141.98.11.37200 OK 36 kB URL User Request GET HTTP/1.1 IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 2df29688441e61bf498690f26e777d61
31ce2083612ff6024c5d1e5c522c8db80a3f9237
114bb65674b9dd0fa31b0f532e728dac560afded556e1faaa883b680e9dc5a6c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:06 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Set-Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; expires=Wed, 06-Dec-2023 23:21:06 GMT; Max-Age=180000; path=/
design=design_3; expires=Sat, 16-Dec-2023 11:07:46 GMT; Max-Age=1000000; path=/
lang=en; expires=Sat, 16-Dec-2023 11:07:46 GMT; Max-Age=1000000; path=/
aff=0; expires=Sat, 16-Dec-2023 11:07:46 GMT; Max-Age=1000000; path=/
ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
ptrs_ip=91.90.42.154; expires=Tue, 05-Dec-2023 21:21:06 GMT; Max-Age=86400; path=/
ptrs_ip=91.90.42.154; expires=Tue, 05-Dec-2023 21:21:06 GMT; Max-Age=86400; path=/
ptrs_ip=91.90.42.154; expires=Tue, 05-Dec-2023 21:21:06 GMT; Max-Age=86400; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 35621
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
code.jquery.com/jquery-migrate-1.2.1.js
151.101.2.137200 OK 5.8 kB URL GET HTTP/2 code.jquery.com/jquery-migrate-1.2.1.js
IP 151.101.2.137:443
Requested by https://pharmacy-discount.com/
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
Hash 7d87ce904ab76326bff3147c72a45b2a
b5a7a40ada6f87047f00e95915356aff82cb0959
58564bc237b683f482c3a82def059f27b2be41109d237d7a2380074b5b4f22be
GET /jquery-migrate-1.2.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-40ed"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 04 Dec 2023 21:21:07 GMT
age: 6924246
x-served-by: cache-lga21971-LGA, cache-bma1622-BMA
x-cache: HIT, HIT
x-cache-hits: 63, 26043
x-timer: S1701724867.446613,VS0,VE0
vary: Accept-Encoding
content-length: 5783
X-Firefox-Spdy: h2
pharmacy-discount.com/templates/design_3/css/style.css?v=03112023
141.98.11.37200 OK 14 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/css/style.css?v=03112023
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
Hash 4dd5a17125fde13a1174b289c69d6c78
395114b3bf82f504d452575f7d8d09fb050159e1
71abefe5940e90d3cfecaf2bdf05d1f4c191eb9f7d56011b6201d4d5d971f5e7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/css/style.css?v=03112023 HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:23 GMT
ETag: "19b7c-6092842b899c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13597
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
pharmacy-discount.com/sw-setup.js
141.98.11.37200 OK 2.8 kB URL GET HTTP/1.1 pharmacy-discount.com/sw-setup.js
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
Hash 33746c4613d27d1538bd753206d0f36b
ff8102591d8b7804578df1e82d90320902916d14
615510a1e321f245de757ec4b03c92c789e92915a263722f31deb9452ae19b9f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sw-setup.js HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 12 Sep 2023 11:48:51 GMT
ETag: "24eb-6052806ca37b8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2836
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript
pharmacy-discount.com/js_code/pwa.js
141.98.11.37200 OK 3.8 kB URL GET HTTP/1.1 pharmacy-discount.com/js_code/pwa.js
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
Hash 7c06073ecccfa19deaec2e453643b7de
bff3f13b596e218d13d1d6e00724cf4c40001ee3
dab5cd87b35fdee49db4211d2e8f2329694cecca398de62d69d7b60941ffa040
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js_code/pwa.js HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 24 Mar 2023 07:55:38 GMT
ETag: "362d-5f7a0b8095280-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3779
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript
pharmacy-discount.com/js_code/shipping_selector.js
141.98.11.37200 OK 541 B URL GET HTTP/1.1 pharmacy-discount.com/js_code/shipping_selector.js
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type ASCII text, with CRLF line terminators
Hash c3abd28a6c0938b827baceba8578f36a
2439c63f21227b3bf6f060def2f7c30fbbfa65c0
b865aa47e53e506ef332c34c720f33f672c8c6556ecbc307c5ba342c5c51db27
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js_code/shipping_selector.js HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 06 Jun 2023 11:41:31 GMT
ETag: "a2a-5fd74801d70c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 541
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript
pharmacy-discount.com/js_code/init.js
141.98.11.37200 OK 638 B URL GET HTTP/1.1 pharmacy-discount.com/js_code/init.js
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash a4d795427151dbb4c0b3d87260c158c1
ac53d3341bc2a72082c921c2bed3c2f0c5b015e8
6735c49b424e07bee1b1902371da0e39f273c03da79218fe620904a0a6f2fad7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js_code/init.js HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Tue, 06 Jun 2023 11:52:36 GMT
ETag: "539-5fd74a7c08900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 638
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
pharmacy-discount.com/js_code/jquery/autocomplete.js
141.98.11.37200 OK 4.6 kB URL GET HTTP/1.1 pharmacy-discount.com/js_code/jquery/autocomplete.js
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type Algol 68 source text\012- Pascal source, ASCII text, with CRLF line terminators
Hash f67957fe13fcecfec27a62e815f5aba4
ae9525d4ef289e840ab4df8c309121e4da4713bb
3ccf7c3829dc501fcabb1ad6e233f59c3445374b2905e95b5a8e9e4444415704
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js_code/jquery/autocomplete.js HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 09 Oct 2023 09:43:44 GMT
ETag: "41af-607456d0d7400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4578
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript
pharmacy-discount.com/js_code/jquery/jquery-3.6.3.min.js
141.98.11.37200 OK 31 kB URL GET HTTP/1.1 pharmacy-discount.com/js_code/jquery/jquery-3.6.3.min.js
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type ASCII text, with very long lines (65447)
Hash 30792621ca010e3c5d5f98162629439f
9bc5b058a9e9fe3820484290bd0810681072e448
448ef0632211ba18d7c1557a6d22250820ac3b4465ba2e73b7137f4dc4a31a12
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js_code/jquery/jquery-3.6.3.min.js HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 21 Sep 2023 13:04:57 GMT
ETag: "15f5a-605de23841040-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 31078
Keep-Alive: timeout=5, max=100
Content-Type: application/javascript
pharmacy-discount.com/templates/design_3/js/app.js?v=03112023
141.98.11.37200 OK 39 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/js/app.js?v=03112023
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type Unicode text, UTF-8 text, with very long lines (446)
Hash 105f0e76bfd6a04d6518866d22067078
2c01a07f5e5e1a69ab7da13faeb4a9fb0ef09b95
94f8d632836ab2e1dc35b00901f0ca345e5bcc9ce690b06e83d72c2b4f538046
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/js/app.js?v=03112023 HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 12:33:05 GMT
ETag: "35724-6092a96e30240-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 38568
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js
194.242.11.186301 Moved Permanently 116 B URL GET HTTP/2 cdn.rawgit.com/prashantchaudhary/ddslick/master/jquery.ddslick.min.js
IP 194.242.11.186:443
ASN #34989 ServeTheWorld AS
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectcdn.rawgit.com
Fingerprint43:EF:51:CA:1E:5A:ED:B6:86:04:D3:7D:F3:D8:33:03:D7:ED:44:C6
ValidityMon, 04 Dec 2023 00:14:59 GMT - Sun, 03 Mar 2024 00:14:58 GMT
File type ASCII text, with no line terminators
Hash 7ce71bf1dd0266377660a9cc3b1ca0d3
ec4ed0df0ea6dfa1af608e77a14bfa73ce548d97
5ac1bb9e21f4c6b3ce814eb34896eb1072d57a513d8d37976c30a849a32fea27
GET /prashantchaudhary/ddslick/master/jquery.ddslick.min.js HTTP/1.1
Host: cdn.rawgit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 21:21:07 GMT
content-type: text/plain; charset=utf-8
content-length: 116
location: https://cdn.jsdelivr.net/gh/prashantchaudhary/ddslick@master/jquery.ddslick.min.js
server: BunnyCDN-NO1-830
cdn-pullzone: 201235
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: *
age: 54531
alt-svc: h3=":443", h3-29=":443", h3-27=":443"
cache-control: public, max-age=2592000
cdn-cachedat: 12/04/2023 21:21:07
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-served-by: cache-fra-etou8220092-FRA, cache-chi-kigq8000048-CHI
x-cache: MISS, HIT
cdn-proxyver: 1.04
cdn-requestpullcode: 301
cdn-requestpullsuccess: True
cdn-edgestorageid: 830
cdn-status: 301
cdn-requestid: eb7b2ac9a399c51e6835fc3293f49291
cdn-cache: EXPIRED
X-Firefox-Spdy: h2
cdn.jsdelivr.net/gh/prashantchaudhary/ddslick@master/jquery.ddslick.min.js
151.101.1.229200 OK 2.5 kB URL GET HTTP/2 cdn.jsdelivr.net/gh/prashantchaudhary/ddslick@master/jquery.ddslick.min.js
IP 151.101.1.229:443
Requested by https://pharmacy-discount.com/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (6510)
Hash 0e4c30018d3fff366807e2ea1cc92bfc
6d7ed10ee76ec4df05c29d0dd64ff38568201338
a059dcd249a1a454b61c04dabba48d5f4cc235898feb5502e2e12c5196ce5077
GET /gh/prashantchaudhary/ddslick@master/jquery.ddslick.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pharmacy-discount.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"1976-bX7RDuduxN8Fwp0N1k/zhWggEzg"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 21:21:07 GMT
age: 42474
x-served-by: cache-fra-eddf8230028-FRA, cache-bma1666-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2450
X-Firefox-Spdy: h2
pharmacy-discount.com/app/set_images.php?pill=dapoxetine
141.98.11.37200 OK 17 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=dapoxetine
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 01e09ac7666608f4e69c6ca1aade1f15
51b8db92175759694dbc68acf6246d7f12b4d31c
248574ab00d1ad6dbdc07211556d104b01ba25debd9253dfffac1aca156abf29
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=dapoxetine HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16935
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=female-viagra
141.98.11.37200 OK 18 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=female-viagra
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 56c30eee59c809bd50c5c74fd018fa5d
d7b3715e16c0300b765c6f0105cdccb64a14dd67
fc4e8927342341223be7a07d60189b5a028e8f01a5c4a5e9ef53f75f4d2c18c9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=female-viagra HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17519
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=cytotec
141.98.11.37200 OK 9.6 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=cytotec
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 67a2b6e9eb48d4beb7ce4e098670160a
6c0c85b38551a418cd9a9000784307d7be21f57e
407643406c37347789a926cbfcecf4146af24e67954cb348f2c29482116fe11d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=cytotec HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9569
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=viagra-professional
141.98.11.37200 OK 17 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=viagra-professional
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash defc1ec8905c6829e7c72bead6a538f2
5bb03cb29b68af9eaf71d94fc0bbd870a5f140eb
8bfa5d1c8ac6ac093b6fcd9e1e22ccecd4f64c3972bf04451584d344ba504b89
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=viagra-professional HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17353
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=cialis-professional
141.98.11.37200 OK 23 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=cialis-professional
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0e120228ee5b73b0b74df1412f48e4de
23be925994670a655637841c6d14ddf7b2eeb6df
a9108eaf831ceeed7d40d74f3858d673a154f1cc6757472c7d160fc076d9d95d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=cialis-professional HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23265
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=cenforce
141.98.11.37200 OK 10 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=cenforce
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6cd577e71f3513dda431f49dfae94ee8
d8cd1a53a670e723c0b2f571deb413b80ba434e4
efa9358dc72e503f763a355ad8b00474ecf1767047eee4aa3d60fa861a28faf5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=cenforce HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10055
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=female-cialis
141.98.11.37200 OK 18 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=female-cialis
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 54183901ae163691ecb7673a8656c411
55fe3a5696909bb3fb0b99a3b1677bc8d3c89471
7319582d958ac2a8cfcba4df8bbf5d6d4db10ad379c2b72525dd14411a300c3a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=female-cialis HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17939
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=accutane
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=accutane
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 573b87e2e7988636efa8b66ad1129021
235bca13e9ec6e3af07131652a0e8ab4ad217de1
f969205046ab12004098990053150b9645649ea3535fdad6c6d0dabc0e005818
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=accutane HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16421
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=prednisone
141.98.11.37200 OK 17 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=prednisone
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2dc5892ebc1c6378f754ef6a4f8018e1
cc13c110db5ccfca254cadef111b8b15ecf1752d
e96cff14eefd2eafae85f48dd971b871c232d173931c13cda6c6c36bfc367de8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=prednisone HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16909
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=robaxin
141.98.11.37200 OK 9.8 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=robaxin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 498cefb18b7bd7d1ebd015aed469d506
6f493c1a8f79e55e815f2580647473607aa7f593
ea6d497c861c2bcfffa5e3aac92dfb5111d8e27a5df62a3a097ff39e6bb78d51
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=robaxin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9833
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=seroquel
141.98.11.37200 OK 17 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=seroquel
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 41fd75e01b0cd9857c43eb4b5bea0f4c
b38c43e80626b068bc6472301ce00ee26f346de8
2b635bbdcf01accd24f9e12dbc31be94b72a4e34b0c00bcf63229671a17f57fc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=seroquel HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16599
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=tadapox
141.98.11.37200 OK 19 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=tadapox
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash d6ccff7f2cc60477812ac175d69240e6
09f75cd22ed0f3ffebc9d64501fcd45841207ec7
86f3311cb291ac9875985edf3cbafcd9bedc8cd377bc56a1db25b14d659b1abc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=tadapox HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18785
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=amoxil
141.98.11.37200 OK 24 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=amoxil
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash b41b28f8311b55392e1d35caeaf5113b
0f35940de2e3ace57f6ac3babd7e2635ac2708ab
7cc23eb45f394b5e0428e5bc5b862b63d7022bf83b74c3983d70574d0a8d812d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=amoxil HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 24155
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=clonidine
141.98.11.37200 OK 12 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=clonidine
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 665047fbd591a2a4cf2f4ffc5b954ac7
b4e2f4f1bdcdbf56f6b047a316b5d081fd757c67
082ffec08ace42e91e0f77b9b9588710938057e8841e6474e510b56d9245923b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=clonidine HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11981
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/templates/design_3/images/logo.svg
141.98.11.37200 OK 3.3 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/images/logo.svg
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2368)
Hash fd7a79674e68c9b6f51af728cf1ebad4
9573f4b2c20ca265bd98c8c05caa2b973baf3236
41a38e9eb46571627eb74611b404d62229741f109b7f445a6087b8c53ffe525a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/images/logo.svg HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:24 GMT
ETag: "cea-6092842c7dc00"
Accept-Ranges: bytes
Content-Length: 3306
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
pharmacy-discount.com/app/set_images.php?pill=prednisolone
141.98.11.37200 OK 10 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=prednisolone
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 197e3546a512298bad084e47ecf57ab9
818b5c32b31aa6df4b99fbd96ac22f4c8485756d
e5f82abee8d77dd732b6ae3e9d99b69be746c2227974e6ec2d46399496163f0f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=prednisolone HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10223
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=fildena
141.98.11.37200 OK 22 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=fildena
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash fd2174fd62519234cef3bca8faf8f8ba
d0e56af1fbcfa3232bb92584b29b7aab2796a26e
c99177754fc5e77b56f8204dfcbae509fbd92ac87f63bcd26588f3134c11dd24
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=fildena HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22131
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/templates/design_3/images/partners/mastercard.svg
141.98.11.37200 OK 4.8 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/images/partners/mastercard.svg
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3662)
Hash a2986c577563688d7062eb90392185ac
c45fb566bc7322dde3befa33f3fc56592ce9ccb1
f4b22c041b4a3cea5efd3361f9917e05c22740f97fec0694f2e9c0c5ca803512
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/images/partners/mastercard.svg HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:27 GMT
ETag: "12b8-6092842f5a2c0"
Accept-Ranges: bytes
Content-Length: 4792
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/svg+xml
pharmacy-discount.com/templates/design_3/images/partners/visa.svg
141.98.11.37200 OK 3.5 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/images/partners/visa.svg
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2358)
Hash 2d9d831789b8a727500fee0b6ae2d62d
292c13f50a5263bad2e7d971345aa62eb61f70af
1cf13672a3720c2b5bd6966e724d85fdbdf22b85e5a2799e836e6b99811e2d61
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/images/partners/visa.svg HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:26 GMT
ETag: "dc4-6092842e66080"
Accept-Ranges: bytes
Content-Length: 3524
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
pharmacy-discount.com/templates/design_3/images/partners/mcafee.svg
141.98.11.37200 OK 4.8 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/images/partners/mcafee.svg
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2843)
Hash a69e0cf1b9512fad752b7307ebd95cbd
ef86a99ebf2f4c1101e844bbdd1ba69ae85fcca9
13fe826d76a628aa71921ea2e750bbb508256553da9aabb3a04818e2334c3e33
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/images/partners/mcafee.svg HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:26 GMT
ETag: "12d0-6092842e66080"
Accept-Ranges: bytes
Content-Length: 4816
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/svg+xml
pharmacy-discount.com/templates/design_3/images/icons/icons.svg
141.98.11.37200 OK 23 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/images/icons/icons.svg
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1819)
Hash 3971ca2a6c6f529d147199032754a053
c06bce4ed62c1799a8917ada6ddd4ef277dbcf66
631955470e283b7eef4f54a77557a060fce79ae4f95dffc0538eb2a9214af203
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/images/icons/icons.svg HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:29 GMT
ETag: "5a9f-6092843142740"
Accept-Ranges: bytes
Content-Length: 23199
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
pharmacy-discount.com/templates/design_3/images/partners/fda.svg
141.98.11.37200 OK 5.9 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/images/partners/fda.svg
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4803)
Hash 95ef29b1a4579a46356f753055762ae9
332efa60b3dbda72f645c1c863e7266f84049590
29a9815060fe3ad949329deb9a58f3175171fbfaabc31c777b199452e1c5920e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/images/partners/fda.svg HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:26 GMT
ETag: "1717-6092842e66080"
Accept-Ranges: bytes
Content-Length: 5911
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
pharmacy-discount.com/templates/design_3/fonts/Jost-Medium.woff2
141.98.11.37200 OK 20 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/fonts/Jost-Medium.woff2
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type Web Open Font Format (Version 2), TrueType, length 19956, version 3.459\012- data
Hash f5bc08b9eb28e56f47ee0d230b00b562
d4004ccb996f48d003308b373b75bbe0a89d621d
e51c522a121f58b53acce7bdfe480846014b290d29ddc15a43d125264893e2d1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/fonts/Jost-Medium.woff2 HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/templates/design_3/css/style.css?v=03112023
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:47:01 GMT
ETag: "4df4-6092844fc6f40"
Accept-Ranges: bytes
Content-Length: 19956
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: font/woff2
pharmacy-discount.com/templates/design_3/images/icons/arr-down.svg
141.98.11.37200 OK 287 B URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/images/icons/arr-down.svg
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 826f2ed24869873e950658c73740b5f9
2bd6b31157bb85203454a901e693f86b22c1169d
7919a7eebd9a54be1013da8193c375aef8471d1c0c825df21b9b17921d561e92
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/images/icons/arr-down.svg HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/templates/design_3/css/style.css?v=03112023
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:46:28 GMT
ETag: "11f-609284304e500"
Accept-Ranges: bytes
Content-Length: 287
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
pharmacy-discount.com/templates/design_3/fonts/Jost-Regular.woff2
141.98.11.37200 OK 18 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/fonts/Jost-Regular.woff2
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type Web Open Font Format (Version 2), TrueType, length 17972, version 3.459\012- data
Hash 6f62bbb900fb3baa6906a5cc508f9da1
ea4463bd891bb6b67e5fb4894af9464dd6c17f06
7818b7697dbcb091b756d67d453460849065c9f84a68464c96bab50988b21dce
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/fonts/Jost-Regular.woff2 HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/templates/design_3/css/style.css?v=03112023
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:47:01 GMT
ETag: "4634-6092844fc6f40"
Accept-Ranges: bytes
Content-Length: 17972
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff2
pharmacy-discount.com/templates/design_3/fonts/Jost-SemiBold.woff2
141.98.11.37200 OK 20 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/fonts/Jost-SemiBold.woff2
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type Web Open Font Format (Version 2), TrueType, length 20104, version 3.459\012- data
Hash 493ec8095f7215d7c22ffb4407fdf5c9
90bb61aecc84ded2dfcc69987e93220a5e349daa
9a8db933dc6fbb89d611d2a0f0778b92a9125db08436aa85263a331495ecd7b6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/fonts/Jost-SemiBold.woff2 HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/templates/design_3/css/style.css?v=03112023
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:47:02 GMT
ETag: "4e88-60928450bb180"
Accept-Ranges: bytes
Content-Length: 20104
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: font/woff2
pharmacy-discount.com/templates/design_3/fonts/Jost-Bold.woff2
141.98.11.37200 OK 20 kB URL GET HTTP/1.1 pharmacy-discount.com/templates/design_3/fonts/Jost-Bold.woff2
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type Web Open Font Format (Version 2), TrueType, length 20212, version 3.459\012- data
Hash 20d374c507f8a25ce9771a03ff24d3e1
08622df23238954cf4c9ce16e7bfd30cb5b45ae5
008d2eac80820e273245a20d642a165fbbfab526d848fce6f167e7e5cd1152ad
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /templates/design_3/fonts/Jost-Bold.woff2 HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/templates/design_3/css/style.css?v=03112023
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 09:47:02 GMT
ETag: "4ef4-60928450bb180"
Accept-Ranges: bytes
Content-Length: 20212
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff2
pharmacy-discount.com/app/set_images.php?pill=viagra
141.98.11.37200 OK 19 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=viagra
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1128f04d9541f175db213f4c70094933
0df4e44dded61665ea6820fe8bb24658406f4ef5
c1319d762efd828cceec13498eebef007539efdda4461d97a40e00b5209831a9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=viagra HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18861
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=levitra
141.98.11.37200 OK 14 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=levitra
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 778610dea3ff15b2b911a0f0ce8360ed
b5dbf93da917146956c4b4a3a4c058d8c402ce1b
869efa941a8c87def5cc46278853e01e3ebff232eda9827af81647286a1e9517
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=levitra HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14113
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=rybelsus
141.98.11.37200 OK 12 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=rybelsus
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash bbe6e1f008b83b9ebdf1472c0533b769
a30cabba6735b6a48ab1ab1fe15241fe8f8e7a46
c5b221762d3d144b810a52b63cdab46f6924da1208c641c1a821efee21624e12
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=rybelsus HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11617
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=trial-ed-pack
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=trial-ed-pack
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c28610ddf6153bac9e33a14fc2ea2afc
087f27d384f8c42d21ab7f689a480369d9e7bd62
dc0550e3271353bc55697b93212e0b9251c9f0d1a7794bf49d277fe50cd7559d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=trial-ed-pack HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16219
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=cialis
141.98.11.37200 OK 24 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=cialis
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9c3ccb4562d1304c80803f02eecf2756
2a0765111753dc762cbac74b427b1549b5f67200
480e6b5da355d5d3b92df70441d623b56b6fd620c1a01053adbbfc26cb71f080
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=cialis HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 24207
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=clomid
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=clomid
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 107090da3e54eaa3a57b4c604c946046
35aca2d3d6244381cf9e6bd67a8b3a795b93ca2b
273420c01544a6dfbab109c9f0ef2b6491732a6b9556d4c8dd40d5e9e95f648a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=clomid HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16499
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=periactin
141.98.11.37200 OK 13 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=periactin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash a410eea5c12a0b92d9930fdb998afda6
a165f7f70003fe6e32225e5fbb159f732c1a8f4c
7452a64324c1cfd4170fb9244f7acc405b2d7fea7c770f068a9533ab1894d6dc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=periactin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12859
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=asthalin
141.98.11.37200 OK 9.5 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=asthalin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 4ada663a76faf70088a89d9311596770
dab805fc1665b857d80387cc857a1672b6188461
7fd6c0b6076b60f468966a83fd6e698235b4b68bb60d04b2d2a52ac6c2a4878e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=asthalin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9533
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=stromectol
141.98.11.37200 OK 13 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=stromectol
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 60f50b61722097dc0f8c300e52c24828
77f18a09d3cf067e200361748fb163529369f704
089ed7fbb76be4367f70a543d7037c09c777980ffd1b8b68f7c538d79573769d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=stromectol HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12949
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=extra-ed-pack
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=extra-ed-pack
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1e1b9db40c5c9c009ac6998a5bf7750b
c6e0e4e734969ab2749132516a6b70117d98bb03
f7fe763720211ce7d48dbca62ebaac3f43014e39570a929485892671686cb264
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=extra-ed-pack HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16353
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=cialis-super-active
141.98.11.37200 OK 23 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=cialis-super-active
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 336832d06f423d24cb0982de86b0182a
0209a19fbf4eadc4e7ebeff6698996fe3373f91b
de747b353f1190a306c4ed2eefcc8daa6828b930043b1a2b70d03a1d16477c6b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=cialis-super-active HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23119
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=neurontin
141.98.11.37200 OK 15 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=neurontin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7e2a5b48259b98957233e135ec373fff
ed131b641c764b3c8414f4183c2ff9beaaed5b61
0ac089e85c543bc6a8af9d5e39b7abf3f3085ba73ecd15bf06107222ce458114
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=neurontin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14751
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=womenra
141.98.11.37200 OK 20 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=womenra
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 92ef0fd3ed77fd5e55eac5a717933090
70cf72d78f29b40d67c54a4d91e03664ece1d57c
f39608ddd3d73e15ece0762089e8a4bd113d7d038762ec3f85175cfa4bebbd77
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=womenra HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20156
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=ventolin
141.98.11.37200 OK 13 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=ventolin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash bc722e9ca0770edc00786901cc613eb8
36fded58d381d7810c851dbd76c0c51fdc8b300d
4db5f95337cf0f34fc08473ab5bdbbd16450451fa6e02a80ddf1305996b785c4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=ventolin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13393
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=candid-b-lotion
141.98.11.37200 OK 6.7 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=candid-b-lotion
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 451e910a44e46f107c6ffa9462678415
c560135ee1b009f4bcb6d2145b02280334a6481b
0f47fa5702dfe6202d63c995c3cbb50c5217e6be0d0fc818b8f3d34f8b99ffc3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=candid-b-lotion HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6651
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=bimat
141.98.11.37200 OK 5.9 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=bimat
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8383a6ca6a1cd94539ab7631722811c0
184eff41b5c117f7e31c7c5513df668836ba191a
f9cf03c8f0c2365e025d8ff505c7e2c67af3e53a7a5ec5ac1ec0e9b45a58eb43
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=bimat HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5897
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=elidel
141.98.11.37200 OK 5.8 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=elidel
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash ef0bc6e9cea8ee0d6cd81ddabeaa5164
87d2721755f27db03b042cdae0cd0ae29fb1f95f
23f4fa07145a40eaca046fb9fd8e87928adf3203f1ee225238a2e0dc76615872
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=elidel HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5807
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=super-ed-pack
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=super-ed-pack
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c643134c1342a6cb7bb7daf3d1a331d6
8ef2bafd6f63ce30013110952c31638bb446a202
817a698b857b9587f658a7247b999fa2a4f7baef0b078f0ed9fe86fc9b38db4d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=super-ed-pack HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16297
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=elocon
141.98.11.37200 OK 6.1 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=elocon
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 75e5490dddc2b102aa8d41fb65cb5674
c1017f87473832ca571a8af9df870e26fc216dd2
65152e2a448cbc32fadb17ba8e58a0b207b91ef11fd2158c3e4663f27e900c06
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=elocon HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6069
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=imiquad-cream
141.98.11.37200 OK 12 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=imiquad-cream
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash d7194a7772a9c50af9cfa696745b88b6
30161a1dc2e70cacfebeb551b6e51800c870f401
d0a9a1a9f09c9cd7de86cf4701a483d07008129d8d8dc88a62bc53118c65b3d5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=imiquad-cream HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11973
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=tadarise-pro
141.98.11.37200 OK 5.4 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=tadarise-pro
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 81d5c6a6746172d063464eff6900337c
5fbc980c7341f4bedb0c213fd748ff3863207979
90fe209aadfd1a23ae0a52e65cf68cb56340c5660496c117bc3e37410f8f3f40
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=tadarise-pro HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5401
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=azeetop
141.98.11.37200 OK 4.8 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=azeetop
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash b732a9b51c363bd30c3c4efb13a8fcbe
872c5be622d9c194178e572e8cddf88f0a818aa3
699becf88e636314e0c8ce655ff626171731f5dbcc99c6a48b043625c9ba63ad
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=azeetop HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4805
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=brand-viagra
141.98.11.37200 OK 6.4 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=brand-viagra
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9c022cf82817f6e46d8aceeb9b1ec1a5
7dbadd4d002448cd3221f4b9007499400e9f341f
ab1b64a1f8d39b5af5da23312468f453d9302a4dbbf0604b363df139b215e78f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=brand-viagra HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6373
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=extra-super-viagra
141.98.11.37200 OK 18 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=extra-super-viagra
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash f7e266e9f258d5120fdb07bc00516a37
306c94c83241e80208af603616a69f58da133ef3
066d190fde9684a0fe79a8df3f68e9cebcbe8a75b099ca8f92a44500fa261996
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=extra-super-viagra HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17771
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=zithromax
141.98.11.37200 OK 29 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=zithromax
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 635045a2022a3c0dcf12fd29beae4fd6
a0c094074f3fc14ad5e79f64746ce67f21215440
1f75745d17b80b1f118f6a8faaffe5d66bd1932824c62f3294c7854b96eb798b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=zithromax HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 28577
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=zanaflex
141.98.11.37200 OK 6.0 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=zanaflex
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 31e43f2f3470e10db93d78d861bb4735
500f59747a1e606563d6d2ee3b6ce448f24cd36b
c23697b1fcd6b18142aec7e9177242175bc8197f5193469a4b78b0c300e27685
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=zanaflex HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6009
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=kamagra-oral-jelly
141.98.11.37200 OK 15 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=kamagra-oral-jelly
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0a97c8a1510eb889363efc457b2fa171
d608acf0f6dff179844c3b35f84df3156788ff49
65c0ed4af9b1207bc567b555a93c91db0ff000d4b48b64420ab6c9594e5105ac
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=kamagra-oral-jelly HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15105
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=kamagra
141.98.11.37200 OK 23 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=kamagra
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash e68f5d622cf8725ae5ab8a4ba8a9e93e
1cc51fdda4693b54a04c1ce3b908056928c123d9
9f033212a3d49e256273e369e385aae3001d57496c067fbeadfa25365406fe30
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=kamagra HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23301
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=i-pill
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=i-pill
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash ddca7c9f0f2b92c4d7f4431663732bec
cfb5e03c37fb211045f0bd264f90ffd52d70b14f
1d1bc75e55a3d7607bd0795189ae3e0ab19720e7cde1891af889cba1cd69b98a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=i-pill HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16397
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=extra-super-cialis
141.98.11.37200 OK 23 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=extra-super-cialis
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1e105744415dab98a44e52f5c467c05a
96ed53d58b29cb953a738c656c51734406ea8a0e
288262f87229f38161e2b253f071858762c86b0d169c7c9b11923c26f12ba9fd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=extra-super-cialis HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23089
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=kamagra-gold
141.98.11.37200 OK 25 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=kamagra-gold
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash f06027a6ceb2503a1711bdb42ab71650
a67fe02531500211e1e0e51d31b28447ab0fc258
c48ce1ab439621ff26b82e84666fa62e5d7813fe6827f83e455bb0a35464c575
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=kamagra-gold HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 24555
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=omnacortil
141.98.11.37200 OK 5.0 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=omnacortil
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0cfdcf590a9ef2f84e51fd9a959a7542
e07962618235847bc8553095a9ca4041657c702c
dee26f37c644f9547eec1543ce9d8518d625ff60965684a5e83048f542baa245
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=omnacortil HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5037
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=motilium
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=motilium
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7eddd89768b3e123e09ab501afe26854
d662462b667246c8118b5b68b794094ee5d94bde
25bd4d090c70a0cead145ef944b8e2eaa60691ae60c99ae4b9948fa022a4256e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=motilium HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15587
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=sildalis
141.98.11.37200 OK 28 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=sildalis
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 51e7fa0763bd4627a8e24a4ffd91c997
cff7e26da857bc1d4256198efb0239612deedb35
f0cd429bbca62646dce0d70eb13f1c2478c050138ab0cc0a889d8a20e7d6584b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=sildalis HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 28275
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=viagra-capsules
141.98.11.37200 OK 6.4 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=viagra-capsules
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash dc281e98ecfb989a1b951d80b145d759
d8c6c79c06328cd877ab8998274c946677261c90
ed0a77a4a23aed7caca94e029ed71c243294a9af85fd92370df03708a79851bd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=viagra-capsules HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6389
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=tenormin
141.98.11.37200 OK 13 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=tenormin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash aeb8e93de21d0ad2533df248ee4cd189
7fbeab43e5b525966799475a0755d9bda0752cd1
37c2b5a9ce50a4e4b7a5bffd0a80b5154ef3c3b0636aa363c0137d5f36dc3ef7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=tenormin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13123
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=propecia
141.98.11.37200 OK 14 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=propecia
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1a89dc394f65e5b2f66971bdcfd7fa48
a9453a7e8e9dbfc31d0d47c0e74d6486311028ad
81499a18a9197cc8a4aabbaab52d28c17fb6d35b8d129687eb2e1fdeea484b6a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=propecia HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14435
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=lasix
141.98.11.37200 OK 17 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=lasix
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 892ea74832aa5816ca8fb2b3cd9d12e3
1680fcfd075254a2901deb34db4f60e77305dd79
96e31e37da84f73c48956d515f22c8e4a9b9e971b62a9f58852188a528d7e020
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=lasix HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17243
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=tadarise
141.98.11.37200 OK 5.0 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=tadarise
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash cdfa45589fd083c49cb3f4ec114ddd13
d665ad5db6af63d52b52c6700785d7f3ef85cf78
e9ddb615cc2a553ca8c7febfb5dc10f30f1375dc50b682b1d6eacb015c5a1ea5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=tadarise HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5039
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=ampicillin
141.98.11.37200 OK 19 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=ampicillin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash b3567523fe33acc360efe786e91498dc
29b5947b49903fb2a567dc7a5720fe57c5791315
1dc2e0fa91f85843415e4c4c5bc3287a91a06a81036608f18298a3509677b617
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=ampicillin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19215
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=pepcid
141.98.11.37200 OK 25 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=pepcid
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 09041d3af87afc6b195cf8170ce7c12c
8b2d45597e67cec1ce5ad71cd16a40fc5e66203f
e272cd5d2c673885c475aa00d4629115ca6444801aaaba6b2e66248c4ad5b0df
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=pepcid HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 25185
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=lexapro
141.98.11.37200 OK 18 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=lexapro
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash d7894c49ac711f8e0c1a2c5470629beb
2f0f6e85ba4e66bc4bf73a8bf4a23e78028ac42e
2208fecab2610c9118bd4af896216f29a6f5120b42b2417550c63ae951cdc319
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=lexapro HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17817
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=plaquenil
141.98.11.37200 OK 12 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=plaquenil
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash aa8d86fcee20b1267e0caa58be4f149e
72a9d2f1aaff0c4eeb57330a82399c6fb3105f5f
0e9fa8bf953603b141733a3790bbabe0f980ba508cb5a6689e89beff59dc39eb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=plaquenil HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12269
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=metformin
141.98.11.37200 OK 21 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=metformin
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0677f4f6858b66b4dede6e0f95007439
cb0c512a19be03f7bef0b141d97ddd6df76fae91
05b315ac6d87df2171f387e8e13af517f958b68809dfeaa34b76d5445c9789c7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=metformin HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21083
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=strattera
141.98.11.37200 OK 15 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=strattera
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 03ea54220dff304689c1b08d65081bed
418e9e8b48b88ff473cad2dcd3eac6ab1eb5f818
0376bb9c91e7696f7855a90dd6d7c9127ca899b7aad5ae0e4d6a1980dde59feb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=strattera HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14983
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=propranolol
141.98.11.37200 OK 18 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=propranolol
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8008715585be249103a4b6447f490580
588fb90ad84e76ab2731f812a251b1a271daa5b9
97009aae2426bb43f6e1ee232aef9569ceec7c77c7a0c9bc22becca3107f8d4f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=propranolol HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17543
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=synthroid
141.98.11.37200 OK 12 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=synthroid
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 446f325a2c60a3facbdf266c0603cb85
4c14fb847768cb7a9d9754d55e331489b384e8c7
a43b111ad0fdc87ab07c1dcedfadfe42186d9c55404333276e053527cf3fc6cb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=synthroid HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11869
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=viagra-super-active
141.98.11.37200 OK 18 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=viagra-super-active
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash feaac950f4fb27d4bd3923d7a36bd1fa
ab09e1fe4a80b6886dd0b368a144f43b5e870039
663a1ad79e83072663f525a41f18f2bfbd94de1df45c00f33c0f04e6760e0ded
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=viagra-super-active HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17625
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=viagra-extra-dosage
141.98.11.37200 OK 17 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=viagra-extra-dosage
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 08ff8fe6125f89e70abd44b9ca65fbc0
fa57964bba79173a6ce70e46e4961acb51ee6312
acf7dd51abd263235f1ddaa9aa62a12cbdadba7e3f67318cdbf59b7bd8ccf5fa
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=viagra-extra-dosage HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17405
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=viagra-soft
141.98.11.37200 OK 17 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=viagra-soft
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash aeb58d4194a7cb59ec052cd399b2184f
86c72efd14425c802632f06a0aa54b3b6735d047
a9a6ca64ed9fb0e268fb26a1db9bd48b0b517f8635b11fc740620d62696029ae
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=viagra-soft HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17271
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=aciclovir
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=aciclovir
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 30082f667d9b2db089d2a680ac6e81fb
c832d1d3d0bc953feb77acf98b61afffe424b978
a889709dde7d9d4b47fad6c927f0db0e479fe1bd0ce08426446d5b6a7b6bd44b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=aciclovir HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16345
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=brand-cialis
141.98.11.37200 OK 6.3 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=brand-cialis
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash b2fd1af1bca95e11afa84b6b04e03c04
931c607574c28124200f1afa63a00203f5aa1b9b
1a24d13a2e4a151360ae6626198d4f27cbfcec7f27589fc7d2c3861b9179a899
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=brand-cialis HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6267
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=antabuse
141.98.11.37200 OK 16 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=antabuse
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7e542160854a01580d579b33f8ba4d29
aa3f3ed1735b5df53d598779fb9ec24321770775
4aba0b766881263b8229aae26d5d999667ae8a03cf0721c7dfceb149c6bf65b1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=antabuse HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15997
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=colchicine
141.98.11.37200 OK 10 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=colchicine
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 39f8231fe8cbce255239ff3a6500cb56
0c829852549278452669b2e0ef72734952993806
b8baee222fe3d673bd9b31daeefe932b1af011bce1b52bdb548b598ee3c00e9b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=colchicine HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10263
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=doxycycline
141.98.11.37200 OK 8.5 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=doxycycline
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash f483de4efb6e83cda38017b1aea77bb2
4283debca55fd6137efa21338758f36da021496c
6120de2474cfd4babbfcc26c5d2e8f7c9bed530ce7e85a2138e14bb00825d637
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=doxycycline HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8487
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/set_images.php?pill=diflucan
141.98.11.37200 OK 30 kB URL GET HTTP/1.1 pharmacy-discount.com/app/set_images.php?pill=diflucan
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2b081c64e2ab60fb5e347b540a776079
e04339de28b5bd25b197fc9f6e2afa23da6ea839
5a6c126bb24fb51039f7710b55980ced5c06f8befb93028d1037d7b342ba4743
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/set_images.php?pill=diflucan HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30531
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/ajax_header_phone.php?lang=en
141.98.11.37200 OK 316 B URL GET HTTP/1.1 pharmacy-discount.com/app/ajax_header_phone.php?lang=en
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT
Hash 634899fc4fe650096feadd7350e8f35d
9422e1ca5d0247ac5d8e845a087884aa201a9e8f
e55f21637c2cae4f7534635f621ffb3bea01ee8b44fc63eed405d181adb6c9f2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /app/ajax_header_phone.php?lang=en HTTP/1.1
Host: pharmacy-discount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://pharmacy-discount.com/
Cookie: PHPSESSID=ij6q3k0jh6o1fme92o6oo7s3j2; design=design_3; lang=en; aff=0; ptrs_ip=91.90.42.154; month=12; date=4; day=monday
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 21:21:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Set-Cookie: design=design_3; expires=Sat, 16-Dec-2023 11:07:49 GMT; Max-Age=1000000; path=/
lang=en; expires=Sat, 16-Dec-2023 11:07:49 GMT; Max-Age=1000000; path=/
aff=0; expires=Sat, 16-Dec-2023 11:07:49 GMT; Max-Age=1000000; path=/
ref=https%3A%2F%2Fpharmacy-discount.com%2F; expires=Sat, 16-Dec-2023 11:07:49 GMT; Max-Age=1000000; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 316
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pharmacy-discount.com/app/ajax_testimonials.php?lang=en
141.98.11.37200 OK 1.2 kB URL GET HTTP/1.1 pharmacy-discount.com/app/ajax_testimonials.php?lang=en
IP 141.98.11.37:443
ASN #209605 UAB Host Baltic
Requested by https://pharmacy-discount.com/
Certificate IssuerLet's Encrypt
Subjectpharmacy-discount.com
Fingerprint24:D1:6C:C7:C0:61:A7:67:C5:7A:F8:5F:1C:28:44:85:50:CE:3E:BD
ValidityTue, 17 Oct 2023 05:34:20 GMT - Mon, 15 Jan 2024 05:34:19 GMT