Report - sh.st/st/67bc8ab5ab558c89e176234140e8de87/drop.hitmoe.com/goto/mexa.sh/FWqWsz3tDPBM.zip

Report Overview

Submitted URL
sh.st/st/67bc8ab5ab558c89e176234140e8de87/drop.hitmoe.com/goto/mexa.sh/FWqWsz3tDPBM.zip
IP
104.26.6.218
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-07 06:01:13
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sh.st	118569	2013-07-01	2014-06-27	2023-06-07	543 B	229 kB	104.26.6.218
endangersquarereducing.com	unknown	2022-04-07	2022-04-12	2023-06-06	360 B	514 B	192.243.61.225
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-07	1.0 kB	95 kB	216.58.207.227
ja.rewashwudu.com	unknown	2022-10-04	2022-10-04	2023-06-06	327 B	1.5 kB	172.255.6.232
ptauxofi.net	35628	2021-03-31	2021-03-31	2023-06-06	4.3 kB	180 kB	139.45.197.250
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2023-06-07	2.0 kB	2.0 kB	139.45.197.250
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-07	433 B	4.0 kB	142.250.74.106
xdiwbc.com	unknown	2023-02-07	2023-02-07	2023-06-07	426 B	5.3 kB	172.64.107.34
static.sh.st	276104	2013-07-01	2016-10-20	2023-06-06	1.1 kB	118 kB	104.26.6.218
prhzxq.com	unknown	2022-06-29	2022-06-29	2023-06-06	983 B	800 B	185.162.85.1
ubbfpm.com	unknown	2022-05-31	2022-05-31	2023-06-07	403 B	201 kB	95.216.206.230
destyy.com	195997	2017-05-05	2017-05-09	2023-06-06	2.3 kB	41 kB	172.67.68.250
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-06-07	865 B	97 kB	142.250.74.168
xngqoc.com	unknown	2023-03-03	2023-03-03	2023-06-07	1.4 kB	543 B	185.162.85.1
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-06-07	505 B	738 B	139.45.195.8
i.wmgtr.com	13696	2020-09-11	2020-09-11	2023-06-06	832 B	722 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-07	medium	xngqoc.com
2023-06-07	medium	xngqoc.com
2023-06-07	medium	xngqoc.com

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	ja.rewashwudu.com/fmwhVStpL4dxap/46223	6 B	2023-03-07	2024-04-18
Pretty URL ja.rewashwudu.com/fmwhVStpL4dxap/46223 IP 172.255.6.232 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:39 Last Seen2024-04-18 12:10:03 Times Seen8669 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	unknown	26 kB	2023-03-07	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-04-16 19:37:52 Times Seen2058 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1	26 kB	2023-06-06	2023-06-28
Pretty URL destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-06 17:14:41 Last Seen2023-06-28 07:45:26 Times Seen20 Hash 48ea58a062d34062336e9b25aaf3b0e2 04359b3911f05659fa0d9f9df3af118750134ed2 e2e150421ef46cc7e6bf5865b53d6bc47489e7bcae4434acd7c35aa61507d162 Loading...

	destyy.com/sandbox%20eval%20code	147 B	2023-04-11	2024-04-18
Pretty URL destyy.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-18 12:48:40 Times Seen340621 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	ubbfpm.com/ms/1102360/inpage.js	201 kB	2023-04-06	2024-03-06
Pretty URL ubbfpm.com/ms/1102360/inpage.js IP 95.216.206.230 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 00:22:18 Last Seen2024-03-06 04:49:02 Times Seen540 Hash af413834dffb762ffcfa6c20ce98ad42 1cc019785a20cf05f8804da008409a6ed8ba4a72 37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0 Loading...

	destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1	412 B	2023-03-07	2024-03-06
Pretty URL destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:01 Times Seen287 Hash e57a17959756709555be23700fdf86e0 5f995918711370e6c6847a0942d9007cf364cc21 537be2c7d2a919573cfcb2a600e327546e046b656e1ff22513ca98f03965a3ed Loading...

	ptauxofi.net/pfe/current/tag.min.js?z=4157053	15 kB	2023-06-02	2023-06-15
Pretty URL ptauxofi.net/pfe/current/tag.min.js?z=4157053 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 16:00:16 Last Seen2023-06-15 14:24:40 Times Seen412 Hash a638f334f18bf9bef5435cdffe56f9f0 503868073788922413ff3cad1d6404928280acce 79956329e90a4e4abfdf9c3a4d69d4c78e32b8b1d9f602add95d9e9d0cc32b29 Loading...

	destyy.com/shortest-url/end-adsession?adSessionId=2216ab39e21a124ae5967ee7ac604303e0969aad&adbd=0&callback=reqwest_1686117655357	120 B	2023-06-07	2023-06-07
Pretty URL destyy.com/shortest-url/end-adsession?adSessionId=2216ab39e21a124ae5967ee7ac604303e0969aad&adbd=0&callback=reqwest_1686117655357 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-07 08:01:14 Last Seen2023-06-07 08:01:15 Times Seen2 Hash d40a17ecdc37b80a90846c8c4af6ee10 d456e9d904a91523581c27950db0f6eafae51b09 f5b68a568570cdabaa281da421d29997a4338a07d94c06ca659ae190b51ccfd3 Loading...

	destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1	385 B	2023-03-07	2024-03-06
Pretty URL destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:01 Times Seen287 Hash 18f785c58c9ad2590695ebb6a75b48f0 9260be0a1f90cd980c5cd2197dfe4835100a31f6 8ff650b1e7d5cdd15bd9b492c15b443a53cf3fa85f0ed1ab907afe74aa127d92 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ	107 kB	2023-06-07	2023-06-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-07 08:01:08 Last Seen2023-06-07 08:01:15 Times Seen6 Hash 63436e519d9e154e17c3ec1c848a0d62 2732808d889b7ffe2cb7984f1414979e310c208b 8b7ec7d06cf3485476e6789c0aa435b5109639f66cb5aae4663fc73bac7ffeeb Loading...

	destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1	173 B	2023-03-07	2024-03-06
Pretty URL destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:02 Times Seen287 Hash a881bba8a59d80992e9c397d3cc3d67a 85ab04d40c85bd897b78a88dd6da95671fa6d64e dbd5a5ffb649a1301d16a94539210972ab60b8e7972f4b073d6199a6c5268888 Loading...

	destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1	2.7 kB	2023-06-07	2023-06-07
Pretty URL destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-07 08:01:14 Last Seen2023-06-07 08:01:14 Times Seen1 Hash fbe703de57c028644b23f47c9ca1d4bb aca45643c2b81cbcb3fc53cb6d82ee6aab67c4e5 6e60366ce6e136d2a2bfaf736570ffce4fb7f35e18d1528fc769c42986993514 Loading...

	destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1	224 B	2023-03-07	2024-03-06
Pretty URL destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:02 Times Seen285 Hash 1257ac8e5dfe1e338f9a7190fac3bf8b 91039ad3afbab7525d86a3220ded4109a7f112a7 dbfe45437742f1831de6c1818e9060e0ec9d588b4779558f9c91f621453666ea Loading...

	unknown	103 kB	2023-06-02	2023-06-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 16:00:16 Last Seen2023-06-15 14:24:44 Times Seen484 Hash 88abe13cd309c4d0ebbf8a298e5bdffe f40d8541f2f56659251117a14e336aecf7eecb4a d3df0432dffd1232981b9d981cd6c4618f56ae992502729c36dd2e25be41b642 Loading...

	www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c	142 kB	2023-06-07	2023-06-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-07 08:01:15 Last Seen2023-06-07 08:01:20 Times Seen4 Hash b74edeea544b7190a4fd9fc59603d8ba 5d1841540bd48f18408ae0bff48461794e57efde 497ea29fad3e4a053901b61963e7f741552083e39cacb5bae86018e5fa8f9cd9 Loading...

	destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1	338 B	2023-05-22	2024-02-13
Pretty URL destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1 IP 172.67.68.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-22 12:40:32 Last Seen2024-02-13 22:48:10 Times Seen11 Hash ccd42c1f916aa9a233b443d20c9b3703 f9956ff86a5166d32364cb9e10430ed6c0d5216c c76aaa96e927aec0391a180be33a1653a66231953e8caace3081abb564af47bf Loading...

	static.sh.st/js/packed/interstitial-page.js?2022-06-29.0	81 kB	2023-04-06	2024-03-06
Pretty URL static.sh.st/js/packed/interstitial-page.js?2022-06-29.0 IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 00:22:18 Last Seen2024-03-06 04:49:02 Times Seen492 Hash 06eb8d871dccb0da41b67abac7022ba9 dbe95283dcf49fac294a7d3445efad665c2ee790 88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-18 12:48:40 Times Seen340125 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

		Size	First Seen	Last Seen
	#1 Write - 961ccfddcdc77ce42f104100c4185fcc	51 kB	2023-03-07	2024-03-05
Pretty Observations First Seen2023-03-07 12:23:34 Last Seen2024-03-05 07:54:31 Times Seen52 Hash 961ccfddcdc77ce42f104100c4185fcc 1f337e9b3c212e33f7e204d6aec9aa9e01ffad44 5da0c7e0ab69c2c20e2357cbb615df2343b2c91725e32e5ab83bea4842478565 Loading...

HTTP Transactions (39)

URL IP Response Size

destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

172.67.68.250

200 OK

36 kB

URL User Request GET HTTP/1.1
destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
IP
172.67.68.250:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26650), with CRLF, LF line terminators
Size
36 kB (36154 bytes)
Hash
2ddd53b0b6bc3d84ae421cc1af4fe2db
c338b4170da65ae31341b80fb453d4eaaa22d527
b8f88d1ddbb14cdfc918d6729157a759df437db322c1b1f6ee519379e7c528d4

HTTP Headers

GET /egIasn?utm_source=&utm_medium=QL&utm_name=1 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u16
Set-Cookie: PHPSESSID=jdl46ddbq08pj0cpvb4i0atgp7; expires=Wed, 07-Jun-2023 07:00:55 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Thu, 06-Jun-2024 06:00:55 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1eotStNs4YxbsQh8mjzD5pPFwHJZrVhPARQ%2BWaCc9Z9NZOkQdUBJXdznmjl4kbGZU0%2BK4XL8UmbzP%2B2rNi%2FPKlCjQBagC8He%2Bndij8GNNrfSGq%2Bq3WGkUprro0nX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d36ad721f320b59-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400

static.sh.st/js/packed/interstitial-page.js?2022-06-29.0

104.26.6.218

200 OK

25 kB

URL GET HTTP/1.1
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP
104.26.6.218:80
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type
Unicode text, UTF-8 text, with very long lines (20454)
Size
25 kB (24685 bytes)
Hash
06eb8d871dccb0da41b67abac7022ba9
dbe95283dcf49fac294a7d3445efad665c2ee790
88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef

HTTP Headers

GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Wed, 07 Jun 2023 19:36:56 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 37439
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDfSx9SK3OETSTstZK3fSrB1wN%2BY7Rrd55%2Ff7%2Bi6OEvynzJfHoZ2t4dVuRdiX5LfsjEXwr4N%2Bog6y8w%2BKVIMjoRWzEzoXWhR5XDHmKeF9QXZO0T6EWtgQW6lQyQW9w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d36ad748dedb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0

104.26.6.218

200 OK

6.2 kB

URL GET HTTP/1.1
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP
104.26.6.218:80
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type
PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Size
6.2 kB (6226 bytes)
Hash
9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

HTTP Headers

GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Wed, 07 Jun 2023 14:06:57 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 57238
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2Bk5PX4YYOS2FJ2b7aYVuJb%2FlxhG8JFbcadqEoAwUj0LIIk4qG6f7f2h4OYyZEa%2BL2dVTxpBUx9hEqSsIk2chxdqv07rm4jflFOBUJ%2BQIdVRg17%2BGhfBKHxorxUXmg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d36ad74de5bb4ff-OSL
alt-svc: h2=":443"; ma=60

ja.rewashwudu.com/fmwhVStpL4dxap/46223

172.255.6.232

200 OK

26 B

URL GET HTTP/1.1
ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP
172.255.6.232:80
ASN
#7979 SERVERS-COM

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

HTTP Headers

GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://destyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Thu, 08-Jun-2023 06:00:55 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjMuqwjAURWuquRalsuF%2BgD9g8TlwqvN24AeEUo8SqDkhiY%2F69doK4mSzWbBWFEXiP4XQFuPtItvOs%2FUyW2zWiM%2FEEHmBccVXE1yjTHkhyJzdvWwgHZ01G4j5CqPPVxUfCYO8mP2wThoVvubpvu006Fe63RYhaf%2FH%2B3t7HYu1t0h3tX5MD1xfw7vikRgKyluiI5I9O8uuDIT0S7uGjDHUXlnHj0b2MAn6Qk82pPh08hSkQO8mxQs5rUge; expires=Thu, 08-Jun-2023 06:00:55 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

sh.st/st/67bc8ab5ab558c89e176234140e8de87/drop.hitmoe.com/goto/mexa.sh/FWqWsz3tDPBM.zip

104.26.6.218

302 Found

228 kB

URL User Request GET HTTP/2
sh.st/st/67bc8ab5ab558c89e176234140e8de87/drop.hitmoe.com/goto/mexa.sh/FWqWsz3tDPBM.zip
IP
104.26.6.218:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:7F:86:BA:DE:5A:E8:C6:45:7C:7C:55:01:BC:71:BB:54:01:6B:CF
ValiditySun, 30 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (38142)
Size
228 kB (228139 bytes)
Hash
cae9c8866e7e32ac9b63aa2c1a4cfbb5
2d23c1ce04f95aee7e5ff2089a2501b520eb8cc1
dbb879a0d9663a969b66a342c2b405e24592e46121654705bc54a1bb960e58f7

HTTP Headers

GET /st/67bc8ab5ab558c89e176234140e8de87/drop.hitmoe.com/goto/mexa.sh/FWqWsz3tDPBM.zip HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 07 Jun 2023 06:00:55 GMT
content-type: text/html; charset=UTF-8
location: http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
x-powered-by: PHP/5.6.40-0+deb8u16
cache-control: no-cache
x-server-id: shn06
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cf-cache-status: BYPASS
set-cookie: PHPSESSID=su2b8mp9eeamn5s6br1ig37p03; expires=Wed, 07-Jun-2023 07:00:55 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Thu, 06-Jun-2024 06:00:55 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ON3HKivp9Ij5Un6sOsXcOXR2TwjMPFDXqDQhu8eIGCKP4t%2FfCVP5VceugAWBcz2tXuokP0mPB1F%2FCa0uPSk63LejuxqWZwH13OH0%2FfB%2Bur2fLYrEaE4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d36ad712ecc0b51-OSL
X-Firefox-Spdy: h2

destyy.com/bundles/smeweb/img/tracking-168861.gif?t=1686117655

172.67.68.250

200 OK

43 B

URL GET HTTP/1.1
destyy.com/bundles/smeweb/img/tracking-168861.gif?t=1686117655
IP
172.67.68.250:80
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/tracking-168861.gif?t=1686117655 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GORxvrRy0PthF0hu84GdYonLR0oHeLbj5h5lcNxM%2FJe91oCUAmaMFlBh8XRjFONLCjQI3YQ9VxtDqCJKbQkSzFhPAjGc8z%2FZwFrLYHh%2Bdw%2FtR8mjVLbAH1WtVODu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d36ad74da140b59-OSL
alt-svc: h3=":443"; ma=86400

destyy.com/bundles/advertisement/img/tracking.gif?test=2216ab39e21a124ae5967ee7ac604303e0969aad

172.67.68.250

200 OK

0 B

URL GET HTTP/1.1
destyy.com/bundles/advertisement/img/tracking.gif?test=2216ab39e21a124ae5967ee7ac604303e0969aad
IP
172.67.68.250:80
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bundles/advertisement/img/tracking.gif?test=2216ab39e21a124ae5967ee7ac604303e0969aad HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ouxpsnm5Mw41rs8L9RlzV3SYJAv8CPayCU2g1774MrG7%2FJRd1Hs5nwLC1ZNgGsrF60bxciQa7WXcZIf6nMfCZIX4aiJ7JtQdq8H9rt7lWFNH944WHIyhTMAuyODK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d36ad74dc35b4f4-OSL
alt-svc: h3=":443"; ma=86400

destyy.com/bundles/smeweb/img/advertisement-tracking-168861.gif?t=1686117655

172.67.68.250

200 OK

43 B

URL GET HTTP/1.1
destyy.com/bundles/smeweb/img/advertisement-tracking-168861.gif?t=1686117655
IP
172.67.68.250:80
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/advertisement-tracking-168861.gif?t=1686117655 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn06
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NbXRbY%2FRGp4WMonJY1d3WHxs9nQ4mjmjHCZATarbehTeS%2FfRCDfuHewR7QK3El0OCwzfyyvRHJki%2FhlEuc2YV9v9XVBcalxfMZS6tqTz9BLbHLoq41Pxa0yY0glC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d36ad74da6b1c0a-OSL
alt-svc: h3=":443"; ma=86400

static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0

104.26.6.218

200 OK

84 kB

URL GET HTTP/1.1
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP
104.26.6.218:80
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type
PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Size
84 kB (84545 bytes)
Hash
0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

HTTP Headers

GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:00:56 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Expires: Wed, 07 Jun 2023 10:56:28 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 68668
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rI96Kin%2BjJE2yTHb22XeayDE0sgOK%2FpymZ52WM8I7wZH%2B90S4KktJa4et1Odf%2Fg6YYsbOYeFCpzs4Pa9lF4dFW0KFsVbxjjMUCDUrZyCPb6Jakb233CjDq4ExcOHTg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d36ad75ffb8b4ff-OSL
alt-svc: h2=":443"; ma=60

endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js

192.243.61.225

403 Forbidden

0 B

URL GET HTTP/1.1
endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP
192.243.61.225:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

216.58.207.227

200 OK

46 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Size
46 kB (46524 bytes)
Hash
c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

HTTP Headers

GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Jun 2023 10:39:52 GMT
expires: Wed, 05 Jun 2024 10:39:52 GMT
cache-control: public, max-age=31536000
age: 69664
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

216.58.207.227

200 OK

46 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Size
46 kB (46524 bytes)
Hash
c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

HTTP Headers

GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Jun 2023 10:39:52 GMT
expires: Wed, 05 Jun 2024 10:39:52 GMT
cache-control: public, max-age=31536000
age: 69664
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

142.250.74.168

200 OK

42 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
ASCII text, with very long lines (2271)
Size
42 kB (41629 bytes)
Hash
63436e519d9e154e17c3ec1c848a0d62
2732808d889b7ffe2cb7984f1414979e310c208b
8b7ec7d06cf3485476e6789c0aa435b5109639f66cb5aae4663fc73bac7ffeeb

HTTP Headers

GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Jun 2023 06:00:56 GMT
expires: Wed, 07 Jun 2023 06:00:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41629
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=

139.45.197.250

200 OK

908 B

URL GET HTTP/2
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type
JSON data\012- , ASCII text, with very long lines (907)
Size
908 B (908 bytes)
Hash
aa10e80f23b05dd956f0e6d06a8349fc
94b31c78d69a09eb52a5a4a98fcb87f6e986732c
06569a30fc27c6f587f908ef3e90d0bd7ef489a4d2c24664937a491097857382

HTTP Headers

GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/json; charset=utf-8
content-length: 908
x-trace-id: d690af28913e88c73d973d0091e8fc6d
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

xngqoc.com/er?a=1

185.162.85.1

200 OK

0 B

URL GET HTTP/2
xngqoc.com/er?a=1
IP
185.162.85.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /er?a=1 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 07 Jun 2023 06:00:56 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2

xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWdJYXNu

185.162.85.1

204 No Content

0 B

URL GET HTTP/2
xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWdJYXNu
IP
185.162.85.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWdJYXNu HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Wed, 07 Jun 2023 06:00:56 GMT
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c

142.250.74.168

200 OK

54 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
ASCII text, with very long lines (2271)
Size
54 kB (54489 bytes)
Hash
b74edeea544b7190a4fd9fc59603d8ba
5d1841540bd48f18408ae0bff48461794e57efde
497ea29fad3e4a053901b61963e7f741552083e39cacb5bae86018e5fa8f9cd9

HTTP Headers

GET /gtag/js?id=AW-997869120&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Jun 2023 06:00:56 GMT
expires: Wed, 07 Jun 2023 06:00:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54489
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xngqoc.com/trt?a=1&t=132

185.162.85.1

200 OK

0 B

URL GET HTTP/2
xngqoc.com/trt?a=1&t=132
IP
185.162.85.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /trt?a=1&t=132 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 07 Jun 2023 06:00:56 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Content-Length: 395
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1ba890547e8837a2017b3120068979c5
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Content-Length: 751
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 647bee4950cfb3cff0d2f8297e211588
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=8e35bde894c54ae08885bc41e6ad7a34&zoneId=4157053&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=8e35bde894c54ae08885bc41e6ad7a34&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
07ee9d96ce0736dec89e825d0f8b28dc
522efbb279fafd97ecba5565ac8f159d5a8e0235
190669f86ae5d8b19c555a9c1642184723cbfdff7c561532ed6ffe60d002d066

HTTP Headers

GET /gid.js?pub=0&userId=8e35bde894c54ae08885bc41e6ad7a34&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://destyy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8e35bde894c54ae08885bc41e6ad7a34; expires=Thu, 06 Jun 2024 06:00:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWdJYXNu&inc=1

185.162.85.1

200 OK

332 B

URL GET HTTP/2
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWdJYXNu&inc=1
IP
185.162.85.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectprhzxq.com
FingerprintE2:7B:B2:5A:29:BC:18:8B:54:42:18:94:DC:A8:70:6D:AC:91:62:83
ValidityTue, 21 Mar 2023 21:20:12 GMT - Mon, 19 Jun 2023 21:20:11 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (394), with no line terminators
Size
332 B (332 bytes)
Hash
e17d64411fdc7b5f4c0f9cf7634b17a8
71e3712384182c473159b82a70bb33e06bc51cf1
dc458a91ea962eb6ceb92560fbb4b0a4738fd8a9b1c4bd244242956cfefc2edd

HTTP Headers

GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWdJYXNu&inc=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
9d73cf03e043f21cc0dfe3e33ce4fb13
d3243ae2b234bef0a27bcec8be6259342d03c2db
bf284808a288659bda9f01e39036a4d9619826790455e1450f1cbbce27ef6c62

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Content-Length: 518
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: f53092fa94e8389e7c8580bebfeea5d9
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
86f16ce631677aced9bf75555ceaffa7
0c756b22c7ebf97f8e6a934b439955fade69803d
8bd690727297cd556339231397aaae7ad16adf83486a0faefc97e1f7fda85ee8

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Content-Length: 518
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 02ec0d8831eb94eca8c08f531e293100
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Content-Length: 396
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f399cc89c65ad07fc09aff282139e3f5
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

destyy.com/shortest-url/end-adsession?adSessionId=2216ab39e21a124ae5967ee7ac604303e0969aad&adbd=0&callback=reqwest_1686117655357

172.67.68.250

200 OK

141 B

URL GET HTTP/1.1
destyy.com/shortest-url/end-adsession?adSessionId=2216ab39e21a124ae5967ee7ac604303e0969aad&adbd=0&callback=reqwest_1686117655357
IP
172.67.68.250:80
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1

File type
ASCII text, with no line terminators
Size
141 B (141 bytes)
Hash
d40a17ecdc37b80a90846c8c4af6ee10
d456e9d904a91523581c27950db0f6eafae51b09
f5b68a568570cdabaa281da421d29997a4338a07d94c06ca659ae190b51ccfd3

HTTP Headers

GET /shortest-url/end-adsession?adSessionId=2216ab39e21a124ae5967ee7ac604303e0969aad&adbd=0&callback=reqwest_1686117655357 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.1335033579.1686117656
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 07 Jun 2023 06:01:02 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u16
Set-Cookie: PHPSESSID=n8om8uojqh4rpnh4ftgqt1npf7; expires=Wed, 07-Jun-2023 07:01:02 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=http%3A%2F%2Fdestyy.com%2FegIasn%3Futm_source%3D%26utm_medium%3DQL%26utm_name%3D1; expires=Thu, 08-Jun-2023 06:01:02 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Server-ID: shn08
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5aN2fAMV1X4sxHyg%2BzPGU%2BwJfXUl1Jdp0grzhDAlqWoNwZlGvtvSjQB9BjPr8xO2NBKPusL%2FCuwFZ7qhzwxWpSWFkurTTFZ0x3asZLyELX73Ko%2FoGEyX6NTUjDo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d36ad9d7c741c0a-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400

ptauxofi.net/pfe/current/universal.min.js?v=3.1.438

139.45.197.250

200 OK

103 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.438
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
103 kB (103263 bytes)
Hash
88abe13cd309c4d0ebbf8a298e5bdffe
f40d8541f2f56659251117a14e336aecf7eecb4a
d3df0432dffd1232981b9d981cd6c4618f56ae992502729c36dd2e25be41b642

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.438 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/javascript
last-modified: Fri, 02 Jun 2023 13:08:32 GMT
etag: W/"6479e9d0-1935f"
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Raleway:400,700

142.250.74.106

200 OK

3.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway:400,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (3420), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
72a2e829ec44370c62ec35ff9856e477
721218c8cef4bacbccb86cf872d10f0b8c9bf093
5f38247aaacdf3b2f9954c2290dd948e61d1d5a4b6abe1dc5fa4620ed607f744

HTTP Headers

GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Jun 2023 06:00:55 GMT
date: Wed, 07 Jun 2023 06:00:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/tag.min.js?z=4157053

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type
C source, ASCII text, with very long lines (14679), with no line terminators
Size
15 kB (14679 bytes)
Hash
a638f334f18bf9bef5435cdffe56f9f0
503868073788922413ff3cad1d6404928280acce
79956329e90a4e4abfdf9c3a4d69d4c78e32b8b1d9f602add95d9e9d0cc32b29

HTTP Headers

GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:55 GMT
content-type: application/javascript
last-modified: Fri, 02 Jun 2023 13:08:32 GMT
etag: W/"6479e9d0-3957"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ubbfpm.com/ms/1102360/inpage.js

95.216.206.230

200 OK

201 kB

URL GET HTTP/1.1
ubbfpm.com/ms/1102360/inpage.js
IP
95.216.206.230:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectubbfpm.com
FingerprintA2:0C:E1:AA:B3:4F:02:D9:6C:68:9E:FE:AA:AD:20:F2:F2:F3:CB:7C
ValiditySun, 28 May 2023 13:41:52 GMT - Sat, 26 Aug 2023 13:41:51 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
201 kB (200738 bytes)
Hash
af413834dffb762ffcfa6c20ce98ad42
1cc019785a20cf05f8804da008409a6ed8ba4a72
37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0

HTTP Headers

GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Jun 2023 06:00:55 GMT
Content-Type: application/javascript
Content-Length: 200738
Last-Modified: Fri, 21 Apr 2023 15:45:14 GMT
Connection: keep-alive
ETag: "6442af8a-31022"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes

xdiwbc.com/template/social.html

172.64.107.34

200 OK

4.6 kB

URL GET HTTP/2
xdiwbc.com/template/social.html
IP
172.64.107.34:443
ASN
#13335 CLOUDFLARENET

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerGoogle Trust Services LLC
Subjectxdiwbc.com
Fingerprint61:FF:DC:7A:FB:AC:AA:50:F3:3E:E2:87:38:DC:6A:46:09:4F:B8:D9
ValidityMon, 05 Jun 2023 18:53:28 GMT - Sun, 03 Sep 2023 18:53:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4639), with no line terminators
Size
4.6 kB (4579 bytes)
Hash
474cf430e4f70fc61a3695cb75f686de
8c14127415e490dff27896747f730ca8e49a957a
12fe3666e6b24360e737799e0cb1eafc47e6f11ccc109562f5426767a8529ef7

HTTP Headers

GET /template/social.html HTTP/1.1
Host: xdiwbc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: http://destyy.com
cache-control: max-age=14400
cf-cache-status: HIT
age: 585
last-modified: Wed, 07 Jun 2023 05:51:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAbBuMM4JVxvV%2BDe6VkGnYsCxDuvjx34L08KTrVFgHqz42j5k5o5P83WWMOQNtuExPjCDv2ugCrlM3u4SwpklxwyDqyKctlZa2jNceaWyTNgwi8xNEf3SKfiOmFM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d36ad79783e0722-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

prhzxq.com/wnrw?aid=6909918252326666566&a=1

185.162.85.1

200 OK

0 B

URL GET HTTP/2
prhzxq.com/wnrw?aid=6909918252326666566&a=1
IP
185.162.85.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectprhzxq.com
FingerprintE2:7B:B2:5A:29:BC:18:8B:54:42:18:94:DC:A8:70:6D:AC:91:62:83
ValidityTue, 21 Mar 2023 21:20:12 GMT - Mon, 19 Jun 2023 21:20:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wnrw?aid=6909918252326666566&a=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 07 Jun 2023 06:00:56 GMT
content-length: 0
access-control-allow-origin: http://destyy.com
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintAF:B4:C4:7A:83:50:A4:53:5D:0F:35:13:C2:AB:4D:74:A3:C8:E3:1B
ValidityTue, 21 Mar 2023 05:09:12 GMT - Mon, 19 Jun 2023 05:09:11 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: application/javascript
last-modified: Fri, 02 Jun 2023 13:08:32 GMT
etag: W/"6479e9d0-df63"
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

i.wmgtr.com/cim/u1a7YOlSqOHS_OZ5054Pd3wsY96uiWEK.png

0.0.0.0

0 B

URL GET
i.wmgtr.com/cim/u1a7YOlSqOHS_OZ5054Pd3wsY96uiWEK.png
IP
0.0.0.0:0
ASN
#0

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjecti.wmgtr.com
Fingerprint7D:1B:65:9B:B8:35:3F:63:AA:D6:0E:B1:DB:13:80:AA:F0:55:75:FC
ValiditySun, 23 Apr 2023 23:02:02 GMT - Sat, 22 Jul 2023 23:02:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cim/u1a7YOlSqOHS_OZ5054Pd3wsY96uiWEK.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: image/png
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
content-encoding: gzip
cache-control: max-age=82800
expires: Thu, 08 Jun 2023 05:00:56 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

i.wmgtr.com/cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png

0.0.0.0

0 B

URL GET
i.wmgtr.com/cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png
IP
0.0.0.0:0
ASN
#0

Requested by
http://destyy.com/egIasn?utm_source=&utm_medium=QL&utm_name=1
Certificate
IssuerLet's Encrypt
Subjecti.wmgtr.com
Fingerprint7D:1B:65:9B:B8:35:3F:63:AA:D6:0E:B1:DB:13:80:AA:F0:55:75:FC
ValiditySun, 23 Apr 2023 23:02:02 GMT - Sat, 22 Jul 2023 23:02:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 07 Jun 2023 06:00:56 GMT
content-type: image/png
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
content-encoding: gzip
cache-control: max-age=82800
expires: Thu, 08 Jun 2023 05:00:56 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL