destyy.com/efPMpF
172.67.68.250200 OK 38 kB IP 172.67.68.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (36376), with CRLF, LF line terminators
Hash 46057b5bd41318691f80ad294fcbd45d
d25857840c0add126baeef54b1b15200a4c44e73
faf10988e5d18dc28e60e269189bb32d250fd7ef6e41117cdc3bd7e0d38a469c
GET /efPMpF HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=k6stimtj77vbnqb747kgnvio10; expires=Sat, 14-Jan-2023 23:00:44 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sun, 14-Jan-2024 22:00:44 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2FEw7NJ8r%2Fks1dfOQV%2Beiz38Tknel7aqdWJ%2FvOATqaE4V6C0AtKAE%2FNqzi7YN%2FZv%2BBRJwXFLSSxflfJMT%2BZv%2FqwCZAIN8vKiODUGYDB3r%2FaU3IMM%2F853M11CCT%2F%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7899a56f7a24b4f1-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8b4f1afb0e830b797238d34ab9254aa
e011acef3d05c959a65205d53b651ecd18a889fe
f7ceff5b4fda083c7449b7298c232224cf48a632dcb87233b646790de207d49c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3036
Expires: Sat, 14 Jan 2023 22:51:20 GMT
Date: Sat, 14 Jan 2023 22:00:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3063227f59d1935298b0620fa7919145
478e1d8bef04b1f95381cac01829c03b6779d420
619281d3b9753bc6d2845786da75e8566687362769517aacf90f953ffbb8407c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "619281D3B9753BC6D2845786DA75E8566687362769517AACF90F953FFBB8407C"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13371
Expires: Sun, 15 Jan 2023 01:43:36 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 14 Jan 2023 21:48:56 GMT
content-type: application/json
age: 709
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7bd85a261739c122eefb74ffddaec99
e2e059b0740592e8591d432249aafe5fcb8af23c
71bdd130b8d143f228542f678e91c98ab4e5844fb9f47b036e15372660be25fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71BDD130B8D143F228542F678E91C98AB4E5844FB9F47B036E15372660BE25FD"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5150
Expires: Sat, 14 Jan 2023 23:26:35 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rrehGN2QYz04L0yVX/hYaKiMqDwry6C72wDIqLQEijXpjEGavylwu+c6RFtQGXoOGN8q1N5FZsU=
x-amz-request-id: RW2DJ6KKA2G9H6QX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 14 Jan 2023 21:55:07 GMT
age: 338
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 83579ff88cab4d4d05d4741599104d9c
fe74c219f8655a4ca36fe397884e55ab63d1288a
a492a770e88739fac8094f7b73f87474cee4ad2ccbf9f1963b935474544ef3f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2a020506377c466734161a276f3fbbb4
b30c299ab7ecf0de6b6885801a0c10e045dd9565
aa59e2fc6d22d8dd2c348d2b196726212b96911964009c8f1c86cc145732ffc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA59E2FC6D22D8DD2C348D2B196726212B96911964009C8F1C86CC145732FFC1"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5838
Expires: Sat, 14 Jan 2023 23:38:03 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c5d7a2dfe209f60c3ea0675e780a977b
556482c0514738065472b755120ed2a6af9f5219
b89853d1abc0f4b604c81d8143bfdf04dc314c103f9edc7f59b45b2b0601f02f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B89853D1ABC0F4B604C81D8143BFDF04DC314C103F9EDC7F59B45B2B0601F02F"
Last-Modified: Thu, 12 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17764
Expires: Sun, 15 Jan 2023 02:56:49 GMT
Date: Sat, 14 Jan 2023 22:00:45 GMT
Connection: keep-alive
destyy.com/bundles/advertisement/img/tracking.gif?test=ee6974a369fbbbb190c93f3cbe50896380a67294
172.67.68.250200 OK 0 B URL HTTP/1.1 destyy.com/bundles/advertisement/img/tracking.gif?test=ee6974a369fbbbb190c93f3cbe50896380a67294
IP 172.67.68.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bundles/advertisement/img/tracking.gif?test=ee6974a369fbbbb190c93f3cbe50896380a67294 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/efPMpF
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIEGBd1qngG1rTTgrGcduZGe7FO4SbuJVPgsekgHA5kAdy6ugq%2Fj6MRTiDRgWkTCeSYSszGROb3Ecw81FgfHostZQDraAhp%2Fv4uGUEJZZu73Vi%2BJNEf3GMzvzZ8W"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a572de37b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
destyy.com/bundles/smeweb/img/tracking-11340057.gif?t=1673733644
172.67.68.250200 OK 43 B URL HTTP/1.1 destyy.com/bundles/smeweb/img/tracking-11340057.gif?t=1673733644
IP 172.67.68.250:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/tracking-11340057.gif?t=1673733644 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/efPMpF
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn08
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44TPUYLhXihjuMqAi6sLKAPJqfPQwL0ivvLYJlWkVYNfXDRREWLCAlEjPAXav1KyfzLVJBU%2B0WcDMu3PLpSBZc4ULulm1Uk0741pYySPO6Oc30l6kMIVIuyx9TAo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a572dedfb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 83579ff88cab4d4d05d4741599104d9c
fe74c219f8655a4ca36fe397884e55ab63d1288a
a492a770e88739fac8094f7b73f87474cee4ad2ccbf9f1963b935474544ef3f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
destyy.com/bundles/smeweb/img/advertisement-tracking-11340057.gif?t=1673733644
172.67.68.250200 OK 43 B URL HTTP/1.1 destyy.com/bundles/smeweb/img/advertisement-tracking-11340057.gif?t=1673733644
IP 172.67.68.250:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/advertisement-tracking-11340057.gif?t=1673733644 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/efPMpF
Cookie: hl=en; cookies-enable=1
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5uRMhET6xfpeg0yNLqVg2qAzIkHLTKj6H3m5YX%2B86LuTeMOxbykGSlgsWNNgMdgNQ74%2BgvIY3xio9bGg3uV5JJizXEPzNm2q7pv%2FxCczDp1dfTprbRknX%2Bjloq0o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a572ec2f0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
104.26.7.218200 OK 6.2 kB URL HTTP/1.1 static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP 104.26.7.218:0
File type PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Sun, 15 Jan 2023 11:09:01 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 39104
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NrIRGBcF%2Bh8ohE24n04uTH6vBFD2g3WnEhye5%2B4bvyn2%2FD6YgbV5HMNyMC3p5YSljPjMwbTMF2LN%2FbiiArcWdrYwrFLVbSixjbweZTIuAh2SYAg6bjtKpHdFYPb0pg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a5736c6c0b51-OSL
alt-svc: h2=":443"; ma=60
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
104.26.7.218200 OK 25 kB URL HTTP/1.1 static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP 104.26.7.218:0
File type Unicode text, UTF-8 text, with very long lines (20454)
Hash f7baccd666678569795749f591a8a75a
f3d8c85e9290ec755535df4edd5a91de44f3dc2c
553836bd994a93741a17b68582f4f24d0882ebf4e8da8c9d9e7a74f1c57f7acc
GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Sun, 15 Jan 2023 16:56:30 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 18255
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oiBPXVijbRzhorvdsmsRCuZSUx7kLxCTY5KuO1nzKG%2BQY0Wc%2BWyua3ITgmPNEHWoDfPUAc20Q6uwpK%2FD%2Fc1Q%2Brpt0%2F8zLMAD0rpNqKhaYIojqGIlgCliRlgksY9rhg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7899a5736fbeb515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
104.26.7.218200 OK 84 kB URL HTTP/1.1 static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP 104.26.7.218:0
File type PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Hash 0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Expires: Sat, 14 Jan 2023 23:37:51 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 80574
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sNd9klfZeorShHiDubE2XesZag2XZN%2BrMe0haPH4TUqwNxA3B1Z1JGs2JL5aZz4jAB15bj21o%2BVkdLjGSZ8Yp4Cby2LlFU8gi%2BuZnsrZeqLXhQdXExFN4MSvCGPuA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a5736963b4fa-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 6fc52c452b4176dabdd1a319c5e3fa51
e00b78bd1c6b5d71f2987fd9cdc8975804b668ae
224beac380dd44474b39343d4138c0e5d8a547523eb06a1c6d6c4a893d511e63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.227200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://destyy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 09 Jan 2023 21:08:54 GMT
expires: Tue, 09 Jan 2024 21:08:54 GMT
cache-control: public, max-age=31536000
age: 435111
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ubbfpm.com/ms/1102360/inpage.js
95.216.206.230200 OK 137 kB URL HTTP/1.1 ubbfpm.com/ms/1102360/inpage.js
IP 95.216.206.230:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136911 bytes)
Hash 4c725ad1b520e371b1b288bded780cb2
ff8542fd8c60eaddc73a442bc33e4c2b55d458e7
e808a97528f95e445e40936d3028028c49d8fcab34e909eb804344f0c74c9b92
GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: application/javascript
Content-Length: 136911
Last-Modified: Fri, 13 Jan 2023 08:10:27 GMT
Connection: keep-alive
ETag: "63c111f3-216cf"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes
ja.rewashwudu.com/fmwhVStpL4dxap/46223
172.255.6.140200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 172.255.6.140:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://destyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 6fc52c452b4176dabdd1a319c5e3fa51
e00b78bd1c6b5d71f2987fd9cdc8975804b668ae
224beac380dd44474b39343d4138c0e5d8a547523eb06a1c6d6c4a893d511e63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e804586be26c88b95d554afe0ef24d5c
6f99b1fe2330c4661608f17819a4490a92ca296c
38894b7977e8f8e790a71eedf8144799a77ccceb49771e7458392ad7916293db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
142.250.74.168200 OK 39 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 975edd633eca85eac93e362fa930dfe2
e8dc21d11a3dba9a55dcc058017aa5e5cddb4fd3
68faf350e725479579f43efe4ee339e67274e8fcc7c2f57b6e28e7e92ebb45cd
GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 14 Jan 2023 22:00:45 GMT
expires: Sat, 14 Jan 2023 22:00:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 14 Jan 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38602
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e804586be26c88b95d554afe0ef24d5c
6f99b1fe2330c4661608f17819a4490a92ca296c
38894b7977e8f8e790a71eedf8144799a77ccceb49771e7458392ad7916293db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 14 Jan 2023 21:33:45 GMT
age: 1620
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
173.233.137.60200 OK 21 kB URL HTTP/1.1 endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP 173.233.137.60:0
File type HTML document, ASCII text, with very long lines (60190), with no line terminators
Hash ba69ee3889e39acc3efb607d3a1229e7
28751e8afd7a55d0a66ad9617ae3b2a22ede4420
2a50041d1cfad7d8788bcce22bd0f9cca0d8822a16121d1ac982f0b2fad9e7b7
Analyzer Verdict Alert quad9 Sinkholed
GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 109a80ad3d33dde4af73974c01706988
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ja.rewashwudu.com/fmwhVStpL4dxap/46223
172.255.6.140200 OK 26 B URL HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 172.255.6.140:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jan 2023 22:00:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://destyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 15-Jan-2023 22:00:45 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c01ec61f7ca77158f474b3ab519c12fa
fc82ae0fcd73a83a980b75709a08e65239894e4a
f533e0fac9b92e79d4fbd6e70b42a83067de95f0a13cc737d7e5fa459baa4c54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4585
Cache-Control: max-age=130947
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:45 GMT
Etag: "63c270a7-1d7"
Expires: Mon, 16 Jan 2023 10:23:12 GMT
Last-Modified: Sat, 14 Jan 2023 09:06:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=
139.45.197.250200 OK 733 B URL HTTP/2 ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (732)
Hash c825edf4d016d73054fac17659b75c73
fdeece5fa0c41d0709766ad93be4da4ce9966d9c
d062b493e1fa15a636d0b66023f057b1b08761a22bcd27dab51cac789e17fadd
GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:45 GMT
content-type: application/json; charset=utf-8
content-length: 733
x-trace-id: 0103555b280b784d3d0da60ac0966584
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 736c958448b6596d24bb99f0cf0b232d
c8137445dd9df3a26faeead5af609bf1a51654cf
f625ce9a12c763fcaa2fff8d6410de8f9f0ea6673531e6fc6d00e0f4ffe7a17d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145809
Date: Sat, 14 Jan 2023 22:00:45 GMT
Etag: "63c2ae94-1d7"
Expires: Mon, 16 Jan 2023 14:30:54 GMT
Last-Modified: Sat, 14 Jan 2023 13:31:00 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RO8FhlD81WMFSNWv_QlJjEvAqazN_0K9PAEOAAKzFxesx3Ie-37KdQ==
Age: 3594
simplewebanalysis.com/stats
52.58.124.101200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.58.124.101:0
File type ASCII text, with no line terminators
Hash 310cd4bd348623762a1ebafa8c3ca92e
e7b2b4ee60a96ba8f72db4938dbdcc129af28604
a45e88750c7f2589ced690b13505a416834178bf0052ffb416235620731f92bf
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
set-cookie: uid_id2=8d164e15-315c-4427-8ce6-e22ef525a5aa:3:1; expires=Tue, 11 Jan 2033 22:00:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MDkyMCwid2lkIjo0MTYyMTcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWZQTXBG&inc=0
185.162.85.4200 OK 0 B URL HTTP/2 prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MDkyMCwid2lkIjo0MTYyMTcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWZQTXBG&inc=0
IP 185.162.85.4:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE4MDkyMCwid2lkIjo0MTYyMTcsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Rlc3R5eS5jb20vZWZQTXBG&inc=0 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
toncooperateapologise.com/pixel/purst?dl=0&th=0&sc=0&rs=1206&rd=1206&fd=796&bv=22.10.v.9&tmpl=70
192.243.59.12200 OK 0 B URL HTTP/1.1 toncooperateapologise.com/pixel/purst?dl=0&th=0&sc=0&rs=1206&rd=1206&fd=796&bv=22.10.v.9&tmpl=70
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1206&rd=1206&fd=796&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: toncooperateapologise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:46 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Origin: http://destyy.com
Content-Length: 358
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8b77a1a6b9b20690bec6822c315b0695
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.411
139.45.197.250200 OK 34 kB URL HTTP/2 ptauxofi.net/pfe/current/universal.min.js?v=3.1.411
IP 139.45.197.250:0
Hash 0dfa12bef3f8732dec8562ed9dd6cd37
98b397fe9bc5fdf5ce141888ced7a6674387529c
8f3cf69f01a018cfb1160a66e361440dfcfbc84bf9c5a32d64e6a3b3b6bc650c
GET /pfe/current/universal.min.js?v=3.1.411 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:45 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-18c6c"
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.189.85.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.85.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: thA0u/LdUIbERfXFxij1Zw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DgW9ji2ALGd8wr9mkOWbEgCX070=
my.rtmark.net/gid.js?pub=0&userId=44ed00114aab4dd0bb7a3ec5cf0e0fd4&zoneId=4157053&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=44ed00114aab4dd0bb7a3ec5cf0e0fd4&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 123d6dad729e325ede14a71a273dab6c
ea21628181a1f89fe03bc8e235b4311215c735a7
0c4e8886faa3a0a6eda674681889254634c1984a8477f8663845520c67012880
GET /gid.js?pub=0&userId=44ed00114aab4dd0bb7a3ec5cf0e0fd4&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://destyy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=44ed00114aab4dd0bb7a3ec5cf0e0fd4; expires=Sun, 14 Jan 2024 22:00:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
toncooperateapologise.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 toncooperateapologise.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37117), with no line terminators
Hash f616f099cf0d68f970f1a431d8a2c69a
ea38cbd13dbea0560512389f307ec4246596f1cc
967d682c3be62c8f62fbc47f5fcdcf593395885fbee48f7eec6aa6cb16d28e1c
Analyzer Verdict Alert quad9 Sinkholed
GET /08/26/66/0826667673c6afa9f85340ed4fc8ef57.js HTTP/1.1
Host: toncooperateapologise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96add340c63abb5bd0e82dc282970427
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
friendshipmale.com/sfp.js
172.64.167.29200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.167.29:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:46 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: d014b83d20e4f01f0b8bf2140aa2a904
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 14 Jan 2023 22:00:46 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6rmrEUPaB6anxPKzy1aYX2ZS9%2FpY4MCBtJXvblKA9d%2FOVmODadRypzCzxPGl1N5Wdz9LNzTQ%2BDKI5ZyTV%2FU7dfBf5yNtx6LwgYMR9icvntOtkmLSFmo1PvsovDO%2BDuisLyGUqy8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7899a57a4eaad174-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
banquetunarmedgrater.com/advertisers.js
192.243.61.225200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 14 Jan 2023 22:00:46 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a8653e22659fc6213c09f5e1a47c9726
Strict-Transport-Security: max-age=0; includeSubdomains
ptauxofi.net/pfe/current/defaultSkin.min.js
139.45.197.250200 OK 40 kB URL HTTP/2 ptauxofi.net/pfe/current/defaultSkin.min.js
IP 139.45.197.250:0
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (52034)
Hash a23ef3f19c77f02c80fad99c69e5b96e
bca4f00115998ceb54a5705ce7483da2fca56a90
f2d689aebdad4736d7957c043350b2c4a59644a0b59fe262364c70999748501a
Analyzer Verdict Alert fortinet Phishing
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Origin: http://destyy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-df63"
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 2f8ae4ab9ee17e2598e9299bdc0f44c0
ab4c7d1750edf513359218ab6d0b81cdd4dcb90c
75e680ab62ee77f0811fdb770d1c913dd41a911e7efb4ca99bc4cfe7fcb432c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=1671567462&t=pageview&_s=1&dl=http%3A%2F%2Fdestyy.com%2FefPMpF&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=839170104&gjid=2037116825&cid=702133349.1673733647&uid=11340057&tid=UA-42296749-1&_gid=865644741.1673733647&_r=1&_slc=1&cd2=2022-06-29.0&cd7=11340057&cd5=0&z=1054043059
216.239.34.178200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1671567462&t=pageview&_s=1&dl=http%3A%2F%2Fdestyy.com%2FefPMpF&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=839170104&gjid=2037116825&cid=702133349.1673733647&uid=11340057&tid=UA-42296749-1&_gid=865644741.1673733647&_r=1&_slc=1&cd2=2022-06-29.0&cd7=11340057&cd5=0&z=1054043059
IP 216.239.34.178:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=1671567462&t=pageview&_s=1&dl=http%3A%2F%2Fdestyy.com%2FefPMpF&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAAABAAAAAC~&jid=839170104&gjid=2037116825&cid=702133349.1673733647&uid=11340057&tid=UA-42296749-1&_gid=865644741.1673733647&_r=1&_slc=1&cd2=2022-06-29.0&cd7=11340057&cd5=0&z=1054043059 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://destyy.com
date: Sat, 14 Jan 2023 22:00:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Origin: http://destyy.com
Content-Length: 359
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7a9028b9c1a89774acc0b4946db9892a
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1673733645903&cv=11&fst=1673733645903&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=2021978071.1673733646&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.162200 OK 923 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/997869120/?random=1673733645903&cv=11&fst=1673733645903&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=2021978071.1673733646&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2019), with no line terminators
Hash 3a19526d5bcb477972ecaaabca29dc4c
fac8b3d01b51918543b62dc7ee157a843cfeac6c
cb76c94884f14591bc8507060987203af6a7e84ec0b4f677684dc9912356b165
GET /pagead/viewthroughconversion/997869120/?random=1673733645903&cv=11&fst=1673733645903&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&auid=2021978071.1673733646&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 22:00:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 923
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 14-Jan-2023 22:15:46 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 2f8ae4ab9ee17e2598e9299bdc0f44c0
ab4c7d1750edf513359218ab6d0b81cdd4dcb90c
75e680ab62ee77f0811fdb770d1c913dd41a911e7efb4ca99bc4cfe7fcb432c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e6c8f8a0e3ef850c66d344a842dfa3c3
c8475fa1d4d3d8ca3394272ade4c97c6bab3a286
58226f2841670d93086aa4dc60373f7770bfbcc11760cacd7691299b6c403efa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4dc72ba06ace9ad5795c9de974b66afa
d56fbd77e052b69ce1eaf5e43d24596d162c45fa
f8986ca3bd2b5c850b42dc287b7ea42b02eb8dee4943344ade7a03946d6f7325
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7242f2cfbe9e053693d57e2a23fc185b
c85b773324279a6764a01b1c8ccaf45a9adcc7e3
122f62235f0c9eb3073b6aa865aeb74a412b565a12966ab9fcb1a7dc5ac0418f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3811
Cache-Control: max-age=127322
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:46 GMT
Etag: "63c26585-118"
Expires: Mon, 16 Jan 2023 09:22:48 GMT
Last-Modified: Sat, 14 Jan 2023 08:19:17 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
www.google.no/pagead/1p-user-list/997869120/?random=1673733645903&cv=11&fst=1673733600000&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2264940969&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/997869120/?random=1673733645903&cv=11&fst=1673733600000&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2264940969&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/997869120/?random=1673733645903&cv=11&fst=1673733600000&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2264940969&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 22:00:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/997869120/?random=1673733645903&cv=11&fst=1673733600000&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2264940969&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/997869120/?random=1673733645903&cv=11&fst=1673733600000&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2264940969&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/997869120/?random=1673733645903&cv=11&fst=1673733600000&bg=ffffff&guid=ON&async=1>m=2oa1a1&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fdestyy.com%2FefPMpF&tiba=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2264940969&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 14 Jan 2023 22:00:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e6c8f8a0e3ef850c66d344a842dfa3c3
c8475fa1d4d3d8ca3394272ade4c97c6bab3a286
58226f2841670d93086aa4dc60373f7770bfbcc11760cacd7691299b6c403efa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://destyy.com/
Content-Type: application/json
Origin: http://destyy.com
Content-Length: 594
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8d0c7d48a9fc692141f7d78fe77c2e14
access-control-allow-origin: http://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5ac0e204e812ce8905ac046581ff4e95
c0322d4ecff9356cca1a8e55d62e8d2f9540eca7
de65a926e0a1ce8b9724754564cef8e4bbe7709cef911e5dbd30db03211e6673
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js-agent.newrelic.com/859.25fcbbf1-1221.js
151.101.2.137200 OK 6.0 kB URL HTTP/2 js-agent.newrelic.com/859.25fcbbf1-1221.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (21758)
Hash 075e387e4c20df5b5c683b913e0a5c9d
53dbc08cad799a04cc54a293e0ceb73e4f7db989
e211ef672d665422463674a4239d0717ba21b6579f8151d4ee98a62fbf2296cf
GET /859.25fcbbf1-1221.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +goQW8pSNEuaIL/VsSxuQTdOwAWWYzYUnH4OUaVbXC1zyfGdCkQKkZuApSeSUw3SR0m2dnPDMlc=
x-amz-request-id: 33WDWKJ4SEWGQJD2
last-modified: Fri, 09 Dec 2022 15:30:38 GMT
etag: "955ba8bb9a6f4fec37ed25b54890b88a"
x-amz-version-id: LcQjPO428dQ4CkCwzu1ctp1i_7pNRF02
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 22:00:46 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 3766
x-timer: S1673733647.905489,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5994
X-Firefox-Spdy: h2
js-agent.newrelic.com/41.25fcbbf1-1221.js
151.101.2.137200 OK 631 B URL HTTP/2 js-agent.newrelic.com/41.25fcbbf1-1221.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (1168)
Hash f0143998601aaf0ddfa4097f784a1d58
cf35ce7280d6577318a4e8f5f214db3432457749
4d101cb24ed05e0ed8184b7e7e66f3fc9cf6cb7df01d97ca6a112d5cbcc896e1
GET /41.25fcbbf1-1221.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: r82uIew/usmqWhUEkzzu5KO/1rJUnKAvtO83PZPzPasUrzLGkl4IsXVRdn/g8+OHsaxGmwGiMNI=
x-amz-request-id: 33W672VSZRDH17MN
last-modified: Fri, 09 Dec 2022 15:30:38 GMT
etag: "c1aa4a379e67391a744dd540f1cce912"
x-amz-version-id: kjJhv0udNxPYmQsH0WhUQa7Lt5whW0LX
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 22:00:47 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 3780
x-timer: S1673733647.024495,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 631
X-Firefox-Spdy: h2
js-agent.newrelic.com/590.25fcbbf1-1221.js
151.101.2.137200 OK 3.9 kB URL HTTP/2 js-agent.newrelic.com/590.25fcbbf1-1221.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (9523)
Hash 668d6ce7fa988afefd78e62feffc9d9e
b48b8d633d7c76a4e5ff41dbf35d343c6ed5fb75
22e86fcc62d926cd051d6bcd5a311afa0f78efaf8cf3d5a1cbf71b39ca81a6e3
GET /590.25fcbbf1-1221.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: +WAd0nhhaELU6/6K1u657bMPgMX+p/bi2xBIxo3vsTzBlUlm/Iu/ThNWYpe2wHllyOk30oS/XfA=
x-amz-request-id: 33W9TWZ450414FCB
last-modified: Fri, 09 Dec 2022 15:30:38 GMT
etag: "92e1944f8d0a41050f325890fd46d907"
x-amz-version-id: ojurhdR3hlmw0KgBN226TqH.sYUeq1Tt
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 22:00:47 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 3777
x-timer: S1673733647.025022,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3878
X-Firefox-Spdy: h2
js-agent.newrelic.com/620.25fcbbf1-1221.js
151.101.2.137200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/620.25fcbbf1-1221.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (3382)
Hash 4b76c1a5250116463e0f167307fcf69b
24b552c300a072c6a9c094d826fa993918905ad6
d628c6b3ed9b8ad3a290caf72f89e468d9c0cd04c35bd40c7d6e3d28f2a85782
GET /620.25fcbbf1-1221.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: G5SPEC1qmgrRz0oifIt7QMuv9dtmloWy7lRJvrQCnEHJ5lhdUfo2e8UspB02z5eWi+nHvDvyOr4=
x-amz-request-id: 33WDHN92DJRQ7NX4
last-modified: Fri, 09 Dec 2022 15:30:38 GMT
etag: "7169c597dc2cc2eda7ee9c54a7cceaf6"
x-amz-version-id: 6lV0qmNXhg30w3uSxv0KTWVW7Bqq19jz
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 22:00:47 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 3784
x-timer: S1673733647.025433,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1442
X-Firefox-Spdy: h2
js-agent.newrelic.com/457.25fcbbf1-1221.js
151.101.2.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/457.25fcbbf1-1221.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (5553)
Hash 668b6063ac332a7f446a470cfe5857e8
180d316dc899e037ba45107b9bb1ef3ef7a7415a
b4c1773861d0636a373ecbac7e1334680105ca1c0cc685f6efe0e78c820358fa
GET /457.25fcbbf1-1221.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: U5Y1c5xJGTCDmzdRt6cAkXrChOhRFghlWna7w0cnN4rrnKb+ipeGTB8PSXxh06A9yFsqKvxpTfE=
x-amz-request-id: 33W0N4F5H85S99QA
last-modified: Fri, 09 Dec 2022 15:30:38 GMT
etag: "74cb970ad1cca9b43a1326b3618adc9f"
x-amz-version-id: PI7ELWWdeBYiCYBkGMRwXTH0E8ONfEZC
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 22:00:47 GMT
via: 1.1 varnish
x-served-by: cache-bma1645-BMA
x-cache: HIT
x-cache-hits: 3782
x-timer: S1673733647.025638,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2241
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a610c6e51ee961edf7c34eb0f33a549e
1982532c1f2df05c5a46183ea80ea722005cabe0
5c9e7fcfc6df3915157d836bda023d9831b8b49d8cc360627e571e0ad9afbc8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5250
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:47 GMT
Last-Modified: Sat, 14 Jan 2023 20:33:17 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7274
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 22:00:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7274
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 22:00:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7274
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 22:00:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7274
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 22:00:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7274
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 22:00:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1378f107c1996ade14a8fe7fd728072
f52d98d9a0d1d343a539689ea14acf99e148cf8c
4be994757ec7ec42929590169de199e927889261334e258903a0929a1055047d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9154
x-amzn-requestid: fbb1140d-7ec2-4f86-8761-5d04601af70e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAkCEN2IAMFuMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7ae6-4baebf1104f9cf2a0ee8a538;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:13:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jlRcVyQppaQaPPMKaqadtaEHfdOYXXXbnfrr44l_2E2qaOoh_O0Mog==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 04:10:18 GMT
age: 64229
etag: "f52d98d9a0d1d343a539689ea14acf99e148cf8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64ba27a2f0a3bc61bd325f1fb317b755
c65c58476b66cbb6269ba1d8412d270a0a003ae3
5f7f03752f8a7c8c08d92512ae93b193ea37f59354503c3129d33fd2910f87e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9135
x-amzn-requestid: 2c5e9de0-9244-43ac-b7c4-712cbcf7038c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAnoG6roAMFzgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7afd-7fb640b30bab63bc1979a173;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:14:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SUGIIWi8jWe9RoRu-3dQXvLAddjwjH05V1ubKzEOEQrFonzVjQdbtw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 03:33:07 GMT
age: 66460
etag: "c65c58476b66cbb6269ba1d8412d270a0a003ae3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a23d61d610c7b55d943fcb2636a01b65
82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065
28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9539
x-amzn-requestid: eb427fd6-c342-4a22-af45-ecc528cf4a8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: epfDqEAZIAMFudQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0787d-4f61ecd2422081224869da76;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 21:15:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RRMRT2BC5p1x0Vh20ut0Kjbz2mnaNToUIbzIg9oczduvzYCckvFORA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 12:46:14 GMT
age: 33273
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d24ea1f095f492934a1f1c63f5d8590c
dade37148c9b9a941f93a8535d8ddc5de3952623
2d8e3f90eb347eb3479a6c5d20a1c2ca6a0560f335a6c6800948db2640e4c878
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8181
x-amzn-requestid: 7ada8fbd-58e6-4433-a532-b4a4ef93ac9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0paH-OIAMFg5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce3c-582529522dbb67ee728484f8;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AHjOmYxva5avyA3gt9DvYLas_B2ACimer5QRQOi919HDtSjnKq22lw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 10:27:20 GMT
age: 41607
etag: "dade37148c9b9a941f93a8535d8ddc5de3952623"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4885191c-7ccc-4801-bef2-6d6bbb61cdb1.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4885191c-7ccc-4801-bef2-6d6bbb61cdb1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9c918c3f0569cbf09fdcd8998e2fc00
ad06e348d49e8ae0550d922b50bc2a1d4905457a
8f96e49cf0dbbad59d260d0f991d79eb72ea25dcc0caa5ba4480056bd918d07d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4885191c-7ccc-4801-bef2-6d6bbb61cdb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5371
x-amzn-requestid: fcbafc8b-5b89-49e6-8ebd-157cb3b24a55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0qnERXoAMFsZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce43-3eb3b4d84dbf415a3dec1308;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vu3VTHD4QBoZs6oBJNaiIzIt-ezpjpjB9CQMv4yzEskJo7W6H2TUeg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 21:49:01 GMT
age: 706
etag: "ad06e348d49e8ae0550d922b50bc2a1d4905457a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2363dbe7bb6a459853d8d19cab50e70b
ded76de1dd453e40dbf6eaa8607cf19fac7f71a4
f96da6354cec52143768014c36ba2b298224a58b0bf38bd2aa5f3bfce69d8670
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7447
x-amzn-requestid: dd3543b7-4e6b-4605-acea-a21d39af02ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0qSFjAIAMF7HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce41-56e2ccc63669032d70cba0ba;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JrxiA9BpvO_ZMFnzBedGopRgdHOc_n-_7Ub3PXuJVJYqk-XeMzBuWQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 21:49:01 GMT
age: 706
etag: "ded76de1dd453e40dbf6eaa8607cf19fac7f71a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8c14ccb7969f3b48ff37378754ecc90
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f24c6313b1657cb97269c02142614e0
Strict-Transport-Security: max-age=0; includeSubdomains
bam.nr-data.net/1/a2f5b84c90?a=3488588&v=1221.PROD&to=Y1EHNhMDChIDBxILW1obJAEVCwsPTRcODUZAURYWTwMAFwcWEgtHUVkADBVMFwkNFhIHR0BrEBANTA0PFgEUEUBdQAwDDT0UAAUB&rst=2418&ck=0&s=a08661f12375b92d&ref=http://destyy.com/efPMpF&ap=82&be=421&fe=1784&dc=907&perf=%7B%22timing%22:%7B%22of%22:1673733644818,%22n%22:0,%22f%22:-6,%22dn%22:-6,%22dne%22:-3,%22c%22:-3,%22ce%22:-3,%22rq%22:85,%22rp%22:229,%22rpe%22:275,%22dl%22:380,%22di%22:1320,%22ds%22:1327,%22de%22:1331,%22dc%22:2205,%22l%22:2205,%22le%22:2218%7D,%22navigation%22:%7B%7D%7D&fcp=656&at=TxYEQFsZGRw%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 73 B URL HTTP/1.1 bam.nr-data.net/1/a2f5b84c90?a=3488588&v=1221.PROD&to=Y1EHNhMDChIDBxILW1obJAEVCwsPTRcODUZAURYWTwMAFwcWEgtHUVkADBVMFwkNFhIHR0BrEBANTA0PFgEUEUBdQAwDDT0UAAUB&rst=2418&ck=0&s=a08661f12375b92d&ref=http://destyy.com/efPMpF&ap=82&be=421&fe=1784&dc=907&perf=%7B%22timing%22:%7B%22of%22:1673733644818,%22n%22:0,%22f%22:-6,%22dn%22:-6,%22dne%22:-3,%22c%22:-3,%22ce%22:-3,%22rq%22:85,%22rp%22:229,%22rpe%22:275,%22dl%22:380,%22di%22:1320,%22ds%22:1327,%22de%22:1331,%22dc%22:2205,%22l%22:2205,%22le%22:2218%7D,%22navigation%22:%7B%7D%7D&fcp=656&at=TxYEQFsZGRw%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 814f8120cdf5a972bdb0fd5521a92a5d
47f7b3cd340d1fe91766ff27602e319a79bcd14c
5f520e553ae6a634e84b7c8c8d36908d2efa441d716834fd98c012c402b1c3c8
GET /1/a2f5b84c90?a=3488588&v=1221.PROD&to=Y1EHNhMDChIDBxILW1obJAEVCwsPTRcODUZAURYWTwMAFwcWEgtHUVkADBVMFwkNFhIHR0BrEBANTA0PFgEUEUBdQAwDDT0UAAUB&rst=2418&ck=0&s=a08661f12375b92d&ref=http://destyy.com/efPMpF&ap=82&be=421&fe=1784&dc=907&perf=%7B%22timing%22:%7B%22of%22:1673733644818,%22n%22:0,%22f%22:-6,%22dn%22:-6,%22dne%22:-3,%22c%22:-3,%22ce%22:-3,%22rq%22:85,%22rp%22:229,%22rpe%22:275,%22dl%22:380,%22di%22:1320,%22ds%22:1327,%22de%22:1331,%22dc%22:2205,%22l%22:2205,%22le%22:2218%7D,%22navigation%22:%7B%7D%7D&fcp=656&at=TxYEQFsZGRw%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:47 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7899a57f79e50b45-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83cc3c2e332fb5a3ee2b50ae24629ea0
c65182585ca7adba49463c64c5c1f6ceb0647c6f
6a2ac9a83b33a6bb9160793bcf1f2f05d0047cd8a7def96c5d1ccd54d759d349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A2AC9A83B33A6BB9160793BCF1F2F05D0047CD8A7DEF96C5D1CCD54D759D349"
Last-Modified: Sat, 14 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16143
Expires: Sun, 15 Jan 2023 02:29:55 GMT
Date: Sat, 14 Jan 2023 22:00:52 GMT
Connection: keep-alive
destyy.com/shortest-url/end-adsession?adSessionId=ee6974a369fbbbb190c93f3cbe50896380a67294&adbd=0&callback=reqwest_1673733645586
172.67.68.250200 OK 120 B URL HTTP/1.1 destyy.com/shortest-url/end-adsession?adSessionId=ee6974a369fbbbb190c93f3cbe50896380a67294&adbd=0&callback=reqwest_1673733645586
IP 172.67.68.250:0
File type ASCII text, with no line terminators
Hash 8229d8f3560e5bdf3ff28ac9e293f0e5
9a2e727b07237e0ca5cad8c626cdee8331a5c26d
56c2cc36eaa384fe9b75dd1dd80adcfc6c1a7dbc26431ff389abdb263e36491a
GET /shortest-url/end-adsession?adSessionId=ee6974a369fbbbb190c93f3cbe50896380a67294&adbd=0&callback=reqwest_1673733645586 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/efPMpF
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.2021978071.1673733646; dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d164e15-315c-4427-8ce6-e22ef525a5aa%3A3%3A1; ppu_main_34c6b37755370ea4318f4ff4946df449=1; _ga=GA1.2.702133349.1673733647; _gid=GA1.2.865644741.1673733647; _gat=1; sb_main_0826667673c6afa9f85340ed4fc8ef57=1; sb_count_0826667673c6afa9f85340ed4fc8ef57=1
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 22:00:52 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u15
Set-Cookie: PHPSESSID=rurgd5fjle1mdt11jkq4kvoou0; expires=Sat, 14-Jan-2023 23:00:52 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=http%3A%2F%2Fdestyy.com%2FefPMpF; expires=Sun, 15-Jan-2023 22:00:52 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfnBRCbqJW9knzy1L13nX%2BZTDZSePGP99JyP%2FWrKm3oIPVID9LJoMmEKnOFzb%2Bj1XAk%2B%2FXBHKa0u7hLZUC2AjR2XLAMF57chsZ2zGBU%2Bxu4n31niLHAh%2FKFMxwD%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7899a5a26948b523-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
toxicrookie.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa%3A3%3A1
192.243.59.13200 OK 4.0 kB URL HTTP/1.1 toxicrookie.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa%3A3%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5583), with no line terminators
Hash ad83596d0653d3e19aad1903fc48a728
ef28d828f92283cbd93e7b77732e7bae8605a529
0120e2c0d2716f824881fc72720bd598f630dcae45b2b34adc0542c5f4cadd52
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=8d164e15-315c-4427-8ce6-e22ef525a5aa%3A3%3A1 HTTP/1.1
Host: toxicrookie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:52 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://destyy.com
Access-Control-Allow-Origin: http://destyy.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17078832; expires=Sun, 15 Jan 2023 22:00:52 GMT; secure; SameSite=None
uid_id2=8d164e15-315c-4427-8ce6-e22ef525a5aa:3:1; expires=Sat, 21 Jan 2023 22:00:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 15 Jan 2023 22:00:52 GMT; secure; SameSite=None
uncs=1; expires=Sun, 15 Jan 2023 22:00:52 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 15 Jan 2023 22:00:52 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 15 Jan 2023 22:00:52 GMT; secure; SameSite=None
slec0826667673c6afa9f85340ed4fc8ef57=[3855423]; expires=Sat, 14 Jan 2023 22:00:57 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7dd031d34635c518d607e02c028e30f4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.google-analytics.com/collect?v=1&_v=j99&a=1671567462&t=event&_s=2&dl=http%3A%2F%2Fdestyy.com%2FefPMpF&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=702133349.1673733647&uid=11340057&tid=UA-42296749-1&_gid=865644741.1673733647&cd2=2022-06-29.0&cd7=11340057&cd5=0&z=1414617157
216.239.34.178200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j99&a=1671567462&t=event&_s=2&dl=http%3A%2F%2Fdestyy.com%2FefPMpF&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=702133349.1673733647&uid=11340057&tid=UA-42296749-1&_gid=865644741.1673733647&cd2=2022-06-29.0&cd7=11340057&cd5=0&z=1414617157
IP 216.239.34.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j99&a=1671567462&t=event&_s=2&dl=http%3A%2F%2Fdestyy.com%2FefPMpF&ul=en-us&de=UTF-8&dt=Earn%20money%20on%20short%20links.%20Make%20short%20links%20and%20earn%20the%20biggest%20money%20-%20shorte.st&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ec=interstitial&ea=callback&el=success&_u=aEBAAAABAAAAAC~&jid=&gjid=&cid=702133349.1673733647&uid=11340057&tid=UA-42296749-1&_gid=865644741.1673733647&cd2=2022-06-29.0&cd7=11340057&cd5=0&z=1414617157 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Sat, 14 Jan 2023 15:54:24 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 21989
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash daadc4032f2f3bf782a2bf45e97ba3b2
36886fdba6c93fc6a685e8a722e0ab4ae764c0f4
69d3c7aad6d410862597ca5daf40ee8647821e28b4422b20e4e7471c3beff050
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3888
Cache-Control: max-age=163759
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 22:00:53 GMT
Etag: "63c2f394-118"
Expires: Mon, 16 Jan 2023 19:30:12 GMT
Last-Modified: Sat, 14 Jan 2023 18:25:24 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
toxicrookie.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv28cRRSeTZwGKlCaFIgTIAQSPu%2Fu7d6PpLAwwZFFcKwkyCWanZk9D57bWc3s3p6PxiIIpTwkCkS1%2Fs6OZYgi0tEgRXc0yKLIgYRcYIm%2FAYmKAt35pINXzHvffK%2F43vfeFwf5OXGR07OtD3VfKkVXwqpbeWtbJlwXtrJ5v%2BK5VfdGZVsm9eBGpTd9TPe654ZV9%2B3KLcF29Yrveq7ruV5lXRoR697KjIVMH7e8asutBn7VCwP0zP%2BxzR1Y6oB3z8nLkHxyZefnp5BshKTz%2FU1hdzOdvvN%2BJ1c00wZdfvxRspvoIkFnUcbGQZwcz7uh7YSQry9BJ8fzCaC7h9MJEMkJcX73ECXHc5mIukcXSiMFkSDiL6LojiDUCJKOwPQDSP6cAIxj8w6SzqNNbQq6d8HSKTshS3%2F%2FBVlMyNIfV5F0nqwp2avc0yrPpE4senEJ2RtBtkdI8zGyvgNZjMGyzyA5QdIpIfnZG03u1QPhhcs1L2TLQeA3lptM1JeF74s49EMaUjqzRsoRZDyCEgNQexm5dZBLB3nsIE8ddPhZhYat2HUbcRTXas2AMVarMRY26zzktaAZu8jZVPsAWToAUwMws4%2FU7GNXDmDyZ7A7JSx3YDOCLi9RCILCEhSUoJAERUZQdMsjrqxvy0dc2Tzy5tmf51o51Fn7gB7prC0ScpCek5emhjlL37jYFWcVt%2BnX6%2FVGvVFjdRrTVtwMa4EreBCzpojDBqwsIe0lUOugLyfk2vAZUjkhV374BxEdw6oxmHwNNH8FtBg2fBd0Zxg0XfSTE7ujTSaqNgPXJdJsCdmec6DOybXZ1q7%2FtgrBTle%2F6v9568nVT8FMidSU%2BET%2BRNBWD4d3dUEO7%2BrCkqd30kx2ZJ9ON3ovo5m4%2FO0HYq%2FQhm%2FctIOTd9mUmJaP7wub3aYJl0nbku%2FWJOfCrGvDBPlxw26LaCu3O2u5SfL09tZ76xud1AhrpU5GoPL56z6YnJAXTj6e3eqrn%2F8CaUYweYlOfkrmAanHYOk%2BbLpQbzWBUYueKHVQ5OXQ%2BNHiU0kCJRaYRiXsf3C0qA%2FsQ7SNA5o9mF1o15ToqhJUDWDzy8MsNaerv9ZmgUg5w0gZ5zBSRn15Ya2VZxURxm4sXF9EcSuKG9TlrThoRbTliUYUUg%2BZnbDxm1f%2FBQAA%2F%2F8BAAD%2F%2F4L0rf6DBAAA
192.243.59.13200 OK 7 B URL HTTP/1.1 toxicrookie.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv28cRRSeTZwGKlCaFIgTIAQSPu%2Fu7d6PpLAwwZFFcKwkyCWanZk9D57bWc3s3p6PxiIIpTwkCkS1%2Fs6OZYgi0tEgRXc0yKLIgYRcYIm%2FAYmKAt35pINXzHvffK%2F43vfeFwf5OXGR07OtD3VfKkVXwqpbeWtbJlwXtrJ5v%2BK5VfdGZVsm9eBGpTd9TPe654ZV9%2B3KLcF29Yrveq7ruV5lXRoR697KjIVMH7e8asutBn7VCwP0zP%2BxzR1Y6oB3z8nLkHxyZefnp5BshKTz%2FU1hdzOdvvN%2BJ1c00wZdfvxRspvoIkFnUcbGQZwcz7uh7YSQry9BJ8fzCaC7h9MJEMkJcX73ECXHc5mIukcXSiMFkSDiL6LojiDUCJKOwPQDSP6cAIxj8w6SzqNNbQq6d8HSKTshS3%2F%2FBVlMyNIfV5F0nqwp2avc0yrPpE4senEJ2RtBtkdI8zGyvgNZjMGyzyA5QdIpIfnZG03u1QPhhcs1L2TLQeA3lptM1JeF74s49EMaUjqzRsoRZDyCEgNQexm5dZBLB3nsIE8ddPhZhYat2HUbcRTXas2AMVarMRY26zzktaAZu8jZVPsAWToAUwMws4%2FU7GNXDmDyZ7A7JSx3YDOCLi9RCILCEhSUoJAERUZQdMsjrqxvy0dc2Tzy5tmf51o51Fn7gB7prC0ScpCek5emhjlL37jYFWcVt%2BnX6%2FVGvVFjdRrTVtwMa4EreBCzpojDBqwsIe0lUOugLyfk2vAZUjkhV374BxEdw6oxmHwNNH8FtBg2fBd0Zxg0XfSTE7ujTSaqNgPXJdJsCdmec6DOybXZ1q7%2FtgrBTle%2F6v9568nVT8FMidSU%2BET%2BRNBWD4d3dUEO7%2BrCkqd30kx2ZJ9ON3ovo5m4%2FO0HYq%2FQhm%2FctIOTd9mUmJaP7wub3aYJl0nbku%2FWJOfCrGvDBPlxw26LaCu3O2u5SfL09tZ76xud1AhrpU5GoPL56z6YnJAXTj6e3eqrn%2F8CaUYweYlOfkrmAanHYOk%2BbLpQbzWBUYueKHVQ5OXQ%2BNHiU0kCJRaYRiXsf3C0qA%2FsQ7SNA5o9mF1o15ToqhJUDWDzy8MsNaerv9ZmgUg5w0gZ5zBSRn15Ya2VZxURxm4sXF9EcSuKG9TlrThoRbTliUYUUg%2BZnbDxm1f%2FBQAA%2F%2F8BAAD%2F%2F4L0rf6DBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSv28cRRSeTZwGKlCaFIgTIAQSPu%2Fu7d6PpLAwwZFFcKwkyCWanZk9D57bWc3s3p6PxiIIpTwkCkS1%2Fs6OZYgi0tEgRXc0yKLIgYRcYIm%2FAYmKAt35pINXzHvffK%2F43vfeFwf5OXGR07OtD3VfKkVXwqpbeWtbJlwXtrJ5v%2BK5VfdGZVsm9eBGpTd9TPe654ZV9%2B3KLcF29Yrveq7ruV5lXRoR697KjIVMH7e8asutBn7VCwP0zP%2BxzR1Y6oB3z8nLkHxyZefnp5BshKTz%2FU1hdzOdvvN%2BJ1c00wZdfvxRspvoIkFnUcbGQZwcz7uh7YSQry9BJ8fzCaC7h9MJEMkJcX73ECXHc5mIukcXSiMFkSDiL6LojiDUCJKOwPQDSP6cAIxj8w6SzqNNbQq6d8HSKTshS3%2F%2FBVlMyNIfV5F0nqwp2avc0yrPpE4senEJ2RtBtkdI8zGyvgNZjMGyzyA5QdIpIfnZG03u1QPhhcs1L2TLQeA3lptM1JeF74s49EMaUjqzRsoRZDyCEgNQexm5dZBLB3nsIE8ddPhZhYat2HUbcRTXas2AMVarMRY26zzktaAZu8jZVPsAWToAUwMws4%2FU7GNXDmDyZ7A7JSx3YDOCLi9RCILCEhSUoJAERUZQdMsjrqxvy0dc2Tzy5tmf51o51Fn7gB7prC0ScpCek5emhjlL37jYFWcVt%2BnX6%2FVGvVFjdRrTVtwMa4EreBCzpojDBqwsIe0lUOugLyfk2vAZUjkhV374BxEdw6oxmHwNNH8FtBg2fBd0Zxg0XfSTE7ujTSaqNgPXJdJsCdmec6DOybXZ1q7%2FtgrBTle%2F6v9568nVT8FMidSU%2BET%2BRNBWD4d3dUEO7%2BrCkqd30kx2ZJ9ON3ovo5m4%2FO0HYq%2FQhm%2FctIOTd9mUmJaP7wub3aYJl0nbku%2FWJOfCrGvDBPlxw26LaCu3O2u5SfL09tZ76xud1AhrpU5GoPL56z6YnJAXTj6e3eqrn%2F8CaUYweYlOfkrmAanHYOk%2BbLpQbzWBUYueKHVQ5OXQ%2BNHiU0kCJRaYRiXsf3C0qA%2FsQ7SNA5o9mF1o15ToqhJUDWDzy8MsNaerv9ZmgUg5w0gZ5zBSRn15Ya2VZxURxm4sXF9EcSuKG9TlrThoRbTliUYUUg%2BZnbDxm1f%2FBQAA%2F%2F8BAAD%2F%2F4L0rf6DBAAA HTTP/1.1
Host: toxicrookie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Cookie: u_pl=17078832; uid_id2=8d164e15-315c-4427-8ce6-e22ef525a5aa:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec0826667673c6afa9f85340ed4fc8ef57=[3855423]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:53 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 321fa510ab1d05e5bc25ef4465923019
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c331e41511bd05226650d40b8134e1c1
6b0f9c3b3417bbe2e1517fe27f233ba22b5f9653
d64e1826a4046fe7ca0dfae40e5a93b617e1d1de12b40d40cec60b120a29bd77
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D64E1826A4046FE7CA0DFAE40E5A93B617E1D1DE12B40D40CEC60B120A29BD77"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6213
Expires: Sat, 14 Jan 2023 23:44:26 GMT
Date: Sat, 14 Jan 2023 22:00:53 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c331e41511bd05226650d40b8134e1c1
6b0f9c3b3417bbe2e1517fe27f233ba22b5f9653
d64e1826a4046fe7ca0dfae40e5a93b617e1d1de12b40d40cec60b120a29bd77
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D64E1826A4046FE7CA0DFAE40E5A93B617E1D1DE12B40D40CEC60B120A29BD77"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6213
Expires: Sat, 14 Jan 2023 23:44:26 GMT
Date: Sat, 14 Jan 2023 22:00:53 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/qr2.png
172.64.167.9200 OK 7.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/qr2.png
IP 172.64.167.9:0
File type PNG image data, 1160 x 1160, 8-bit/color RGB, non-interlaced\012- data
Hash 96bc1a4596b2dab3ce51232ef5daadef
8f032266c1b818ac9dbb3efeb06e7910a7f68f9d
39d99d4eee2bfa7b42e3ee095877935af95eaa139c30e0f9e864ceec5578862f
GET /sb/interstitial/default/qr/62/img/qr2.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: image/png
content-length: 7188
last-modified: Tue, 22 Nov 2022 17:47:47 GMT
etag: "637d0b43-1c14"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2797520
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZpBzdbVTpGv2f1JdhDMv2%2FesRM%2BHQGWpejJ2B51RUVzG3MoqxV4JL8Y%2ByJEEdc1y4gHvnKuqdD%2Fw9rEqDED%2Ftp%2Bj1yOU6OyIKvUHydDw5IE7cCkR%2BA9YeZynVJhqltzj9yTtHb4EOIf5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4c9b823b2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/1.png
172.64.167.9200 OK 50 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/1.png
IP 172.64.167.9:0
File type PNG image data, 980 x 980, 8-bit/color RGBA, non-interlaced\012- data
Hash 1143a7b3bc5051147099facc8dc1432e
3a01609fb60f785d3233a788dff4351a1d79d4c9
ff708dfd7d816c51832a47cebfaf051422ddd0ab0d96588b55a1a2b89c1f3f73
GET /sb/interstitial/default/qr/62/img/1.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: image/png
content-length: 49867
last-modified: Tue, 22 Nov 2022 11:33:40 GMT
etag: "637cb394-c2cb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2797520
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=boJDg1%2BkwAeiVDY%2FG41%2BraVJY3EQjNGHhS3ons6a9BHtYL41A54UjKTN6Um%2Fr0%2B6tcvg1yPoz7g%2Bvx3%2FzPFRztCq4TBTpiWtI%2FLdoxfnbv%2FIpiUa3aW%2BZ%2FTBsH2xoTEHKanC1KYei3Ns"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4c9be23b2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c331e41511bd05226650d40b8134e1c1
6b0f9c3b3417bbe2e1517fe27f233ba22b5f9653
d64e1826a4046fe7ca0dfae40e5a93b617e1d1de12b40d40cec60b120a29bd77
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D64E1826A4046FE7CA0DFAE40E5A93B617E1D1DE12B40D40CEC60B120A29BD77"
Last-Modified: Sat, 14 Jan 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6213
Expires: Sat, 14 Jan 2023 23:44:26 GMT
Date: Sat, 14 Jan 2023 22:00:53 GMT
Connection: keep-alive
cdn.yourwebbars.com/sb/interstitial/default/qr/62/index.html
104.26.6.19200 OK 2.5 kB URL HTTP/2 cdn.yourwebbars.com/sb/interstitial/default/qr/62/index.html
IP 104.26.6.19:0
File type HTML document, ASCII text, with very long lines (1857)
Hash 650cbf0844b2804b79acf09d96be81a9
752654940fb246cef02583e959790b65811924e7
307c0b3efe336cccb4804422147e09c845baeba2d8a3e4d0eae53b73a3bee570
GET /sb/interstitial/default/qr/62/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: text/html
last-modified: Mon, 12 Dec 2022 08:31:58 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 120232
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkzVMdZ385xKvUZic7ZuoEtD1CRxmYwRhlmvhzxa0B%2FL6cvfgSLz8hRJEoNJLG%2BR3MNZhtqep7Jdmx19hKV1ffT0vGvEEQBEx18ty%2BNochnuRLy7BBbmHQS%2Fm%2FQPnPUsI0UXY3c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a3a80a0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
toxicrookie.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fdefault%2Fqr%2F62%2Fjs%2Fscript.js&l=708&fd=124
192.243.59.13200 OK 0 B URL HTTP/1.1 toxicrookie.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fdefault%2Fqr%2F62%2Fjs%2Fscript.js&l=708&fd=124
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fdefault%2Fqr%2F62%2Fjs%2Fscript.js&l=708&fd=124 HTTP/1.1
Host: toxicrookie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destyy.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 14 Jan 2023 22:00:53 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/new_free.svg
172.64.167.9200 OK 761 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/new_free.svg
IP 172.64.167.9:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 0181ad5320f86a6f1cfa3450fbc1f3a0
1f607a9d7313e5e44242e6a9504f5fd4b8aa454a
6a0b2f6c27adb755a1d88362bb71fa01e154d8547d4885ceda701bfbb0852219
GET /sb/interstitial/default/qr/62/img/new_free.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:33:42 GMT
etag: W/"637cb396-609"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2797520
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOR3kQdHDptISk6HsWCB23MYQDvbi8ge2mjGeGo6BYupme6H9vDGgeou0WPSlmj5rg0emLIlH1PggjQSWkXfAYppkSniwugd3plI35XCsOVAgVD8QC%2FAvCdVoCLKMPvdKCvju2fLcIq8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4c9a623b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/js/script.js
172.64.167.9200 OK 275 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/js/script.js
IP 172.64.167.9:0
Hash 09af218c89f016b6d1c78363d67366b2
b935688156573c71599590833c8d3a70fae9f7e7
430f0aa969d1a8f1c80e85268261b6d122ef0dcecc539f0e5e96e1a33cbbcb01
GET /sb/interstitial/default/qr/62/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: application/javascript
last-modified: Sun, 11 Dec 2022 21:20:02 GMT
etag: W/"63964982-2c4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 836182
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVkLpPAD2gM5jwAr2QWcaC1hr5ialeb1%2F0oGoFpDAWJ7%2FEL9BU6%2F3UgZYB5MIMkw1s8XA3Jh0gUgV8QHcN24%2Bto4pagEU3b1Zv4Qb5I%2FgljfmFXAdlWq6VXZBk8iW5G32k8DZGcbKV2%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4996423b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway:400,700
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Raleway:400,700
IP 142.250.74.74:0
GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 14 Jan 2023 22:00:45 GMT
date: Sat, 14 Jan 2023 22:00:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/css/animate.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/css/animate.css
IP 172.64.167.9:0
GET /sb/interstitial/default/qr/62/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: text/css
last-modified: Sun, 11 Dec 2022 21:18:57 GMT
etag: W/"63964941-1365d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 769038
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FA7rGXCTj1eKOeA9sxChaLg8XN4U4cHxg%2F%2FNE5LdvbLCJjssHPUK2S6H1T18UYXH0YYTyyrUqo0YVudwfqONYLM3jSyMpWlb0Xv0%2BVOcrsqaqU0PWtTMAPSWwEx0W4rwsOACAVMQJCHt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4a97723b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/close.svg
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/close.svg
IP 172.64.167.9:0
GET /sb/interstitial/default/qr/62/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Mar 2021 09:40:04 GMT
etag: W/"605865f4-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2797521
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2JuwhS%2BMleuihBw02rL7nIQdcEVgeW4k2ZtfOn2l1vA%2F%2FkeBx5DshKcD095fA00L6APu5egAIDXa%2B1CLO7B9da3tPKuBQUw2Myv6%2FLtSssXR%2BrcT5oyXNNm96XD5XzE7VX6UHST15Ing"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4b9a323b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/css/style.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/css/style.css
IP 172.64.167.9:0
GET /sb/interstitial/default/qr/62/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://destyy.com
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: text/css
last-modified: Mon, 12 Dec 2022 08:30:46 GMT
etag: W/"6396e6b6-202e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 163073
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jL68UvlfpVYw1ClqMAnjBscEti3VZOef6ByrZWGS%2Fts%2FgTmFyxsxkR0xFn%2F8CQVMqSBtBLQmJpcXfSes%2F8wnqPZ22%2FM3scjucKxl8R94w0WcMzG1KQkIMaswql5T0L%2F6E1qQDcH5xj2%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4c9a423b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
104.26.4.107200 OK 0 B URL HTTP/2 static.shorte.st/bundles/smeweb/img/favicon.ico?2022-06-29.0
IP 104.26.4.107:0
GET /bundles/smeweb/img/favicon.ico?2022-06-29.0 HTTP/1.1
Host: static.shorte.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:46 GMT
content-type: image/x-icon
last-modified: Wed, 29 Jun 2022 08:56:53 GMT
etag: W/"62bc13d5-a07"
x-server-id: shn09
x-ua-compatible: IE=Edge
expires: Sun, 15 Jan 2023 15:18:12 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 24154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oghVtzKumGWlx4tb3%2BCO8jQRF%2B6R%2Ffor1TruyVba6nhn02%2Frck95hV%2Fm8%2FauT43nFr2TPUaFumIWyMYFwIhOYJK0RVUWpVHh%2Bkgmvq8NGz9QJktB91%2F%2BbVTLcS6Cuhons7g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a57ca946fab4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/tag.min.js?z=4157053
139.45.197.250200 OK 0 B URL HTTP/2 ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 22:00:45 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/loading.svg
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/default/qr/62/img/loading.svg
IP 172.64.167.9:0
GET /sb/interstitial/default/qr/62/img/loading.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Jan 2023 22:00:53 GMT
content-type: image/svg+xml
last-modified: Tue, 22 Nov 2022 11:33:42 GMT
etag: W/"637cb396-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2797520
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mzVKC6tIIylxLYaM3e4n9%2F%2FAfphj70l9P2O3jVOSdwKgnjx0KnnoJj4iYu%2FY4jBMrocNtLEsjleZ09k4cyI5T8yu%2BllqpPZMTshRKI%2FeTuPEv%2FRuu7IjCKhH%2Bwa9LdSH4kPkpHUlIHGO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7899a5a4c9b523b2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2