URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Submission: On June 14 via api from RU — Scanned from DE

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 27 HTTP transactions. The main IP is 104.21.54.45, located in and belongs to CLOUDFLARENET, US. The main domain is gl4adzsh0t.click.
TLS certificate: Issued by WE1 on June 11th 2024. Valid for: 3 months.
This is the only time gl4adzsh0t.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SberBank (Banking)

Domain & IP information

IP Address AS Autonomous System
17 104.21.54.45 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
4 104.17.25.14 13335 (CLOUDFLAR...)
1 104.166.188.188 21859 (ZEN-ECN)
4 2a00:1450:400... 15169 (GOOGLE)
27 5
Apex Domain
Subdomains
Transfer
17 gl4adzsh0t.click
gl4adzsh0t.click
424 KB
4 gstatic.com
fonts.gstatic.com
51 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 265
75 KB
1 imotech.video
api.imotech.video — Cisco Umbrella Rank: 75159
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 77
1 KB
27 5
Domain Requested by
17 gl4adzsh0t.click gl4adzsh0t.click
4 fonts.gstatic.com fonts.googleapis.com
4 cdnjs.cloudflare.com gl4adzsh0t.click
1 api.imotech.video gl4adzsh0t.click
1 fonts.googleapis.com gl4adzsh0t.click
27 5

This site contains no links.

Subject Issuer Validity Valid
gl4adzsh0t.click
WE1
2024-06-11 -
2024-09-09
3 months crt.sh
upload.video.google.com
WR2
2024-05-27 -
2024-08-19
3 months crt.sh
cdnjs.cloudflare.com
E1
2024-06-02 -
2024-08-31
3 months crt.sh
*.imotech.video
AlphaSSL CA - SHA256 - G4
2023-07-12 -
2024-08-12
a year crt.sh
*.gstatic.com
WR2
2024-05-27 -
2024-08-19
3 months crt.sh

This page contains 1 frames:

Primary Page: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Frame ID: 1756C44C074EEFA942DFF32B567BC2F7
Requests: 27 HTTP requests in this frame

Screenshot

Page Title

Получите доступ к заработку в интернете от 94 000 рублей на платформе от

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

551 kB
Transfer

860 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request refresher
gl4adzsh0t.click/
3 KB
2 KB
Document
General
Full URL
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
772bb77f7844995689027dc98342f07db91ababcd6e7f5dd5915c5dd2bc07f0a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
893ac7605f2e2c61-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 14 Jun 2024 13:48:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wHUSGRZgy3mKSqgH8mGgN44kNMPyK1phoJHTZQIW%2FyJoUE3gRXef10ouB7vZRFX2xB3UxzPVnegY0aT1aidaNRSMnMzdoMRghZ%2B5AmTHOr9dCYsTeBNeQV%2BM288IL0HiP7SM"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-request-id
7873eb86-2bd1-4eb2-84c8-1794e03861d9
css2
fonts.googleapis.com/
5 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 14 Jun 2024 12:06:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 14 Jun 2024 13:48:35 GMT
intlTelInput.css
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/css/
25 KB
3 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/css/intlTelInput.css
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a0a9e2acfa9985df9605a42298a1a5a61ecf03ec550b028192c0073360e8585
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
72638
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2194
last-modified
Wed, 31 Jan 2024 15:05:28 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"65ba61b8-892"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1CfgmLO2pww5bmPkApKh4351eDIRVrUsIJ%2FCVfRmpA5Ta8JXXWg6AmQcqDVUcSA4w25yYEVdms1a2O8D95n2Xyt9SyF3R3UH9uiLuMaMYERTeszriBz66Qk0q8luoV6tcVxWg37"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
893ac7613f939f57-FRA
expires
Wed, 04 Jun 2025 13:48:35 GMT
main.css
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/
5 KB
2 KB
Stylesheet
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/main.css
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75406290a36c4f1b84f31a09098495f37951172a97f2a8931e57d5a56eb8036b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"664b5b2c-12ec"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nbOF3BJzQtNzEpyCGzHFzjcByYtSf3EipTmXw8ZITxiDROGCnut9TbKhwB3nUkcBqCvrYl05OtE9KP8SDUU7XHqdgJrwgPKvnhguzoml5kYn52PGrQksLMTGG1wBWfwrIzI9"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac76108092c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 14 Jun 2025 13:48:35 GMT
form.css
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/
2 KB
1 KB
Stylesheet
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/form.css
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81c9f9c685786d7e90fa0d877d41b52abb1ba68ea875c856b3a022c3cf410365

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
184005
etag
W/"664b5b2c-8e0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dzHpTLernx9st4QTj2Fb7mZCL09bv%2BXDsRkr3vA65E8RsmpgeZ9PMArX3kMs8hjPfifBe7A%2BadGNZc1FTnMdt%2BKCNWe1TWUBbMn3ZpshIQvCDYBp5NieCLQ5oDnD6OEqGzJ%2F"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac761080c2c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 12 Jun 2025 10:41:50 GMT
events.js
api.imotech.video/ad/
0
0
Script
General
Full URL
https://api.imotech.video/ad/events.js?pixel_id=
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.166.188.188 Amsterdam, Netherlands, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Fri, 14 Jun 2024 13:48:35 GMT
cache-control
private, max-age=900
server
openresty
bigotraceresponse
00-be3719bc6e755253998a5a990fd5dde6-0-01
content-length
0
content-type
application/javascript;charset=utf-8
back.svg
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
526 B
836 B
Image
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/back.svg
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e4b0d0b71acb766482f7952dcf75855b2b20a33b4025051fcd02e2f8bd600c8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"664b5b2c-20e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FAU0UkjzWvjcrLT0b0e%2F8QOaQcoQ6WxhMVOJ9eEWBWvonoW%2F%2FJIfecVL2Xur40SSSBLG3lc4wmWLy0E2y%2FynSq%2BFPBH1ovC8KjHEDYQmHqKVPgraDUcoqA9YmzkMvvNrnbp1"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac761080f2c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 14 Jun 2025 13:48:35 GMT
logo.svg
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
138 KB
96 KB
Image
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/logo.svg
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0da0439a71471db884fbd654518df5c4f9a1d08ad09abaf1e4ee34ab716e8b6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
184005
etag
W/"664b5b2c-22690"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gi1KBkzi6iFYteUXYBxqgjzTQzc9ySA6x%2B1wdoROv6n9fqMTN5TaIMqyocSbHI7sQ161fB%2BVX0Uy%2Bf52z8U8A7vP2GrGcrGJsjCCBJIuTE4lvfRPLIYaFvaNPJXlhTtXXpoZ"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac76108122c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 12 Jun 2025 10:41:50 GMT
verified.svg
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
830 B
989 B
Image
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/verified.svg
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f832ceba3c99c4edc245a71fef30c6aaaf790d13c8f8de5a3964f2fdcfbd13cd

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
184005
etag
W/"664b5b2c-33e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fcm21UjiEVy8uu8cC%2BLZgZG04smF4%2BNnmzhwKiDPvv39vjONLbvEArj0ErvDayKu0IKwzl2nn8QOUB%2BcvdS1CmcE2FrD4gZ1F%2FdAtDhRL5z%2Frdve0L47uRO3ldahTClCrX8l"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac761788c2c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 12 Jun 2025 10:41:50 GMT
phone.svg
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
2 KB
1 KB
Image
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/phone.svg
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa1632b7087051eb51c59abe05908789ebec4311af5ed212c81059cebd2d29e8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"664b5b2c-601"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jXePO2egjYOPaPkQ%2B8lH0BCQanBeU28RPKT7fBo%2FBsofRZfowhOvKDINM2dY9CtArg5di%2BV05oreQ6FG2XL7vExXqbCzBf2hesNOxnn10BfgLy9lRvWRm%2BD3ctAS4UOh4QC5"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac76188952c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 14 Jun 2025 13:48:35 GMT
underground.js
gl4adzsh0t.click/landers/
10 KB
3 KB
Script
General
Full URL
https://gl4adzsh0t.click/landers/underground.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d202c1816dc206ed1fedca7f0943f0715fb1e21e69eb8a743a436acfd70c1294

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 21 May 2024 16:36:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
184005
etag
W/"664ccd9b-2797"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cw17LeaBCpXE4FPlCsyFIzlEIRv8cRV8W%2FnY2amz%2FiocsHHhtixAwIkZkB0NxlAmwrCVKmUGkgJiLovyy6rki8mB6NbOzt%2BvZlasQKn2UyZwHHtcSq36%2BaJDT%2FO1%2BrtCszXO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac761b8dc2c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 12 Jun 2025 10:41:50 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/
85 KB
27 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1225072
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27446
last-modified
Tue, 29 Aug 2023 04:36:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64ed75bb-6b36"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64%2Fmw3fUwVQ%2FOJQlOU8vlgneQ3EadrvASiNacfX9Q06WAdGyE1gWjlMFWHdCuvIiHg1r0OcRw5v2iR034IJZo6lzrbOsMB%2BE7E7XK%2B%2FUnOEwSYD8HdFcZgR5YzGJkm1b%2FZxcMgao"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
893ac761c8949f57-FRA
expires
Wed, 04 Jun 2025 13:48:35 GMT
libphonenumber-js.min.js
cdnjs.cloudflare.com/ajax/libs/libphonenumber-js/1.10.58/
172 KB
35 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/libphonenumber-js/1.10.58/libphonenumber-js.min.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4396841a7c3b2805e113d3c72d7719158f36bb3d8938c1dbc0c5fc9394b8b57
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
316573
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
35539
last-modified
Mon, 11 Mar 2024 23:01:31 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"65ef8d4b-8ad3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j4SXdq3RnteAxuF6jS9AdndQZIVqhf3jA1HluydYj42126noJBJyQID4xNu4T6HSHMzhrLrnGIurK5hLifLkXsrTODfDwksIcoh1IHg59UgPWPWUtYqPgVWHG%2BwYvGRMz2woIraC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
893ac761e8c09f57-FRA
expires
Wed, 04 Jun 2025 13:48:35 GMT
intlTelInput.min.js
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/js/
32 KB
10 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/19.2.16/js/intlTelInput.min.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31a653d3eef4fee8a0f663943e6da108d433da1103312e7ecca6fabea7dc7048
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3695406
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
9521
last-modified
Wed, 31 Jan 2024 15:05:28 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"65ba61b8-2531"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPOi0kYBnYZKiulXdOCTuOXZ1kOkwV%2FJvCR%2BhhTFo4bENXuSo4Vz6zG6IB08qJ66sABF8JP8gK5BlQbDfiVMiXLcv%2FqzRLBrTYxp8TnZexV0Xn%2BRtkAFw%2FrE%2F73AaJGms57qxkJl"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
893ac76219079f57-FRA
expires
Wed, 04 Jun 2025 13:48:35 GMT
index.js
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/
620 B
844 B
Script
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/index.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d45e035fc8a6284b01d9f86db0201f55332dca8836c658561242a6200b88141f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 24 May 2024 10:21:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"66506a40-26c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mMSSgV9ye5NyvJMzv4%2FMWcz1WugvPiar7PsIAquTNl8mVSyvfN3wPjaae2OYOn5aDjHy%2F%2FGnpztDJbi6TH4iKZG16t17fmk95RhNCZYghQ7ylKVneI7ly7gfhix6%2FOTwDKwu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac762496f2c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 14 Jun 2025 13:48:35 GMT
custom.js
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/
581 B
789 B
Script
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/custom.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b8b0f2c83b395b520b9c94b76dff417814ea6fad694e36c7fa6bbaa36bfc644

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
184005
etag
W/"664b5b2c-245"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkbW2DlHwnlfZqrUJyCLHvtwxnTnEuXIPILDoQ8WnSaaWuwvM0jqZ%2BxAS7HdvEvIZEPRxv7aft4nMBEmd2mVS%2BRMxk%2FxqRxy4iz%2BrQupObrD81G0xvw6RwHTdy%2Fmb81srZAU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac762598e2c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 12 Jun 2025 10:41:50 GMT
chat.js
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/
13 KB
4 KB
Script
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/chat.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ec47b02c1d77db28b451e3ab6786e76bdb8b9872de84ec0be08b253e6843cfb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"664b5b2c-321e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FiD5GBpdoCkwKoi40lwRPjK3V2ggMlH7Pscf831eM6pnf5HiBsglOoK%2BvTrJutXwB1UfBNg%2Fj%2FU%2BZgfPUFKqMdxU4mGmylpvG1f3rPgMjChxvP3NlOT1tc7f%2Fqxd4DniZMhY"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac76289b62c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 14 Jun 2025 13:48:35 GMT
form.js
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/
10 KB
3 KB
Script
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/js/form.js
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
338bef3e850a85355f2e96acccfe4a32c2cb6d65dc1e96f92e41c6652e1aa658

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 24 May 2024 07:54:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6650479c-2786"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J3btRRsgSyYLhWSl9U8j8aEo7NR0IW%2Bm2I5pRBZ0zyxFUJlanFHYBXgC99xv89DHs5nFEj1JHAUPg6%2BbRFrXZumskx%2FmebCwC5mbDLylM95wRFMjypsR3%2B0WZRqnefph%2BzyO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac76299cc2c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 14 Jun 2025 13:48:35 GMT
refresher
gl4adzsh0t.click/
22 B
22 B
Image
General
Full URL
https://gl4adzsh0t.click/refresher?event1=1&thanks=slv1&upd_clickid=cpm4kcpmab0c7383i9og&upd_key=idhgls4n2k82mckz238ncl398cnsvqofv3124k1423v32kc25
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Vcw10CqH1RpGh4MLR883eW6zyJPqoxXPTdTPawg5t6ZNKUKv1IcUwgvyRghzVRtDgabYx5MrMb0Qzdl2VxXpIaYjrkDiXFtz62Y1WH9TRxRBQ6jLK73cazGU%2F9l%2F6rxA%2Bgv"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
cf-ray
893ac762fa442c61-FRA
alt-svc
h3=":443"; ma=86400
content-length
22
x-request-id
a3682853-80e5-435d-b920-1d591348965c
loader.gif
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
40 KB
40 KB
Image
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/loader.gif
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b360359ffe7d46d32329b6a454b0540e6d34bd444a6f9ecface6663e1cb98aba

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/main.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
cf-cache-status
MISS
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"664b5b2c-9ffd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FcNreGQONBxW%2BqIzwCRkaySR%2B2tEXRKrFVuud9BvRRWko%2FjCS5oVAVChHgTm1emJpxdFvPQG2IsSS2%2B6z7xbtsw2k5SIk6E7xSVy94QHew43D%2FN6ww4ATY%2B%2F5NjbIA1XPVKs"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
public, max-age=31536000, no-transform
accept-ranges
bytes
cf-ray
893ac7631a622c61-FRA
alt-svc
h3=":443"; ma=86400
content-length
40957
expires
Sat, 14 Jun 2025 13:48:35 GMT
bg.png
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
238 KB
239 KB
Image
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/bg.png
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e0c93ff9ff4c5837e632e0be3840d7bb6692d64851df3768d62000896680976

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/main.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
184005
alt-svc
h3=":443"; ma=86400
content-length
243977
last-modified
Mon, 20 May 2024 14:16:12 GMT
server
cloudflare
etag
"664b5b2c-3b909"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1BI3iB1t3q54e%2FM0MSHTryXc9YJqqn45hVfBNsHiJTf1i86kTxZsuoT1gkE2dClPu0AKWv4%2B7qKlb2l7A%2FiNhvGvA5kE26fX5%2BLoIk%2BVrO5plhr7ioI9zvmyGD1Jsb53aCrk"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000, no-transform
accept-ranges
bytes
cf-ray
893ac7631a672c61-FRA
expires
Thu, 12 Jun 2025 10:41:50 GMT
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/
9 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://gl4adzsh0t.click
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 00:47:51 GMT
x-content-type-options
nosniff
age
133244
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Jun 2025 00:47:51 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://gl4adzsh0t.click
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 18:21:57 GMT
x-content-type-options
nosniff
age
69998
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Jun 2025 18:21:57 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://gl4adzsh0t.click
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 20:32:44 GMT
x-content-type-options
nosniff
age
62151
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Jun 2025 20:32:44 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://gl4adzsh0t.click
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 05:20:49 GMT
x-content-type-options
nosniff
age
116866
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 13 Jun 2025 05:20:49 GMT
avatar.svg
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
210 B
689 B
Image
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/avatar.svg
Requested by
Host: gl4adzsh0t.click
URL: https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/main.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72c95b5175643370c57b8befe9fcaa4586bbff20886f7a3aca54d0df57cb0372

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/styles/main.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"664b5b2c-d2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4A2RV9hHr3FGGR%2FCAnTeLUC6fW4itFWib309Jd8J9n5LZKXcO2Rw73c%2BBeJW5QATwfbWWJpz0ujPtfd9PkHSgBbOiWJNKYmaUe6JY0oMWN69lOZ9UMYDilSGADVy7ZCpDVvh"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=31536000, no-transform
cf-ray
893ac7634a992c61-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 14 Jun 2025 13:48:35 GMT
logo.png
gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/
28 KB
28 KB
Other
General
Full URL
https://gl4adzsh0t.click/landers/191_2d143e0e290515323206041f743b175e1e000e1823080432705552322f093e1f34/images/logo.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.54.45 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57d4ea85a60012dac3014e047b85f06cbfd126366ed5d6e52df87726204a41fa

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 14 Jun 2024 13:48:35 GMT
cf-cache-status
MISS
last-modified
Mon, 20 May 2024 14:16:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"664b5b2c-6fe6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v7pTbokhuidzikwvKyzlxiTZX5frmuSux9qRAw2gX1L8lakbIkUdUX3K2prZvVhq0gEEj9VXnuEO9HFLqTmQrWpKUNDqDIKc4A5j4X6uyaBrEGuI4PHtqELmq%2B1znYNFQehT"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000, no-transform
accept-ranges
bytes
cf-ray
893ac763db672c61-FRA
alt-svc
h3=":443"; ma=86400
content-length
28646
expires
Sat, 14 Jun 2025 13:48:35 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SberBank (Banking)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| php_var function| bge function| sendRequestToBpix function| bge_ec_register object| bgdataLayer function| getQueryParams object| BPixelJS function| handleUserActivity function| startSendingRequests function| $ function| jQuery object| libphonenumber object| intlTelInputGlobals function| intlTelInput function| checkLocalStorage function| activateRegistrationForm

4 Cookies

Domain/Path Name / Value
gl4adzsh0t.click/ Name: bc734
Value: 49aadcf9ff72bd51fa76db6760c227ec::1901:191
gl4adzsh0t.click/ Name: uclick
Value: kO7ellsJa4g13uf8bWCY5dB8xq1NU8s+5720QVw4YSk6GdDqvyw/ajJuY+pT/MoPy3j/FqU=
gl4adzsh0t.click/ Name: bcid
Value: cpm4kcpmab0c7383i9og
gl4adzsh0t.click/ Name: cid
Value: cpm4kcpmab0c7383i9og

2 Console Messages

Source Level URL
Text
security warning URL: https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8
Message:
Mixed Content: The page at 'https://gl4adzsh0t.click/refresher?key=1600764f7867d6ec66f8' was loaded over HTTPS, but requested an insecure element 'http://gl4adzsh0t.click/refresher?event1=1&thanks=slv1&upd_clickid=cpm4kcpmab0c7383i9og&upd_key=idhgls4n2k82mckz238ncl398cnsvqofv3124k1423v32kc25'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://api.imotech.video/ad/events.js?pixel_id=
Message:
Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.imotech.video
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
gl4adzsh0t.click
104.166.188.188
104.17.25.14
104.21.54.45
2a00:1450:4001:80b::200a
2a00:1450:4001:829::2003
1b8b0f2c83b395b520b9c94b76dff417814ea6fad694e36c7fa6bbaa36bfc644
31a653d3eef4fee8a0f663943e6da108d433da1103312e7ecca6fabea7dc7048
338bef3e850a85355f2e96acccfe4a32c2cb6d65dc1e96f92e41c6652e1aa658
47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
57d4ea85a60012dac3014e047b85f06cbfd126366ed5d6e52df87726204a41fa
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
6e4b0d0b71acb766482f7952dcf75855b2b20a33b4025051fcd02e2f8bd600c8
72c95b5175643370c57b8befe9fcaa4586bbff20886f7a3aca54d0df57cb0372
75406290a36c4f1b84f31a09098495f37951172a97f2a8931e57d5a56eb8036b
772bb77f7844995689027dc98342f07db91ababcd6e7f5dd5915c5dd2bc07f0a
81c9f9c685786d7e90fa0d877d41b52abb1ba68ea875c856b3a022c3cf410365
8a0a9e2acfa9985df9605a42298a1a5a61ecf03ec550b028192c0073360e8585
8ec47b02c1d77db28b451e3ab6786e76bdb8b9872de84ec0be08b253e6843cfb
9e0c93ff9ff4c5837e632e0be3840d7bb6692d64851df3768d62000896680976
aa1632b7087051eb51c59abe05908789ebec4311af5ed212c81059cebd2d29e8
b0da0439a71471db884fbd654518df5c4f9a1d08ad09abaf1e4ee34ab716e8b6
b360359ffe7d46d32329b6a454b0540e6d34bd444a6f9ecface6663e1cb98aba
d202c1816dc206ed1fedca7f0943f0715fb1e21e69eb8a743a436acfd70c1294
d45e035fc8a6284b01d9f86db0201f55332dca8836c658561242a6200b88141f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4396841a7c3b2805e113d3c72d7719158f36bb3d8938c1dbc0c5fc9394b8b57
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f832ceba3c99c4edc245a71fef30c6aaaf790d13c8f8de5a3964f2fdcfbd13cd
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a