Report - shrtlk.biz/83Tdh

Report Overview

Visited public
2025-06-15 09:16:30
Tags
URL
shrtlk.biz/83Tdh
Finishing URL
shrtlk.biz/83Tdh
IP / ASN
104.21.20.99
#13335 CLOUDFLARENET
Title
Shrtlk

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-06-12	437 B	833 B	172.64.146.234
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-06-11	410 B	90 kB	104.17.25.14
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-06-11	1.5 kB	965 kB	142.250.74.168
dlrertomv.com	unknown	unknown	No data	No data	883 B	1.2 kB	139.45.197.101
ccg90.com	unknown	2021-03-14	2025-04-24	2025-06-15	2.1 kB	115 kB	139.45.197.106
shrtlk.biz	unknown	2025-04-19	2025-06-07	2025-06-07	3.4 kB	192 kB	104.21.20.99
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-11	1.1 kB	127 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-06-11	485 B	4.7 kB	142.250.178.106
push-sdk.com	unknown	2022-10-25	2022-12-23	2025-06-10	796 B	56 kB	178.63.248.57
shrtfly.vip	unknown	2020-12-13	2021-02-11	2025-06-08	415 B	21 kB	172.67.134.233
cm65.com	unknown	2015-03-22	2025-04-24	2025-06-11	1.1 kB	4.0 kB	139.45.196.64

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-15	medium	shrtlk.biz	Sinkholed
2025-06-15	medium	shrtlk.biz	Sinkholed
2025-06-15	medium	shrtlk.biz	Sinkholed
2025-06-15	medium	shrtlk.biz	Sinkholed
2025-06-15	medium	shrtlk.biz	Sinkholed
2025-06-15	medium	shrtlk.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-22
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen361686 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 03:57 Times Seen222461 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	shrtlk.biz/83Tdh	ScriptElement	3.6 kB	2024-06-15	2025-06-15
Pretty URL shrtlk.biz/83Tdh IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-15 09:16 Times Seen84 Hash f7d6f1db13dabce4d191fa96cda860bb 3558951400bc3338af9a584afbef8833c23eae6f 9ec4b80068b51b8e02426bc905eeddb2a3cd811e89154cd3f4ca46b1f603a3f5 Loading...

	shrtlk.biz/sandbox%20eval%20code		147 B	2023-04-11	2025-06-22
Pretty URL shrtlk.biz/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen362372 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-22
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen361686 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447	ScriptElement	408 kB	2025-06-15	2025-06-15
Pretty URL www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-15 09:16 Last Seen2025-06-15 09:16 Times Seen1 Hash 0df2202aeb9f659e139e59c25ec05674 4de15fb3775c1b6144bdb34af501248a395381b0 70b3fa50a9e5e2c15605a9c4508f4c4009095885152295a1b074c7297c1e5dac Loading...

	shrtlk.biz/83Tdh	ScriptElement	172 B	2025-06-15	2025-06-15
Pretty URL shrtlk.biz/83Tdh IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-15 09:16 Last Seen2025-06-15 09:16 Times Seen1 Hash caf1d3914802eb17a6d9cca9f6db4fb5 5bc47151c0d07c1000739c9ff303a1914016ffcd 49ed4fb2fa211e38a667d2fd0b739f59bbee2da47d7308d9eb1b33614873e5cf Loading...

	shrtlk.biz/83Tdh	ScriptElement	28 kB	2025-04-14	2025-06-15
Pretty URL shrtlk.biz/83Tdh IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-14 03:19 Last Seen2025-06-15 09:16 Times Seen10 Hash b35fab64d44d6bb782f4fba1595dab40 6ce2990040b834f884991e2839ade45012e9ce5e 110f2d2efa48ef1417cb70500c96094d27f8d0477a7cd6ad1d81656ac78dc21a Loading...

	shrtlk.biz/83Tdh	ScriptElement	449 B	2024-06-15	2025-06-15
Pretty URL shrtlk.biz/83Tdh IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-15 09:16 Times Seen84 Hash 896c9a55ba6c6119f31c9c5c06fcd79b 8ec469494baa6b23e7a9b1a4578a1707d46b3139 141b67f81e42319fb83de74e7dd72a21c6590c8699c35adda3b4037b3e146d11 Loading...

	shrtlk.biz/83Tdh	ScriptElement	155 B	2023-03-07	2025-06-15
Pretty URL shrtlk.biz/83Tdh IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:18 Last Seen2025-06-15 09:16 Times Seen175 Hash 59ebe0b9de3964823af9e47ca93a4955 f8bc090309fd3f812825b06ac082ea98cd27a8f7 fcb5a666860ca97d0ad3ed1a21203060b8fc1ac42a73b4cf628f8044698d8a2a Loading...

	push-sdk.com/f/sdk.js?z=1558819	ScriptElement	55 kB	2025-04-01	2025-06-22
Pretty URL push-sdk.com/f/sdk.js?z=1558819 IP 178.63.248.57 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-01 19:54 Last Seen2025-06-22 22:31 Times Seen169 Hash f4d87b22393ed5eef57d01d86c6a88f6 5e1aaee78cd735c23cc423fc863decca30aee219 91cf9b34af48f3b62d706127b1140c89d8bb3a5455120acd2cfcfc41ab4ad5ee Loading...

	shrtlk.biz/sandbox%20eval%20code		147 B	2023-04-11	2025-06-22
Pretty URL shrtlk.biz/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen362372 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-06-23
Pretty URL shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 03:59 Times Seen76563 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	shrtlk.biz/83Tdh	ScriptElement	715 B	2025-05-30	2025-06-15
Pretty URL shrtlk.biz/83Tdh IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-30 05:08 Last Seen2025-06-15 09:16 Times Seen6 Hash beb77df1fb69a94904b70ecd590ad14a 01bbf7153c796c4d065e281d8d17264b44d7c790 cfdc1a382906354bf481864b46da43a0539fed3952bf86a41b6cca99d0554287 Loading...

	www.googletagmanager.com/gtag/js?id=UA-108199505-1	ScriptElement	289 kB	2025-06-15	2025-06-15
Pretty URL www.googletagmanager.com/gtag/js?id=UA-108199505-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-15 09:16 Last Seen2025-06-15 09:16 Times Seen1 Hash 859c833c164aec704f32f48b37df433d 99e050dcd22f3d202fece005302a664d70ae9f61 345bbc5a7836474244a68d00a3b9a0dcd041866257c3bc1b9c558bf8efac7670 Loading...

	ccg90.com/5/7704232	ScriptElement	112 kB	2025-06-15	2025-06-15
Pretty URL ccg90.com/5/7704232 IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-15 09:16 Last Seen2025-06-15 09:16 Times Seen1 Hash 6c83b359199b6837ac223b6b2ef2bccd 0d58c628e40d575116f30ea76f9bfcbe0375060b 0b1e76e20f56471fd199c3b231bbaca29dca4ad96ee9547c366153e773f0c120 Loading...

	shrtlk.biz/83Tdh	ScriptElement	2.4 kB	2025-06-15	2025-06-15
Pretty URL shrtlk.biz/83Tdh IP 104.21.20.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-15 09:16 Last Seen2025-06-15 09:16 Times Seen1 Hash 6c19589465539c8de938e7ecc5d64593 43ba678e17b0c68240be26b12bcd44cfe68ef0be 8d1ca836ce4dd146bf1ed50655b6c45c8be450c4809e54c2ec9cfb9a41180e85 Loading...

	www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447	ScriptElement	265 kB	2025-06-15	2025-06-15
Pretty URL www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-15 09:16 Last Seen2025-06-15 09:16 Times Seen1 Hash 0a9f7bbf127d2cd516ad2995d80cc135 b7bbd8d8d33999d1b97882f731a939ba12a85821 55a63acdc5c9f85db25c7c29f64f09f59e7c5c71477ab3350f0c28e142bc4a92 Loading...

HTTP Transactions (23)

URL IP Response Size

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

90 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
cf-ray: 9500f786a9f15697-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 214649
expires: Fri, 05 Jun 2026 09:16:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3BNExynHosMMBDiLGG%2BITs89PVgiQWaHIttxnAyKmKmrlFLFaaiG6rzgdj6MPYHmouF6Y%2FCagz5JldsprvDAETJ80Pd%2Bv49hBTBe556S78IFZ2JHiqtT9ytciAJ7ErxPQj6W%2BAvt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447

142.250.74.168

200 OK

408 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint93:AC:F6:E3:CB:D8:8F:95:04:0C:A1:34:97:CB:ED:C4:F9:99:EB:12
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type
JavaScript source, ASCII text, with very long lines (6004)
Size
408 kB (407778 bytes)
Hash
0df2202aeb9f659e139e59c25ec05674
4de15fb3775c1b6144bdb34af501248a395381b0
70b3fa50a9e5e2c15605a9c4508f4c4009095885152295a1b074c7297c1e5dac

HTTP Headers

GET /gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 15 Jun 2025 09:16:08 GMT
expires: Sun, 15 Jun 2025 09:16:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 134888
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447

142.250.74.168

200 OK

265 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint93:AC:F6:E3:CB:D8:8F:95:04:0C:A1:34:97:CB:ED:C4:F9:99:EB:12
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type
JavaScript source, ASCII text, with very long lines (2385)
Size
265 kB (264948 bytes)
Hash
0a9f7bbf127d2cd516ad2995d80cc135
b7bbd8d8d33999d1b97882f731a939ba12a85821
55a63acdc5c9f85db25c7c29f64f09f59e7c5c71477ab3350f0c28e142bc4a92

HTTP Headers

GET /gtag/js?id=UA-354543616&cx=c&gtm=457e56b1za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104661466~104661468~104718208~104736445~104736447 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 15 Jun 2025 09:16:08 GMT
expires: Sun, 15 Jun 2025 09:16:08 GMT
cache-control: private, max-age=900
last-modified: Sun, 15 Jun 2025 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 94660
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS dlrertomv.com/

139.45.197.101

200 OK

0 B

URL OPTIONS
dlrertomv.com/
IP
139.45.197.101:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectdlrertomv.com
FingerprintAB:0D:AF:73:59:04:F4:F1:8E:17:8D:B8:69:36:9D:3C:5E:86:79:A4
ValiditySat, 14 Jun 2025 11:16:49 GMT - Fri, 12 Sep 2025 11:16:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: dlrertomv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: HEAD
Access-Control-Request-Headers: content-type
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 15 Jun 2025 09:16:09 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

OPTIONS ccg90.com/wrr?z=7704232&p_rid=a330d025-21f9-4eda-bd88-6b8bbe206ca6&rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8=&dmn=ccg90.com&userId=0081e92c1a2a4f62ee31b5a121f8db12

139.45.197.106

204 No Content

0 B

URL OPTIONS
ccg90.com/wrr?z=7704232&p_rid=a330d025-21f9-4eda-bd88-6b8bbe206ca6&rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8=&dmn=ccg90.com&userId=0081e92c1a2a4f62ee31b5a121f8db12
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectccg90.com
Fingerprint56:09:8B:A2:B0:CC:2D:94:BB:34:A2:E9:A2:FD:C7:53:D9:F4:20:83
ValidityWed, 23 Apr 2025 09:55:55 GMT - Tue, 22 Jul 2025 09:55:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /wrr?z=7704232&p_rid=a330d025-21f9-4eda-bd88-6b8bbe206ca6&rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8=&dmn=ccg90.com&userId=0081e92c1a2a4f62ee31b5a121f8db12 HTTP/1.1
Host: ccg90.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 15 Jun 2025 09:16:10 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.20.99

200 OK

1.2 kB

URL GET
shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.20.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
JavaScript source, ASCII text, with very long lines (1238)
Size
1.2 kB (1239 bytes)
Hash
9e8f56e8e1806253ba01a95cfc3d392c
a8af90d7482e1e99d03de6bf88fed2315c5dd728
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/83Tdh
DNT: 1
Connection: keep-alive
Cookie: f3a3999957c8cda1759c05b7f498b99f=CKbLaRxW9uFZQJ627q0LPa57SiAYO8FM0LouvUJCzSMcBVhy6UdXrDIhM_hdEDV7Te0OX9PpQu5Wb4C-Otj7bg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: application/javascript
expires: Sun, 15 Jun 2025 10:04:08 GMT
cache-control: public
vary: accept-encoding
x-frame-options: DENY
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=j824%2FAANrvoi0NYfj2iEWDT7eC7EPCzxJHQ33zIQO7OmWatAxCprhCglqJvrtcyLqntWCA8rihf%2F1NSas3ucCe4c0tkgCtNd"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 9500f78648607128-OSL
X-Firefox-Spdy: h2

GET push-sdk.com/f/sdk.js?z=1558819

178.63.248.57

200 OK

55 kB

URL GET
push-sdk.com/f/sdk.js?z=1558819
IP
178.63.248.57:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectpush-sdk.com
Fingerprint2E:9A:67:76:0E:42:81:D5:30:A2:76:47:85:CA:6C:D7:FD:FF:38:9C
ValidityThu, 05 Jun 2025 03:47:05 GMT - Wed, 03 Sep 2025 03:47:04 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (54745), with no line terminators
Size
55 kB (54787 bytes)
Hash
f4d87b22393ed5eef57d01d86c6a88f6
5e1aaee78cd735c23cc423fc863decca30aee219
91cf9b34af48f3b62d706127b1140c89d8bb3a5455120acd2cfcfc41ab4ad5ee

HTTP Headers

GET /f/sdk.js?z=1558819 HTTP/1.1
Host: push-sdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Angie
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 15242
content-encoding: gzip
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate
vary: Accept-Encoding
X-Firefox-Spdy: h2

GET shrtlk.biz/wp-content/uploads/2025/04/favicon.png

104.21.20.99

200 OK

1.3 kB

URL GET
shrtlk.biz/wp-content/uploads/2025/04/favicon.png
IP
104.21.20.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
1.3 kB (1273 bytes)
Hash
77004a5b31f1c5ab30755cad675630cb
9ff49298b2f92e7895b7d47a115b2473fe3d35e1
f75a1c9fe89949bcaa5941eb8f583e9df82b4b07da88162fdb552660b7909b60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2025/04/favicon.png HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/83Tdh
DNT: 1
Connection: keep-alive
Cookie: f3a3999957c8cda1759c05b7f498b99f=biwn7xsYgctx3NOrgb1JMCXl4EYaZ_G7q4U2UNb8CDDCF28480w7ZuPgkiXoG3diJRNPCBqNpjbnK8Wwwz1lJQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXD0aFNcLf7zCbMscBvkWPUejc4ek15DEyjTE8s%2Bak%2F4blb1m5F7qyEg8D8qEhV4WA%2B7lmjHQ3K13gcBXAKuEw%2FnME69Uh5p%2F9fFUG8nA%2BTzarExiURQfzXUbhCZ"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 19 Apr 2025 08:25:23 GMT
vary: Accept-Encoding
etag: W/"68035df3-4f9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
age: 728720
cf-cache-status: HIT
cf-ray: 9500f78afc861c0a-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4862&min_rtt=1448&rtt_var=2673&sent=60&recv=81&lost=0&retrans=0&sent_bytes=7206&recv_bytes=5384&delivery_rate=456744&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=682f5aeffe445387&ts=1017&inflight_dur=45&x=80"

POST ccg90.com/wrr?z=7704232&p_rid=a330d025-21f9-4eda-bd88-6b8bbe206ca6&rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8=&dmn=ccg90.com&userId=0081e92c1a2a4f62ee31b5a121f8db12

139.45.197.106

204 No Content

0 B

URL POST
ccg90.com/wrr?z=7704232&p_rid=a330d025-21f9-4eda-bd88-6b8bbe206ca6&rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8=&dmn=ccg90.com&userId=0081e92c1a2a4f62ee31b5a121f8db12
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectccg90.com
Fingerprint56:09:8B:A2:B0:CC:2D:94:BB:34:A2:E9:A2:FD:C7:53:D9:F4:20:83
ValidityWed, 23 Apr 2025 09:55:55 GMT - Tue, 22 Jul 2025 09:55:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /wrr?z=7704232&p_rid=a330d025-21f9-4eda-bd88-6b8bbe206ca6&rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8=&dmn=ccg90.com&userId=0081e92c1a2a4f62ee31b5a121f8db12 HTTP/1.1
Host: ccg90.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 2580
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 15 Jun 2025 09:16:10 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET shrtlk.biz/wp-content/uploads/2025/04/logo.png

104.21.20.99

200 OK

12 kB

URL GET
shrtlk.biz/wp-content/uploads/2025/04/logo.png
IP
104.21.20.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
PNG image data, 684 x 230, 8-bit colormap, non-interlaced
Size
12 kB (12402 bytes)
Hash
09bae29b50ce7910314ded2a5d6481ea
26074d868508b6a4ebac91afbea1b0888f4a948a
1fdf97d7e41f1a6dea5ea8dbccfe97ae4b2804a40b9e9b7dfeb500926e923dd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2025/04/logo.png HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/83Tdh
DNT: 1
Connection: keep-alive
Cookie: f3a3999957c8cda1759c05b7f498b99f=CKbLaRxW9uFZQJ627q0LPa57SiAYO8FM0LouvUJCzSMcBVhy6UdXrDIhM_hdEDV7Te0OX9PpQu5Wb4C-Otj7bg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: image/png
server: cloudflare
last-modified: Sat, 19 Apr 2025 08:25:23 GMT
vary: Accept-Encoding
etag: W/"68035df3-3072"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
content-encoding: br
age: 2554713
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FgOD3tqBW3MCdaqVoUca8CReG4NF%2F55temf0CcuS5ImfolX7KXtUa8hm00k5WXCHY7oLvayDKmXRuEGH75eOgXvuVm9HkX5p"}]}
cf-ray: 9500f786485f7128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET shrtfly.vip/img/Join-Telegram-Channel.png

172.67.134.233

200 OK

20 kB

URL GET
shrtfly.vip/img/Join-Telegram-Channel.png
IP
172.67.134.233:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectshrtfly.vip
FingerprintB1:4D:83:BF:40:AB:E2:96:3B:67:68:28:FD:E9:16:35:76:F7:CB:88
ValidityThu, 24 Apr 2025 17:49:04 GMT - Wed, 23 Jul 2025 18:44:25 GMT

File type
PNG image data, 768 x 245, 8-bit colormap, non-interlaced
Size
20 kB (20023 bytes)
Hash
06ac021d13ac2211cfac5de3f4c0cab6
45496ca6056a32e5cf396fa657960020df4ccb13
cc860eff23be351ffc4a3249e2365f3271f162295e944ba4c1de8c37ee9e8141

HTTP Headers

GET /img/Join-Telegram-Channel.png HTTP/1.1
Host: shrtfly.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: image/png
content-length: 20023
server: cloudflare
last-modified: Thu, 16 May 2024 06:19:23 GMT
etag: "6645a56b-4e37"
expires: Sat, 21 Jun 2025 21:31:02 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
age: 2029506
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GBvQf3YnmdofAOQDi7LyZct3%2FI9DfwYnAA7FSR9HbiE6dBgZex5IPQuUGUlcxVTh7YqgKLYYFVxbj4gdenS3ZmAHxgA08aOr8Q%3D%3D"}]}
cf-ray: 9500f7883f40569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

HEAD dlrertomv.com/

139.45.197.101

200 OK

0 B

URL HEAD
dlrertomv.com/
IP
139.45.197.101:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectdlrertomv.com
FingerprintAB:0D:AF:73:59:04:F4:F1:8E:17:8D:B8:69:36:9D:3C:5E:86:79:A4
ValiditySat, 14 Jun 2025 11:16:49 GMT - Fri, 12 Sep 2025 11:16:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: dlrertomv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: text/html
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 15 Jun 2025 09:16:09 GMT
content-type: text/html
x-t23r23a21c41e1-51i55d95: 00000000000000000000000000000000
vary: Accept-Encoding, Origin
access-control-allow-origin: https://shrtlk.biz
access-control-expose-headers: Link, X-Application-Token, X-Application-Key, X-Tag, X-Auth-Token, X-DirectionPartner-Id, X-ZoneType-Id, X-Hostname
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
x-application-key: jdqwmAjpwS6z7jhzob70w
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

GET ccg90.com/5/7704232

139.45.197.106

200 OK

112 kB

URL GET
ccg90.com/5/7704232
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectccg90.com
Fingerprint56:09:8B:A2:B0:CC:2D:94:BB:34:A2:E9:A2:FD:C7:53:D9:F4:20:83
ValidityWed, 23 Apr 2025 09:55:55 GMT - Tue, 22 Jul 2025 09:55:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
112 kB (111817 bytes)
Hash
6c83b359199b6837ac223b6b2ef2bccd
0d58c628e40d575116f30ea76f9bfcbe0375060b
0b1e76e20f56471fd199c3b231bbaca29dca4ad96ee9547c366153e773f0c120

HTTP Headers

GET /5/7704232 HTTP/1.1
Host: ccg90.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 15 Jun 2025 09:16:09 GMT
content-type: application/javascript
x-trace-id: 4f18273afc76aa9733d885afdd305a7a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081e92c1a2a4f62ee31b5a121f8db12; expires=Mon, 15 Jun 2026 09:16:09 GMT; path=/; secure; SameSite=None
oaidts=1749978969; expires=Mon, 15 Jun 2026 09:16:09 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

HEAD shrtlk.biz/83Tdh

104.21.20.99

200 OK

0 B

URL HEAD
shrtlk.biz/83Tdh
IP
104.21.20.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

HEAD /83Tdh HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/83Tdh
DNT: 1
Connection: keep-alive
Cookie: f3a3999957c8cda1759c05b7f498b99f=CKbLaRxW9uFZQJ627q0LPa57SiAYO8FM0LouvUJCzSMcBVhy6UdXrDIhM_hdEDV7Te0OX9PpQu5Wb4C-Otj7bg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oll4wudmQrckpTy0gev6%2Bls9rU9CGo1BrQJaiLr7mxPhDH3NuKXcHwfZfP61qhYfdRrpfX0y9EuJc%2FkHl%2FKW%2BblIvYQkxm7RGE%2Fl84q%2FMaJhKqXZ3YB7uxnR4kxT"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
set-cookie: f3a3999957c8cda1759c05b7f498b99f=biwn7xsYgctx3NOrgb1JMCXl4EYaZ_G7q4U2UNb8CDDCF28480w7ZuPgkiXoG3diJRNPCBqNpjbnK8Wwwz1lJQ; expires=Mon, 16-Jun-2025 09:16:08 GMT; Max-Age=86400; path=/; domain=shrtlk.biz; HttpOnly; SameSite=Lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 9500f7892c7d1c0a-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5273&min_rtt=1448&rtt_var=2467&sent=58&recv=79&lost=0&retrans=0&sent_bytes=6194&recv_bytes=4949&delivery_rate=456744&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=682f5aeffe445387&ts=839&inflight_dur=23&x=80"

GET fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintE1:0C:8D:E3:24:8F:B1:9F:BA:8E:CF:BE:4B:8F:D6:6A:39:8A:9D:7A
ValidityMon, 19 May 2025 08:42:51 GMT - Mon, 11 Aug 2025 08:42:50 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48532, version 1.0
Size
48 kB (48532 bytes)
Hash
225835e6e0496c54dc2aca9f3d533892
942ef5298bbe74bfe44e445def5f2bfc94027fa8
acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087

HTTP Headers

GET /s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48532
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 10 Jun 2025 02:39:16 GMT
expires: Wed, 10 Jun 2026 02:39:16 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 28 May 2025 18:51:44 GMT
content-type: font/woff2
age: 455812
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2

142.250.74.35

200 OK

77 kB

URL GET
fonts.gstatic.com/s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintE1:0C:8D:E3:24:8F:B1:9F:BA:8E:CF:BE:4B:8F:D6:6A:39:8A:9D:7A
ValidityMon, 19 May 2025 08:42:51 GMT - Mon, 11 Aug 2025 08:42:50 GMT

File type
Web Open Font Format (Version 2), TrueType, length 76708, version 1.0
Size
77 kB (76708 bytes)
Hash
e4fb7cb2cabbdbaeb698e9107c10995b
6fcd8fb90adf70483ab37cd1055dd21f577c2ddf
37d43e1615cd7f5c6e41d0da9a45253b89c06837026ff7caed07519bf9493e05

HTTP Headers

GET /s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 76708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 12 Jun 2025 11:02:29 GMT
expires: Fri, 12 Jun 2026 11:02:29 GMT
cache-control: public, max-age=31536000
age: 252819
last-modified: Tue, 11 Mar 2025 01:16:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST push-sdk.com/event?z=1558819

178.63.248.57

200 OK

0 B

URL POST
push-sdk.com/event?z=1558819
IP
178.63.248.57:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectpush-sdk.com
Fingerprint2E:9A:67:76:0E:42:81:D5:30:A2:76:47:85:CA:6C:D7:FD:FF:38:9C
ValidityThu, 05 Jun 2025 03:47:05 GMT - Wed, 03 Sep 2025 03:47:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /event?z=1558819 HTTP/1.1
Host: push-sdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 83
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Angie
date: Sun, 15 Jun 2025 09:16:08 GMT
content-length: 0
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
pragma: no-cache
expires: Tue, 11 Jan 1994 00:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
X-Firefox-Spdy: h2

GET shrtlk.biz/83Tdh

104.21.20.99

200 OK

47 kB

URL User Request GET
shrtlk.biz/83Tdh
IP
104.21.20.99:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (28513), with CRLF, LF line terminators
Size
47 kB (47234 bytes)
Hash
6064f36ad0435828499b7b5663f41214
3da6b92b4ba31e567a547c75b48b2357e705c6d3
e6a6d0a0d3f1d8aa6e3efa713c22e6d58a4389566a890502f06c00a1e5a5b1ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /83Tdh HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 15 Jun 2025 09:16:07 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=siv%2BoqnZzJyL80qILmI%2FDbOoubqIrQkS2ojyYaA3jGZcDYeA8tQP4UG11Aq5I2TdnQFQqp2XGC%2BHhkkEWO3j31Kv0ocrns0f"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: f3a3999957c8cda1759c05b7f498b99f=CKbLaRxW9uFZQJ627q0LPa57SiAYO8FM0LouvUJCzSMcBVhy6UdXrDIhM_hdEDV7Te0OX9PpQu5Wb4C-Otj7bg; HttpOnly; SameSite=Lax; Path=/; Domain=shrtlk.biz; Max-Age=86400; Expires=Mon, 16 Jun 2025 09:16:07 GMT
cf-ray: 9500f7837c7e7128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap

142.250.178.106

200 OK

4.1 kB

URL GET
fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintFF:78:1F:2C:E7:6A:27:90:8B:25:07:97:DD:25:4A:FA:6F:1F:0F:31
ValidityMon, 19 May 2025 08:42:52 GMT - Mon, 11 Aug 2025 08:42:51 GMT

File type
ASCII text
Size
4.1 kB (4055 bytes)
Hash
c9f6a45a2a14d02a3541a1353aeb14d2
f9701501760cd4e6813d672fb73a7ca5c7139608
c9a1fa60eb7df47c3edd61c002806df25d2e7e6f6e956670dcece52fd207181c

HTTP Headers

GET /css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 15 Jun 2025 09:16:08 GMT
date: Sun, 15 Jun 2025 09:16:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET shrtlk.biz/wp-content/plugins/api-blueprint/assets/style.css?v=1.0.6a

104.21.20.99

200 OK

124 kB

URL GET
shrtlk.biz/wp-content/plugins/api-blueprint/assets/style.css?v=1.0.6a
IP
104.21.20.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
ASCII text
Size
124 kB (124157 bytes)
Hash
fecee00f27b98f2325707b0c1834938f
b715fb788d1f022f748e75b96e13f539c4478c08
b71515fb130226188620cdd236c56a9e69bf699518336d6610f858d989126866

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/api-blueprint/assets/style.css?v=1.0.6a HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/83Tdh
DNT: 1
Connection: keep-alive
Cookie: f3a3999957c8cda1759c05b7f498b99f=CKbLaRxW9uFZQJ627q0LPa57SiAYO8FM0LouvUJCzSMcBVhy6UdXrDIhM_hdEDV7Te0OX9PpQu5Wb4C-Otj7bg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 15 Jun 2025 09:16:08 GMT
content-type: text/css
server: cloudflare
last-modified: Sat, 19 Apr 2025 08:24:24 GMT
vary: Accept-Encoding
etag: W/"68035db8-1e4fd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
content-encoding: br
age: 4621112
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=XKtUJkXen4V1f0jGN92qNDKvDFBH22MSbrDA79rhL4HLJAnOFMSRMaFuAq9XuqpXWNk2pQ3lzy%2BTc74obRrvDiqCGwIHbppo"}]}
cf-ray: 9500f786485b7128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-108199505-1

142.250.74.168

200 OK

289 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-108199505-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint93:AC:F6:E3:CB:D8:8F:95:04:0C:A1:34:97:CB:ED:C4:F9:99:EB:12
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type
JavaScript source, ASCII text, with very long lines (5913)
Size
289 kB (289146 bytes)
Hash
859c833c164aec704f32f48b37df433d
99e050dcd22f3d202fece005302a664d70ae9f61
345bbc5a7836474244a68d00a3b9a0dcd041866257c3bc1b9c558bf8efac7670

HTTP Headers

GET /gtag/js?id=UA-108199505-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 15 Jun 2025 09:16:08 GMT
expires: Sun, 15 Jun 2025 09:16:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 101823
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js?userId=0081e92c1a2a4f62ee31b5a121f8db12

172.64.146.234

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=0081e92c1a2a4f62ee31b5a121f8db12
IP
172.64.146.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82
ValidityFri, 02 May 2025 11:10:51 GMT - Thu, 31 Jul 2025 12:10:47 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
92b621bbdc84b9ad0ae1e1981e39afd0
284e0ec59e0f5e33faffbe7dc9151ee2d8cce795
b03d118bb19e2eb440b67313c66c6efc00f9309a8b9a7f13df0ad6c2858c40bb

HTTP Headers

GET /gid.js?userId=0081e92c1a2a4f62ee31b5a121f8db12 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 15 Jun 2025 09:16:09 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrtlk.biz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081e92c1a2a4f62ee31b5a121f8db12; expires=Mon, 15 Jun 2026 09:16:09 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 9500f790a9d37129-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cm65.com/?rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8%3D&request_ab2=0&zoneid=7704232&js_build=iclick-v1.1458.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fshrtlk.biz%2F83Tdh&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=4&wgl=llvmpipe&js_build=iclick-v1.1458.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=a330d025-21f9-4eda-bd88-6b8bbe206ca6&userId=0081e92c1a2a4f62ee31b5a121f8db12&m=link

139.45.196.64

200 OK

2.8 kB

URL GET
cm65.com/?rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8%3D&request_ab2=0&zoneid=7704232&js_build=iclick-v1.1458.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fshrtlk.biz%2F83Tdh&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=4&wgl=llvmpipe&js_build=iclick-v1.1458.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=a330d025-21f9-4eda-bd88-6b8bbe206ca6&userId=0081e92c1a2a4f62ee31b5a121f8db12&m=link
IP
139.45.196.64:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/83Tdh
Certificate
IssuerLet's Encrypt
Subjectcm65.com
FingerprintBD:01:8C:80:04:37:F6:D8:A9:22:23:1C:50:86:41:99:E2:44:32:B9
ValidityTue, 22 Apr 2025 12:53:57 GMT - Mon, 21 Jul 2025 12:53:56 GMT

File type
JSON text data
Size
2.8 kB (2796 bytes)
Hash
71be17e001229e4b31d630662d2be257
c2aeb1dfe5a5ede7080cd5471623ea625b5b5153
a781e5029d75b370936f9b268fba24578a84a699a3e1230776c4e146c50c4e5b

HTTP Headers

GET /?rb=C3HKX4R7vz0aYoRPnzZR_ttC3m2ge-iZnT3pBjhV3XAdMwabHa2rHj0UW2e0aSELnTwTPIdyfWYtX-FgWa_pWZpg4f8M9rO5JI8OY0rxMWFB7-uUyvKx_u9MABQaM7fMkaULzZCu7T46tcjeazG1aaZ7sfF81S84cZp29Yz4TaYXQaB3v211d77-vQhgXfzlFr79o_h4KjEZzZXyGgpxqU-FsmdV7mUYI-Oh2pBL5Uim0e7tmKQ_YMaB_mqEZGo7eg01t6tNRy8%3D&request_ab2=0&zoneid=7704232&js_build=iclick-v1.1458.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fshrtlk.biz%2F83Tdh&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=4&wgl=llvmpipe&js_build=iclick-v1.1458.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=a330d025-21f9-4eda-bd88-6b8bbe206ca6&userId=0081e92c1a2a4f62ee31b5a121f8db12&m=link HTTP/1.1
Host: cm65.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 15 Jun 2025 09:16:10 GMT
content-type: application/json
x-trace-id: 3869dcfd706325f3a1d4496cd4f38084
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081e92c1a2a4f62ee31b5a121f8db12; expires=Mon, 15 Jun 2026 09:16:10 GMT; path=/; secure; SameSite=None
oaidts=1749978970; expires=Mon, 15 Jun 2026 09:16:10 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 22 Jun 2025 09:16:10 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML