7.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash9cd03b34315fb1d8b2e5ea5d645eb561 145842ca640d6b8b05396c0adb0b720e8dd0c97d 0c6a7f69a2b4cd2ee3d7536f54706d729b2da67633315499ee892d920b441d73
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite7.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1e1d"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x7%2BdlAg127OmqXI94BWJO%2BPJLT6jWtzG0rx6C0fKf70kcbUXX98V54NNblDe2AYdT2FJuttnePtrkscBII4ZG2pAiTRGZAxLDeV5hriEcYqZuMpRHBqQkp%2FMiEM1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049da5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/js/errors.js?t=2 | 104.21.40.37 | 200 OK | 4.2 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/js/errors.js?t=2 IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeAlgol 68 source, ASCII text, with very long lines (4347), with no line terminators Hash2f52730c897b1de658bc92e9af67c649 1cd94cedb0bd60ca20e611ad155a2a374aafd8bd 7017bdaceccee43521c8f6878203580013c8f2f458acee34fe7b7803b5151740
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/js/errors.js?t=2 HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1051"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DdgB9F2rlZjmKdt9EZ9WKk%2Blo21JxOFKfUrVV9iAepH3dg4SL5q6IZgrxOOQ1qOc8zJVMJ6bjgVhqGHpwSpHGfjEZ%2BAae2Ra3Jh3gt5rY%2F2eQ0tysAGhXfcj41IE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51e0f015690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite1.svg | 104.21.40.37 | 200 OK | 1.9 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite1.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hashfaf11e7e9b672843ec985034750011da b6a19a665f2909fdb7ed320e15ee9a3b5030b82c 16701c77b1ecd98f81456241913ba0e2efc81f96eccb2ab7f13dbde6215804be
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite1.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-76c"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q15frOREjjtj5mmBCFiAK9%2FnQ1pLrrzHGTTsmo5u3YdoLfUicKjQOuCIARZzZSNv0DXziDTP%2BjrXtOA4Mz6cph6XemngxrpzFGqRRUmjJ3ps%2FJhGwjLZEf2Ko2Se"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049e15690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite5.svg | 104.21.40.37 | 200 OK | 4.5 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite5.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hashc3bac6d32fe9c133103b2ee76637790e 3feffee9c8136843bcd768659faf4ec01cecd000 4bc5d08ef99bdc338169bf0f0b0643e3beb9bce4c8fd2dceb8b774f4e55fff90
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite5.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-116c"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TnZIGTfL1%2FOyz1HySWuEvJqnYuLZWw34Yyalwxyw5nIcl%2B%2FQX2xevajNeA0GHn2m%2FSO09uW%2BY5Im3za9hoGiBXTzhE1cSXpPgBNva2KJuVLOoD7BBwS4eZCCsewb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049e25690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css | 104.21.40.37 | 200 OK | 889 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
Size889 kB (889339 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/css/bundle.e15e13582eb553ce5360.css HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: text/css
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-d91fb"
expires: Sat, 18 May 2024 12:11:21 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 25172
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DEd28210B8k0J8rYhpvtpxF%2FO34gVEAu%2FAN36gti6lL1xBWkmhtEs2WC1SzuzWE2hvnZBzNi1AGb%2F7FtHDfcwK5NwUA7jO8msg0GlG7s5RQL10jrOniqEMNanWDL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f51deecb5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite4.svg | 104.21.40.37 | 200 OK | 11 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite4.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hasheef5d4eb7bfe0b509764cce858ec1d2f 872c396247d1db1a2c915484095771640cd47244 e57a4152ea0e055f1bdd8f0336a7cd6c0df80dfc06a660f54bc64c19482ee643
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite4.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-2a83"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wzqf33f5QQ2I2zDzFZR2fU6KaXdpfMicDBy1pVVZ9pIJilcrTOWmeLfzHrWnbL0WEtuuTwIA8tPFtlxwQJrrYwk8Nt8Gu8xpF%2BK5JRH4HqSF%2BroB02XgyZwHQ8Y1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049de5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| u4xw8.shop/l/gaz/img/sprite2.svg | 104.21.40.37 | 200 OK | 9.9 kB |
URL GET HTTP/3u4xw8.shop/l/gaz/img/sprite2.svg IP104.21.40.37:443
CertificateIssuerLet's Encrypt Subjectu4xw8.shop Fingerprint74:52:5E:70:D5:DA:AF:47:82:34:3F:29:D5:E8:11:C4:7A:EF:22:26 ValidityTue, 20 Feb 2024 19:46:41 GMT - Mon, 20 May 2024 19:46:40 GMT
File typeSVG Scalable Vector Graphics image Hash8d5bb2fc82b75a4c8984bc346c9dc70c ddc24335ecb65a4026bd99fb04ba2c61c840e902 a7f862e53881475164e35ce88648d046119a849d198dcf104c2b711cb4db160c
Analyzer | Verdict | Alert | OpenPhish | phishing | Gazprom | Quad9 DNS | malicious | Sinkholed |
GET /l/gaz/img/sprite2.svg HTTP/1.1
Host: u4xw8.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://u4xw8.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:10:53 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-26cc"
expires: Sat, 18 May 2024 19:10:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gr1ZwyfV2yW%2F8jSwe0%2FaclXKZd7acczujg9G2h20S3SqIF8w9DygU4cN%2FLcdjGU%2Bp8ApLQk6%2F9sCqcbbIaLp8PK9SmcQ9II59UyWYqH3fVpcn0lYiMpYKC6b9vdi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f52049dd5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|