smtp.goldentobacco.ru Open in urlscan Pro
104.21.11.70 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://smtp.goldentobacco.ru/
Submission: On January 13 via api (January 13th 2024, 1:11:10 am UTC) from US — Scanned from US

Summary HTTP 17 Redirects Links 1 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 104.21.11.70, located in and belongs to CLOUDFLARENET, US. The main domain is smtp.goldentobacco.ru.
TLS certificate: Issued by GTS CA 1P5 on January 10th 2024. Valid for: 3 months.

This is the only time smtp.goldentobacco.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
14	104.21.11.70 104.21.11.70		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c06::5f		15169 (GOOGLE) (GOOGLE)
1	172.67.189.64 172.67.189.64		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c09::5e		15169 (GOOGLE) (GOOGLE)
17	4

14 104.21.11.70 (None, )

ASN13335 (CLOUDFLARENET, US)

smtp.goldentobacco.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.189.64 (United States)

ASN13335 (CLOUDFLARENET, US)

1kalyan.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::5e (Ashburn, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	goldentobacco.ru smtp.goldentobacco.ru	456 KB
1	gstatic.com fonts.gstatic.com	28 KB
1	1kalyan.ru 1kalyan.ru	481 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	799 B
17	4

	Domain	Requested by
14	smtp.goldentobacco.ru	smtp.goldentobacco.ru
1	fonts.gstatic.com	fonts.googleapis.com
1	1kalyan.ru	smtp.goldentobacco.ru
1	fonts.googleapis.com	smtp.goldentobacco.ru
17	4

This site contains links to these domains. Also see Links.

Domain
xn--1-stbx.xn--p1acf

Subject Issuer	Validity	Valid
goldentobacco.ru GTS CA 1P5	`2024-01-10` - `2024-04-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
1kalyan.ru GTS CA 1P5	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://smtp.goldentobacco.ru/
Frame ID: 4BF0742215B0A15189BA57559CFAEAD7
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Табак Вирджиния: Разгадка тайны его манящих характеристик и многогранных факторов, способствующих его непревзойденному и непередаваемому вкусу ; 1kalyan.ru

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

485 kB
Transfer

839 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://xn--1-stbx.xn--p1acf/
Title: купить табак

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
smtp.goldentobacco.ru/ 70 KB
18 KB 605ms
525ms Document
text/html 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 732f84f361cd257293b7836ca03b5d2d5cfe4c2eb8263166c8f37fd54fc17300

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8449c34ecb145413-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 13 Jan 2024 01:11:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jT5u7UixsHY3Ku15xszGJG3E4Dv4LHaa5pIAplGAumA5Kiz6DgOYKb6H0AQ39d6UIbkE1E7U%2BdgA4PGlVPgb73lr79oflcYgngdlONqoLZsW%2BBnlfqBvjSV2f4QLdthdZy4YUFbVwTU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 style.min.css
smtp.goldentobacco.ru/wp-includes/css/dist/block-library/ 95 KB
13 KB 607ms
602ms Stylesheet
text/css 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 104a17d5ff657f3bbf9df823d869b28ecba1e4fa39925647e416d65dc62e3562

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 14 Jun 2023 10:52:43 10JunGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"bc59385ce047d48c67f5da568d269810-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R9t%2BHg9YphFk664pbTgEqfXTsHAKmtAoj2ArNUIY57F86MdkM2kDz76RgpPf92A6tGYVlCvNab5Z4Up9fyl0imkqvHVqZpZTjJJ%2BkQT4ywIkKlP5CPqfiZt2mcGmQgCJRHh9lH%2B9310%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: public, max-age=2592000
cf-ray: 8449c35228c45413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 classic-themes.min.css
smtp.goldentobacco.ru/wp-includes/css/ 292 B
480 B 887ms
883ms Stylesheet
text/css 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-includes/css/classic-themes.min.css?ver=6.2.2
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bb45c55ac10b6e1e21baed7183b47ba0bbe90cb893449dfdc2308ac02ead264

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 14 Jun 2023 10:52:43 10JunGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5b5c1b5f5f2abec9521f6fab79535b3d-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NzIgAaUcqIV6vwWhlFB0t8NWfe8XJL5sYX7G2IqK8%2F4xeZDJgp4NlU39HCYemoxrHHl2S8Ebu23GrrHk6kiZca3H8wYpIuGrbeRcZqutMS4SlqBIU6rE3VoO3c4ezP2NdbUpvNM4z20%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: public, max-age=2592000
cf-ray: 8449c35228c65413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 styles.css
smtp.goldentobacco.ru/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 449ms
445ms Stylesheet
text/css 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ae895550c2a890c45e88bb833ecf72d8ecf19c932e7cb13f7eea996b9866f64

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 14 Jun 2023 10:55:19 10JunGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"df4916532bd8ba16f3b8642277e2347b-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQNs3X66Jj0r9eHB3F3d9dDIvU9WhRG%2FTAKJoT1kFZhz%2BtMPzbZuwgLOctO38G8M2gkSrH3fTFdu0UofqOIem524%2FYHS6WhDjItmfSGlGrSHQIvRzwG4xJ8CHLoorUdLwpX%2B3sLAos4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: public, max-age=2592000
cf-ray: 8449c35228c85413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 fontawesome.min.css
smtp.goldentobacco.ru/wp-content/themes/resa/assets/lib/font-awesome/css/ 99 KB
23 KB 665ms
661ms Stylesheet
text/css 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-content/themes/resa/assets/lib/font-awesome/css/fontawesome.min.css?ver=6.2.0
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d51a966ba8eba952d5e7e673eec9d916aafb7f633028650c7d6cf030647e683e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 05 Jul 2023 09:33:01 9JulGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"325e1d7dfcb0f98c60b78fefda71689d-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rstbJJ4pvEfj8qoJ%2BPjCLHAcBarwht0rjwEeHeL3Tc9w%2FAQ9X%2FgUZDAtXNCASuXjHCG5iWxbn2hkHGbDHAp8mNSX5ZKPdwb4V8oEzU%2B4E0lAmk8TSngYEmtjHhxhrERjXCrDFdDJ4gM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: public, max-age=2592000
cf-ray: 8449c35228ca5413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 resa.css
smtp.goldentobacco.ru/wp-content/themes/resa/assets/css/ 74 KB
13 KB 509ms
506ms Stylesheet
text/css 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-content/themes/resa/assets/css/resa.css?ver=1.0.4
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ff5044ff21a0fab6277a66398bd389c6984768bfa950167fce5d7a618345fa6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 05 Jul 2023 09:33:01 9JulGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3e933cfc2dd6afed3fb7abc73553d9ea-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rghFfB5qO6EoHC9DaGdGOLAzQuL8BwXYV0GYw%2BspYezMIQk6fymF3iQnyTZnWRa5CClS4SpGihc7Fest%2FrpLQCsC3es4TseN%2FnOn2LsU%2FaXCeydoQtl2IWEZt8ljV4s3jOk8Uw60DtA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: public, max-age=2592000
cf-ray: 8449c35238ce5413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 2 KB
799 B 109ms
42ms Stylesheet
text/css 2607:f8b0:4004:c06::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Heebo:400,500,700&subset=latin%2Clatin-ext&display=swap

Requested by

Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7712b8c1027c7cd420ad160b50e7b24b4b348dadac182e2c4732e1ccaa4f5fe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 13 Jan 2024 01:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 01:11:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Jan 2024 01:11:02 GMT

GET
H2 200 jquery.min.js Show response
smtp.goldentobacco.ru/wp-includes/js/jquery/ 88 KB
32 KB 797ms
795ms Script
application/javascript 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aac18687b81b4b4a5fc589b9556b76aa14f8eeb44b7a92c3fb1254bed0476b10

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 14 Jun 2023 10:52:42 10JunGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"e407e57f40d249c37f8a1721c4d634fa-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATQXUVe%2Be8pmf%2FatiGGdWf4erU9v1y5ym%2FLJ%2FphPVDWcVnSJK4YHTvLoYSeR4AoR03%2FuW%2FTIG11qo7z0zDOTk23VPYzm5yeCacQDIJSJG2eQ35oJzb6w%2B7l34EuIVjPdv4QGSA4QXNk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 8449c35238d05413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-migrate.min.js Show response
smtp.goldentobacco.ru/wp-includes/js/jquery/ 13 KB
5 KB 490ms
488ms Script
application/javascript 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0b7a99767f80b6c187a7f473c4ee3e0b7bf1c896d917e918c7b7a97ae5aa79c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 14 Jun 2023 10:52:42 10JunGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"739a203540a8f98b07dced831b76043e-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQcLiNHLyomWLgJiIdXx7omHNxoCIlW87iz8w9Yx6yqdfFoaQUk7pf8%2BoGqyXuZTPs9%2FHTvIaniTMwkaOmjhLSqFdKbHY5EiXNw4IZfqfGBkyU98UoWwIYEW34M4RTwNTMxivnB8QP8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 8449c35238d35413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 2_1_-1024x720.jpg
smtp.goldentobacco.ru/wp-content/uploads/2023/07/ 205 KB
206 KB 825ms
823ms Image
image/jpeg 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smtp.goldentobacco.ru/wp-content/uploads/2023/07/2_1_-1024x720.jpg
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2484a54230927cc364d5d04cb2018c334d9c375dd6ae9b50afe35782e8f6d8d0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
cf-cache-status: MISS
last-modified: Thu, 13 Jul 2023 06:37:28 6JulGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "24ae68d14047f27f23c6cdf681deb9d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nPkMiFKlc27piwzkMGj%2BHm0tH%2BwaFoEKSjfsM%2Bwcr6BiSk%2Bg8IXU6DK2TOoj7ldur1sLX4nltTxCLS8FtTcuZghIIaWr%2F0Ag3NNNfkW0tUuAdHClDT31FxEYkZD2UnZ9bfqbmjvPmk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000
cf-ray: 8449c35238d55413-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 wp-emoji-release.min.js Show response
1kalyan.ru/wp-includes/js/ 0
481 B 95ms
26ms Script
application/javascript 172.67.189.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://1kalyan.ru/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 951445
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmRkjhUu0pzlN03uMInz5Yip9foixm8GvwR3hX16Zz%2FGgMT0ux3Fk4hnr7uZf7mQxIXk7K6YCmjcaH62vtnvJ%2FomO2WG%2FZJTeh71v2%2BHO20h%2F89rDLB8tOHt%2BrsX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8449c358387c4bc7-BUF
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 email-decode.min.js Show response
smtp.goldentobacco.ru/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 22ms
22ms Script
application/javascript 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://smtp.goldentobacco.ru/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Dec 2023 10:36:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"658bfe17-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soyLG2whaQ6StgnYsrwsvznY%2FcxvRz2OS8%2BlM%2BiPj5HP80HvaxqX%2Fzkuy3RZXPBQccYBPSllWEZQzloVczSUAwIbjWCRzl9cgG3u7HOzX94i3LxLEBXJz5%2FK61nl3LfdIH2RT8Y%2BR20%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 8449c352692c5413-YYZ
expires: Mon, 15 Jan 2024 01:11:02 GMT

GET
H3 200 index.js Show response
smtp.goldentobacco.ru/wp-content/plugins/contact-form-7/includes/swv/js/ 10 KB
3 KB 622ms
621ms Script
application/javascript 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52db930f81d97113dde679cac624cb5435b56d4ac486e91a0b6692d2cb615a84

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 14 Jun 2023 10:55:19 10JunGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"7be65ac27024c7b5686f9d7c49690799-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U8zck2j3Iz76WdlV5WH8BM3DDdHWq7lun1ZWKZhfERf4oRnH1fv2pvQZeXbBzNuY1y7zUKTKqq%2F4xjXqlChaB5A3qGjZHug4Ak3KnVw2Z2cdYvgyhzbMRAJmU%2BMs6MpxkObLp0yx71c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 8449c35288a336c4-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 index.js Show response
smtp.goldentobacco.ru/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 407ms
407ms Script
application/javascript 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49dc1684def35996b2a4d9be936db940e47450bcf56336785ca60c7c0e8120de

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 14 Jun 2023 10:55:19 10JunGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4aa5ca825a067a8d9ff026d86c6bb5dc-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7byNLHB%2FmojKWN5YSeqlTRpZG93%2F3xnpM1lVeGF1BAGu4jeXurxSJNS8Zv68%2BV35iLsqwqPwAhEoCv5M7BfzX9fP%2B%2FOrIMkFsFj1ZsJbu%2FaQKYdfZUSLuopGCsiCMK3JTKrNvftkk84%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 8449c3567ff636c4-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 resa.js Show response
smtp.goldentobacco.ru/wp-content/themes/resa/assets/js/ 4 KB
2 KB 408ms
407ms Script
application/javascript 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smtp.goldentobacco.ru/wp-content/themes/resa/assets/js/resa.js?ver=1.0.4
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc7b9eb6071aec3b4616d88615fb0a0824c28c604b6ceeb6a8db1a9a816e5bc4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:04 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 05 Jul 2023 09:33:01 9JulGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"04b2bec50cfca56bf98df414b7d30b72-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ia%2F3qJHZkQ8m7EZjkWRIvLSshuWjhvWgSqPnQEd20wofrltSZBB%2Fcg0%2Fw36tQW3JC8anN1G6MS7mDNEKBQwgCVRJE9fnC00aRqiK%2BS%2FPbPgTi7dki28CYu67AIcMqOJ2i0xSMm5%2B24w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2592000
cf-ray: 8449c357ca1836c4-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 NGS6v5_NC0k9P9H2TbE.woff2
fonts.gstatic.com/s/heebo/v22/ 27 KB
28 KB 116ms
33ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/heebo/v22/NGS6v5_NC0k9P9H2TbE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Heebo:400,500,700&subset=latin%2Clatin-ext&display=swap

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e4afd6a93a86c909628b23c45b0ef38749123bdb05d3b15edf80adaa9b46c5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://smtp.goldentobacco.ru
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Fri, 12 Jan 2024 15:40:04 GMT
x-content-type-options: nosniff
age: 34259
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27868
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:52:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Jan 2025 15:40:04 GMT

GET
H3 200 2_2_-1024x536.jpg
smtp.goldentobacco.ru/wp-content/uploads/2023/07/ 135 KB
135 KB 569ms
568ms Image
image/jpeg 104.21.11.70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smtp.goldentobacco.ru/wp-content/uploads/2023/07/2_2_-1024x536.jpg
Requested by: Host: smtp.goldentobacco.ru
URL: https://smtp.goldentobacco.ru/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.11.70 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3efe3db5626b64abfe80bbcf4e32ff7da5abd4d2f0b59528e8e0b3af7f6255f2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://smtp.goldentobacco.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 01:11:04 GMT
cf-cache-status: MISS
last-modified: Thu, 13 Jul 2023 06:37:29 6JulGMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "16edaed2d4d7d2102a97ee0c4c30c535"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThdLz8dAWry%2B2EKXPZvq6zNmzONqVGEOenuN5g%2BYJ3FmHF6qsYVjzsi14HHfeokSLt9OtkylvuLq04xQX9ng9XmAD12GPEkYaujwI3zzZldmyH4qXJdA6WOIZ9i0IiSojbeDdogyTzg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=2592000
cf-ray: 8449c3583ad036c4-YYZ
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _wpemojiSettings undefined| $ function| jQuery object| swv object| wpcf7 object| resaAjax

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1kalyan.ru
fonts.googleapis.com
fonts.gstatic.com
smtp.goldentobacco.ru
104.21.11.70
172.67.189.64
2607:f8b0:4004:c06::5f
2607:f8b0:4004:c09::5e
104a17d5ff657f3bbf9df823d869b28ecba1e4fa39925647e416d65dc62e3562
2484a54230927cc364d5d04cb2018c334d9c375dd6ae9b50afe35782e8f6d8d0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3efe3db5626b64abfe80bbcf4e32ff7da5abd4d2f0b59528e8e0b3af7f6255f2
49dc1684def35996b2a4d9be936db940e47450bcf56336785ca60c7c0e8120de
4bb45c55ac10b6e1e21baed7183b47ba0bbe90cb893449dfdc2308ac02ead264
52db930f81d97113dde679cac624cb5435b56d4ac486e91a0b6692d2cb615a84
5ae895550c2a890c45e88bb833ecf72d8ecf19c932e7cb13f7eea996b9866f64
6ff5044ff21a0fab6277a66398bd389c6984768bfa950167fce5d7a618345fa6
732f84f361cd257293b7836ca03b5d2d5cfe4c2eb8263166c8f37fd54fc17300
7712b8c1027c7cd420ad160b50e7b24b4b348dadac182e2c4732e1ccaa4f5fe9
aac18687b81b4b4a5fc589b9556b76aa14f8eeb44b7a92c3fb1254bed0476b10
d51a966ba8eba952d5e7e673eec9d916aafb7f633028650c7d6cf030647e683e
e0b7a99767f80b6c187a7f473c4ee3e0b7bf1c896d917e918c7b7a97ae5aa79c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4afd6a93a86c909628b23c45b0ef38749123bdb05d3b15edf80adaa9b46c5fe
fc7b9eb6071aec3b4616d88615fb0a0824c28c604b6ceeb6a8db1a9a816e5bc4