nonpaying.xyz Open in urlscan Pro
2606:4700:3035::ac43:99ed Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nonpaying.xyz/lander/-w--sber-lf/
Submission: On June 28 via api (June 28th 2024, 7:44:36 am UTC) from RU — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3035::ac43:99ed, located in United States and belongs to CLOUDFLARENET, US. The main domain is nonpaying.xyz.
TLS certificate: Issued by WE1 on June 25th 2024. Valid for: 3 months.

This is the only time nonpaying.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	2606:4700:303... 2606:4700:3035::ac43:99ed	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.67.153.237 172.67.153.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2

8 2606:4700:3035::ac43:99ed (United States)

ASN13335 (CLOUDFLARENET, US)

nonpaying.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.153.237 (United States)

ASN13335 (CLOUDFLARENET, US)

nonpaying.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	nonpaying.xyz nonpaying.xyz	136 KB
11	1

	Domain	Requested by
11	nonpaying.xyz	nonpaying.xyz
11	1

This site contains no links.

Subject Issuer	Validity	Valid
nonpaying.xyz WE1	`2024-06-25` - `2024-09-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nonpaying.xyz/lander/-w--sber-lf/
Frame ID: AE934BA2A0C7B40B7A54B158CF789415
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sber

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

136 kB
Transfer

229 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response nonpaying.xyz/lander/-w--sber-lf/	7 KB 3 KB	195ms 114ms	Document text/html	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4f1ae4764416061749b23895791b5568e382bea860aeb5dc934b452c12ca7d25` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 89ac0d5649838ed8-FRA content-encoding br content-type text/html; charset=UTF-8 date Fri, 28 Jun 2024 07:44:31 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sbo1UqhG43gzOZS8vk7rl7n2PSrH28MlIGvCJrQAe4y3hqO22nCZ6q438i%2FVz%2FUhwiLnURjOQiKi%2FHt8VB9qhhT9jJirH0oQYIavYqECvhy4Z8PJ2WUmpIihP4odtWFB3lnHSj1YUuAiDIpm"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	landing.css nonpaying.xyz/lander/-w--sber-lf/assets/landing/css/	4 KB 1 KB	46ms 45ms	Stylesheet text/css	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nonpaying.xyz/lander/-w--sber-lf/assets/landing/css/landing.css Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `55891dfec20557f60d5c3fb8ac38930916c689516bcbce63bff3155701971bbb` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 11:26:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66756354-11b5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FJ5%2BxuFRwFy%2FKX%2FVC6aHlo4Rrx0txBc2biK4lx92RjfTnngsh9F1TaS8HrcGDB9Qg2bJkiKES3Nfty%2FkTuOhYh3u97fUSQa5LV1TdKGlsWood7XKGem%2BoXRXGhXVpZt92MErW%2F8kMlDjL1Jd"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=864000 cf-ray 89ac0d570a6a8ed8-FRA alt-svc h3=":443"; ma=86400 expires Mon, 08 Jul 2024 07:44:31 GMT
GET H2	200	style.css nonpaying.xyz/lander/-w--sber-lf/	6 KB 2 KB	38ms 37ms	Stylesheet text/css	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nonpaying.xyz/lander/-w--sber-lf/style.css Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `98d5310032f8febc6fcc1a2ba5fddf040ffaeef6729a956a3a41bb95d12fe84c` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 11:26:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66756354-1736" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dGjjCScCobNtve402HgMTJaFvEWIfYP6fbD743IONSUZZtJJbC5Be3BAVBJM%2Flvs9E7g%2FCdcKZBIA46NLXJdJzUHXJSEmjIEhT0Gu83s3rtlbRmRTB2yAmOmT1HHWxXHvPZ7DjhmAeDzMS1j"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=864000 cf-ray 89ac0d570a6f8ed8-FRA alt-svc h3=":443"; ma=86400 expires Mon, 08 Jul 2024 07:44:31 GMT
GET H2	200	sber.webp nonpaying.xyz/lander/-w--sber-lf/img/	5 KB 5 KB	48ms 48ms	Image image/webp	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://nonpaying.xyz/lander/-w--sber-lf/img/sber.webp Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3f8ea3be1ff0ad6ae9d00100df4c38e45b5faed93918131da155d022706358b3` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 content-length 4808 last-modified Fri, 21 Jun 2024 11:26:12 GMT server cloudflare etag "66756354-12c8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDA%2B7nmcDHr2JCr5V4bYcCwRLsQNx%2BuPSi3HoOfbVKblRolTaMFgqltGSPZunNQB3luLV4EzKTnLsJwlwUZlmOFn%2FSnTWoc4xi5RLSe691PzJorUY4hhB9ZY%2BtcHFa0U%2FACOjdkeT6nZguyC"}],"group":"cf-nel","max_age":604800} content-type image/webp access-control-allow-origin * cache-control max-age=864000 accept-ranges bytes cf-ray 89ac0d570a708ed8-FRA expires Mon, 08 Jul 2024 07:44:31 GMT
GET H2	200	main.webp nonpaying.xyz/lander/-w--sber-lf/img/	71 KB 71 KB	54ms 54ms	Image image/webp	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://nonpaying.xyz/lander/-w--sber-lf/img/main.webp Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a23f48eab9171b043c1c8f72504560a80ff788ccfe6bbc6813353763895b4c47` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 content-length 72802 last-modified Fri, 21 Jun 2024 11:26:12 GMT server cloudflare etag "66756354-11c62" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Gd2Ur%2FVWk1YOi0zIIdKy4Yt5x%2Bcz90EgMyTHFlyUgOKBEz3YPY7BcoVAEqrosXeINnDlstiPEwUP316prfaUXGpkK7f2mvgKqwS5u%2BYJOyQzyjCz2e8dYdrtgPoqTW87ZX%2Ft04%2Bs7lOr16d"}],"group":"cf-nel","max_age":604800} content-type image/webp access-control-allow-origin * cache-control max-age=864000 accept-ranges bytes cf-ray 89ac0d570a718ed8-FRA expires Mon, 08 Jul 2024 07:44:31 GMT
GET H2	200	jquery.min.js Show response nonpaying.xyz/lander/-w--sber-lf/assets/landing/js/	87 KB 32 KB	62ms 62ms	Script application/javascript	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nonpaying.xyz/lander/-w--sber-lf/assets/landing/js/jquery.min.js Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 11:26:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66756354-15d9f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Or0qly6lO4P2bZa1eVgVFkGKoe3eap0liTgn4AYWGtSWeC9%2F5ak3gUgvzQMlyxa7G%2BWRePq%2BXW7HlQW83h%2Bmki6tFcDkLJmixBqbjPpZqO8hs3c8%2BQZ6jlVXry37To5aIKRIPOi1aO0Sz7Ik"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=864000 cf-ray 89ac0d571a788ed8-FRA alt-svc h3=":443"; ma=86400 expires Mon, 08 Jul 2024 07:44:31 GMT
GET H2	200	jquery.validate.min.js Show response nonpaying.xyz/lander/-w--sber-lf/assets/landing/js/	24 KB 8 KB	53ms 52ms	Script application/javascript	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nonpaying.xyz/lander/-w--sber-lf/assets/landing/js/jquery.validate.min.js Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3183bfeda628b7c107abb16bdc206be17b6feb545e84fc660b45e87ba5179195` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 11:26:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66756354-5f7e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AkAL7a%2FNxG8zWu%2FB4TaRvz1nPacnFbAGNkglgp1cwZ8I%2BY5%2Ffde1yGFeA0ALMdMKoChxS%2BQrcmMkKnjuS%2FoFDwbfCmmaFjidQDmcbgya8ylsB1ecoaxSE38NzOCwA67FmusXxE8ZW2YPjVCU"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=864000 cf-ray 89ac0d571a7a8ed8-FRA alt-svc h3=":443"; ma=86400 expires Mon, 08 Jul 2024 07:44:31 GMT
GET H2	200	form.js Show response nonpaying.xyz/lander/-w--sber-lf/assets/landing/js/	16 KB 4 KB	44ms 44ms	Script application/javascript	2606:4700:3035::ac43:99ed CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nonpaying.xyz/lander/-w--sber-lf/assets/landing/js/form.js Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:99ed , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42c1281bc8b1e48dd71a15abb1f6445ee41b5e2759462f52b873778b25290197` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 11:29:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66756418-408e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2Bo3aBqDENBWTwa%2BsyzHqZKyj50BakFMoW5CRgg22DIAvZEHw2eXE3%2FjzOJuFcqwkHTcbJiDla97%2FrVrhwqN5midhZNRhXBHPd3CIbpPWOLn%2FN9EyTKuLXQRFZDrk4UDD2p3wNsZcLMf2h86"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=864000 cf-ray 89ac0d571a7c8ed8-FRA alt-svc h3=":443"; ma=86400 expires Mon, 08 Jul 2024 07:44:31 GMT
GET H3	200	rus.webp nonpaying.xyz/lander/-w--sber-lf/img/	8 KB 8 KB	31ms 31ms	Image image/webp	172.67.153.237 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://nonpaying.xyz/lander/-w--sber-lf/img/rus.webp Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.153.237 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `77e10fa237755f179b551d39d9a1b3777987b15082822a1f1024644c61ea3ffb` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/style.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 155583 alt-svc h3=":443"; ma=86400 content-length 7980 last-modified Fri, 21 Jun 2024 11:26:12 GMT server cloudflare etag "66756354-1f2c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rw4cezQW6dWhIp6vH1r6MS1OAsHOGsJIlpWjxjTAAqGiwv7wVx5SMm%2FJ1qXDLODT4qH3KwW4sW3o3N%2FedsMVsz883l0jV2LfOu%2B0MDI1sPm1Sb50bX%2F2%2BjpLK3NY11GG"}],"group":"cf-nel","max_age":604800} content-type image/webp access-control-allow-origin * cache-control max-age=864000 accept-ranges bytes cf-ray 89ac0d575dc94dc6-FRA expires Sat, 06 Jul 2024 12:31:28 GMT
GET H3	200	ru.webp nonpaying.xyz/lander/-w--sber-lf/assets/landing/img/flags/	226 B 705 B	58ms 58ms	Image image/webp	172.67.153.237 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://nonpaying.xyz/lander/-w--sber-lf/assets/landing/img/flags/ru.webp Requested by Host: nonpaying.xyz URL: https://nonpaying.xyz/lander/-w--sber-lf/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.153.237 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8b78bb1528859e7b96ea89758d222d630ec82842a2a89aa4e998f25c4421f8e6` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:31 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 content-length 226 last-modified Fri, 21 Jun 2024 11:26:12 GMT server cloudflare etag "66756354-e2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjrhVPQXicQRhGjA1FoDGMoeG6UanvoioZI9r8136PCxm9clhBrdGTJ8uM9nwVFjipz60MZe3Xuy3QNUB2srqrfcKy6vOfJY%2B3M77jnEGJ5FVXwUiskNGGuVDbbcpg%2Fk"}],"group":"cf-nel","max_age":604800} content-type image/webp access-control-allow-origin * cache-control max-age=864000 accept-ranges bytes cf-ray 89ac0d57ae584dc6-FRA expires Mon, 08 Jul 2024 07:44:31 GMT
GET H3	404	favicon.ico nonpaying.xyz/	548 B 548 B	50ms 49ms	Other text/html	172.67.153.237 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nonpaying.xyz/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.153.237 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://nonpaying.xyz/lander/-w--sber-lf/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 28 Jun 2024 07:44:32 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RFpIAGsSXM8YwGUa93kaOgY7pLwwxPTvCISWQqz52x5K%2BLk6mJGODid9Hm5vjppT9jmKrqBbjoy6kZfAdN7YHC2ykhpUj6wgkZ5MV3gSpczmBm0O7ij61ERKrr51Paw%2B"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 89ac0d582f2a4dc6-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nonpaying.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: 014d7gv7uckbn1mkl8sb3flajm

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nonpaying.xyz/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nonpaying.xyz
172.67.153.237
2606:4700:3035::ac43:99ed
3183bfeda628b7c107abb16bdc206be17b6feb545e84fc660b45e87ba5179195
3f8ea3be1ff0ad6ae9d00100df4c38e45b5faed93918131da155d022706358b3
42c1281bc8b1e48dd71a15abb1f6445ee41b5e2759462f52b873778b25290197
4f1ae4764416061749b23895791b5568e382bea860aeb5dc934b452c12ca7d25
55891dfec20557f60d5c3fb8ac38930916c689516bcbce63bff3155701971bbb
77e10fa237755f179b551d39d9a1b3777987b15082822a1f1024644c61ea3ffb
8b78bb1528859e7b96ea89758d222d630ec82842a2a89aa4e998f25c4421f8e6
98d5310032f8febc6fcc1a2ba5fddf040ffaeef6729a956a3a41bb95d12fe84c
a23f48eab9171b043c1c8f72504560a80ff788ccfe6bbc6813353763895b4c47
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

nonpaying.xyz Open in urlscan Pro 2606:4700:3035::ac43:99ed Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

136 kBTransfer

229 kBSize

1 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

nonpaying.xyz Open in urlscan Pro
2606:4700:3035::ac43:99ed Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

136 kB
Transfer

229 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions