Report - destyy.com/efPMpF

Report Overview

URL

destyy.com/efPMpF
IP

104.26.6.218

ASN

#13335 CLOUDFLARENET
Submitted

2023-01-14T22:00:55Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

15

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
www.google-analytics.com (2)	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1619	1056	216.239.34.178
www.google.no (1)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	727	757	142.250.74.163
www.google.com (1)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	728	757	142.250.74.132
ja.rewashwudu.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	572	2632	172.255.6.140
toncooperateapologise.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	684	14577	192.243.59.12
banquetunarmedgrater.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	287	327	192.243.61.225
ptauxofi.net (8)	35628	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3446	77623	139.45.197.250
js-agent.newrelic.com (5)	378	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1910	17895	151.101.2.137
toxicrookie.com (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2701	6489	192.243.59.13
e1.o.lencr.org (3)	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1014	2184	23.36.77.32
r3.o.lencr.org (11)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3718	9749	23.36.77.32
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375	39365	142.250.74.168
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	54.189.85.130
static.sh.st (3)	276104	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	992	117903	104.26.7.218
unseenreport.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1256	846	192.243.59.12
cdn.creative-bars1.com (8)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3259	64879	172.64.167.9
fonts.gstatic.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476	47473	216.58.207.227
prhzxq.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	504	238	185.162.85.4
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390	746	142.250.74.74
static.shorte.st (1)	441905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	410	752	104.26.4.107
destyy.com (5)	195997	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2248	42891	172.67.68.250
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5843	34.160.144.191
endangersquarereducing.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	319	21444	173.233.137.60
simplewebanalysis.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379	402	52.58.124.101
my.rtmark.net (1)	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	464	738	139.45.195.8
friendshipmale.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	273	28545	172.64.167.29
bam.nr-data.net (1)	630	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	901	510	162.247.241.14
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
ocsp.pki.goog (12)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4116	8394	216.58.211.3
ubbfpm.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	360	137435	95.216.206.230
cdn.yourwebbars.com (1)	62037	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	412	3288	104.26.6.19
ocsp.digicert.com (4)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1364	2746	93.184.220.29
ocsp.sca1b.amazontrust.com (1)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350	1004	143.204.42.156
googleads.g.doubleclick.net (1)	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	748	1849	142.250.74.162
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	55154	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-14	medium	ptauxofi.net/custom	Malware
2023-01-14	medium	ptauxofi.net/custom	Malware
2023-01-14	medium	friendshipmale.com/sfp.js	Malware
2023-01-14	medium	ptauxofi.net/pfe/current/defaultSkin.min.js	Phishing
2023-01-14	medium	ptauxofi.net/custom	Malware
2023-01-14	medium	ptauxofi.net/custom	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-14	medium	endangersquarereducing.com	Sinkholed
2023-01-14	medium	toncooperateapologise.com	Sinkholed
2023-01-14	medium	toncooperateapologise.com	Sinkholed
2023-01-14	medium	banquetunarmedgrater.com	Sinkholed
2023-01-14	medium	unseenreport.com	Sinkholed
2023-01-14	medium	unseenreport.com	Sinkholed
2023-01-14	medium	toxicrookie.com	Sinkholed
2023-01-14	medium	toxicrookie.com	Sinkholed
2023-01-14	medium	toxicrookie.com	Sinkholed

ThreatFox

No alerts detected

HTTP Transactions (98)

URL IP Response Size

destyy.com/efPMpF

172.67.68.250

200 OK

38243

URL HTTP/1.1

destyy.com/efPMpF
IP

172.67.68.250:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (36376), with CRLF, LF line terminators

Size

38243
Hash

46057b5bd41318691f80ad294fcbd45d

d25857840c0add126baeef54b1b15200a4c44e73

faf10988e5d18dc28e60e269189bb32d250fd7ef6e41117cdc3bd7e0d38a469c

HTTP Headers

                                        GET /efPMpF HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=k6stimtj77vbnqb747kgnvio10; expires=Sat, 14-Jan-2023 23:00:44 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sun, 14-Jan-2024 22:00:44 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2FEw7NJ8r%2Fks1dfOQV%2Beiz38Tknel7aqdWJ%2FvOATqaE4V6C0AtKAE%2FNqzi7YN%2FZv%2BBRJwXFLSSxflfJMT%2BZv%2FqwCZAIN8vKiODUGYDB3r%2FaU3IMM%2F853M11CCT%2F%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7899a56f7a24b4f1-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a8b4f1afb0e830b797238d34ab9254aa

e011acef3d05c959a65205d53b651ecd18a889fe

f7ceff5b4fda083c7449b7298c232224cf48a632dcb87233b646790de207d49c

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3036
Expires: Sat, 14 Jan 2023 22:51:20 GMT
Date: Sat, 14 Jan 2023 22:00:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

3063227f59d1935298b0620fa7919145

478e1d8bef04b1f95381cac01829c03b6779d420

619281d3b9753bc6d2845786da75e8566687362769517aacf90f953ffbb8407c

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "619281D3B9753BC6D2845786DA75E8566687362769517AACF90F953FFBB8407C"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13371
Expires: Sun, 15 Jan 2023 01:43:36 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

ff250d3ef3fa45322bf05039a0122a9f

b3e7a2c383bce1bab807dbe1a03c375258b51f1d

d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 14 Jan 2023 21:48:56 GMT
content-type: application/json
age: 709
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f7bd85a261739c122eefb74ffddaec99

e2e059b0740592e8591d432249aafe5fcb8af23c

71bdd130b8d143f228542f678e91c98ab4e5844fb9f47b036e15372660be25fd

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71BDD130B8D143F228542F678E91C98AB4E5844FB9F47B036E15372660BE25FD"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5150
Expires: Sat, 14 Jan 2023 23:26:35 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: rrehGN2QYz04L0yVX/hYaKiMqDwry6C72wDIqLQEijXpjEGavylwu+c6RFtQGXoOGN8q1N5FZsU=
x-amz-request-id: RW2DJ6KKA2G9H6QX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 14 Jan 2023 21:55:07 GMT
age: 338
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

83579ff88cab4d4d05d4741599104d9c

fe74c219f8655a4ca36fe397884e55ab63d1288a

a492a770e88739fac8094f7b73f87474cee4ad2ccbf9f1963b935474544ef3f9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2a020506377c466734161a276f3fbbb4

b30c299ab7ecf0de6b6885801a0c10e045dd9565

aa59e2fc6d22d8dd2c348d2b196726212b96911964009c8f1c86cc145732ffc1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA59E2FC6D22D8DD2C348D2B196726212B96911964009C8F1C86CC145732FFC1"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5838
Expires: Sat, 14 Jan 2023 23:38:03 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c5d7a2dfe209f60c3ea0675e780a977b

556482c0514738065472b755120ed2a6af9f5219

b89853d1abc0f4b604c81d8143bfdf04dc314c103f9edc7f59b45b2b0601f02f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B89853D1ABC0F4B604C81D8143BFDF04DC314C103F9EDC7F59B45B2B0601F02F"
Last-Modified: Thu, 12 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17764
Expires: Sun, 15 Jan 2023 02:56:49 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive

destyy.com/bundles/advertisement/img/tracking.gif?test=ee6974a369fbbbb190c93f3cbe50896380a67294

172.67.68.250

200 OK

URL HTTP/1.1

destyy.com/bundles/advertisement/img/tracking.gif?test=ee6974a369fbbbb190c93f3cbe50896380a67294
IP

172.67.68.250:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /bundles/advertisement/img/tracking.gif?test=ee6974a369fbbbb190c93f3cbe50896380a67294 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/efPMpF
Cookie: hl=en; cookies-enable=1

                                        HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIEGBd1qngG1rTTgrGcduZGe7FO4SbuJVPgsekgHA5kAdy6ugq%2Fj6MRTiDRgWkTCeSYSszGROb3Ecw81FgfHostZQDraAhp%2Fv4uGUEJZZu73Vi%2BJNEf3GMzvzZ8W"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a572de37b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

destyy.com/bundles/smeweb/img/tracking-11340057.gif?t=1673733644

172.67.68.250

200 OK

URL HTTP/1.1

destyy.com/bundles/smeweb/img/tracking-11340057.gif?t=1673733644
IP

172.67.68.250:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

43
Hash

ad4b0f606e0f8465bc4c4c170b37e1a3

50b30fd5f87c85fe5cba2635cb83316ca71250d7

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

                                        GET /bundles/smeweb/img/tracking-11340057.gif?t=1673733644 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/efPMpF
Cookie: hl=en; cookies-enable=1

                                        HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn08
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44TPUYLhXihjuMqAi6sLKAPJqfPQwL0ivvLYJlWkVYNfXDRREWLCAlEjPAXav1KyfzLVJBU%2B0WcDMu3PLpSBZc4ULulm1Uk0741pYySPO6Oc30l6kMIVIuyx9TAo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a572dedfb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

83579ff88cab4d4d05d4741599104d9c

fe74c219f8655a4ca36fe397884e55ab63d1288a

a492a770e88739fac8094f7b73f87474cee4ad2ccbf9f1963b935474544ef3f9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

destyy.com/bundles/smeweb/img/advertisement-tracking-11340057.gif?t=1673733644

172.67.68.250

200 OK

URL HTTP/1.1

destyy.com/bundles/smeweb/img/advertisement-tracking-11340057.gif?t=1673733644
IP

172.67.68.250:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

43
Hash

ad4b0f606e0f8465bc4c4c170b37e1a3

50b30fd5f87c85fe5cba2635cb83316ca71250d7

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

                                        GET /bundles/smeweb/img/advertisement-tracking-11340057.gif?t=1673733644 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/efPMpF
Cookie: hl=en; cookies-enable=1

                                        HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5uRMhET6xfpeg0yNLqVg2qAzIkHLTKj6H3m5YX%2B86LuTeMOxbykGSlgsWNNgMdgNQ74%2BgvIY3xio9bGg3uV5JJizXEPzNm2q7pv%2FxCczDp1dfTprbRknX%2Bjloq0o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a572ec2f0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0

104.26.7.218

200 OK

6226

URL HTTP/1.1

static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP

104.26.7.218:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data

Size

6226
Hash

9ca44d211b1779ef13c1f7406a76c1ff

8b5ab1222409a144c8f1d3bd2a098985bd0bcba7

fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

HTTP Headers

                                        GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/

                                        HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Sun, 15 Jan 2023 11:09:01 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 39104
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NrIRGBcF%2Bh8ohE24n04uTH6vBFD2g3WnEhye5%2B4bvyn2%2FD6YgbV5HMNyMC3p5YSljPjMwbTMF2LN%2FbiiArcWdrYwrFLVbSixjbweZTIuAh2SYAg6bjtKpHdFYPb0pg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a5736c6c0b51-OSL
alt-svc: h2=":443"; ma=60

static.sh.st/js/packed/interstitial-page.js?2022-06-29.0

104.26.7.218

200 OK

24685

URL HTTP/1.1

static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP

104.26.7.218:0
ASN

#13335 CLOUDFLARENET

Magic

Unicode text, UTF-8 text, with very long lines (20454)

Size

24685
Hash

f7baccd666678569795749f591a8a75a

f3d8c85e9290ec755535df4edd5a91de44f3dc2c

553836bd994a93741a17b68582f4f24d0882ebf4e8da8c9d9e7a74f1c57f7acc

HTTP Headers

                                        GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/

                                        HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Sun, 15 Jan 2023 16:56:30 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 18255
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oiBPXVijbRzhorvdsmsRCuZSUx7kLxCTY5KuO1nzKG%2BQY0Wc%2BWyua3ITgmPNEHWoDfPUAc20Q6uwpK%2FD%2Fc1Q%2Brpt0%2F8zLMAD0rpNqKhaYIojqGIlgCliRlgksY9rhg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7899a5736fbeb515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0

104.26.7.218

200 OK

84545

URL HTTP/1.1

static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP

104.26.7.218:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data

Size

84545
Hash

0eb6767d5ee6d6e7b3884a01b7730c80

4bc5d39918bcea70e852e0fb7b3d15caf0993434

8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

HTTP Headers

                                        GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/

                                        HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Expires: Sat, 14 Jan 2023 23:37:51 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 80574
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sNd9klfZeorShHiDubE2XesZag2XZN%2BrMe0haPH4TUqwNxA3B1Z1JGs2JL5aZz4jAB15bj21o%2BVkdLjGSZ8Yp4Cby2LlFU8gi%2BuZnsrZeqLXhQdXExFN4MSvCGPuA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a5736963b4fa-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

6fc52c452b4176dabdd1a319c5e3fa51

e00b78bd1c6b5d71f2987fd9cdc8975804b668ae

224beac380dd44474b39343d4138c0e5d8a547523eb06a1c6d6c4a893d511e63

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

216.58.207.227

200 OK

46524

URL HTTP/2

fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data

Size

46524
Hash

c1fd378f54921c75e4ae1821e7b8fff6

2ce96e97783b2f154d07f4464ca6f8eb2469f2c1

405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

HTTP Headers

                                        GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://destyy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 09 Jan 2023 21:08:54 GMT
expires: Tue, 09 Jan 2024 21:08:54 GMT
cache-control: public, max-age=31536000
age: 435111
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ubbfpm.com/ms/1102360/inpage.js

95.216.206.230

200 OK

136911

URL HTTP/1.1

ubbfpm.com/ms/1102360/inpage.js
IP

95.216.206.230:0
ASN

#24940 Hetzner Online GmbH

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

136911
Hash

4c725ad1b520e371b1b288bded780cb2

ff8542fd8c60eaddc73a442bc33e4c2b55d458e7

e808a97528f95e445e40936d3028028c49d8fcab34e909eb804344f0c74c9b92

HTTP Headers

                                        GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: application/javascript
Content-Length: 136911
Last-Modified: Fri, 13 Jan 2023 08:10:27 GMT
Connection: keep-alive
ETag: "63c111f3-216cf"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes

ja.rewashwudu.com/fmwhVStpL4dxap/46223

172.255.6.140

200 OK

URL HTTP/1.1

ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP

172.255.6.140:0
ASN

#7979 SERVERS-COM

Magic

ASCII text, with no line terminators

Size

26
Hash

4e5d65669f8dcd928dad06adf883f025

d771713d758c3348dd7e5b38bb40c7935399ae46

0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

HTTP Headers

                                        GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://destyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

6fc52c452b4176dabdd1a319c5e3fa51

e00b78bd1c6b5d71f2987fd9cdc8975804b668ae

224beac380dd44474b39343d4138c0e5d8a547523eb06a1c6d6c4a893d511e63

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

e804586be26c88b95d554afe0ef24d5c

6f99b1fe2330c4661608f17819a4490a92ca296c

38894b7977e8f8e790a71eedf8144799a77ccceb49771e7458392ad7916293db

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

142.250.74.168

200 OK

38602

URL HTTP/2

www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (1921)

Size

38602
Hash

975edd633eca85eac93e362fa930dfe2

e8dc21d11a3dba9a55dcc058017aa5e5cddb4fd3

68faf350e725479579f43efe4ee339e67274e8fcc7c2f57b6e28e7e92ebb45cd

HTTP Headers

                                        GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Jan 2023 22:00:45 GMT
expires: Sat, 14 Jan 2023 22:00:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 14 Jan 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38602
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

e804586be26c88b95d554afe0ef24d5c

6f99b1fe2330c4661608f17819a4490a92ca296c

38894b7977e8f8e790a71eedf8144799a77ccceb49771e7458392ad7916293db

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 14 Jan 2023 21:33:45 GMT
age: 1620
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js

173.233.137.60

200 OK

20734

URL HTTP/1.1

endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP

173.233.137.60:0
ASN

#7979 SERVERS-COM

Magic

HTML document, ASCII text, with very long lines (60190), with no line terminators

Size

20734
Hash

ba69ee3889e39acc3efb607d3a1229e7

28751e8afd7a55d0a66ad9617ae3b2a22ede4420

2a50041d1cfad7d8788bcce22bd0f9cca0d8822a16121d1ac982f0b2fad9e7b7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/

                                        HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 109a80ad3d33dde4af73974c01706988
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ja.rewashwudu.com/fmwhVStpL4dxap/46223

172.255.6.140

200 OK

URL HTTP/1.1

ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP

172.255.6.140:0
ASN

#7979 SERVERS-COM

Magic

ASCII text, with no line terminators

Size

26
Hash

4e5d65669f8dcd928dad06adf883f025

d771713d758c3348dd7e5b38bb40c7935399ae46

0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95

HTTP Headers

                                        GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://destyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

c01ec61f7ca77158f474b3ab519c12fa

fc82ae0fcd73a83a980b75709a08e65239894e4a

f533e0fac9b92e79d4fbd6e70b42a83067de95f0a13cc737d7e5fa459baa4c54

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4585
Cache-Control: max-age=130947
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Etag: "63c270a7-1d7"
Expires: Mon, 16 Jan 2023 10:23:12 GMT
Last-Modified: Sat, 14 Jan 2023 09:06:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=

139.45.197.250

200 OK

733

URL HTTP/2

ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=
IP

139.45.197.250:0
ASN

#9002 RETN Limited

Magic

JSON data\012- , ASCII text, with very long lines (732)

Size

733
Hash

c825edf4d016d73054fac17659b75c73

fdeece5fa0c41d0709766ad93be4da4ce9966d9c

d062b493e1fa15a636d0b66023f057b1b08761a22bcd27dab51cac789e17fadd

HTTP Headers

                                        GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:45 GMT
content-type: application/json; charset=utf-8
content-length: 733
x-trace-id: 0103555b280b784d3d0da60ac0966584
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471

URL HTTP/1.1

ocsp.sca1b.amazontrust.com/
IP

143.204.42.156:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

736c958448b6596d24bb99f0cf0b232d

c8137445dd9df3a26faeead5af609bf1a51654cf

f625ce9a12c763fcaa2fff8d6410de8f9f0ea6673531e6fc6d00e0f4ffe7a17d

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145809
Date: Sat, 14 Jan 2023 22:00:45 GMT
Etag: "63c2ae94-1d7"
Expires: Mon, 16 Jan 2023 14:30:54 GMT
Last-Modified: Sat, 14 Jan 2023 13:31:00 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RO8FhlD81WMFSNWv_QlJjEvAqazN_0K9PAEOAAKzFxesx3Ie-37KdQ==
Age: 3594

simplewebanalysis.com/stats

52.58.124.101

200 OK

URL HTTP/2

simplewebanalysis.com/stats
IP

52.58.124.101:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with no line terminators

Size

40
Hash

310cd4bd348623762a1ebafa8c3ca92e

e7b2b4ee60a96ba8f72db4938dbdcc129af28604

a45e88750c7f2589ced690b13505a416834178bf0052ffb416235620731f92bf

HTTP Headers

                                        GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
set-cookie: uid_id2=8d164e15-315c-4427-8ce6-e22ef525a5aa:3:1; expires=Tue, 11 Jan 2033 22:00:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MDkyMCwid2lkIjo0MTYyMTcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWZQTXBG&inc=0

United Kingdom DataWeb Global Group B.V.

185.162.85.4

200 OK

URL HTTP/2

prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MDkyMCwid2lkIjo0MTYyMTcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWZQTXBG&inc=0
IP

185.162.85.4:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MDkyMCwid2lkIjo0MTYyMTcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWZQTXBG&inc=0 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

URL HTTP/2

ptauxofi.net/custom
IP

139.45.197.250:0
ASN

#9002 RETN Limited

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

toncooperateapologise.com/pixel/purst?dl=0&th=0&sc=0&rs=1206&rd=1206&fd=796&bv=22.10.v.9&tmpl=70

192.243.59.12

200 OK

URL HTTP/1.1

toncooperateapologise.com/pixel/purst?dl=0&th=0&sc=0&rs=1206&rd=1206&fd=796&bv=22.10.v.9&tmpl=70
IP

192.243.59.12:0
ASN

#39572 DataWeb Global Group B.V.

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /pixel/purst?dl=0&th=0&sc=0&rs=1206&rd=1206&fd=796&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: toncooperateapologise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/

                                        HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

ptauxofi.net/custom

139.45.197.250

200 OK

URL HTTP/2

ptauxofi.net/custom
IP

139.45.197.250:0
ASN

#9002 RETN Limited

Magic

JSON data\012- , ASCII text

Size

39
Hash

058b158c2be925f556454ef762d93538

cc6fc563b4b6baee880fdbc7fcfaa134978e33c9

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Origin: http://destyy.com
Content-Length: 358
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8b77a1a6b9b20690bec6822c315b0695
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/universal.min.js?v=3.1.411

139.45.197.250

200 OK

34086

URL HTTP/2

ptauxofi.net/pfe/current/universal.min.js?v=3.1.411
IP

139.45.197.250:0
ASN

#9002 RETN Limited

Magic

data

Size

34086
Hash

0dfa12bef3f8732dec8562ed9dd6cd37

98b397fe9bc5fdf5ce141888ced7a6674387529c

8f3cf69f01a018cfb1160a66e361440dfcfbc84bf9c5a32d64e6a3b3b6bc650c

HTTP Headers

                                        GET /pfe/current/universal.min.js?v=3.1.411 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:45 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-18c6c"
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.189.85.130

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

54.189.85.130:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: thA0u/LdUIbERfXFxij1Zw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DgW9ji2ALGd8wr9mkOWbEgCX070=

my.rtmark.net/gid.js?pub=0&userId=44ed00114aab4dd0bb7a3ec5cf0e0fd4&zoneId=4157053&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

URL HTTP/2

my.rtmark.net/gid.js?pub=0&userId=44ed00114aab4dd0bb7a3ec5cf0e0fd4&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP

139.45.195.8:0
ASN

#9002 RETN Limited

Magic

JSON data\012- , ASCII text

Size

65
Hash

123d6dad729e325ede14a71a273dab6c

ea21628181a1f89fe03bc8e235b4311215c735a7

0c4e8886faa3a0a6eda674681889254634c1984a8477f8663845520c67012880

HTTP Headers

                                        GET /gid.js?pub=0&userId=44ed00114aab4dd0bb7a3ec5cf0e0fd4&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://destyy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=44ed00114aab4dd0bb7a3ec5cf0e0fd4; expires=Sun, 14 Jan 2024 22:00:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

toncooperateapologise.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js

192.243.59.12

200 OK

13400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (30)

#1 JS:Script (size: 3450)

#2 JS:Script (size: 95)

#3 JS:Script (size: 60190)

#4 JS:Script (size: 337)

#5 JS:Script (size: 173)

#6 JS:Script (size: 2751)

#7 JS:Script (size: 0)

#8 JS:Script (size: 98235)

#9 JS:Script (size: 37117)

#10 JS:Script (size: 50234)

#11 JS:Script (size: 412)

#12 JS:Script (size: 385)

#13 JS:Script (size: 49)

#14 JS:Script (size: 1235)

#15 JS:Script (size: 5621)

#16 JS:Script (size: 21901)

#17 JS:Script (size: 1022)

#18 JS:Script (size: 139769)

#19 JS:Script (size: 14602)

#20 JS:Script (size: 101484)

#21 JS:Script (size: 26164)

#22 JS:Script (size: 2019)

#23 JS:Script (size: 9591)

#24 JS:Script (size: 36705)

#25 JS:Script (size: 224)

#1 JS:Eval (size: 12)

#2 JS:Eval (size: 19)

#3 JS:Eval (size: 29)

#4 JS:Eval (size: 18)

#1 JS:Write (size: 51155)

HTTP Transactions (98)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic