Report - rutor.123proxy.app/

Report Overview

Visited public
2025-06-08 16:56:52
Tags
Submit Tags
URL
rutor.123proxy.app/
Finishing URL
rutor.123proxy.app/
IP / ASN
104.21.22.244
#13335 CLOUDFLARENET
Title
rutor.info :: Свободный торрент трекер

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
matomo.hellohi.me	545402	2019-07-03	2019-07-03	2025-06-08	418 B	601 B	104.21.112.1
metrica-yandex.com	783336	2021-09-14	2021-09-19	2025-06-07	429 B	61 kB	104.21.32.1
s-rutor.123proxy.app	unknown	2021-02-05	2025-06-08	2025-06-08	4.4 kB	65 kB	104.21.22.244
matomo3.org	unknown	2019-09-20	2019-11-23	2025-06-06	816 B	1.5 kB	104.21.85.227
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-06-04	979 B	7.7 kB	142.250.74.10
heartilyscales.com	unknown	2022-12-16	2022-12-16	2025-06-08	454 B	66 kB	192.243.59.20
cdnbunny.org	unknown	2022-04-20	2022-04-23	2025-05-22	440 B	2.3 kB	77.91.100.49
i.ibb.co	13485	2010-07-20	2018-11-25	2025-06-08	442 B	5.9 kB	91.134.82.79
theusualsuspectz.biz	unknown	2023-01-27	2023-01-27	2025-06-02	423 B	49 kB	104.21.112.1
equilibriumfestive.com	unknown	2025-04-19	2025-04-23	2025-06-07	916 B	171 kB	172.240.108.76
rutor.123proxy.app	unknown	2021-02-05	2025-06-08	2025-06-08	4.5 kB	363 kB	104.21.22.244
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-04	570 B	21 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-08	medium	equilibriumfestive.com	Sinkholed
2025-06-08	medium	equilibriumfestive.com	Sinkholed
2025-06-08	medium	heartilyscales.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	rutor.123proxy.app/	ScriptElement	26 B	2023-03-07	2025-07-06
Pretty URL rutor.123proxy.app/ IP 104.21.22.244 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:40 Last Seen2025-07-06 08:34 Times Seen902 Hash 5779365b0a28c08298ca5847c65b769d 3076ad9e094690cd6c4ee200ae254e6e7260fd30 57c620405714b8baa51067e0ca9bc9a9b252985292b857360aec8a9936688709 Loading...

HTTP Transactions (32)

URL IP Response Size

GET metrica-yandex.com/metrika/tag.js?1001

104.21.32.1

200 OK

60 kB

URL GET
metrica-yandex.com/metrika/tag.js?1001
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subjectmetrica-yandex.com
Fingerprint10:B2:A3:B2:E2:B7:A3:63:72:4E:BC:30:5F:49:E3:66:41:9C:73:1A
ValidityTue, 29 Apr 2025 20:13:30 GMT - Mon, 28 Jul 2025 21:13:02 GMT

File type
JavaScript source, ASCII text, with very long lines (60271), with no line terminators
Size
60 kB (60271 bytes)
Hash
ea67b2343fc359662afdae5d4c8c8e03
7f07219a8cd9d6d5c17e20bd7e80fac0281c2b18
5e31460a6eacabdc5895ad2ad898a4a570ac88f2794c61ddce6b0beee304eb11

HTTP Headers

GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Tue, 22 Apr 2025 10:50:51 GMT
etag: W/"6807748b-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1980438
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=go8qEJUBCKUimEipSlsdHrLVqBQuA8m5Z%2BQ5XZsdGQnXE1%2FQgAGiKQLqxHBaoK%2FH7aTRGXstSt5dkEv9NwYYcQuNIef7hK2Lprf7gcbuqcs%3D"}]}
cf-ray: 94c9ec4abd6f56c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/i/d.gif?

104.21.22.244

200 OK

359 B

URL GET
s-rutor.123proxy.app/i/d.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 13 x 13
Size
359 B (359 bytes)
Hash
3def66024a583b6ca763e249acb3c426
82f2f897d3e2746181b889811ac675565dcaf0fa
7d4fb7d5a9e681b2313ca88338e3255364aa452f243d6397aa905783e98bfca0

HTTP Headers

GET /i/d.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gkpeADdVVG4Yuj2nlfAxUnLi7EcT%2Fw%2BwnG8a8%2BKd871X2DS2Dntr3%2BibpMaRuTTX3vkt9Vv47wkprbbpwqPxshXoGQrzCHejuzV63SyPXJ7CYg%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=5klfvp5nfku98eltj702m9199d; Path=/
cf-ray: 94c9ec4b0dea0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET i.ibb.co/pyC2VvJ/alert-xxl.png

91.134.82.79

200 OK

5.6 kB

URL GET
i.ibb.co/pyC2VvJ/alert-xxl.png
IP
91.134.82.79:443
ASN
#16276 OVH SAS

Requested by
https://rutor.123proxy.app/
Certificate
IssuerLet's Encrypt
Subjectibb.co
Fingerprint0C:AA:F7:77:A3:D5:B6:E8:71:39:92:D2:3F:B9:BD:20:7C:B9:1E:14
ValiditySun, 20 Apr 2025 07:15:11 GMT - Sat, 19 Jul 2025 07:15:10 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
5.6 kB (5554 bytes)
Hash
8d0eed07b450044fdca282d1daf8a58c
794e1284cdf81fd60154955c1805282ae21240cd
baac89456a2d4dfdcdc14244fbe50a04ade7a401c82de605938a92e16f35c1af

HTTP Headers

GET /pyC2VvJ/alert-xxl.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/png
content-length: 5554
last-modified: Mon, 07 Aug 2023 04:09:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET theusualsuspectz.biz/j/m/qqqq.js

104.21.112.1

200 OK

48 kB

URL GET
theusualsuspectz.biz/j/m/qqqq.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subjecttheusualsuspectz.biz
Fingerprint72:6A:5A:5E:70:EE:8C:45:A5:F0:31:CA:02:F7:9C:9C:41:F5:AA:4F
ValidityFri, 02 May 2025 09:19:17 GMT - Thu, 31 Jul 2025 10:17:48 GMT

File type
JavaScript source, ASCII text, with very long lines (48351), with no line terminators
Size
48 kB (48351 bytes)
Hash
febd5bfc829d7c8aa363e93e2e61f414
10d66213a9249bea47b15acf295323f01d217ef0
ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76

HTTP Headers

GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Mon, 21 Apr 2025 22:12:39 GMT
etag: W/"6806c2d7-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 3156903
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9ZLbCetN31trXKZlZ%2FcUgEl2ObViZV9OTuUUyFAu2vdJyj1DVNd44uYQgpSTfwRf3I2t7asCjZ8a71O8JrP0qL%2FV%2Fu%2FHSuemznQmxcjc66bKBA%3D%3D"}]}
cf-ray: 94c9ec4bddfd56af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js

172.240.108.76

200 OK

104 kB

URL GET
equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://rutor.123proxy.app/
Certificate
IssuerLet's Encrypt
Subjectequilibriumfestive.com
Fingerprint17:DD:F5:C0:D6:24:2C:3F:E6:C8:94:31:FE:17:86:D6:F3:F1:31:94
ValiditySat, 19 Apr 2025 10:04:40 GMT - Fri, 18 Jul 2025 10:04:39 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104423 bytes)
Hash
36b2b6c83d13813cebf2abacbb6d8c87
39dff3fbd665b3457c32316b73351fff70ecdafc
37b1db51d29d75209af205f14815eee31859b6bb94f08415bf4b6815ad486d84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /22/00/54/2200540f09f939738419313a1a090c32.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 16:56:31 GMT
Content-Type: application/javascript
Content-Length: 32727
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 11
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 24a8f6f0209e7b48a1da8d35058225f3
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET matomo3.org/l2.js

104.21.85.227

200 OK

17 B

URL GET
matomo3.org/l2.js
IP
104.21.85.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subjectmatomo3.org
Fingerprint8A:06:F9:A7:D8:1F:4F:5C:FE:94:3A:74:AA:37:98:1F:FB:BB:85:D3
ValiditySat, 26 Apr 2025 08:31:16 GMT - Fri, 25 Jul 2025 09:29:43 GMT

File type
ASCII text
Size
17 B (17 bytes)
Hash
1b783e218274d6f0f60ebb285254928b
0c17420fb2950e0c605818435a66d26607cf463d
2bb629349ecec11c7e749a6c0833a58719e347c00af6a3d1debb3e49f99a5da9

HTTP Headers

GET /l2.js HTTP/1.1
Host: matomo3.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 21 May 2025 21:27:34 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4f0ZVnNG802XT%2BGa4J%2FXOWPoUhhOs6iH9LnzW%2F8VcCYs5U90veM3xtvzcc7nynpdT90Lm%2BfE7GzBPqQVsThA%2BlfDbTPxoWtx4w%3D%3D"}]}
age: 1538360
cf-cache-status: HIT
etag: W/"682e4546-11"
content-encoding: br
cf-ray: 94c9ec4c3bf95687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET rutor.123proxy.app/js/rutor-favicon.ico

104.21.22.244

200 OK

894 B

URL GET
rutor.123proxy.app/js/rutor-favicon.ico
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Size
894 B (894 bytes)
Hash
ab55f59a775976829d8352a7a0584d3e
e4b29ec4ac46d97ea15c582d61d02c523dd0485b
e68d4b7f22b5027fef4672cc5ba884fb52ac248fd1ca4648c9ac89d95b0e58f4

HTTP Headers

GET /js/rutor-favicon.ico HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 16:56:33 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5DnT4x5Pn1CE6jEQq1eog6qokh5ymwZoJjmpVzB5oXDngUj5fI9Z%2FstYRV8IKoVeUDRKv%2BTuHLlfMprvKYgoOXxXzgKiA%2BDllbTrSibVwuJa27tQ1CcGvpLcAFExwCeYUoCC%2FzI%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Thu, 21 Apr 2022 20:53:51 GMT
etag: W/"6261c45f-37e"
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
content-encoding: br
cf-ray: 94c9ec5598ed0b3d-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8464&min_rtt=1323&rtt_var=6878&sent=136&recv=170&lost=0&retrans=0&sent_bytes=11111&recv_bytes=9988&delivery_rate=281896&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=c165f0a4ce253474&ts=2269&inflight_dur=78&x=80"

GET rutor.123proxy.app/hy.js?q22q2q2

104.21.22.244

200 OK

56 kB

URL GET
rutor.123proxy.app/hy.js?q22q2q2
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
JavaScript source, ASCII text, with very long lines (56131), with no line terminators
Size
56 kB (56131 bytes)
Hash
667d77da844b6d5ad62b2f26e77b4b12
01ae61192a38af73a93c67468fb8271d7bbfa4f6
f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1

HTTP Headers

GET /hy.js?q22q2q2 HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:25:24 GMT
etag: W/"682e44c4-db43"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rebScdSwLENB3b%2FSazR1wy0FTzm6bEesP8mXd1qNKTi%2BCDI%2FX6Ag4U5CdO2UUHnO9p8%2BgbcF%2Byakv2nvCDPqwuWq0S%2BHvWvJSTv9p7yGMEc%3D"}]}
cf-ray: 94c9ec4abd840b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET rutor.123proxy.app/app/x12.js

104.21.22.244

200 OK

11 kB

URL GET
rutor.123proxy.app/app/x12.js
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
JavaScript source, ASCII text, with very long lines (11180), with no line terminators
Size
11 kB (11180 bytes)
Hash
94efa3c05291ac5cccd32cc3a11c9724
3a033e4d6f5e5eaf76030a81c8a05c619de436c2
58c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102

HTTP Headers

GET /app/x12.js HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:25:24 GMT
etag: W/"682e44c4-2bac"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DPsev8vFb3iTSwupgN%2Boi7ncUxzOEaZOfrNORvPovmOgRFb82Aaeu8Agguc7z5AYgwwSYEhFSEZAemdvRxyuSHodxoZk%2F%2F9wwQ%2BJPdBAtk8%3D"}]}
cf-ray: 94c9ec4acda40b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET rutor.123proxy.app/js/rutor-css.css

104.21.22.244

200 OK

23 kB

URL GET
rutor.123proxy.app/js/rutor-css.css
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
ASCII text, with very long lines (3877)
Size
23 kB (23045 bytes)
Hash
0de953836b820f628a50a1e48e04d5fe
b5f7c2b57caa8723051c15c30585a65d03595a01
656e2438ea6a9eb85ca7ac478fdae0d4ef13c3cca617cca66410fc970c383064

HTTP Headers

GET /js/rutor-css.css HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Thu, 21 Apr 2022 20:53:51 GMT
etag: W/"6261c45f-5a05"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aPIdZZEe%2Bw%2B3igGwl4whxORM4DinijIG1B6IXWrqm2aLFU62hUdL4qIEUOOMu4Xyiu%2BULLERikBkCz4SQ3Do5wcjL0Rx1JaCDYhZAj5CEjo%3D"}]}
cf-ray: 94c9ec4a8d5d0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200

142.250.74.10

200 OK

627 B

URL GET
fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
ASCII text
Size
627 B (627 bytes)
Hash
51128598c8415e3bca57489718515bc0
47c10e30fb278714c0329aa44ac10c34ebf4f637
e5a15ba8f510923f86fe78ea8345abfc0ec5f573194f718923ceb52b40e32363

HTTP Headers

GET /css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 08 Jun 2025 16:56:31 GMT
date: Sun, 08 Jun 2025 16:56:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/i/m.png?

104.21.22.244

200 OK

656 B

URL GET
s-rutor.123proxy.app/i/m.png?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
656 B (656 bytes)
Hash
1c923e4247dd2fbbc7e407beecf6028c
37a7cd424c135206071cad59df92511df4fb6e5e
efb2d84b9882f1e58d07b358cb77ad0b67fcce154bc7dc70086532abe8f57fff

HTTP Headers

GET /i/m.png? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/png
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mxRg%2BkX12HwG9fqbG0mxmRbwlFAiZOYY1u9jXXG3eW1uzgumdoaiIYaQpwv3EFSpNQ1x%2BPoAU6EsDFmDQmsC%2FQISEigPm%2BU%2BVlq5vHzyRE9UWw%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=47qrs11qm2be9qt3il1es84bpv; Path=/
cf-ray: 94c9ec4acdae0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/t/arrowdown.gif?

104.21.22.244

200 OK

51 B

URL GET
s-rutor.123proxy.app/t/arrowdown.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 5 x 8
Size
51 B (51 bytes)
Hash
fe98a58fe6509fb7cb897d25228329d3
34d9e63fe61d4b543f84003c70d0473b6893926f
a045e7b1f5ceaefbab2ef782b86b12de0a41fc2ca34c43cbf6b8b8a107d339ff

HTTP Headers

GET /t/arrowdown.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Y1fxvWlrzQLwQI4USoIqlxbLubBgNOA2h6cRc459%2B0tbA6xNayquWrdxlEY6gDIi6bZ5xzhfJplk9dFAHxHG6XmcBoDwlMaMrhk4NWkFfZbDwQ%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=qveavkbghr428lhlfldjafka6o; Path=/
cf-ray: 94c9ec4acdb10b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET rutor.123proxy.app/app/apx14.js

104.21.22.244

200 OK

7.7 kB

URL GET
rutor.123proxy.app/app/apx14.js
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
JavaScript source, ASCII text, with very long lines (7663), with no line terminators
Size
7.7 kB (7663 bytes)
Hash
dfb1f327618e201778f2de85cfbcd173
fceb89a2221463e5bc5a71feff1247683ab08cc5
dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33

HTTP Headers

GET /app/apx14.js HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:25:24 GMT
etag: W/"682e44c4-1def"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HawY7KPYq8MCPSjeoZpcL4D8A2wC0QFUtkuc1Bsa%2BwIJtpJBUTrW3XhXI97lhRFSBxRSnzBnrjEpVTA5Bm%2BVaIfFMnmdXAqn12bLkZ3BkyI%3D"}]}
cf-ray: 94c9ec4acda00b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/logo.jpg?

104.21.22.244

200 OK

45 kB

URL GET
s-rutor.123proxy.app/logo.jpg?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=120, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=450], baseline, precision 8, 420x110, components 3
Size
45 kB (44893 bytes)
Hash
dc4a948f3ccf35b2c39269cde1aad6f3
1b952aa88121ee56b0648e0e2476a0dacc39da5e
eabb9097a448d6066ceac9b449f2a3759776e14aea3d574208495af12ed84f56

HTTP Headers

GET /logo.jpg? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/jpeg
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2Fh5YV8p7xud0oRVUn8ssnp3x%2F%2F9aKPaj6Whug2%2BflbW6jeZmhxdqcrxK8VTwaIMUD91XxSSGMzmAFm8pTvwSqDjXAtsUR84AhxwcCkFSImLEOQ%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=ut134kp22gjvo1ibhn50a9mibp; Path=/
cf-ray: 94c9ec4aedc80b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/i/com.gif?

104.21.22.244

200 OK

295 B

URL GET
s-rutor.123proxy.app/i/com.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 11 x 9
Size
295 B (295 bytes)
Hash
e91f48c29a8f6285ade898585e58f8ad
c171b970bbdb33210c1e9714bc7fa96e42bdb0bf
30bacf9c5db02b0b5fdbe670c15301ec8231d2e526ab20ea5f8dfb8692e02f17

HTTP Headers

GET /i/com.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yPoKevbVj86%2B5Da0mkngXsXS22KLvv7qQf5%2FIv%2BbrXsPHmHVNs1kQKJG9dnKPsQ2LDjESIGy5JHcTpVS9xwUEP4mnZbr5AdbXu0ix8n08ZtFPw%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=ckdmr1fefcf22ghdl9n7n6tapf; Path=/
cf-ray: 94c9ec4acdb30b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET rutor.123proxy.app/zpp/zpp4.js?q22q2q2

104.21.22.244

200 OK

39 kB

URL GET
rutor.123proxy.app/zpp/zpp4.js?q22q2q2
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
JavaScript source, ASCII text, with very long lines (38995), with no line terminators
Size
39 kB (38995 bytes)
Hash
7dc63553536847077855df4f82f1ec18
146c3aac34cb4e7e1e9c692ccd0161b2e4f018de
3a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960

HTTP Headers

GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:25:24 GMT
etag: W/"682e44c4-9853"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2nwnfIM1lffo57YldENcVpI0O02%2FwfluAix5C2Tu34%2FrAwY6Ome34q%2BuuTNL25vFYWtONNmBPLY5UwQZnBZgu0dPJWoycEmOGIGWwf31Z5c%3D"}]}
cf-ray: 94c9ec4abd980b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2

142.250.74.35

200 OK

21 kB

URL GET
fonts.gstatic.com/s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20612, version 1.0
Size
21 kB (20612 bytes)
Hash
b07da7aa3e4f363c5cdbc11312239e8c
47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8
e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa

HTTP Headers

GET /s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rutor.123proxy.app
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20612
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Jun 2025 02:23:52 GMT
expires: Sat, 06 Jun 2026 02:23:52 GMT
cache-control: public, max-age=31536000
age: 225160
last-modified: Thu, 29 May 2025 23:35:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET rutor.123proxy.app/

104.21.22.244

200 OK

210 kB

URL User Request GET
rutor.123proxy.app/
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3107)
Size
210 kB (209581 bytes)
Hash
6575413dadae2cd691f677bf6f397bba
eb7f33a57681faecd87d56707e0c34c17ce5d390
65f7ca907d935c0a60e844dbb9865f7bdaaa60138312caadb9b3f8fc759a6223

HTTP Headers

GET / HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:30 GMT
content-type: text/html;charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aag65RIZHzfYMTXd25AwzB3lNTixheZOcu3ZXu%2FldTZY24grnkauaQ8YkafVdOJRFgjLsz%2BJxE3Eqb40Lbstj2zc7XpQvn3wy8YDwlkCqJA%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:30 GMT
PHPSESSID=jr00qoerk7c6q4f84oecicrumh; Path=/
cf-ray: 94c9ec46f9aa0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/i/ic24.gif?

104.21.22.244

200 OK

2.4 kB

URL GET
s-rutor.123proxy.app/i/ic24.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 60 x 41
Size
2.4 kB (2362 bytes)
Hash
976d75e1c6afb21afa4241fca3aa0aaf
8da3af404aad55e592caecbb640936facba38856
8cebaa55f91e1628a7b4729ef423d6947dd2efad0d0bf06bd0371912cdd21404

HTTP Headers

GET /i/ic24.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ooA94IyfYGvGeCiAPCTtSuF0bC2uHOn7cb6%2FpUO4GyOCpsrMdTObO01pAT6Qgkpg87GO33e%2Fdr7SEJlEHjh8zmZYnl%2F9AG3gePEc%2FFC3VKzsiQ%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=svqsl3rhfatm2j9vcdono3640s; Path=/
cf-ray: 94c9ec4afde70b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/t/arrowup.gif?

104.21.22.244

200 OK

52 B

URL GET
s-rutor.123proxy.app/t/arrowup.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 5 x 8
Size
52 B (52 bytes)
Hash
7cbfc089fd0b0d261187a0c1ef0826af
1583fd0ccdd6a7dcb24ef670761ab01387cf87cf
b88cfd011c972f65586f207621005b8b3336773a252e2a309ddbd9b7dda7b8b9

HTTP Headers

GET /t/arrowup.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9F4bmlkpNN7fCf2IcZiz9kirF5LHl5kbUId9KOOCsuiNz0%2FKl2dEZaHzn04tvb4I1Okw4s11jgtZcVxbOY8KnWrUfe90cM%2B01ObSif%2F9X6g3Aw%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=3fheqhmlrhq36a98b83ugs2c08; Path=/
cf-ray: 94c9ec4acdaf0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js

172.240.108.76

200 OK

65 kB

URL GET
equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://rutor.123proxy.app/
Certificate
IssuerLet's Encrypt
Subjectequilibriumfestive.com
Fingerprint17:DD:F5:C0:D6:24:2C:3F:E6:C8:94:31:FE:17:86:D6:F3:F1:31:94
ValiditySat, 19 Apr 2025 10:04:40 GMT - Fri, 18 Jul 2025 10:04:39 GMT

File type
JavaScript source, ASCII text, with very long lines (64920), with no line terminators
Size
65 kB (64920 bytes)
Hash
584637ed2075e9825a0baa56620d1574
5c42789fb6cbf49e8589c26abd7c099f1302a069
545efe6878ad593bf83893ecad2f14fc6d43bc7bd56915200e5e5468a328d56d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 16:56:31 GMT
Content-Type: application/javascript
Content-Length: 23611
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 3
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 4fa1995df74f4b2ee937fd1f54ad6f86
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET rutor.123proxy.app/app/apx19.js

104.21.22.244

200 OK

9.2 kB

URL GET
rutor.123proxy.app/app/apx19.js
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
JavaScript source, ASCII text, with very long lines (9183), with no line terminators
Size
9.2 kB (9183 bytes)
Hash
2344c3f05f624d595f6fb920e4d74ded
eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1
3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a

HTTP Headers

GET /app/apx19.js HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:25:24 GMT
etag: W/"682e44c4-23df"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=C1OmHohZo0Bo2APPRHI%2Fb%2B1MPwGTtpgZcPZRn310mxmginAfHIz3fiFHxiSBlPDhb%2FRGOrtoH7GhPJ7CwmTevqEYgF2hxwzQq%2BrnD0jHKNQ%3D"}]}
cf-ray: 94c9ec4aad800b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnbunny.org/i/poisk_bg.gif?

77.91.100.49

200 OK

2.0 kB

URL GET
cdnbunny.org/i/poisk_bg.gif?
IP
77.91.100.49:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
https://rutor.123proxy.app/
Certificate
IssuerLet's Encrypt
Subjectcdnbunny.org
FingerprintFB:53:35:A0:6A:51:30:94:20:4C:D8:FE:91:54:AF:AB:2F:66:0D:AF
ValidityThu, 08 May 2025 14:47:42 GMT - Wed, 06 Aug 2025 14:47:41 GMT

File type
GIF image data, version 89a, 46 x 56
Size
2.0 kB (1998 bytes)
Hash
76118a48fd5ae4b926e34f4edb427386
4aa5f228e3f511bf626afa6703488d1d7c6df5e0
4912841156c4582948d016867a6c71845a0221f1dd6419ea911f6f83bbc431d7

HTTP Headers

GET /i/poisk_bg.gif? HTTP/1.1
Host: cdnbunny.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sun, 08 Jun 2025 16:56:32 GMT
Content-Type: image/gif
Content-Length: 1998
Connection: keep-alive
Last-Modified: Sat, 12 Nov 2011 15:28:37 GMT
ETag: "4ebe90a5-7ce"
Cache-Control: max-age=604800
Age: 556252
X-Debug: 604800.000 4508
Accept-Ranges: bytes

POST rutor.123proxy.app/user.php

104.21.22.244

200 OK

0 B

URL POST
rutor.123proxy.app/user.php
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /user.php HTTP/1.1
Host: rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: https://rutor.123proxy.app
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Cookie: view=1; PHPSESSID=jr00qoerk7c6q4f84oecicrumh
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 16:56:32 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLALEr1ZnTq9rIm%2FlCmOSe6qL1XkuNC%2BpLOydtxi1HTGCziaCxbZmAiXvoOaWkhCzRmgExS1MGMbZmtDiBoOUJkuHSYKkTJjPqE4vaJtLZT%2BId4X8KKUUw4QCC3oF5qmAXtWeTM%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
vary: accept-encoding
content-encoding: br
cf-ray: 94c9ec4fc8880b3d-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6670&min_rtt=1323&rtt_var=4387&sent=134&recv=168&lost=0&retrans=0&sent_bytes=10411&recv_bytes=9617&delivery_rate=281896&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=c165f0a4ce253474&ts=1384&inflight_dur=57&x=80"

GET s-rutor.123proxy.app/t/top.gif?

104.21.22.244

200 OK

612 B

URL GET
s-rutor.123proxy.app/t/top.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 24 x 24
Size
612 B (612 bytes)
Hash
ab3755cddb40723270164fa84b8f0362
a7e6700d02578c03bd76b217b23c55b4fba997ea
79df9f5b18cac4dbaec0808448c15e094b5fe20d04aabfe7bed9e6ae07739dfd

HTTP Headers

GET /t/top.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=l5s6yC9w5zzHHtAh7m302Ch5JcrVHZUUDZwVQwjvNqXxecaK1Sdqt%2F%2BGRUcUAIaNRUoACsSFK%2FKqxGIOGGjS2EFBS0UjBVRcxWvXgVNeEcImfw%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=pn0dob3fvvl29r9ie4c4l2psrc; Path=/
cf-ray: 94c9ec4acdb40b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/i/forum.gif?

104.21.22.244

200 OK

4.4 kB

URL GET
s-rutor.123proxy.app/i/forum.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 250 x 42
Size
4.4 kB (4367 bytes)
Hash
48ae00889ff3baa47dafe9d6d0977019
8c08f0f6ee7fd93f40679bea8d3ceb7be01b3e2c
790a5e6e4ff054d64eca66bd8cfe77b7f379695366e3e5f1f35d5b702e39506c

HTTP Headers

GET /i/forum.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xQFkY27gpSlVoTBGSuA9fHXGQbO%2BTyiQwUgIGMrBg5etv69lgk0pB81pREb%2BQ6z03CmkGdQjcHM1K5EoONu1hvsrYgWcDZbMDqI8AiJ%2BLnXWdw%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=9loipe4e2t5o2i6buvm5ionchp; Path=/
cf-ray: 94c9ec4addb50b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET s-rutor.123proxy.app/i/lupa.gif?

104.21.22.244

200 OK

3.1 kB

URL GET
s-rutor.123proxy.app/i/lupa.gif?
IP
104.21.22.244:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subject123proxy.app
FingerprintE5:F2:36:D8:1B:26:91:C8:0B:1B:28:EF:EA:31:1F:A7:BC:42:A8:A5
ValiditySat, 10 May 2025 02:27:40 GMT - Fri, 08 Aug 2025 03:25:16 GMT

File type
GIF image data, version 89a, 55 x 56
Size
3.1 kB (3079 bytes)
Hash
e2c8f8537818f7880be3ae505852b9ff
2a1f5572e6f4c9efc1700f34d6c6969bedbd8535
6946c64a41b61a1e8708b7bcf8274274c71cdc23932aab32da5b868d19212b3a

HTTP Headers

GET /i/lupa.gif? HTTP/1.1
Host: s-rutor.123proxy.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FleI%2B1XfWeYCBYbuTe2kaFsUX1mnISwmwNhXai8EwaCS%2Bk5KpTPyOaYi9OcrhP%2Fb5hwPWDgqnhgKO7NzOiDPqdPw1HEBVVrOFZkL25KBgDcZsA%3D%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 09 Jun 2025 16:56:31 GMT
PHPSESSID=mntn2c0tgbougfovljktqkgbqi; Path=/
cf-ray: 94c9ec4addb60b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js

192.243.59.20

200 OK

65 kB

URL GET
heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://rutor.123proxy.app/
Certificate
IssuerLet's Encrypt
Subjectheartilyscales.com
Fingerprint66:DE:86:19:2D:4A:4C:6C:44:82:D8:50:47:76:5D:0D:C2:0B:0A:62
ValidityThu, 05 Jun 2025 21:16:18 GMT - Wed, 03 Sep 2025 21:16:17 GMT

File type
JavaScript source, ASCII text, with very long lines (64931), with no line terminators
Size
65 kB (64931 bytes)
Hash
bf837eb6877b24cd30d47e5e4a2a0755
5749881e6247663f715c4025e7c3bb088f64765d
e3126dd6caef1031919baa9751b62f7833b1ecb3bca71ff4d690f95fc53a6199

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 08 Jun 2025 16:56:31 GMT
Content-Type: application/javascript
Content-Length: 23622
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: heartilyscales.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: e7796936a072134476ff635e74388004
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

142.250.74.10

200 OK

5.7 kB

URL GET
fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
ASCII text, with very long lines (1572)
Size
5.7 kB (5746 bytes)
Hash
de7e697b2ba2c2cc63ea8a9f63d22ad9
726cd824dedfe6246875cbd81bfcf95da1efb4e2
7eeaa18ea1e4245acccd54af188f48004ea2f276f7457cbbe97adf4552791bfa

HTTP Headers

GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 08 Jun 2025 16:56:31 GMT
date: Sun, 08 Jun 2025 16:56:31 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET matomo3.org/l1.js

104.21.85.227

200 OK

17 B

URL GET
matomo3.org/l1.js
IP
104.21.85.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subjectmatomo3.org
Fingerprint8A:06:F9:A7:D8:1F:4F:5C:FE:94:3A:74:AA:37:98:1F:FB:BB:85:D3
ValiditySat, 26 Apr 2025 08:31:16 GMT - Fri, 25 Jul 2025 09:29:43 GMT

File type
ASCII text
Size
17 B (17 bytes)
Hash
3c9d85f944382c9ae337da34d7574dda
6cf3a128a59a0f8d41ad504037fc743e211c5fac
d411a49b78172355e4ed6708eaeaf20a74765897d6c2690809c6d48173914479

HTTP Headers

GET /l1.js HTTP/1.1
Host: matomo3.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 16:56:31 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 21 May 2025 21:27:22 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=22cWxX9wpOajggf3pShmHWk2PBasQudLdB5GAMn5vyN%2FEx6I6xWtwqa4o9ouUjx9YEAIOVedRlSELkZBTrsI0TjvlOvEdEOenA%3D%3D"}]}
age: 1538360
cf-cache-status: HIT
etag: W/"682e453a-11"
content-encoding: br
cf-ray: 94c9ec4c3bfa5687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET matomo.hellohi.me/matomo.js

104.21.112.1

404 Not Found

0 B

URL GET
matomo.hellohi.me/matomo.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.123proxy.app/
Certificate
IssuerGoogle Trust Services
Subjecthellohi.me
Fingerprint8B:62:21:60:9D:C5:78:C7:58:77:08:D3:F9:B2:7D:65:07:98:BA:2C
ValidityFri, 16 May 2025 01:36:28 GMT - Thu, 14 Aug 2025 02:35:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.123proxy.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 08 Jun 2025 16:56:32 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gknY5QN8RcPVkxkilBtsMUc6gXCGk1jjAv2RsVhk4grZkr5brpfEkitVYDmJmtO0XVd0TgHUmzf%2B8KHJJmUv95UwI%2BZi7j95xekejIIl0Q%3D%3D"}]}
cache-control: max-age=14400
cf-cache-status: EXPIRED
vary: accept-encoding
content-encoding: br
cf-ray: 94c9ec503a455690-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (32)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate