Report - z6lh2.shop/

Report Overview

Submitted URL
z6lh2.shop/
IP
172.67.135.131
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 19:09:35
Access
public
Website Title
Газпром-Инвест Официальный сайт
Final URL
z6lh2.shop/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
134

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-18	404 B	32 kB	151.101.194.137
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	3.7 kB	233 kB	142.250.74.163
ipinfo.io	8136	2013-04-23	2013-12-16	2024-04-18	407 B	678 B	34.117.186.192
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	507 B	12 kB	142.250.74.170
z6lh2.shop	unknown	2024-02-09	2024-02-09	2024-03-08	15 kB	3.1 MB	104.21.6.248
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-18	2.2 kB	104 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 19:09:09	medium	Client IP	34.117.186.192	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom
2024-04-18	medium	z6lh2.shop/	Gazprom

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed
2024-04-18	medium	z6lh2.shop	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	z6lh2.shop/l/gaz/js/index.js	992 B	2023-09-16	2024-05-01
Pretty URL z6lh2.shop/l/gaz/js/index.js IP 104.21.6.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:55:04 Last Seen2024-05-01 18:58:21 Times Seen14409 Hash 1adfefb340541281830ef6167ef51db5 6e63bd31cb65aca647043cfd03630fd8f06da6aa 963362ac5b92fb739eff1dce8f8e48238c7b6597d2b8c1b87d18b055277cb05b Loading...

	z6lh2.shop/l/gaz/js/intlTelInput.min.js	30 kB	2023-04-07	2024-05-01
Pretty URL z6lh2.shop/l/gaz/js/intlTelInput.min.js IP 104.21.6.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 08:40:51 Last Seen2024-05-01 18:58:21 Times Seen11490 Hash 9c8154f4404aec64d3fccdf1375da301 4bfc43bdaf6c1e8654e13873c5a99f6369677f35 a7fdd130131c8899e7cda1f6afb542aeb729b8dc5423f00353c682b5460c643c Loading...

	z6lh2.shop/	539 B	2023-09-16	2024-05-01
Pretty URL z6lh2.shop/ IP 104.21.6.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 05:55:04 Last Seen2024-05-01 18:58:21 Times Seen11329 Hash 468a5049db1adf2d5f4f7c420aeec45f 56f1d3150e5a056be36805153c4ca952df1a5069 0b8f88f3590bd4f0ea8ecd461c920a744f12f337a857c497b93f2b306626993e Loading...

	cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js	41 kB	2023-04-05	2024-05-01
Pretty URL cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 23:55:04 Last Seen2024-05-01 18:58:21 Times Seen11647 Hash dd2250b414858d83d5bff500e9c418d8 e6efd1a460c2f6c5d94924079e0f2029b46272cb 54a80c57a4102dcfca059ae31110176b10e52706b4dc15bb6a621f38909ea64b Loading...

	z6lh2.shop/l/gaz/js/errors.js?t=2	4.2 kB	2023-09-16	2024-05-01
Pretty URL z6lh2.shop/l/gaz/js/errors.js?t=2 IP 104.21.6.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:55:04 Last Seen2024-05-01 18:58:21 Times Seen14470 Hash d8bacacbb94df09ddf8d3609d0d18feb ba0208dfefe91cc867282f5bff6bd01de3275d11 566e2f0b77fd55ac4ac6170043c91efe2df9204882d5e030ac2b1169fd167dc1 Loading...

	z6lh2.shop/l/gaz/js/landing_url2.js	257 B	2023-09-16	2024-05-01
Pretty URL z6lh2.shop/l/gaz/js/landing_url2.js IP 104.21.6.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 05:55:04 Last Seen2024-05-01 18:58:21 Times Seen14450 Hash 2afba324c360fd0ed40f992335bb8c92 699177e3e1a216e054f249ac2f498e26ada9d9a1 9db54e0a4b17459fb1c5f1991a75f3f57e1204b160b90638409391f6234471cd Loading...

	cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js	251 kB	2023-03-07	2024-05-01
Pretty URL cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:15 Last Seen2024-05-01 18:58:21 Times Seen24379 Hash badf39299033bb934da6325eea28ce72 bf68e8fd78007eb5539e08f0621a75c76c977f22 2c70f3d32d8ed2924ff688ad77a9b8f65663a433b5b0e5f4ba38879956961652 Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-01
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-01 20:10:45 Times Seen264354 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	z6lh2.shop/	298 B	2023-09-16	2024-05-01
Pretty URL z6lh2.shop/ IP 104.21.6.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 05:55:04 Last Seen2024-05-01 18:58:21 Times Seen11277 Hash c50bdad10d5fe5ba42c30f80ca8ecbfe 50aedce3f6a2194c7fbe87d2fd538614de8d3e4c 732bf6f9fc306d0e15b283137fb020243e02abe7086aa26ea169ddba6df3f4d0 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-01
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-01 20:11:05 Times Seen140640 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js	60 kB	2023-03-07	2024-05-01
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:18 Last Seen2024-05-01 18:58:21 Times Seen23082 Hash b5730588db13e71c65bdb1d234089260 282209ef6065e8451a5623c1b208d256d7b14c27 77e1728245a0c2de7d0859163ee081e1113aa75fd6894602cb5eb0d7e739bca9 Loading...

HTTP Transactions (49)

URL IP Response Size

z6lh2.shop/l/gaz/img/logo.png

104.21.6.248

200 OK

1.1 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/logo.png
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
PNG image data, 114 x 56, 4-bit colormap, non-interlaced
Size
1.1 kB (1065 bytes)
Hash
04385fdb7e2e6f1404f87d7c9f10f00a
e1aa2aca309de313e591d4ae0fa2ef66b5fb7a23
fcba35abb4f62bcb7cbba58e9c7c488f5a49b4f3e99cd469dcc3a47f2df44b5c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/logo.png HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/png
content-length: 1065
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-429"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5HgKH%2BX%2FSmbwN8MObSXNo8UY0snS%2FklUte56JqtEQWFK5J1anwwKNWuUaKsaNA1FtcSafEOfJwo8tKc9Xu7sNcIGmWWg1r1BE3XG4gctEOKVkjcCbtFTPGSuMTu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e880856c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/rus.png

104.21.6.248

200 OK

2.3 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/rus.png
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
PNG image data, 162 x 56, 8-bit colormap, non-interlaced
Size
2.3 kB (2336 bytes)
Hash
3019a0f4b4dce8e60124f6f0a43c18b5
59d55a14fa68c7d11044fb0daa78617629372b8e
071b949e723dee01c3dcec2832dba89ac844b30564249ec3e5d1500d10e3f05a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/rus.png HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/png
content-length: 2336
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-920"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MhVd9eV7xvSZIXg6jKhCzkYw%2Fw9vtofaVMPV%2B6aeujKMg7Q4ZTPYR659LAvXbR0nDs1%2FVguj8MIjJFIG2EQ8qOSyTarBYJnxBrlSBxBPP%2FHXQFHM0IZu2VCD7UJF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e880e56c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/photo.jpg

104.21.6.248

200 OK

32 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/photo.jpg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 738x808, components 3
Size
32 kB (32109 bytes)
Hash
3fdae4cd437f4c40b9c08785782fa5ce
9a0f1b6f6bd9dccc1932ba1dc3ed0983e900efd3
8cf9de22d548227ffb3aebe51d012b0352ceeee02e36d215f7b80d0c9bc50d43

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/photo.jpg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/jpeg
content-length: 32109
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-7d6d"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y1kRmdPBFEZHMcMg94Li%2BjKwJseDKo5h%2BxJAZmXxLBKVHHIxt44o1Ke9m86tmrrFAIguja0y7pzeA4GN10mJq8iQgSym7Q1oAZgtIeDvAsKcg1nDiWVNVHjpT1zR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e981b56c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/image%2051.jpg

104.21.6.248

200 OK

65 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/image%2051.jpg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3
Size
65 kB (65334 bytes)
Hash
b9380925144986fcdef1f5cb82a2e1b7
e333dd7a6e3cb5cfa0ae9670ccf5793af8d6777c
99de95d603e85d20ba9d8bc90a314ab139342b0e58ab78b2c6c17cbab56cd2bc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/image%2051.jpg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/jpeg
content-length: 65334
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-ff36"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S3mttUB81xuARyJp%2BAhLHz4DupQM4AhBEEpf3uPoDturxIPSfPbm90ixRxcBRAV5rkz07XTvuarvLXsNzq6unEcYsmI70PeGZICP1l%2BSVqmCDaIzhBPV5arnW0fJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e982856c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/image%2053.jpg

104.21.6.248

200 OK

61 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/image%2053.jpg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3
Size
61 kB (60749 bytes)
Hash
ff3619179edca92ec7c521620ba4da04
8a361aeca8645a9fe5bab1e1baaf14c79b9beb7f
6b0379257e26ed216b6e14110fe1bef430ef1254d2c8c1668732fbafaec754c6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/image%2053.jpg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/jpeg
content-length: 60749
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-ed4d"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n8t6ac9gEEGlTnrHdGDM03fOpQcEE9RD7tsry1yI4xQ%2FIF2OBZdANPLhvK8UoOgtP76%2Fk7K%2FPXjp35rxheqxE6SjRScWTdYiWhThogfnAnflpf9S5YJ5xvyj0zAI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e982a56c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/image%2052.jpg

104.21.6.248

200 OK

42 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/image%2052.jpg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x564, components 3
Size
42 kB (41866 bytes)
Hash
f0c662297936ce98871f3893f31a8453
fb2739f2545cae2ca591259677416a9d5a91274d
f122b6d4e754445720d6231bee649a99cd53adeb131fabccb058cd9d5d21a68e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/image%2052.jpg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/jpeg
content-length: 41866
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-a38a"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xzEkcxXCnwpIxrudb0jey1kgFpT453luTbVB1AFaKcM5fyZGZr3nd5rwJrOgzVdTugLOzOnhH3aYYY9%2BjlfPZumAUEX7mK63km3ZkH5q3Q2edDFppDzdegc82Zfw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28ea82b56c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/license.jpg

104.21.6.248

200 OK

504 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/license.jpg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1343x1900, components 3
Size
504 kB (503545 bytes)
Hash
23f74188101be1f61d925652a5a4a125
f7fa278087d032a53275eb4d58e770fb16cc77cc
2039b2ae5b6876263012ee356c4a6dd0c70b595109347f9bee8dd55d60d5558b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/license.jpg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/jpeg
content-length: 503545
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-7aef9"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ih5Pncj%2FHOiqthJjV3b9e%2BO0xk5TxtIbdaje0YPAEd3Kn1mCXTdSWA77AuieMwp2TkVaQBkloB8oRFJpFlBN7f1zXtWTHbCsc64g8Ed3gPxZusa9qtxHF%2FlukS9G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e981e56c9-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1214564
expires: Tue, 08 Apr 2025 19:09:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sbOu8McGeD3H5Lb0yWiyxaJuG98mdDhKCEeVUnhQutlFdCSY1jOjG%2BciUz89OToG6b7YBYNO6Z6CCsntE3DxjRsq%2FyLq6aKNMMHbv5xZgVxLoi0rHpLOs6oiOZ%2FNn2h3Viq6o8oQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f28f28d2b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js

104.17.25.14

200 OK

14 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (59812)
Size
14 kB (14192 bytes)
Hash
b5730588db13e71c65bdb1d234089260
282209ef6065e8451a5623c1b208d256d7b14c27
77e1728245a0c2de7d0859163ee081e1113aa75fd6894602cb5eb0d7e739bca9

HTTP Headers

GET /ajax/libs/bootstrap/5.0.1/js/bootstrap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 14192
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60f76446-3770"
last-modified: Wed, 21 Jul 2021 00:03:18 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 262509
expires: Tue, 08 Apr 2025 19:09:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GU4cLhoccie9AQIbq4WYbE%2F9LBWH5cvu8oQ%2BAvASed1jYph0eN0nWmEE8AzkXCgkeH1BFWwrtx6Rq1w5EQG7cW8pfxv9dxlYssVxDvK6GZykffyysPxufgGVFlPruCs6n3DIFwgL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f28f28ceb527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js

104.17.25.14

200 OK

7.7 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41067)
Size
7.7 kB (7685 bytes)
Hash
b5c1f83e8e2c9fad4a9c7a7e8c34b2fa
a1c7a35489061767940a66b546466ff5212a4625
67adfdac93b9ec1899cd00e55ac1b217e109dc5b379c3e2940f91f8a64f2dd2f

HTTP Headers

GET /ajax/libs/ion-rangeslider/2.3.1/js/ion.rangeSlider.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 7685
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ea7-a0d3"
last-modified: Mon, 04 May 2020 16:11:19 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 269428
expires: Tue, 08 Apr 2025 19:09:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfgkTBryt11COjPSaoDQbyOgcaj%2BsWo2IsEW9VZbR4yLUyuHRRF0qoVSbpg16mXGlSj70L2LDB1nedHckfy7r0EmkBaCeTvQgGS26kyRCGB6TRBt1i1gvRqX6kqs%2FwA0PA%2BtDVid"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f28f28d4b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css

104.17.25.14

200 OK

2.0 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text
Size
2.0 kB (1970 bytes)
Hash
a69aa970266649e0b08c2cb4bc166568
d9314a52085a2bb6d284421bb18a4c546ecb73d4
ad32b1248207ba91fb945a37d38e7c9deafcba849245872203482db42930d491

HTTP Headers

GET /ajax/libs/intl-tel-input/17.0.13/css/intlTelInput.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: text/css; charset=utf-8
content-length: 1970
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60c32345-7b2"
last-modified: Fri, 11 Jun 2021 08:48:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1222167
expires: Tue, 08 Apr 2025 19:09:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1dXgfCrNMbiFu2vEY8OFjfd6urgjsE3Jn1sBJP%2BgKMn5l9WuV%2BEHZnDu9JyaEgZA3wVCr5uB9WeEIIS%2FBoseB3J4HlQYbeQOU1DftPKAgLZqpJSLOMaiYeUKwuXkwjPvV8zFNNL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f28fc993b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://z6lh2.shop/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 18 Apr 2024 19:09:08 GMT
age: 5924968
x-served-by: cache-lga21931-LGA, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 64477
x-timer: S1713467348.438232,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

z6lh2.shop/l/gaz/img/sprite12.svg

104.21.6.248

200 OK

33 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite12.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
33 kB (32738 bytes)
Hash
1485211ad1d53b026e468cbf96d186b1
f3704e1e63a905b87060eb6a3b05a4a0d1f4b0ce
42d12b02a2081435a2156ddcc6f9f932e23b9e1c8f0ba7041558fc139c0f69fa

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite12.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-20cb"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0zy2k%2BfbK2Y1buX3STa0buQbMIlnZTBjVZVXRZs4R%2BD85ObWGLJvfgJkwphimyKikJMzVtDfQZNRPbeO6KcGGTl1wsc8kJaysu1xWEmvG5Nin%2Bpc%2BaTcMUppJlem"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2914b3c56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

142.250.74.163

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 34852, version 1.0
Size
35 kB (34852 bytes)
Hash
0e8eefb4549a2edf26c560cb9845952e
8d0b1718aacad934fd0043c87cbc54aa091396bf
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

HTTP Headers

GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 34852
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 02:15:02 GMT
expires: Wed, 16 Apr 2025 02:15:02 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
content-type: font/woff2
age: 233646
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2

142.250.74.163

200 OK

21 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20860, version 1.0
Size
21 kB (20860 bytes)
Hash
15b0d42b9ec6606a60edbdcced868466
73ca3f9f966f6722e78409b22db328ce4da475a9
f1400c92345dcd9dbf746acab2c60e8580aa959473e9e56c8772cadcf7734b76

HTTP Headers

GET /s/ubuntu/v20/4iCs6KVjbNBYlgoKew72j00.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:50:29 GMT
expires: Fri, 18 Apr 2025 02:50:29 GMT
cache-control: public, max-age=31536000
age: 58719
last-modified: Wed, 27 Apr 2022 16:15:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

z6lh2.shop/l/gaz/img/sprite11.svg

104.21.6.248

200 OK

55 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite11.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
55 kB (54671 bytes)
Hash
0d31c1df315404c74ab459b7dcdf0445
93182488675530bb2df97dd74acd47fd5f537ebd
ed1b1f5e3a2769494eec30f7c4d37a434861f8eef21280f23e4a1df95a35e654

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite11.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-415f"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i6bW1lOb6xXiXci6dlM7S7EcXBf%2FMf2DK4%2B2QKdCgSl2WIQuY0XSvWZIhAqqnGLpTOp6jUyQCB9%2B5h1Ec98nfQ81wddZeoB4CcWuKcfRbW1kUnL9VU%2Bnegx6PLGT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2914b4356c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

142.250.74.163

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26736, version 1.0
Size
27 kB (26736 bytes)
Hash
8404cfed82d322c1be8e149fd9f40eb8
3e3657246db3b889e68d520904ac294a230db56d
8f76526e440538ec1300aa89f671acd1b746925833f7160f6c0e29443008f97f

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:21:58 GMT
expires: Fri, 18 Apr 2025 17:21:58 GMT
cache-control: public, max-age=31536000
age: 6430
last-modified: Thu, 14 Dec 2023 02:00:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2

142.250.74.163

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18200, version 1.0
Size
18 kB (18200 bytes)
Hash
8c7519686a5ddf20a3981e660a5f2610
3e0d73d14e4892b36fb5c6a9854c7d2e6bec005a
caeaf02fa4a8a45438c270767c4e50fc7f3ed5f94a4c90984eaacb87c2e8a693

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjtGyNL4U.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18200
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 23:13:39 GMT
expires: Tue, 15 Apr 2025 23:13:39 GMT
cache-control: public, max-age=31536000
age: 244529
last-modified: Wed, 27 Apr 2022 17:10:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

z6lh2.shop/l/gaz/img/sprite4.svg

104.21.6.248

200 OK

31 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite4.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
31 kB (30948 bytes)
Hash
eef5d4eb7bfe0b509764cce858ec1d2f
872c396247d1db1a2c915484095771640cd47244
e57a4152ea0e055f1bdd8f0336a7cd6c0df80dfc06a660f54bc64c19482ee643

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite4.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-2a83"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g305kLUcZmAVpJFDM%2BN0U5c48uSqgVAr%2BSTyUlcmp%2BPXL3SVHqo%2F%2B%2BqEAnxkkU3ny0dtSlin9oyP6if0zBTlcNO1V%2BYpnBHsfMiGvpXxRuqdy2Ah3RbBmDagyhT0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2914b4256c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite2.svg

104.21.6.248

200 OK

52 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite2.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
52 kB (51804 bytes)
Hash
b1d484b45a5309d1b3da1b9534d4ac71
2aea50241e0b60221e4ebfe00df237f29daa5951
03be5ce35e1fc893a2d08426a21a9e5dc53983c56fdccd9006da45160ed73d1e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite2.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-26cc"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7eDMmAlz%2Bg3A4kTbhXZX4xOM1QcEsj4IydHxAkoIQ3AuwWs63k5d9rN67KkwV8%2BVAB6ONPa4YYbBlfyVnCkEsmbO%2B1Z3wHfidhdeHqQSCMdIRqW%2FNaPBMinieUyS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2914b3f56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/flags.png

104.21.6.248

200 OK

71 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/flags.png
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
PNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced
Size
71 kB (70857 bytes)
Hash
416250f60d785a2e02f17e054d2e4e44
21572c9751e5a3dc20395befa0fcb349c32c4811
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/flags.png HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:09 GMT
content-type: image/png
content-length: 70857
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-114c9"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcnsJ1FGcDWylJ5KcKvwb25bB%2FciNErNsmNQXrC%2F6F26myr%2F8jDsyb%2BV8V7HQbaNvv4P4VYoErSEt7tr6vKasg5%2B15PxI6Qccfm3XEcWeBAuUY%2FD1l9yGu7H5gvT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f293be3056c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/videos/gaz-platform-preview.mp4

104.21.6.248

206 Partial Content

1.7 MB

URL GET HTTP/3
z6lh2.shop/l/gaz/videos/gaz-platform-preview.mp4
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
1.7 MB (1695331 bytes)
Hash
3d72728428999e0995e0f9f38f0ff1b3
42e5c881a279fcab159acf6d2de8999dae7fd008
5cfe2018ee836c506e9fa531b6b72768d5d8a126e7b876f041401d4acd3b7e91

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/videos/gaz-platform-preview.mp4 HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 18 Apr 2024 19:09:09 GMT
content-type: video/mp4
content-length: 33432152
last-modified: Sun, 05 Mar 2023 06:50:20 GMT
etag: "64043bac-1fe2258"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-range: bytes 0-33432151/33432152
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c0%2BhPKeynigprOJREKKsLyZ7zn0C6K6AWHXglWyJwhRNlmvUnzE33Za%2FautCHd37BaEzN7Eo5s%2B9MI5YD2VKvBpIbDZ5gihDCHXiblzfW1tMg8JBhvUYBFQXIcY5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2921c8a56c9-OSL
alt-svc: h3=":443"; ma=86400

ipinfo.io/json

34.117.186.192

200 OK

280 B

URL GET HTTP/2
ipinfo.io/json
IP
34.117.186.192:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://z6lh2.shop/
Certificate
IssuerLet's Encrypt
Subjectipinfo.io
Fingerprint9D:3E:28:56:62:A9:9F:DE:23:E2:E3:28:72:EE:AE:0B:F3:A5:C0:63
ValidityTue, 05 Mar 2024 21:14:09 GMT - Mon, 03 Jun 2024 21:14:08 GMT

File type
JSON text data
Size
280 B (280 bytes)
Hash
adf22d9a8ca3a97a9ff78909b8702358
f5046826566a7e98d6b5e5c7b0a65677c3bde708
756edd1454b049c1370e83c864bc93dfdd82f44d8f9752b3068e5a11867a5de3

HTTP Headers

GET /json HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://z6lh2.shop/
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.24.0
date: Thu, 18 Apr 2024 19:09:09 GMT
content-type: application/json; charset=utf-8
content-length: 280
access-control-allow-origin: *
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js

104.17.25.14

200 OK

47 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.15/js/utils.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1435)
Size
47 kB (46616 bytes)
Hash
badf39299033bb934da6325eea28ce72
bf68e8fd78007eb5539e08f0621a75c76c977f22
2c70f3d32d8ed2924ff688ad77a9b8f65663a433b5b0e5f4ba38879956961652

HTTP Headers

GET /ajax/libs/intl-tel-input/17.0.15/js/utils.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 46616
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61a59596-b618"
last-modified: Tue, 30 Nov 2021 03:08:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 176654
expires: Tue, 08 Apr 2025 19:09:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yW%2BiupjBxvukP2JmVZI9qqrTlt3rqmqZiQRjzp3qy5lru9Zkg%2F2sUBpfgQv%2BVlnP%2Bt7wBoF6qfgzEnO016VeNo0F0fMsdoHQ0QbzPOWdf4%2FTo9331HecmDPnEJ9lo5K4gSNbCCt2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8766f295fe48b4fa-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext

142.250.74.170

200 OK

11 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
11 kB (11248 bytes)
Hash
88559f747b045c38a754ba81bc7716ae
3dcf17d8366ac9edb910d1f0430a46e34cca37ff
52266d27a83dc6db9de57a684977ad3f7d0ceb6862dcf6248cd2897151039aec

HTTP Headers

GET /css?family=Open+Sans:400,700,800|Ubuntu:400,500,700&display=swap&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 19:09:08 GMT
date: Thu, 18 Apr 2024 19:09:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

z6lh2.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css

104.21.6.248

200 OK

113 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/css/bundle.e15e13582eb553ce5360.css
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
Unicode text, UTF-8 text, with very long lines (19902)
Size
113 kB (113034 bytes)
Hash
d6bc30f0477cfd3665bdefec98fb4566
46a0a84c7f1a1adb264644a298784bdb69f04548
cfbfd145b39de672d6ddd2267dd076520bb050550428156df9765099f1a4b5ad

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/css/bundle.e15e13582eb553ce5360.css HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: text/css
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-d91fb"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p2aqLsLjiSAck%2FU1pCEiF%2BhlYC%2F0GjbhDNPsO%2BF0s%2BN0RF0EWFJh5yFJ%2FeiKlvoVJTJvnZ8oQI8SkOyKp4vWfiq%2BhOwy42AqXOsBoFfkjB481V8uR3uAo6md3LXB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e880756c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/uniq

104.21.6.248

200 OK

450 B

URL GET HTTP/3
z6lh2.shop/uniq
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
ASCII text, with no line terminators
Size
450 B (450 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uniq HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: sid=deleted; expires=Wed, 19 Apr 2023 19:09:07 GMT; Max-Age=0; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=46adpUR554nRMEQqw0dI2Y4CGj7%2Bzh4qjf0wrv%2FGdKecs8D2evOwcO1p4cWMYVu5NJ6KwYCpdA2%2F5HsSCUyGC4sfeJvlAnVd9qUzZxyjUGr4PLqx5QOiVTNnwwyE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8766f290fae656c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/js/intlTelInput.min.js

104.21.6.248

200 OK

30 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/js/intlTelInput.min.js
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type

Size
30 kB (29521 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/js/intlTelInput.min.js HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-7351"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74ZzLsmgIAgJEHTTPfun%2FzW6Er2s6X0W%2BkfNkW%2FIXzc9oE%2FOB8NJ%2Fmq%2BCw%2BUTTOnmY11MCquVC0nx8XDswRILapBAwDgDBAbdunPF33HjWQ0JIFlvya3TSvxN03w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28ea83556c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/js/index.js

104.21.6.248

200 OK

992 B

URL GET HTTP/3
z6lh2.shop/l/gaz/js/index.js
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1017), with no line terminators
Size
992 B (992 bytes)
Hash
594f69439ec054e6ff377fc1e804e29f
445eec27acea68eff2e90e801f0572d1a39b82e7
eae8b4577a65b270ee87aec23788fb25d766055de730f75af9f139a90b03f43a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/js/index.js HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-3e0"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTGibeb9pycljZtTbuj2ZY7Zbp6ksh6KH317RNC0hPqZs1s6vHH45l2nd9RA%2B8lGwnUOVvUaFNxu9NacXAcWNGHstMfrCty4oz9%2BCOOEkA3FMs8q13s%2FrNyaSnXU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28ea83356c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite3.svg

104.21.6.248

200 OK

7.6 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite3.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
7.6 kB (7636 bytes)
Hash
f772a2c3f7fd89a8cdf974fd2ca17f33
5fe1a611a98559d40a179dfdd52798b70f6f9ddb
e1f2ece7be9caba38e3a609cd685202a69ca9ec1d402589a46be8fdbd31be35d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite3.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1dd4"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MDpoqIqbkZWBsAlWGS8ryYMFv3BeCY%2FsbLNNkQ9tEYDFLRKR3ddEeiPUe8sWopDvOmkYiCpbw5pwrEukxFRsxXz19eEUjBoIcZ4Wtg6hPI7%2FUMZOzi%2F%2Fg02Z1CN2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2915b4c56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite1.svg

104.21.6.248

200 OK

1.9 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite1.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1900 bytes)
Hash
faf11e7e9b672843ec985034750011da
b6a19a665f2909fdb7ed320e15ee9a3b5030b82c
16701c77b1ecd98f81456241913ba0e2efc81f96eccb2ab7f13dbde6215804be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite1.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-76c"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a9rt3YoLPun%2BlMZati2OQ4JBJZ5RspC7RNvTdK8jmqPgoBr%2FVJYwnP%2BtPuBhv%2FL1YKWoW1QBIOV77VtJue1%2BzFU9rlol5E%2B1xPuWMIaSFNTRRejHt53BXqcDjAAO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2915b5a56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/js/errors.js?t=2

104.21.6.248

200 OK

4.2 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/js/errors.js?t=2
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
Algol 68 source, ASCII text, with very long lines (4347), with no line terminators
Size
4.2 kB (4177 bytes)
Hash
2f52730c897b1de658bc92e9af67c649
1cd94cedb0bd60ca20e611ad155a2a374aafd8bd
7017bdaceccee43521c8f6878203580013c8f2f458acee34fe7b7803b5151740

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/js/errors.js?t=2 HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1051"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDwXSWwM7jR97CjIMjZR7m14ynigyRI57uImu2QH2%2B6jaNLW8RNBZl8yZMi%2FPx905WkM3%2BaL3QmY5WfAs%2FHGZu64528Os%2BXx%2FK5zzhj%2BQ115ylHu05zxebLQRVu%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28ea83656c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite8.svg

104.21.6.248

200 OK

46 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite8.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
46 kB (45668 bytes)
Hash
df93c5e07081b864c87d0946fe166bd4
06376f1fadeacbf1d4425dbe6647d3c07eb654f4
9dd34c6d50df718d2bd6c5cc7d89733c3bed24cc3badb3ffef0f91cef47f4c5a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite8.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-b264"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ny0BK4zth8pmA28Ck9vOm%2Fg%2FXW51r4a5GldQgzH0MB4jjBjbGpkP4oOvFJNiwK7tHZBHXgr8ybsQbh16NXEdO%2Fk0PJ80dnOcdigpwn5lVZxpRwfVUdQSLL9A5KqJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2914b4b56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/img2.svg

104.21.6.248

200 OK

20 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/img2.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
20 kB (19555 bytes)
Hash
53a632a7497ecd4803fb4208c9f6843a
c19a1766603c6a401b4352852fbdf6fda05f14a3
5c9c89052bff64e0821767b5219b15f86122901a8de1aec3d9a439cfe8c07ca7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/img2.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-4c63"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RElRyjo82ZYLpULszTsv0QcY8jyJuwO40N9sn4hye9WDLwA0U7nWrN%2B91MIpIJk3HMqUvLXkq%2BHG1pSuM0BLZ%2F8LIsPUAkSBapP7bfzx5Q10YI%2FmgPtyLje78IUy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e981456c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite9.svg

104.21.6.248

200 OK

3.1 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite9.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3147 bytes)
Hash
a94d5ef8ada6b57084e1367ed8c26c63
2f7a0bf12410dabfee8c9213691a0a294aeaef24
b278a847c81a737362db49bcd557a8fc987f84d9cad706e2d6e33ba163891dc3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite9.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-c4b"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gm2oHF0dFeMug3%2F2SwAlPn9VJ10WO8BzBvfME9n0CQP6wwHTQgTTBOSR1zxfa7B%2B2u7wSYCPW42LmxCNaU3RPJ34PMpZaqeJ2MuI6iI%2BMLGot2%2FKbiRhxZzwJNSh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2915b5356c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/

104.21.6.248

200 OK

45 kB

URL User Request GET HTTP/2
z6lh2.shop/
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type

Size
45 kB (45196 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 19:09:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.13
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: sid=deleted; expires=Wed, 19 Apr 2023 19:09:06 GMT; Max-Age=0; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XP5gnYcd%2FvPiSXx57rOBVW53GXPDegMLWQzoZnL1dWrP92J8JuLaw%2By%2BX%2Fc8L6WRXibSKXDqFcSa3RLkmiDeSCeuCIF2VaLmPYWR%2BceaNqz9AOLzS5r7PObIEF0V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8766f28aec7656b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

z6lh2.shop/l/gaz/js/landing_url2.js

104.21.6.248

200 OK

257 B

URL GET HTTP/3
z6lh2.shop/l/gaz/js/landing_url2.js
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
ASCII text, with no line terminators
Size
257 B (257 bytes)
Hash
f776ce66f65c39ec530a3bd2d09c9933
ebe59a2d5aaa6b873174e30e6e7f2cdfe7bcb2e4
4a2953bfe6a4596f47493279dd3f86935bf92e02cd00f6782245badb1c9991b2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/js/landing_url2.js HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: application/javascript; charset=utf8
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-101"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MCIoLAZRLUe5oYz1pmqdZQ8%2FCgb621wsKhIpt0vKdhl8zgpevBXCURQXYfHMhvDjGeQzFV1SrLRakcy9PD8cQeJUFfU49VFOjeoMAKbbRzQV2JrpicmptJxkAm3P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28ea83a56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

142.250.74.163

200 OK

30 kB

URL GET HTTP/2
fonts.gstatic.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29752, version 1.0
Size
30 kB (29752 bytes)
Hash
ab1fc8621287e4ea9319a3136812cf80
fb4ed2e52e2a8d7ac50a7618a0c2ea5507a24ef3
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

HTTP Headers

GET /s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 22:37:09 GMT
expires: Tue, 15 Apr 2025 22:37:09 GMT
cache-control: public, max-age=31536000
age: 246719
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 212676
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

z6lh2.shop/l/gaz/css/errors.css

104.21.6.248

200 OK

2.4 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/css/errors.css
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
ASCII text, with very long lines (2479), with no line terminators
Size
2.4 kB (2364 bytes)
Hash
541902e6f5b3104a2a19061a35871980
4ca48511e25ee4e3beb5b820055a31dcbd4154f9
90fd262aad643912cca5c94572e863a37c1837066b6c19b45fd12ec9980d93f4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/css/errors.css HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: text/css
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-93c"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bzra7l%2B%2BMN0pwyqe2h7twd9tEs7fZokJ4fIgLUVFW7qHI0DkRyE3riLZznaz%2FaswC6D2MxAFHkhEjb6BHXkvRb%2FpOVHFj5TY2NncZTFP%2B2KuV3ywgPqkE3VjhfLB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e880156c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/gaz-platform-preview_Moment.jpg

104.21.6.248

206 Partial Content

31 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/gaz-platform-preview_Moment.jpg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [ - TIFF image data, big-endian, direntries=2], baseline, precision 8, 1280x720, components 3
Size
31 kB (30787 bytes)
Hash
1288def0cfff265ae7118f253b77cffc
6892a2722d315ef92f69ae8de7269721eb645519
6b41030655756cae982232a04577fa46c63b65aeba4932f8546b8d29a97bea9a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/gaz-platform-preview_Moment.jpg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Thu, 18 Apr 2024 19:09:09 GMT
content-type: image/jpeg
content-length: 1564162
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: "64043bab-17de02"
expires: Sat, 18 May 2024 19:09:09 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
content-range: bytes 0-1564161/1564162
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9WVGKr%2FVM8OIAkvwgiOyovux9RCzkMugmgP%2FeaIaKRe5zDClRZ%2BWUsVUpZotErdvNAmuiCotr2liYdyOHezg1oZwEseKarVycuDvJ4DFosEWVWxb2m4eG5iGd3N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f293fe7c56c9-OSL
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/img.svg

104.21.6.248

200 OK

60 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/img.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
60 kB (60346 bytes)
Hash
51120bbddd53794d1dd188eeacd1259c
ec43bc418d3644250cafeeada7d5d1133f60c4bb
4bd591ba5310c896b04e725fb1621dc2e66c3e57e97a160efb90848cb6146e70

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/img.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-ebba"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lIQLvbgzD9%2BRBXh3Nq%2FvZM7qrEbyKardExbKpLdSBdGv3B3t8T%2F1elX7IpJV5EYuI3Qi4nOwzlEbK26aOSQz8f8ZdUnbpS513FZ3vOmaEfiohDrrmGePFo2mcfsZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e881256c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite10.svg

104.21.6.248

200 OK

3.2 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite10.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
3.2 kB (3226 bytes)
Hash
91d85ff0298bab27a1b4e34c04c34e4d
d01ca7a27b32224355407e3acf1f7916fd6947ab
49926b18d29097ca07044c52ec08c2a8ee90975f4f65a584c4e69d2bc52e6b03

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite10.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-c9a"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8FOnZv%2Bmrn8AwZqvRWaHm3ORNis0%2Fq2VeX0ynJVPZWGNGqunuVSxYp50BvXs7s%2FPnp2NjVbb%2FuOvkL4ouZP8JKB3oVvKDzSvxCMXYVGCvswLHZ81k55c2lv0FZ%2FC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2914b4456c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/favicon.ico

104.21.6.248

200 OK

1.2 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/favicon.ico
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
213beed7102b1e9a334ca0e45a90870d
b92df83ff543e68aad4f796826ea93fbd45e7855
8d753707c334888732d902d8680d85a6cf1e458fcced2494875e9812eae03490

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/favicon.ico HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:09 GMT
content-type: image/x-icon
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-47e"
expires: Thu, 09 May 2024 09:21:31 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 812857
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ue9c2B87thovuZXRvAYBxQnbvZGK9ZIW1DMFYiWyMsFIpqP83vwW%2F%2BIhyaTcwfBi%2FX1N2PTz7WgoKhATmZLkSyiNnUMV7jZzWnJgmbM0yw6p4DDjwXVmYvwx7dHB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2953fcf56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite7.svg

104.21.6.248

200 OK

7.7 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite7.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
7.7 kB (7709 bytes)
Hash
9cd03b34315fb1d8b2e5ea5d645eb561
145842ca640d6b8b05396c0adb0b720e8dd0c97d
0c6a7f69a2b4cd2ee3d7536f54706d729b2da67633315499ee892d920b441d73

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite7.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-1e1d"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFfeMktsAFqromzjVChN5N8jdsMwLTkmhiZWFpXOwtHsszxmmjgwvXUb9c3b%2BuLU5%2BwqHlWlEqluOpFbGoW12suLhSOgRLHLpHR1rYalfBeHwGDkJbg%2FCoUPVcq%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2915b5756c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://z6lh2.shop
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 08:04:32 GMT
expires: Wed, 16 Apr 2025 08:04:32 GMT
cache-control: public, max-age=31536000
age: 212676
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

z6lh2.shop/l/gaz/img/img3.svg

104.21.6.248

200 OK

28 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/img3.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
28 kB (28217 bytes)
Hash
0685ab7a7f1613725ac083f51d62dd9e
e9aeb297b2447e9b871fb32dd309434634b705be
693d77da621b2eb643d726ac6cf9bdbd9972311cabbe612700046a5138b32305

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/img3.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-6e39"
expires: Sat, 18 May 2024 12:19:33 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24575
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QKQlG3%2F2aFX%2B0VEPsd4SYIFH4dUPseO1lZPyBT%2BHaq8CvWpKBjNJBSv2bf%2FAKapD5ca4gj09UbGZeOTVz9xAiKoQ7Q7S9%2FGUPbxMyKJ2Mr1pJ735hJYaiwIJwHLG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f28e981956c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite5.svg

104.21.6.248

200 OK

4.5 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite5.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
4.5 kB (4460 bytes)
Hash
c3bac6d32fe9c133103b2ee76637790e
3feffee9c8136843bcd768659faf4ec01cecd000
4bc5d08ef99bdc338169bf0f0b0643e3beb9bce4c8fd2dceb8b774f4e55fff90

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite5.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-116c"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NCtah0w0HavqvWVl6rC9qAVqRjHibiX7dvdeWSvxepUo8fr8LD6TR%2FWHcuYI5FmIE4EbCkMR1Mco7%2FT%2BOqjgwc2HBGDGkc4hsRpovbdDE5QUGwyl4GY5GGMKNf1p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2915b5256c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

z6lh2.shop/l/gaz/img/sprite6.svg

104.21.6.248

200 OK

10 kB

URL GET HTTP/3
z6lh2.shop/l/gaz/img/sprite6.svg
IP
104.21.6.248:443
ASN
#13335 CLOUDFLARENET

Requested by
https://z6lh2.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectz6lh2.shop
Fingerprint33:D3:C8:64:1B:0C:A0:84:83:9C:BA:31:76:E7:82:0C:97:72:8D:DE
ValidityMon, 08 Apr 2024 21:10:47 GMT - Sun, 07 Jul 2024 21:10:46 GMT

File type
SVG Scalable Vector Graphics image
Size
10 kB (10056 bytes)
Hash
577c76d3485408273e65c1f426004c12
564b0efe86ca0c405e7843e953d2608eb34157be
56e699128aff9d28a360999931de0694df469a397d1d73be4b263a1a3561d36b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Gazprom
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/gaz/img/sprite6.svg HTTP/1.1
Host: z6lh2.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://z6lh2.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 19:09:08 GMT
content-type: image/svg+xml
last-modified: Sun, 05 Mar 2023 06:50:19 GMT
etag: W/"64043bab-2748"
expires: Sat, 18 May 2024 12:19:34 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 24574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=23TjT99bVSmG6M9r4eUxhAynNp%2FDdt%2Bavmz%2FYHv7Fx2wN3%2Be8INA0tVNF4L2cB2YHk4UeGtT%2F53N6J%2Bm1oyadJPW3K7ZA%2B6KJrnRWhL890MYRrd39vmFV%2F77rRsG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8766f2915b5d56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML