Report - destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser

Report Overview

Visited public
2024-01-10 12:03:58
Tags
URL
destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Finishing URL
destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
IP / ASN
104.26.7.218
#13335 CLOUDFLARENET
Title
Earn money on short links. Make short links and earn the biggest money - shorte.st

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
destyy.com	195997	2017-05-05	2017-05-09 23:15:24	2023-11-11 04:26:34	3.7 kB	102 kB	104.26.6.218
ubbfpm.com	unknown	2022-05-31	2022-05-31 13:58:39	2023-11-18 08:35:11	412 B	201 kB	95.216.206.230
ja.rewashwudu.com	unknown	2022-10-04	2022-10-04 16:03:34	2023-12-03 22:55:30	419 B	1.5 kB	23.109.82.143
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-01-10 10:42:00	442 B	1.6 kB	142.250.74.106
ptauxofi.net	35628	2021-03-31	2021-03-31 07:35:12	2024-01-02 04:01:45	3.9 kB	102 kB	139.45.197.250
hfeoveukrn.info	unknown	2023-10-04	2024-01-02 23:26:29	2024-01-09 17:04:37	3.9 kB	8.8 kB	108.157.229.31
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-01-10 11:09:40	887 B	133 kB	142.250.74.168
dicreativeideas.org	unknown	2023-10-04	2023-12-30 12:29:26	2024-01-09 18:40:00	2.7 kB	2.9 kB	188.114.96.1
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-01-09 22:15:23	517 B	739 B	139.45.195.8
xdiwbc.com	unknown	2023-02-07	2023-02-07 16:06:03	2024-01-08 05:43:52	877 B	104 kB	188.114.97.1
xngqoc.com	unknown	2023-03-03	2023-03-03 16:38:04	2023-12-29 22:21:09	981 B	0 B	0.0.0.0
static.sh.st	276104	2013-07-01	2016-10-20 21:36:49	2024-01-02 04:01:45	1.4 kB	174 kB	104.26.7.218
d3t3z4teexdk2r.cloudfront.net	unknown	2008-04-25	2022-07-16 07:02:37	2023-11-18 08:35:11	2.5 kB	120 kB	54.230.241.119
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-01-10 11:48:46	1.1 kB	98 kB	216.58.207.227
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2024-01-09 20:51:08	3.7 kB	12 kB	64.233.161.84
prhzxq.com	unknown	2022-06-29	2022-06-29 13:43:14	2023-12-22 10:36:09	1.0 kB	1.1 kB	185.162.85.20
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2024-01-09 23:09:55	1.5 kB	1.5 kB	139.45.197.250
i.wmgtr.com	13696	2020-09-11	2020-09-11 13:28:07	2024-01-08 05:43:23	848 B	247 kB	45.133.44.33
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07 07:43:56	2024-01-09 05:09:25	305 B	512 kB	88.221.134.209
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2024-01-09 17:37:18	1.3 kB	211 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-01-10	medium	hfeoveukrn.info	Sinkholed
2024-01-10	medium	hfeoveukrn.info	Sinkholed
2024-01-10	medium	prhzxq.com	Sinkholed
2024-01-10	medium	hfeoveukrn.info	Sinkholed
2024-01-10	medium	hfeoveukrn.info	Sinkholed
2024-01-10	medium	amunfezanttor.com	Sinkholed
2024-01-10	medium	amunfezanttor.com	Sinkholed
2024-01-10	medium	amunfezanttor.com	Sinkholed
2024-01-10	medium	xngqoc.com	Sinkholed
2024-01-10	medium	hfeoveukrn.info	Sinkholed
2024-01-10	medium	xngqoc.com	Sinkholed
2024-01-10	medium	prhzxq.com	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
88.221.134.209
ASN
#20940 Akamai International B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

Archive (2)

Modified	Filename	Size	Md5	File type
2019-03-02 16:47	gmpopenh264.info	116 B	3d33cdc0b3d281e67dd52e14435dd04f	ASCII text
2019-03-02 16:47	libgmpopenh264.so	1.4 MB	b2c1253e8a09cfe03b3d7f37de12dff7	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea	ScriptElement	30 kB	2024-01-03	2024-08-20
Pretty URL destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-03 19:40 Last Seen2024-08-20 14:07 Times Seen17 Hash 4b8aa9b76348b3fea266f90f2b383983 46490e3f095dbb93739dae86b6622a1b392c1292 afac33cb40a2b36312bc47a238c44f4b4b14242ce3123a8c062d503f07f6911b Loading...

	destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea	ScriptElement	412 B	2023-03-07	2024-08-21
Pretty URL destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2024-08-21 09:40 Times Seen171 Hash e57a17959756709555be23700fdf86e0 5f995918711370e6c6847a0942d9007cf364cc21 537be2c7d2a919573cfcb2a600e327546e046b656e1ff22513ca98f03965a3ed Loading...

	destyy.com/sandbox%20eval%20code		147 B	2023-04-11	2025-06-13
Pretty URL destyy.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-13 05:10 Times Seen353404 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c	ScriptElement	200 kB	2024-08-20	2024-08-20
Pretty URL www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 12:43 Last Seen2024-08-20 12:43 Times Seen1 Hash 1200000ffb5136f4a9d6cf92525f2c31 d6d0d9f748f3dedebd2fe0a7c7adfeddd882ddb7 ad87b8fa63a129b4fce69c61c500e4cd22466c0b4cda400dcd32b950042aa3d3 Loading...

	destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea	ScriptElement	0 B	0001-01-01	2025-06-13
Pretty URL destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-13 05:12 Times Seen4939327 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ja.rewashwudu.com/fmwhVStpL4dxap/46223	ScriptElement	6 B	2023-03-07	2025-06-13
Pretty URL ja.rewashwudu.com/fmwhVStpL4dxap/46223 IP 23.109.82.143 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-13 04:45 Times Seen8546 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	ptauxofi.net/pfe/current/tag.min.js?z=4157053	ScriptElement	13 kB	2023-11-02	2024-08-20
Pretty URL ptauxofi.net/pfe/current/tag.min.js?z=4157053 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea	ScriptElement	385 B	2023-03-07	2024-08-21
Pretty URL destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2024-08-21 09:40 Times Seen171 Hash 18f785c58c9ad2590695ebb6a75b48f0 9260be0a1f90cd980c5cd2197dfe4835100a31f6 8ff650b1e7d5cdd15bd9b492c15b443a53cf3fa85f0ed1ab907afe74aa127d92 Loading...

	ubbfpm.com/ms/1102360/inpage.js	ScriptElement	201 kB	2023-04-06	2024-08-21
Pretty URL ubbfpm.com/ms/1102360/inpage.js IP 95.216.206.230 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 00:22 Last Seen2024-08-21 09:40 Times Seen171 Hash af413834dffb762ffcfa6c20ce98ad42 1cc019785a20cf05f8804da008409a6ed8ba4a72 37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ	ScriptElement	163 kB	2024-08-20	2024-08-20
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 12:43 Last Seen2024-08-20 12:43 Times Seen1 Hash c51d00c4e3489f6d13c83ff3dff8a9e5 b90d8ef08c45a5cf0075b3f6fca1d08a3f11eddf e1fa1a0cee0cd09bb993b1de5a5b2d900b91602be3de45d6780913ad769812ff Loading...

	destyy.com/shortest-url/end-adsession?adSessionId=1b12f942eede035d945ddeeb8c52ed6b38741ca9&adbd=0&callback=reqwest_1704888207156	ScriptElement	123 B	2024-08-20	2024-08-20
Pretty URL destyy.com/shortest-url/end-adsession?adSessionId=1b12f942eede035d945ddeeb8c52ed6b38741ca9&adbd=0&callback=reqwest_1704888207156 IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 12:43 Last Seen2024-08-20 12:43 Times Seen1 Hash a9d758f2623622b6ce5b696ae0f56991 ba0a837285c2f14f89b7deeacdda3b7b6ebe74b9 c0d1ca495d9a38b67d4e49f5114160f8cc805358c1fefb1c096c1ce264a6b107 Loading...

	static.sh.st/js/packed/interstitial-page.js?2022-06-29.0	ScriptElement	81 kB	2023-04-06	2024-08-21
Pretty URL static.sh.st/js/packed/interstitial-page.js?2022-06-29.0 IP 104.26.7.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 00:22 Last Seen2024-08-21 09:40 Times Seen169 Hash 06eb8d871dccb0da41b67abac7022ba9 dbe95283dcf49fac294a7d3445efad665c2ee790 88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef Loading...

	destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea	ScriptElement	173 B	2023-03-07	2024-08-21
Pretty URL destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2024-08-21 09:40 Times Seen171 Hash a881bba8a59d80992e9c397d3cc3d67a 85ab04d40c85bd897b78a88dd6da95671fa6d64e dbd5a5ffb649a1301d16a94539210972ab60b8e7972f4b073d6199a6c5268888 Loading...

	unknown	ScriptElement	88 kB	2023-11-02	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

	destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea	ScriptElement	2.8 kB	2024-08-20	2024-08-20
Pretty URL destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 12:43 Last Seen2024-08-20 12:43 Times Seen1 Hash 9e45375825d70ef08a772fdacbbf4a96 c495e6e600e45a1843da7760d59f95765b3a841b 891678c1662ef91907d81131e3f9a2416d06912bc849c3e9df5e4a16c7300534 Loading...

	unknown	ScriptElement	26 kB	2023-03-07	2025-01-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2025-01-30 15:49 Times Seen1752 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea	ScriptElement	224 B	2023-03-07	2024-08-21
Pretty URL destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2024-08-21 09:40 Times Seen169 Hash 1257ac8e5dfe1e338f9a7190fac3bf8b 91039ad3afbab7525d86a3220ded4109a7f112a7 dbfe45437742f1831de6c1818e9060e0ec9d588b4779558f9c91f621453666ea Loading...

	d3t3z4teexdk2r.cloudfront.net/?etztd=962089	ScriptElement	362 kB	2024-08-20	2024-08-20
Pretty URL d3t3z4teexdk2r.cloudfront.net/?etztd=962089 IP 54.230.241.119 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 12:43 Last Seen2024-08-20 12:43 Times Seen1 Hash bfc0d02bc9dca954978488f4497e72e8 acb7ae2f44f1ec2f68d0c4b5d987a88711db8026 ab7bbf9075b3e2ba88ee2ae554a373a61418e3fa10b1573edc4df30cd4aed48b Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-13
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-13 05:10 Times Seen352666 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

		Size	First Seen	Last Seen
	#1 Write - 961ccfddcdc77ce42f104100c4185fcc	51 kB	2023-03-07 12:23	2024-08-21 08:17
Pretty Observations First Seen2023-03-07 12:23 Last Seen2024-08-21 08:17 Times Seen36 Hash 961ccfddcdc77ce42f104100c4185fcc 1f337e9b3c212e33f7e204d6aec9aa9e01ffad44 5da0c7e0ab69c2c20e2357cbb615df2343b2c91725e32e5ab83bea4842478565 Loading...

HTTP Transactions (60)

URL IP Response Size

destyy.com/bundles/smeweb/img/advertisement-tracking-11137437.gif?t=1704888206

104.26.6.218

200 OK

43 B

URL GET HTTP/3
destyy.com/bundles/smeweb/img/advertisement-tracking-11137437.gif?t=1704888206
IP
104.26.6.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectdestyy.com
Fingerprint40:3E:D8:15:2A:67:6A:D1:41:DD:7B:7B:0A:56:A1:24:52:0D:A8:8D
ValiditySun, 31 Dec 2023 01:08:05 GMT - Sat, 30 Mar 2024 01:08:04 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/advertisement-tracking-11137437.gif?t=1704888206 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Cookie: hl=en; cookies-enable=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 10 Jan 2024 12:03:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-server-id: shn09
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NNm1rCbc2ejnNRADbO7EcsgACjCWfTFF8uduTp9UedXOxxKQtCtbNiskCdofgdtv2LLp7qqmIJ5J%2B3fPFbwCUd7GH5sv4Ib%2Fz1WD5wP4W819TfwaTisr6%2F%2BH1OAp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6dd3a61712f-OSL
alt-svc: h3=":443"; ma=86400

destyy.com/bundles/advertisement/img/tracking.gif?test=1b12f942eede035d945ddeeb8c52ed6b38741ca9

104.26.6.218

200 OK

0 B

URL GET HTTP/3
destyy.com/bundles/advertisement/img/tracking.gif?test=1b12f942eede035d945ddeeb8c52ed6b38741ca9
IP
104.26.6.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectdestyy.com
Fingerprint40:3E:D8:15:2A:67:6A:D1:41:DD:7B:7B:0A:56:A1:24:52:0D:A8:8D
ValiditySun, 31 Dec 2023 01:08:05 GMT - Sat, 30 Mar 2024 01:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bundles/advertisement/img/tracking.gif?test=1b12f942eede035d945ddeeb8c52ed6b38741ca9 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Cookie: hl=en; cookies-enable=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 10 Jan 2024 12:03:26 GMT
content-type: image/gif
content-length: 0
last-modified: Wed, 29 Jun 2022 08:56:54 GMT
etag: "62bc13d6-0"
x-server-id: shn06
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rd7u5NZKtU0E%2F5TT5oSb%2BPzV%2F3S%2F7bre4R8sRw%2B0lENHkW8gVZQf89bz4CdnVgi4PQKsh1FNxtFd4429xxeGqfw63lR1R%2BxLb2qnXgpnRSm3olKVR0F%2Fh%2B8Mhblk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6dd3a5d712f-OSL
alt-svc: h3=":443"; ma=86400

destyy.com/bundles/smeweb/img/tracking-11137437.gif?t=1704888206

104.26.6.218

200 OK

43 B

URL GET HTTP/3
destyy.com/bundles/smeweb/img/tracking-11137437.gif?t=1704888206
IP
104.26.6.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectdestyy.com
Fingerprint40:3E:D8:15:2A:67:6A:D1:41:DD:7B:7B:0A:56:A1:24:52:0D:A8:8D
ValiditySun, 31 Dec 2023 01:08:05 GMT - Sat, 30 Mar 2024 01:08:04 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/tracking-11137437.gif?t=1704888206 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Cookie: hl=en; cookies-enable=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 10 Jan 2024 12:03:26 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-server-id: shn05
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kuONZfgbesOiFIRin7NbTHwjeAMDnZJPXUl%2F33evskiwfSL%2BZiXXyP%2FEZJUSC0se8e%2Bb5silMgUW7JatSpfid%2F7UvdMzXrPg%2BVUxavDyNek61WTHrbZh6SwvkeS8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6dd3a69712f-OSL
alt-svc: h3=":443"; ma=86400

static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0

104.26.7.218

200 OK

6.2 kB

URL GET HTTP/2
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP
104.26.7.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:7F:86:BA:DE:5A:E8:C6:45:7C:7C:55:01:BC:71:BB:54:01:6B:CF
ValiditySun, 30 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced
Size
6.2 kB (6226 bytes)
Hash
9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

HTTP Headers

GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:27 GMT
content-type: image/png
content-length: 6226
last-modified: Fri, 17 Jul 2015 13:29:04 GMT
etag: "55a90320-1852"
x-server-id: shn07
x-ua-compatible: IE=Edge
expires: Wed, 10 Jan 2024 23:58:50 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 43477
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGIqS3KCwLtQ3i8dskU6cfgOXnrwE8GvgNhhJLbk%2FsaYa0A1R9BEQunrJk%2BP7rlrFHKy4utL%2Btq8DV0dOb3%2By7spFq5uefha0CXYbSb4dt7lGkEwo%2FT7NCvJwNM7Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6de6c94b509-OSL
X-Firefox-Spdy: h2

destyy.com/bundles/advertisement/img/tracking.gif?test=1b12f942eede035d945ddeeb8c52ed6b38741ca9

104.26.6.218

200 OK

0 B

URL GET HTTP/3
destyy.com/bundles/advertisement/img/tracking.gif?test=1b12f942eede035d945ddeeb8c52ed6b38741ca9
IP
104.26.6.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectdestyy.com
Fingerprint40:3E:D8:15:2A:67:6A:D1:41:DD:7B:7B:0A:56:A1:24:52:0D:A8:8D
ValiditySun, 31 Dec 2023 01:08:05 GMT - Sat, 30 Mar 2024 01:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bundles/advertisement/img/tracking.gif?test=1b12f942eede035d945ddeeb8c52ed6b38741ca9 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Cookie: hl=en; cookies-enable=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 10 Jan 2024 12:03:27 GMT
content-type: image/gif
content-length: 0
last-modified: Wed, 29 Jun 2022 08:56:54 GMT
etag: "62bc13d6-0"
x-server-id: shn06
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfpRxVyqDRmAJ6IAPSiBBgEbYEd1NKm2TPxdWKXzuz%2Bb8w4Kp391ciMgSEAwOZ2l3OUzBAzX5gBsacLcPCrifbeR%2FYTP5DNKG89nVi9vukngivoFvplsGdmXppjq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6df2de5712f-OSL
alt-svc: h3=":443"; ma=86400

ubbfpm.com/ms/1102360/inpage.js

95.216.206.230

200 OK

201 kB

URL GET HTTP/1.1
ubbfpm.com/ms/1102360/inpage.js
IP
95.216.206.230:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectubbfpm.com
Fingerprint8D:79:8F:4F:33:7A:14:5D:CA:55:BE:1A:92:8C:E9:1E:84:DD:6A:4D
ValiditySat, 25 Nov 2023 09:49:17 GMT - Fri, 23 Feb 2024 09:49:16 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
201 kB (200738 bytes)
Hash
af413834dffb762ffcfa6c20ce98ad42
1cc019785a20cf05f8804da008409a6ed8ba4a72
37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0

HTTP Headers

GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 10 Jan 2024 12:03:27 GMT
Content-Type: application/javascript
Content-Length: 200738
Last-Modified: Fri, 21 Apr 2023 15:45:14 GMT
Connection: keep-alive
ETag: "6442af8a-31022"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes

ja.rewashwudu.com/fmwhVStpL4dxap/46223

23.109.82.143

200 OK

26 B

URL GET HTTP/1.1
ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP
23.109.82.143:443
ASN
#7979 SERVERS-COM

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectja.rewashwudu.com
Fingerprint67:FB:CE:40:21:2D:18:12:7D:4A:40:87:C5:27:3A:47:C5:3E:6B:05
ValidityWed, 22 Nov 2023 23:10:26 GMT - Tue, 20 Feb 2024 23:10:25 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

HTTP Headers

GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 10 Jan 2024 12:03:27 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://destyy.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYZ4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNCm05t; expires=Thu, 11-Jan-2024 12:03:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Thu, 11-Jan-2024 12:03:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

d3t3z4teexdk2r.cloudfront.net/?etztd=962089

54.230.241.119

200 OK

118 kB

URL GET HTTP/2
d3t3z4teexdk2r.cloudfront.net/?etztd=962089
IP
54.230.241.119:443
ASN
#16509 AMAZON-02

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15945)
Size
118 kB (117470 bytes)
Hash
bfc0d02bc9dca954978488f4497e72e8
acb7ae2f44f1ec2f68d0c4b5d987a88711db8026
ab7bbf9075b3e2ba88ee2ae554a373a61418e3fa10b1573edc4df30cd4aed48b

HTTP Headers

GET /?etztd=962089 HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 117470
date: Wed, 10 Jan 2024 12:03:27 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zXX6nNAop0SUlv5FHKUYRSV1_VQsU4xnULNjTRmhBZ_V5_l5ihNFNw==
X-Firefox-Spdy: h2

static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0

104.26.7.218

200 OK

84 kB

URL GET HTTP/2
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP
104.26.7.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:7F:86:BA:DE:5A:E8:C6:45:7C:7C:55:01:BC:71:BB:54:01:6B:CF
ValiditySun, 30 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type
PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced
Size
84 kB (84545 bytes)
Hash
0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

HTTP Headers

GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:27 GMT
content-type: image/png
content-length: 84545
last-modified: Wed, 29 Jun 2022 08:56:53 GMT
etag: "62bc13d5-14a41"
x-server-id: shn05
x-ua-compatible: IE=Edge
expires: Thu, 11 Jan 2024 08:56:51 GMT
cache-control: max-age=86400
cf-cache-status: HIT
age: 11196
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tqjbxBgSGBzemTrLru1gSEnoW5RJWFXfR2pEDxPWRa12u5aEPSgCcfAE8uFdsRmjg3y%2BZBN5WVUScsAYRxlQ%2F7hRK6qW8Dorml1R1OtreHULJZ5AoYiRysg9J%2BT7vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6dfdf00b509-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Raleway:400,700

142.250.74.106

200 OK

1.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway:400,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
gzip compressed data, max compression
Size
1.0 kB (1018 bytes)
Hash
ecd7598fa4ff9730118101a2df3ae502
ce93ac61705c1e18256c6f91ad2f868d9c62db12
8f17be7cb14455274f31b61e9c13514cf586d87b13274574eb468c6b7d6a9ba2

HTTP Headers

GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 10 Jan 2024 12:03:27 GMT
date: Wed, 10 Jan 2024 12:03:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48208, version 1.0
Size
48 kB (48208 bytes)
Hash
c49b7c3643f781d71645c5a40a78b5bf
e71138026b38afc443fb60da5ffc2244c4f5eb11
8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808

HTTP Headers

GET /s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48208
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 06 Jan 2024 00:53:50 GMT
expires: Sun, 05 Jan 2025 00:53:50 GMT
cache-control: public, max-age=31536000
age: 385777
last-modified: Wed, 13 Sep 2023 23:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48208, version 1.0
Size
48 kB (48208 bytes)
Hash
c49b7c3643f781d71645c5a40a78b5bf
e71138026b38afc443fb60da5ffc2244c4f5eb11
8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808

HTTP Headers

GET /s/raleway/v29/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48208
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 06 Jan 2024 00:53:50 GMT
expires: Sun, 05 Jan 2025 00:53:50 GMT
cache-control: public, max-age=31536000
age: 385777
last-modified: Wed, 13 Sep 2023 23:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

142.250.74.168

200 OK

59 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A
ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT

File type
ASCII text, with very long lines (3035)
Size
59 kB (59083 bytes)
Hash
c51d00c4e3489f6d13c83ff3dff8a9e5
b90d8ef08c45a5cf0075b3f6fca1d08a3f11eddf
e1fa1a0cee0cd09bb993b1de5a5b2d900b91602be3de45d6780913ad769812ff

HTTP Headers

GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 10 Jan 2024 12:03:27 GMT
expires: Wed, 10 Jan 2024 12:03:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59083
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dicreativeideas.org/aTA1WkFGD1YpfAxobxwVP1h/CxkNAVQPKStWfSozPXV7YiUuXxMuKA0NDGxzWQgMfDEAVAhrZxpEVC40Gg0EfCgHVlpnZx8NBHRyXR4Gbm9ZFkBncE9ERTsmVAETKjUdXAhrdlkEDWJ5WwACaXlR

188.114.96.1

204 No Content

0 B

URL GET HTTP/2
dicreativeideas.org/aTA1WkFGD1YpfAxobxwVP1h/CxkNAVQPKStWfSozPXV7YiUuXxMuKA0NDGxzWQgMfDEAVAhrZxpEVC40Gg0EfCgHVlpnZx8NBHRyXR4Gbm9ZFkBncE9ERTsmVAETKjUdXAhrdlkEDWJ5WwACaXlR
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectdicreativeideas.org
FingerprintE9:15:5F:EB:AB:69:D8:D6:58:01:C2:1E:2B:F5:7A:2A:1B:7C:0C:69
ValiditySat, 30 Dec 2023 06:04:21 GMT - Fri, 29 Mar 2024 06:04:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /aTA1WkFGD1YpfAxobxwVP1h/CxkNAVQPKStWfSozPXV7YiUuXxMuKA0NDGxzWQgMfDEAVAhrZxpEVC40Gg0EfCgHVlpnZx8NBHRyXR4Gbm9ZFkBncE9ERTsmVAETKjUdXAhrdlkEDWJ5WwACaXlR HTTP/1.1
Host: dicreativeideas.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 10 Jan 2024 12:03:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jhfy4Zhj%2BW8ghLlR7u%2FohFyadSL05ekAih%2Bh8PD2JHLUiALrvZg4LRBGJKJZaNAPogpNlF3ddNfoWu4gavvUT8l%2BAEsAWkUbsw95ZwvyLjsHnQFJsEo82WX5CLb%2FY%2FYKl6DN%2BLst"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6e12e2a5693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/tag.min.js?z=4157053

139.45.197.250

200 OK

7.0 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type
C source, ASCII text, with very long lines (16349), with no line terminators
Size
7.0 kB (6978 bytes)
Hash
4f67f19d485c127bd9e64cc6679ba0e8
14d51f74c959f26f64de25301df4273f578cff61
133b118365d6c499b2c394ce7835ee2115ad8ba330aa49b12581779f916408cd

HTTP Headers

GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:27 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2023 17:44:23 GMT
etag: W/"6564d577-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

dicreativeideas.org/MGdPZUgfWCwWdWozHVYfXi0bJyNUFx0JP3c2GFQAZiYdIilbFGkRIVRadlN6AF59QzhZA3JUcBYUOwQ8RRRyVG5ZCSkKdRYRclRmAEl9S3wWEnJUbkQXLgJ1AUE/ETxcWn5SeARfd116AFB7VX0

188.114.96.1

204 No Content

0 B

URL GET HTTP/2
dicreativeideas.org/MGdPZUgfWCwWdWozHVYfXi0bJyNUFx0JP3c2GFQAZiYdIilbFGkRIVRadlN6AF59QzhZA3JUcBYUOwQ8RRRyVG5ZCSkKdRYRclRmAEl9S3wWEnJUbkQXLgJ1AUE/ETxcWn5SeARfd116AFB7VX0
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectdicreativeideas.org
FingerprintE9:15:5F:EB:AB:69:D8:D6:58:01:C2:1E:2B:F5:7A:2A:1B:7C:0C:69
ValiditySat, 30 Dec 2023 06:04:21 GMT - Fri, 29 Mar 2024 06:04:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /MGdPZUgfWCwWdWozHVYfXi0bJyNUFx0JP3c2GFQAZiYdIilbFGkRIVRadlN6AF59QzhZA3JUcBYUOwQ8RRRyVG5ZCSkKdRYRclRmAEl9S3wWEnJUbkQXLgJ1AUE/ETxcWn5SeARfd116AFB7VX0 HTTP/1.1
Host: dicreativeideas.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 10 Jan 2024 12:03:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5TTLzBj5T9BSTynCul5tngTG8qawkSV1nTlTefeF8NJGzXK%2BUCRGn67IDeogZbviwHkCfTYJnTKF3NJ%2BaS9sdK4edDN8e9lTquMfVbxCchr7lAXaL4%2B2qQ0py9VcOiq73UHeEqtU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6e12e445693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dicreativeideas.org/SEduaDlneA0bBCsrBlxoezcrCWx5Pzo9czwWJgxpGgACKV0Nd0gcUCx6V10AeXZWTkkhI1NZHzszDxxMO3pfTlAmIQFVHz56X0YKfGldXBd4YRtVCG4zHgledXZIGE08K1NZDnhzVlABendZXAt6

188.114.96.1

204 No Content

0 B

URL GET HTTP/2
dicreativeideas.org/SEduaDlneA0bBCsrBlxoezcrCWx5Pzo9czwWJgxpGgACKV0Nd0gcUCx6V10AeXZWTkkhI1NZHzszDxxMO3pfTlAmIQFVHz56X0YKfGldXBd4YRtVCG4zHgledXZIGE08K1NZDnhzVlABendZXAt6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectdicreativeideas.org
FingerprintE9:15:5F:EB:AB:69:D8:D6:58:01:C2:1E:2B:F5:7A:2A:1B:7C:0C:69
ValiditySat, 30 Dec 2023 06:04:21 GMT - Fri, 29 Mar 2024 06:04:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /SEduaDlneA0bBCsrBlxoezcrCWx5Pzo9czwWJgxpGgACKV0Nd0gcUCx6V10AeXZWTkkhI1NZHzszDxxMO3pfTlAmIQFVHz56X0YKfGldXBd4YRtVCG4zHgledXZIGE08K1NZDnhzVlABendZXAt6 HTTP/1.1
Host: dicreativeideas.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Wed, 10 Jan 2024 12:03:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCe0ySwxMb8O4Z05C58qQu65iZPp%2F3m%2FtWKeWJ2bZxOnDebiToBI1NZoqV4LXKHPKP6z%2FneFabtO%2B18knqAjWdZzK1ozVKy6k2VGpU8%2BJtkTiKoRyhLPYduGMqRVTl33EZiDDvdT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6e14e845693-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

hfeoveukrn.info/QUVFMVYgJyZcaSB4JxcjMyl4FGQHYHd3MnIxdktiNSAgSTIqdzcfNS0qMFUwMyorRXgvIDEUZAcVIHYcNAoCQjQFFAdUAAAyCXIxFxYRXRQkBBNdMwIHdGkUEC0jcwcqFwRYG3QUBHwXFj0xcxwDDwB2PQgVF2ccCBMEXgEDEwhUEikcB2QhLQsCYA8MBxMIMwcyfXcUKSYcc2cQDQJkMiIjKQQBFC42egFwBBNzZxgVA0kDJQ0TXR8FBypVARQtEWk+GycdZxMyDRNdHwcUIWYOFD0NaQ4xChZdHxYBKQgyFBYyVQEUIhR2FHAcCmcYJAEQZx8SdWhCHRY9fXkSFwgAaQAAKgZdIgsQKQUcFnUpeQ4AIgt0BAAJHVYHABd0SXNzBxJaPhkUBFkYBRN8V3ArNipfJnwudEssABI9WS54MDx+PA

108.157.229.31

200 OK

1.2 kB

URL GET HTTP/2
hfeoveukrn.info/QUVFMVYgJyZcaSB4JxcjMyl4FGQHYHd3MnIxdktiNSAgSTIqdzcfNS0qMFUwMyorRXgvIDEUZAcVIHYcNAoCQjQFFAdUAAAyCXIxFxYRXRQkBBNdMwIHdGkUEC0jcwcqFwRYG3QUBHwXFj0xcxwDDwB2PQgVF2ccCBMEXgEDEwhUEikcB2QhLQsCYA8MBxMIMwcyfXcUKSYcc2cQDQJkMiIjKQQBFC42egFwBBNzZxgVA0kDJQ0TXR8FBypVARQtEWk+GycdZxMyDRNdHwcUIWYOFD0NaQ4xChZdHxYBKQgyFBYyVQEUIhR2FHAcCmcYJAEQZx8SdWhCHRY9fXkSFwgAaQAAKgZdIgsQKQUcFnUpeQ4AIgt0BAAJHVYHABd0SXNzBxJaPhkUBFkYBRN8V3ArNipfJnwudEssABI9WS54MDx+PA
IP
108.157.229.31:443
ASN
#0

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerAmazon
Subjecthfeoveukrn.info
Fingerprint36:C0:17:EB:F8:24:3B:5C:05:FB:F3:F2:06:F4:9D:39:3A:A5:F8:4C
ValidityTue, 02 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3025), with no line terminators
Size
1.2 kB (1174 bytes)
Hash
bcb838bbf9f9b824ab5c370dedb39d4d
c09eb644ebf2d7f292a22d772d2c157bd11c068f
d72bcc8e853c8df2765796c4b72d9b799b278736842d876c00bfa532203a1604

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /QUVFMVYgJyZcaSB4JxcjMyl4FGQHYHd3MnIxdktiNSAgSTIqdzcfNS0qMFUwMyorRXgvIDEUZAcVIHYcNAoCQjQFFAdUAAAyCXIxFxYRXRQkBBNdMwIHdGkUEC0jcwcqFwRYG3QUBHwXFj0xcxwDDwB2PQgVF2ccCBMEXgEDEwhUEikcB2QhLQsCYA8MBxMIMwcyfXcUKSYcc2cQDQJkMiIjKQQBFC42egFwBBNzZxgVA0kDJQ0TXR8FBypVARQtEWk+GycdZxMyDRNdHwcUIWYOFD0NaQ4xChZdHxYBKQgyFBYyVQEUIhR2FHAcCmcYJAEQZx8SdWhCHRY9fXkSFwgAaQAAKgZdIgsQKQUcFnUpeQ4AIgt0BAAJHVYHABd0SXNzBxJaPhkUBFkYBRN8V3ArNipfJnwudEssABI9WS54MDx+PA HTTP/1.1
Host: hfeoveukrn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1174
date: Wed, 10 Jan 2024 12:03:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: s3R1X13CUQ_5a5hjPJf1x3HBb7ef-10QbrLs7uesnUIo362zTDDUfw==
X-Firefox-Spdy: h2

hfeoveukrn.info/UmdYM2czBTteWDNaOhUSIAtlFlUUQmp1A2ETa0lTJgI9SwM5VSodBD4ILVcBIAg2R0k8AiwWVRQqCnc9IDQecgkFNg1GBSglPndUBBc7Yl4zAg9bDgolP103ODYUeiY5NRwBMhkmD2ItEB4vYC4aVjpnMyUWEXITMAUyRAsFJiACAzshAXAvBA8BXwQCLDUCEBclYAc3K18Ucg4bXhVfFDYrMlReCiJoCioKCzpxIxtSE3UIGQUPeiQTVw4HAwo+H2IdalITXy4XNyF9DxAhK14tFSIdZFQ+ADlUPR0CIHkPECErFlUUKAtcJgpVaVklOikCViQ6HhlYSmdQHV4iFzAiXAoLNg1CAgUlIHQhJg88az4VIxsDHR5WNHwCOj1qcQsiUwF7MhUwNQIONiEZcCg4MjFkNRwTAVQuGjBrAkJgJTxxJjcDD3ZBOBQ3XRdvLBlyLAEGEQcqYyACQ14/

108.157.229.31

200 OK

1.2 kB

URL GET HTTP/2
hfeoveukrn.info/UmdYM2czBTteWDNaOhUSIAtlFlUUQmp1A2ETa0lTJgI9SwM5VSodBD4ILVcBIAg2R0k8AiwWVRQqCnc9IDQecgkFNg1GBSglPndUBBc7Yl4zAg9bDgolP103ODYUeiY5NRwBMhkmD2ItEB4vYC4aVjpnMyUWEXITMAUyRAsFJiACAzshAXAvBA8BXwQCLDUCEBclYAc3K18Ucg4bXhVfFDYrMlReCiJoCioKCzpxIxtSE3UIGQUPeiQTVw4HAwo+H2IdalITXy4XNyF9DxAhK14tFSIdZFQ+ADlUPR0CIHkPECErFlUUKAtcJgpVaVklOikCViQ6HhlYSmdQHV4iFzAiXAoLNg1CAgUlIHQhJg88az4VIxsDHR5WNHwCOj1qcQsiUwF7MhUwNQIONiEZcCg4MjFkNRwTAVQuGjBrAkJgJTxxJjcDD3ZBOBQ3XRdvLBlyLAEGEQcqYyACQ14/
IP
108.157.229.31:443
ASN
#0

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerAmazon
Subjecthfeoveukrn.info
Fingerprint36:C0:17:EB:F8:24:3B:5C:05:FB:F3:F2:06:F4:9D:39:3A:A5:F8:4C
ValidityTue, 02 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3049), with no line terminators
Size
1.2 kB (1199 bytes)
Hash
c79ef9f58d2d34dda40193bac7c2a0f7
43b9beb1df03ac9b2e7100c15b7555e43143e917
0e35e9193cbd7678ab3bc4c59fc6fedb4c0e999a29dac8117ae44e89102a9160

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /UmdYM2czBTteWDNaOhUSIAtlFlUUQmp1A2ETa0lTJgI9SwM5VSodBD4ILVcBIAg2R0k8AiwWVRQqCnc9IDQecgkFNg1GBSglPndUBBc7Yl4zAg9bDgolP103ODYUeiY5NRwBMhkmD2ItEB4vYC4aVjpnMyUWEXITMAUyRAsFJiACAzshAXAvBA8BXwQCLDUCEBclYAc3K18Ucg4bXhVfFDYrMlReCiJoCioKCzpxIxtSE3UIGQUPeiQTVw4HAwo+H2IdalITXy4XNyF9DxAhK14tFSIdZFQ+ADlUPR0CIHkPECErFlUUKAtcJgpVaVklOikCViQ6HhlYSmdQHV4iFzAiXAoLNg1CAgUlIHQhJg88az4VIxsDHR5WNHwCOj1qcQsiUwF7MhUwNQIONiEZcCg4MjFkNRwTAVQuGjBrAkJgJTxxJjcDD3ZBOBQ3XRdvLBlyLAEGEQcqYyACQ14/ HTTP/1.1
Host: hfeoveukrn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1199
date: Wed, 10 Jan 2024 12:03:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 82yXBw_J2At3IBk1cy-hNKGY5I4_sPHA7JkQKlS_W_jCwX8HSutbSg==
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c

142.250.74.168

200 OK

73 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A
ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT

File type
ASCII text, with very long lines (3035)
Size
73 kB (72684 bytes)
Hash
1200000ffb5136f4a9d6cf92525f2c31
d6d0d9f748f3dedebd2fe0a7c7adfeddd882ddb7
ad87b8fa63a129b4fce69c61c500e4cd22466c0b4cda400dcd32b950042aa3d3

HTTP Headers

GET /gtag/js?id=AW-997869120&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 10 Jan 2024 12:03:27 GMT
expires: Wed, 10 Jan 2024 12:03:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72684
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

908 B

URL GET HTTP/2
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type
JSON data
Size
908 B (908 bytes)
Hash
aa10e80f23b05dd956f0e6d06a8349fc
94b31c78d69a09eb52a5a4a98fcb87f6e986732c
06569a30fc27c6f587f908ef3e90d0bd7ef489a4d2c24664937a491097857382

HTTP Headers

GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=destyy.com&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:27 GMT
content-type: application/json; charset=utf-8
content-length: 908
x-trace-id: 6fce73aa982a85aa8973bf9c5c78f96f
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

33 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (33351 bytes)
Hash
d46d2997ab218d1dba1ab614422ed53f
3f1f6b9847c8ad209835db366c62fcb209b83a67
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:27 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2023 17:44:23 GMT
etag: W/"6564d577-1572c"
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

64.233.161.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintE1:91:9A:16:6F:2F:49:FB:1C:F6:D7:DB:DD:F0:E2:B0:9F:34:CC:E4
ValidityMon, 11 Dec 2023 08:10:03 GMT - Mon, 04 Mar 2024 08:10:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:Te0WxD3HguM8jvUHE2W0aUofLcL1sQ:mdklu3Gg7f-7J3bz; Expires=Fri, 09-Jan-2026 12:03:28 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 10 Jan 2024 12:03:28 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0PLKHOwWtkCwJxuXu7wxdnRNVnVwpOSFe78otXev7Q44gT6nF0JHfgGopd5LoMQ9R0ypV5hA
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-WgHfs_b9F6iBaJbUrclS1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

prhzxq.com/wnrw?aid=3330178369849216670&a=1

185.162.85.20

200 OK

0 B

URL GET HTTP/2
prhzxq.com/wnrw?aid=3330178369849216670&a=1
IP
185.162.85.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectprhzxq.com
Fingerprint08:43:0E:30:04:42:FD:A1:F4:3B:38:AF:EF:47:A7:F0:0B:26:3D:C1
ValidityTue, 14 Nov 2023 04:19:16 GMT - Mon, 12 Feb 2024 04:19:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wnrw?aid=3330178369849216670&a=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 10 Jan 2024 12:03:28 GMT
content-length: 0
access-control-allow-origin: https://destyy.com
X-Firefox-Spdy: h2

hfeoveukrn.info/utx?cb=L8mT0K0Xmo9k&top=destyy.com&tid=962089

108.157.229.31

204 No Content

0 B

URL GET HTTP/2
hfeoveukrn.info/utx?cb=L8mT0K0Xmo9k&top=destyy.com&tid=962089
IP
108.157.229.31:443
ASN
#0

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerAmazon
Subjecthfeoveukrn.info
Fingerprint36:C0:17:EB:F8:24:3B:5C:05:FB:F3:F2:06:F4:9D:39:3A:A5:F8:4C
ValidityTue, 02 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /utx?cb=L8mT0K0Xmo9k&top=destyy.com&tid=962089 HTTP/1.1
Host: hfeoveukrn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Wed, 10 Jan 2024 12:03:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://destyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 10 Jan 2024 12:04:28 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: WLY9ZS_CR7SFlvW5VVodsDbpUskTRH3LrtDhfhHXNfHV7SE2B9A-dA==
X-Firefox-Spdy: h2

hfeoveukrn.info/utx?cb=OVMi3VmgEuZo&top=destyy.com&tid=959118

108.157.229.31

204 No Content

0 B

URL GET HTTP/2
hfeoveukrn.info/utx?cb=OVMi3VmgEuZo&top=destyy.com&tid=959118
IP
108.157.229.31:443
ASN
#0

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerAmazon
Subjecthfeoveukrn.info
Fingerprint36:C0:17:EB:F8:24:3B:5C:05:FB:F3:F2:06:F4:9D:39:3A:A5:F8:4C
ValidityTue, 02 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /utx?cb=OVMi3VmgEuZo&top=destyy.com&tid=959118 HTTP/1.1
Host: hfeoveukrn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Wed, 10 Jan 2024 12:03:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://destyy.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 10 Jan 2024 12:04:28 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: VxIqBvvzfw456BvKUB5PAUctkgZCSWVkKkjFeiLUKqjAPVHi-crI2Q==
X-Firefox-Spdy: h2

d3t3z4teexdk2r.cloudfront.net/PeGJuOGsbDQBeVAwLCgVSTlBeAVleCB1XBQhfBQkRAiM5QAMAWxtBJBJEGkIPRVJIVAoWBVMeDhYBUwlNGQYMBV9eFw8FBhcYB1QHGUdcfl5WUksKW1AVB1YPFxUdHVlIDBodWUhTXhZbXVEsHVlIFQdWXUxHXXpOSlIWDl9dUSwdWUgQGB1YOVNeDUVIS0-sKWx8HDVMEXVAoCltJUl4JW0lHXAgNERALXgQAR1x+WkhXQAhNDV9f

54.230.241.119

193 B

URL
d3t3z4teexdk2r.cloudfront.net/PeGJuOGsbDQBeVAwLCgVSTlBeAVleCB1XBQhfBQkRAiM5QAMAWxtBJBJEGkIPRVJIVAoWBVMeDhYBUwlNGQYMBV9eFw8FBhcYB1QHGUdcfl5WUksKW1AVB1YPFxUdHVlIDBodWUhTXhZbXVEsHVlIFQdWXUxHXXpOSlIWDl9dUSwdWUgQGB1YOVNeDUVIS0-sKWx8HDVMEXVAoCltJUl4JW0lHXAgNERALXgQAR1x+WkhXQAhNDV9f
IP
54.230.241.119:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
193 B (193 bytes)
Hash
bc3f30b7f9c634b6ecce651f5135cb29
5710daea13804b6c421093252abd75d98114ce58
a063eef4b600c36e412423815997505cb3f040e920fbebfd585674a3ed2875ec

HTTP Headers

GET /PeGJuOGsbDQBeVAwLCgVSTlBeAVleCB1XBQhfBQkRAiM5QAMAWxtBJBJEGkIPRVJIVAoWBVMeDhYBUwlNGQYMBV9eFw8FBhcYB1QHGUdcfl5WUksKW1AVB1YPFxUdHVlIDBodWUhTXhZbXVEsHVlIFQdWXUxHXXpOSlIWDl9dUSwdWUgQGB1YOVNeDUVIS0-sKWx8HDVMEXVAoCltJUl4JW0lHXAgNERALXgQAR1x+WkhXQAhNDV9f HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfeoveukrn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 193
date: Wed, 10 Jan 2024 12:03:28 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LAhcuXtSuMFZKMXzRnzF2wGxqbp88iTxPjc3N_19pLpxms0jJ6kSyQ==
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type
JSON data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Content-Type: application/json
Content-Length: 430
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 784d437e1cbdefa140c05934c88e1c1f
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

d3t3z4teexdk2r.cloudfront.net/hTDFpaFUvXgcOajhYDVVsegNZUGxqWxoHOzwMHjwGOlM/XAYIQhkrFxxnTxwvKAxZTjktXw5VcylfClVkalANCmh4Fx0YOicMAAI4OlwfDj01W08dNHFcBhI8IF0ITWcKBEdYcH4BQR88IlUGHyZpA1kGIWkDWVllYgFMWxdpA1kfPCIHXU1mDhRbWC16BU-xbF2kDWRojaQIoWWV5H1lBcH4BDg02J15MWhN+AVhYZX0BWE1nfFcAGjAqXhFNZwoAWV17fBccVWQ

54.230.241.119

477 B

URL
d3t3z4teexdk2r.cloudfront.net/hTDFpaFUvXgcOajhYDVVsegNZUGxqWxoHOzwMHjwGOlM/XAYIQhkrFxxnTxwvKAxZTjktXw5VcylfClVkalANCmh4Fx0YOicMAAI4OlwfDj01W08dNHFcBhI8IF0ITWcKBEdYcH4BQR88IlUGHyZpA1kGIWkDWVllYgFMWxdpA1kfPCIHXU1mDhRbWC16BU-xbF2kDWRojaQIoWWV5H1lBcH4BDg02J15MWhN+AVhYZX0BWE1nfFcAGjAqXhFNZwoAWV17fBccVWQ
IP
54.230.241.119:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (651), with no line terminators
Size
477 B (477 bytes)
Hash
57b212193772c6f5de38290f4a5a4a3e
6b6b91a8e99dea987a777ea9af848595b6cef002
ee07710c8f321639b5c2c7acf7f50b643870b55edd1eecd0dbe75237d3408290

HTTP Headers

GET /hTDFpaFUvXgcOajhYDVVsegNZUGxqWxoHOzwMHjwGOlM/XAYIQhkrFxxnTxwvKAxZTjktXw5VcylfClVkalANCmh4Fx0YOicMAAI4OlwfDj01W08dNHFcBhI8IF0ITWcKBEdYcH4BQR88IlUGHyZpA1kGIWkDWVllYgFMWxdpA1kfPCIHXU1mDhRbWC16BU-xbF2kDWRojaQIoWWV5H1lBcH4BDg02J15MWhN+AVhYZX0BWE1nfFcAGjAqXhFNZwoAWV17fBccVWQ HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfeoveukrn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 477
date: Wed, 10 Jan 2024 12:03:28 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6WQtMW2noA_a-lE1_EzEmzIb584eOhDaxba4xqKOpqYVBVi1N2MCng==
X-Firefox-Spdy: h2

d3t3z4teexdk2r.cloudfront.net/MRDZrSFAnWQUubzBfD3VpcQ9aeWhiXBgnPjQLIAkRD2UKAWQJBywSIH1bTTwqIAtbbjwlWAx1diFYCHVhYlcPKm1wEB84Py8LAiI9MlsdLjg9XE09MXlbBDI5KFoKbWICA0V4dXYGQz85KlIEPyNhBFsmJGEEW3lgagZOexJhBFs/OSoAX21jBhNZeChyAk-57EmEEWzomYQUqeWBxGFthdXYGDC0zL1lOehZ2Blp4YHUGWm1idFACOjUiWRNtYgIHW31+dBAedWE

54.230.241.119

475 B

URL
d3t3z4teexdk2r.cloudfront.net/MRDZrSFAnWQUubzBfD3VpcQ9aeWhiXBgnPjQLIAkRD2UKAWQJBywSIH1bTTwqIAtbbjwlWAx1diFYCHVhYlcPKm1wEB84Py8LAiI9MlsdLjg9XE09MXlbBDI5KFoKbWICA0V4dXYGQz85KlIEPyNhBFsmJGEEW3lgagZOexJhBFs/OSoAX21jBhNZeChyAk-57EmEEWzomYQUqeWBxGFthdXYGDC0zL1lOehZ2Blp4YHUGWm1idFACOjUiWRNtYgIHW31+dBAedWE
IP
54.230.241.119:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (651), with no line terminators
Size
475 B (475 bytes)
Hash
c63670edfd54f61df3c0e20f97fa147e
925eb2f8ffd50514b59aac2c22f897033594da30
12b6c6543971fa7c1b12936d6aea500aeceac8e5288cc55622c876c7c8dc870f

HTTP Headers

GET /MRDZrSFAnWQUubzBfD3VpcQ9aeWhiXBgnPjQLIAkRD2UKAWQJBywSIH1bTTwqIAtbbjwlWAx1diFYCHVhYlcPKm1wEB84Py8LAiI9MlsdLjg9XE09MXlbBDI5KFoKbWICA0V4dXYGQz85KlIEPyNhBFsmJGEEW3lgagZOexJhBFs/OSoAX21jBhNZeChyAk-57EmEEWzomYQUqeWBxGFthdXYGDC0zL1lOehZ2Blp4YHUGWm1idFACOjUiWRNtYgIHW31+dBAedWE HTTP/1.1
Host: d3t3z4teexdk2r.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfeoveukrn.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 475
date: Wed, 10 Jan 2024 12:03:28 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PsbUF2vhv_ZOIfATB2pAZkzy0yZIgQR5-q8WjIYpy_wWYjzqZmEXCA==
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=7d0690fdec8242ee910e7da4340629f6&zoneId=4157053&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=7d0690fdec8242ee910e7da4340629f6&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint41:21:53:7F:A2:C4:68:B1:CA:BC:47:66:5D:3C:CA:96:45:5E:71:15
ValiditySat, 23 Dec 2023 22:43:24 GMT - Fri, 22 Mar 2024 22:43:23 GMT

File type
JSON data
Size
65 B (65 bytes)
Hash
aaade9382a9c8d0ce1377580fa65ab91
cde065cd60d5ed0db2516192e94c1401fa5e8d4a
97c621b538408a109f5b27d9d0756370245db64ee9fe98672504c102473211e6

HTTP Headers

GET /gid.js?pub=0&userId=7d0690fdec8242ee910e7da4340629f6&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://destyy.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7d0690fdec8242ee910e7da4340629f6; expires=Thu, 09 Jan 2025 12:03:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type
JSON data
Size
94 B (94 bytes)
Hash
1627524513a1cda66ec8d3cbf96cd0c0
6462396bce3979a6068790f035fc3ecf231d429f
371b8e24f7b56b237106e6eda84bcf152d4bae542350b3f6b0ce5d319dc8a8a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Content-Type: application/json
Content-Length: 572
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type
JSON data
Size
94 B (94 bytes)
Hash
bc07518e18993acb9f1cb30298f8964a
82f30bf9ab34d31b5d8eb2848106d5051ed530a0
280f4611f3aeb5ceab0f0777cd440e511aa8886123dbce4deddc9c76833a1e55

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Content-Type: application/json
Content-Length: 572
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

i.wmgtr.com/cim/tnolqA64ePkVTymmxXtRyosKPeFKrVuB.png

45.133.44.33

200 OK

231 kB

URL GET HTTP/2
i.wmgtr.com/cim/tnolqA64ePkVTymmxXtRyosKPeFKrVuB.png
IP
45.133.44.33:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjecti.wmgtr.com
FingerprintF9:C4:0F:C0:B8:45:1F:1A:41:07:04:CE:B7:66:91:91:9A:3B:85:43
ValidityFri, 22 Dec 2023 03:01:02 GMT - Thu, 21 Mar 2024 03:01:01 GMT

File type
GIF image data, version 89a, 492 x 328
Size
231 kB (231208 bytes)
Hash
8bbbf0f399a5bac7fa0019f6c5c90aa4
17fdfc6f4406f03ee35f695de01d7a729eb6d6f3
93f44fed3eeb864815570c158612d711a90a2ee6fe002b0683aa04ded60f554b

HTTP Headers

GET /cim/tnolqA64ePkVTymmxXtRyosKPeFKrVuB.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: image/gif
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
cache-control: max-age=82800
expires: Thu, 11 Jan 2024 11:03:28 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0MSHV5eJRq1wuyh71kFpQRvc01Yuzn1XNGg2NEg9_uV1VutAlCLEJYtiXuDHcdckgKrfEt

64.233.161.84

302 Found

403 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0MSHV5eJRq1wuyh71kFpQRvc01Yuzn1XNGg2NEg9_uV1VutAlCLEJYtiXuDHcdckgKrfEt
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint37:69:F2:30:B6:75:D7:8B:7D:51:AA:66:D9:97:89:FE:90:AF:97:2D
ValidityMon, 11 Dec 2023 08:03:31 GMT - Mon, 04 Mar 2024 08:03:30 GMT

File type
HTML document, ASCII text, with very long lines (396)
Size
403 B (403 bytes)
Hash
92f95ae5d44d21e386a6f513b5c50152
4915ddcb48e1a31d292e3a797fceaa6d65783dc2
72d275c1937ba4e3a8192d4db9f28990edc710b054a0d4d4efc0d449c397f2f9

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0MSHV5eJRq1wuyh71kFpQRvc01Yuzn1XNGg2NEg9_uV1VutAlCLEJYtiXuDHcdckgKrfEt HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:c2pHtn9UYgdFDxpp61DN5PeGaoVNlw:BjMf-TP-qJPoPzrU;Path=/;Expires=Fri, 09-Jan-2026 12:03:28 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 10 Jan 2024 12:03:28 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MFX7XanftgnWQt_dUyVWcY4tWWIIgTO790Pt9M7zkm5le_egq39rTHlMaUfbNeW8FSqN_UA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1291713903%3A1704888208679805&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-_O61QRqR4pT1Izj7LyVQXw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type
JSON data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Content-Type: application/json
Content-Length: 431
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d375af8198ef647be70dafc84e3ea33b
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type
JSON data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Content-Type: application/json
Content-Length: 787
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:29 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 430e977d828c619d7984ca652fb5041c
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

dicreativeideas.org/TkFudlNhfg0FbgAqWzIyCQgpEwsIEDsBN3skAk8BD3IaQAYYAEgCOip8V0BhfnlXUCMnJVNHdT01DwImPXxdRmN/ZwcYNSF8XkZjf2cYS2JgclpYYHpvXlAmc3BeTmF4cllFan9yVkRlf3RIAiMvJlNHdT41Ghpuf3ZeQmt2eVxGanxyVw

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
dicreativeideas.org/TkFudlNhfg0FbgAqWzIyCQgpEwsIEDsBN3skAk8BD3IaQAYYAEgCOip8V0BhfnlXUCMnJVNHdT01DwImPXxdRmN/ZwcYNSF8XkZjf2cYS2JgclpYYHpvXlAmc3BeTmF4cllFan9yVkRlf3RIAiMvJlNHdT41Ghpuf3ZeQmt2eVxGanxyVw
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectdicreativeideas.org
FingerprintE9:15:5F:EB:AB:69:D8:D6:58:01:C2:1E:2B:F5:7A:2A:1B:7C:0C:69
ValiditySat, 30 Dec 2023 06:04:21 GMT - Fri, 29 Mar 2024 06:04:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /TkFudlNhfg0FbgAqWzIyCQgpEwsIEDsBN3skAk8BD3IaQAYYAEgCOip8V0BhfnlXUCMnJVNHdT01DwImPXxdRmN/ZwcYNSF8XkZjf2cYS2JgclpYYHpvXlAmc3BeTmF4cllFan9yVkRlf3RIAiMvJlNHdT41Ghpuf3ZeQmt2eVxGanxyVw HTTP/1.1
Host: dicreativeideas.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
date: Wed, 10 Jan 2024 12:03:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2FSNpnFpfbi%2FzUYSkMFfBxTpDp6TXi5qi7amXuos9B7U%2FJoR8XyyXUhWItWk8R%2FOdNKx3gbNTuMa0lXjaRlgqqoO18nqWJpNcu%2BQ%2BfqiZRCMsAlrf4UT%2FkezeV9Ugghv4IvEbl3y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6ebfbc0b51e-OSL
alt-svc: h3=":443"; ma=86400

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

88.221.134.209

512 kB

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
88.221.134.209:0
ASN
#20940 Akamai International B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

HTTP Headers

GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Nov 2023 07:38:15 GMT
ETag: 152eda253e242e18443ef3282495bc7c
X-Trans-Id: txfc6178aa0f734a5f9dcc8-006580ca5ddfw1
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1700120294.87662
Content-Type: application/zip
Cache-Control: public, max-age=256254
Expires: Sat, 13 Jan 2024 11:14:39 GMT
Date: Wed, 10 Jan 2024 12:03:45 GMT
Connection: keep-alive

xdiwbc.com/template/social.html

188.114.97.1

200 OK

97 kB

URL GET HTTP/2
xdiwbc.com/template/social.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectxdiwbc.com
FingerprintB4:2B:D6:ED:EC:90:73:AB:E9:BB:0D:D7:F0:30:12:4A:D8:E4:BA:0C
ValidityThu, 30 Nov 2023 08:24:36 GMT - Wed, 28 Feb 2024 08:24:35 GMT

File type
HTML document, ASCII text, with very long lines (4579), with no line terminators
Size
97 kB (96715 bytes)
Hash
56d978d63c451d50308e9730f97673e4
72bf07d65dc53fa6d4e27aced10ce40e9549a456
e4aaa8b864033f10089ecbbc1023817b1968fe72fb17398564429c7f07796c80

HTTP Headers

GET /template/social.html HTTP/1.1
Host: xdiwbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://destyy.com
cache-control: max-age=14400
cf-cache-status: HIT
age: 556
last-modified: Wed, 10 Jan 2024 11:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zPHJ3Hp4bI7%2BKBfBafC9pdGkpjf%2B1KPJjFq4Wdqc1Ly7bBuKNRwtoFcyEOeY5Q6X21MW8LGAxaDHdL753vmux8NrGg%2FgV4bKTv2Ggj9zTR7WLNZFPmJdRX10vlO0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6e489635695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

188.114.96.1

200 OK

3.8 kB

URL GET HTTP/2
pogothere.xyz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
3.8 kB (3755 bytes)
Hash
03d1541e57cbd548eeb96f40a29cf10d
fa1a82cee46aa6fa5e6f55b72498d323e28ec632
7ed1eb23bc81bfb70469b50a3373fb7c65881a92471c236584d4d36287731870

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: text/plain
set-cookie: csu=925891083335331@1@1704888208; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7HtW9xmZp8Ksfk8lxzG0%2B10GMZnW1Bs1O9BYLQvHmKCnmuLCNYr07ECeBRxbz0UbUrPNIB%2BHrxaDCyTFA4rGnL7VTUxzmUeYJBs7QYThr3ZgROCCgVZPq4XzmHvXaY%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6e5ac217128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp25kVVBTXD51u7WgaPN5a61uHrk85-vELUdVDF8Blm7uNG-BmBiAGmAWL6SSjyuBke2F91F7Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S201870092%3A1704888208664848&theme=glif

64.233.161.84

403 Forbidden

1.7 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp25kVVBTXD51u7WgaPN5a61uHrk85-vELUdVDF8Blm7uNG-BmBiAGmAWL6SSjyuBke2F91F7Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S201870092%3A1704888208664848&theme=glif
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint37:69:F2:30:B6:75:D7:8B:7D:51:AA:66:D9:97:89:FE:90:AF:97:2D
ValidityMon, 11 Dec 2023 08:03:31 GMT - Mon, 04 Mar 2024 08:03:30 GMT

File type
gzip compressed data, max compression
Size
1.7 kB (1692 bytes)
Hash
29bbdf73f420f676ffc9e99d6d8dd3a4
abca8e7cefd1a64be758b04646a6ec31c322e2a2
f748bd7ec97f15eb5e88415af0125e9999bbf737d2111b4907f608650e05dde7

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp25kVVBTXD51u7WgaPN5a61uHrk85-vELUdVDF8Blm7uNG-BmBiAGmAWL6SSjyuBke2F91F7Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S201870092%3A1704888208664848&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 10 Jan 2024 12:03:28 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-22tiOZSsOFRX_k_iXcss-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

i.wmgtr.com/cic/XVpG30UFPZPfZ6vh7IayjvObPWQIYsXd.png

45.133.44.33

200 OK

16 kB

URL GET HTTP/2
i.wmgtr.com/cic/XVpG30UFPZPfZ6vh7IayjvObPWQIYsXd.png
IP
45.133.44.33:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjecti.wmgtr.com
FingerprintF9:C4:0F:C0:B8:45:1F:1A:41:07:04:CE:B7:66:91:91:9A:3B:85:43
ValidityFri, 22 Dec 2023 03:01:02 GMT - Thu, 21 Mar 2024 03:01:01 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2022:08:30 20:15:26], baseline, precision 8, 192x192, components 3
Size
16 kB (15462 bytes)
Hash
4adabf917929ea145dd127ecfe0aad2c
65394f2ffb68e4aacd861927600f8812d548e6da
44e060c804e967728c567b82a8afb846abfe96e7a0bfab721080dbea3221810a

HTTP Headers

GET /cic/XVpG30UFPZPfZ6vh7IayjvObPWQIYsXd.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: image/jpeg
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
cache-control: max-age=82800
expires: Thu, 11 Jan 2024 11:03:28 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea

104.26.6.218

200 OK

97 kB

URL User Request GET HTTP/2
destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
IP
104.26.6.218:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdestyy.com
Fingerprint40:3E:D8:15:2A:67:6A:D1:41:DD:7B:7B:0A:56:A1:24:52:0D:A8:8D
ValiditySun, 31 Dec 2023 01:08:05 GMT - Sat, 30 Mar 2024 01:08:04 GMT

File type

Size
97 kB (96643 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:26 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40-0+deb8u16
set-cookie: PHPSESSID=s56pd4h81597nd1p8u8bkr1gd3; expires=Wed, 10-Jan-2024 13:03:26 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Thu, 09-Jan-2025 12:03:26 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
cache-control: no-cache
x-frame-options: DENY
x-server-id: shn09
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dqur1b7E0UNaX59ao07sjCUrNkwdQ2Sw9YGQ6WgRhotQczxJYLAy5Hx3Qi%2B98OiZVNjsztLmWPOf34IafieyA%2F%2BMNnlnkfuXeppQUdCGyVTzwF0jViX4br39wPEe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6d93fdc0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0PLKHOwWtkCwJxuXu7wxdnRNVnVwpOSFe78otXev7Q44gT6nF0JHfgGopd5LoMQ9R0ypV5hA

64.233.161.84

302 Found

0 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0PLKHOwWtkCwJxuXu7wxdnRNVnVwpOSFe78otXev7Q44gT6nF0JHfgGopd5LoMQ9R0ypV5hA
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint37:69:F2:30:B6:75:D7:8B:7D:51:AA:66:D9:97:89:FE:90:AF:97:2D
ValidityMon, 11 Dec 2023 08:03:31 GMT - Mon, 04 Mar 2024 08:03:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0PLKHOwWtkCwJxuXu7wxdnRNVnVwpOSFe78otXev7Q44gT6nF0JHfgGopd5LoMQ9R0ypV5hA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Xh1KXY17HpfpReUIWMFp7pExbVVa3g:DlScWNUmwiTFO3ud;Path=/;Expires=Fri, 09-Jan-2026 12:03:28 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 10 Jan 2024 12:03:28 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp25kVVBTXD51u7WgaPN5a61uHrk85-vELUdVDF8Blm7uNG-BmBiAGmAWL6SSjyuBke2F91F7Q&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S201870092%3A1704888208664848&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-kzFZ8TfU1dGQIXfrdidjqA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 404
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xngqoc.com/er?a=1

0.0.0.0

0 B

URL GET
xngqoc.com/er?a=1
IP
0.0.0.0:0
ASN
#0

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /er?a=1 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

destyy.com/shortest-url/end-adsession?adSessionId=1b12f942eede035d945ddeeb8c52ed6b38741ca9&adbd=0&callback=reqwest_1704888207156

104.26.6.218

200 OK

123 B

URL GET HTTP/3
destyy.com/shortest-url/end-adsession?adSessionId=1b12f942eede035d945ddeeb8c52ed6b38741ca9&adbd=0&callback=reqwest_1704888207156
IP
104.26.6.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectdestyy.com
Fingerprint40:3E:D8:15:2A:67:6A:D1:41:DD:7B:7B:0A:56:A1:24:52:0D:A8:8D
ValiditySun, 31 Dec 2023 01:08:05 GMT - Sat, 30 Mar 2024 01:08:04 GMT

File type
ASCII text, with no line terminators
Size
123 B (123 bytes)
Hash
9b327214cbae9fe1f8b0cea64e65ef00
6ca5b9ec28eb8692539f7f52dc9c4921b36f84ec
43a54a3271880d2a8beda8befcb955a34dab6fba742e984f360c5929bc56c7e7

HTTP Headers

GET /shortest-url/end-adsession?adSessionId=1b12f942eede035d945ddeeb8c52ed6b38741ca9&adbd=0&callback=reqwest_1704888207156 HTTP/1.1
Host: destyy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.1875600841.1704888208
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 10 Jan 2024 12:03:35 GMT
content-type: text/javascript; charset=UTF-8
x-powered-by: PHP/5.6.40-0+deb8u16
set-cookie: PHPSESSID=i52en18stau1pq6cn85prmclq4; expires=Wed, 10-Jan-2024 13:03:35 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=https%3A%2F%2Fdestyy.com%2Fegk7c9%3Fos_type%3DEmmitt%26mobile_brand%3D%26country_iso_code%3DCK%26browser_family%3DAlthea; expires=Thu, 11-Jan-2024 12:03:35 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
cache-control: no-cache
x-server-id: shn01
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t3lMTFerMqBTAIpJBKOcXvT5LbYtNml7NxjunCsXCIUJoSoeMqjmbauZp7XkP4FrJHm2hQMAt0D3%2BXyVSqZy%2B8h8%2Be4QxLZM1PPSCMIn6w%2FpfTOvgbfrkAD07DQr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c7119bf6712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hfeoveukrn.info/c2ZNbG0SBC4BUhJbL0oYAQpwSV81Q38qCUASfhZZBwMoFAkYVD9CDh8JOAgLAQkjGEMdAzlJXzUOGSgrAwcLORsrAS4jDBkOFCg7JRUoCyMpMwoUHCQeIiQiCREAJAcEIQIAIFZUCzQsKi8cBAYBIDUUAyceOhomMh4XOAcYEhUbWCUFNAALMAobBwwfJwMvABtSCxRdKikkDyAyJwRYIh8RKygHQ1caXFUXKAUqDjEOBFQkNVYEODoQLQ8pCSoFBVgvIjR1VCQfMwokFCkWDF0GNC8aBykkMCEANBQgADsVFxYMXQYVNg4lJSszfAEpGzQvOy5CUA85QAsEC14GNzEfAwcSNwQDOiQweCRcHyQuJFkxIipcXzlXeCE6GyhoXi8yMCU1NytWDzsoQggrKg4yISctHCsOCyI3BAkMOztCUSsuDhAwGj1LGRUiAh1OERk/GxEweT8pABYOLj0l

108.157.229.31

200 OK

3.0 kB

URL GET HTTP/2
hfeoveukrn.info/c2ZNbG0SBC4BUhJbL0oYAQpwSV81Q38qCUASfhZZBwMoFAkYVD9CDh8JOAgLAQkjGEMdAzlJXzUOGSgrAwcLORsrAS4jDBkOFCg7JRUoCyMpMwoUHCQeIiQiCREAJAcEIQIAIFZUCzQsKi8cBAYBIDUUAyceOhomMh4XOAcYEhUbWCUFNAALMAobBwwfJwMvABtSCxRdKikkDyAyJwRYIh8RKygHQ1caXFUXKAUqDjEOBFQkNVYEODoQLQ8pCSoFBVgvIjR1VCQfMwokFCkWDF0GNC8aBykkMCEANBQgADsVFxYMXQYVNg4lJSszfAEpGzQvOy5CUA85QAsEC14GNzEfAwcSNwQDOiQweCRcHyQuJFkxIipcXzlXeCE6GyhoXi8yMCU1NytWDzsoQggrKg4yISctHCsOCyI3BAkMOztCUSsuDhAwGj1LGRUiAh1OERk/GxEweT8pABYOLj0l
IP
108.157.229.31:443
ASN
#0

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerAmazon
Subjecthfeoveukrn.info
Fingerprint36:C0:17:EB:F8:24:3B:5C:05:FB:F3:F2:06:F4:9D:39:3A:A5:F8:4C
ValidityTue, 02 Jan 2024 00:00:00 GMT - Thu, 30 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3075), with no line terminators
Size
3.0 kB (3049 bytes)
Hash
b25540baf57e088c05f50baac1bcc630
0b91783b005a87a8fa53387fea727063214c0931
603d9bb30074f9e47a6c509969feb77a54dda36f1589e6d0c36fabb9c94c60e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c2ZNbG0SBC4BUhJbL0oYAQpwSV81Q38qCUASfhZZBwMoFAkYVD9CDh8JOAgLAQkjGEMdAzlJXzUOGSgrAwcLORsrAS4jDBkOFCg7JRUoCyMpMwoUHCQeIiQiCREAJAcEIQIAIFZUCzQsKi8cBAYBIDUUAyceOhomMh4XOAcYEhUbWCUFNAALMAobBwwfJwMvABtSCxRdKikkDyAyJwRYIh8RKygHQ1caXFUXKAUqDjEOBFQkNVYEODoQLQ8pCSoFBVgvIjR1VCQfMwokFCkWDF0GNC8aBykkMCEANBQgADsVFxYMXQYVNg4lJSszfAEpGzQvOy5CUA85QAsEC14GNzEfAwcSNwQDOiQweCRcHyQuJFkxIipcXzlXeCE6GyhoXi8yMCU1NytWDzsoQggrKg4yISctHCsOCyI3BAkMOztCUSsuDhAwGj1LGRUiAh1OERk/GxEweT8pABYOLj0l HTTP/1.1
Host: hfeoveukrn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1198
date: Wed, 10 Jan 2024 12:03:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 85xQwvpZ85mpzqNzQtQ1DwJAUMJYxgn1XR2wKLv2CeWVmnOznRieQg==
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MFX7XanftgnWQt_dUyVWcY4tWWIIgTO790Pt9M7zkm5le_egq39rTHlMaUfbNeW8FSqN_UA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1291713903%3A1704888208679805&theme=glif

64.233.161.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MFX7XanftgnWQt_dUyVWcY4tWWIIgTO790Pt9M7zkm5le_egq39rTHlMaUfbNeW8FSqN_UA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1291713903%3A1704888208679805&theme=glif
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint37:69:F2:30:B6:75:D7:8B:7D:51:AA:66:D9:97:89:FE:90:AF:97:2D
ValidityMon, 11 Dec 2023 08:03:31 GMT - Mon, 04 Mar 2024 08:03:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2MFX7XanftgnWQt_dUyVWcY4tWWIIgTO790Pt9M7zkm5le_egq39rTHlMaUfbNeW8FSqN_UA&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1291713903%3A1704888208679805&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 10 Jan 2024 12:03:28 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-Dw7wnwTUzX8XxoXD7tqpqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

dicreativeideas.org/popunder.gif

188.114.96.1

200 OK

35 B

URL GET HTTP/3
dicreativeideas.org/popunder.gif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectdicreativeideas.org
FingerprintE9:15:5F:EB:AB:69:D8:D6:58:01:C2:1E:2B:F5:7A:2A:1B:7C:0C:69
ValiditySat, 30 Dec 2023 06:04:21 GMT - Fri, 29 Mar 2024 06:04:20 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: dicreativeideas.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 74570
last-modified: Tue, 09 Jan 2024 15:20:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2VrMeYr68LTAbxUX5CJ%2Bxk7iGi1NqKtRk7cx7Ord2%2Fe7f9LLoBvsf%2BmlvxwntsvibFGyGbX9%2B37LH%2FCS0cK59C1r5y6SvPYcLurZk5rnWr34zo6vfLMHzzqdmMfIim1osvuGI2ST"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6e77cdbb51e-OSL
alt-svc: h3=":443"; ma=86400

xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cHM6Ly9kZXN0eXkuY29tL2VnazdjOQ==

0.0.0.0

0 B

URL GET
xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cHM6Ly9kZXN0eXkuY29tL2VnazdjOQ==
IP
0.0.0.0:0
ASN
#0

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cHM6Ly9kZXN0eXkuY29tL2VnazdjOQ== HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

xdiwbc.com/template/livechat1.html

188.114.97.1

200 OK

6.0 kB

URL GET HTTP/2
xdiwbc.com/template/livechat1.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectxdiwbc.com
FingerprintB4:2B:D6:ED:EC:90:73:AB:E9:BB:0D:D7:F0:30:12:4A:D8:E4:BA:0C
ValidityThu, 30 Nov 2023 08:24:36 GMT - Wed, 28 Feb 2024 08:24:35 GMT

File type
HTML document, ASCII text, with very long lines (6115), with no line terminators
Size
6.0 kB (6035 bytes)
Hash
5aa6524904359ebe9bcea3b4053a8f54
1b95a0a1dfd0d8bce945ad2a88da4f5d8e5d0c68
b792e7b6c4b4438c9c9b2f9dfad293dde528da2fc617e3bd527221c74a8596b2

HTTP Headers

GET /template/livechat1.html HTTP/1.1
Host: xdiwbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://destyy.com
cache-control: max-age=14400
cf-cache-status: HIT
age: 556
last-modified: Wed, 10 Jan 2024 11:54:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZAC8lp1pcAbXy7OHfDRGvu1nWCjogy98bt9QOYIQbcB1TBd%2BDfHZROWnlM2dx1BHpMPliQatXIN90XTpXPNLiSJViYz9UHMKnc%2FWQmityo1iJKJsMWA1fjolhYl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6e489515695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

64.233.161.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
64.233.161.84:443
ASN
#15169 GOOGLE

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
FingerprintE1:91:9A:16:6F:2F:49:FB:1C:F6:D7:DB:DD:F0:E2:B0:9F:34:CC:E4
ValidityMon, 11 Dec 2023 08:10:03 GMT - Mon, 04 Mar 2024 08:10:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:NHoYLyB2yKlZn94Px6iVdbyD9uucRA:nE-xfOs0cT3-qjlP; Expires=Fri, 09-Jan-2026 12:03:28 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 10 Jan 2024 12:03:28 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0MSHV5eJRq1wuyh71kFpQRvc01Yuzn1XNGg2NEg9_uV1VutAlCLEJYtiXuDHcdckgKrfEt
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-cAhX1wikbKAHjLTUxvugZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.96.1

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1041
last-modified: Wed, 10 Jan 2024 11:46:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7CBNdQabYawX%2BiWggoRcuzRvUzH58lT4TKXB3gbpz8%2FRzL6cnKXbf%2Fb6PxrSBovuGYbGYdVOFSj1OT%2BFtVjkN14GyW5g49avXm3%2B2cp6PbhHp%2BP%2Bm%2FPRT8dhHqwCHKhQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6e5ac187128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.96.1

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1041
last-modified: Wed, 10 Jan 2024 11:46:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Rxw3EQNzUA7sGX0QExHf0ZrDjQ5R1XBrB1FyGXUtuhkTrap4hgMRRdap8hmOfLsbIjDhOBzbydTfpgr%2BvLNrZoQu356A%2BGxKHRG%2BtzN3lSE4R6Dlig38VLu4avtIrDs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8434c6e5ac2d7128-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
Fingerprint3C:BA:D6:75:47:97:AC:CC:74:87:9D:1F:4B:1D:3D:EF:6F:9A:16:AA
ValidityThu, 16 Nov 2023 05:08:48 GMT - Wed, 14 Feb 2024 05:08:47 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 10 Jan 2024 12:03:28 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2023 17:44:23 GMT
etag: W/"6564d577-df63"
access-control-allow-origin: https://destyy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

static.sh.st/js/packed/interstitial-page.js?2022-06-29.0

104.26.7.218

200 OK

81 kB

URL GET HTTP/2
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP
104.26.7.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:7F:86:BA:DE:5A:E8:C6:45:7C:7C:55:01:BC:71:BB:54:01:6B:CF
ValiditySun, 30 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type

Size
81 kB (81178 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://destyy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 10 Jan 2024 12:03:26 GMT
content-type: application/javascript
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=102880
etag: W/"62bc140d-191e0"
expires: Wed, 10 Jan 2024 23:58:50 GMT
last-modified: Wed, 29 Jun 2022 08:57:49 GMT
vary: Accept-Encoding
x-server-id: shn03
x-ua-compatible: IE=Edge
cf-cache-status: HIT
age: 43476
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kA%2Ba4x12TYHp22jfaEPR391Rqn2p4uf8CpS3B%2FL4%2FLJ0ra%2BJoayeo0rVgBifxD3EFR3TwYth3WqbcKNkuEbBhBfItosyv2B4wg7pZQ0lbmOTNyG9HMmWVH5Vf64v9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8434c6dd7aa8b509-OSL
content-encoding: br
X-Firefox-Spdy: h2

prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cHM6Ly9kZXN0eXkuY29tL2VnazdjOQ==&inc=1

185.162.85.20

200 OK

647 B

URL GET HTTP/2
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cHM6Ly9kZXN0eXkuY29tL2VnazdjOQ==&inc=1
IP
185.162.85.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://destyy.com/egk7c9?os_type=Emmitt&mobile_brand=&country_iso_code=CK&browser_family=Althea
Certificate
IssuerLet's Encrypt
Subjectprhzxq.com
Fingerprint08:43:0E:30:04:42:FD:A1:F4:3B:38:AF:EF:47:A7:F0:0B:26:3D:C1
ValidityTue, 14 Nov 2023 04:19:16 GMT - Mon, 12 Feb 2024 04:19:15 GMT

File type
Unicode text, UTF-8 text, with very long lines (727), with no line terminators
Size
647 B (647 bytes)
Hash
29444ae2215f4066ab0794247dc0700f
45a524ba0ddb4ff1e7cf2e79b743b192652d186f
9f88ac6092ce1b0c6fb69762a04e7eea2109c47af8a2a76295804a61f4e127bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cHM6Ly9kZXN0eXkuY29tL2VnazdjOQ==&inc=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://destyy.com/
Origin: https://destyy.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 10 Jan 2024 12:03:27 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (2)

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN