Report - shrtlk.biz/82RY7

Report Overview

Visited public
2025-06-07 05:21:51
Tags
URL
shrtlk.biz/82RY7
Finishing URL
shrtlk.biz/82RY7
IP / ASN
104.21.20.99
#13335 CLOUDFLARENET
Title
Shrtlk

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ccg90.com	unknown	2021-03-14	2025-04-24	2025-05-31	2.1 kB	114 kB	139.45.197.106
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-04	1.1 kB	127 kB	142.250.74.35
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-06-04	410 B	90 kB	104.17.25.14
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-06-05	437 B	833 B	172.64.146.234
shrtlk.biz	unknown	2025-04-19	2025-06-07	2025-06-07	3.4 kB	192 kB	188.114.97.1
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-06-04	1.5 kB	944 kB	142.250.74.168
nuirajiqyxbh.com	unknown	2025-06-06	2025-06-07	2025-06-07	889 B	1.2 kB	139.45.197.163
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-06-04	485 B	4.7 kB	142.250.74.10
0019x.com	unknown	2020-03-19	2025-04-26	2025-05-31	1.1 kB	3.9 kB	139.45.197.247
shrtfly.vip	unknown	2020-12-13	2021-02-11	2025-06-01	415 B	21 kB	172.67.134.233
push-sdk.com	unknown	2022-10-25	2022-12-23	2025-06-03	796 B	56 kB	157.90.33.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-07	medium	shrtlk.biz	Sinkholed
2025-06-07	medium	nuirajiqyxbh.com	Sinkholed
2025-06-07	medium	shrtlk.biz	Sinkholed
2025-06-07	medium	shrtlk.biz	Sinkholed
2025-06-07	medium	nuirajiqyxbh.com	Sinkholed
2025-06-07	medium	shrtlk.biz	Sinkholed
2025-06-07	medium	shrtlk.biz	Sinkholed
2025-06-07	medium	shrtlk.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	shrtlk.biz/82RY7	ScriptElement	172 B	2025-06-07	2025-06-07
Pretty URL shrtlk.biz/82RY7 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-07 05:21 Last Seen2025-06-07 05:21 Times Seen1 Hash 44999ab4496982171b02940b5acd6814 3eedbcf7f1ad180ce6eba3b5a37c40d2832c9c6e 69676fcc2368db9f829c41101990340b121a552d65b5a2703d5e07bc632961b3 Loading...

	ccg90.com/5/7704232	ScriptElement	112 kB	2025-06-07	2025-06-07
Pretty URL ccg90.com/5/7704232 IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-07 05:21 Last Seen2025-06-07 05:21 Times Seen1 Hash 47f39347c91ab89424731b4d2ce36203 c3d30749a85e609625bad603570367c8105441f7 887e1fd4eb9d2629eb9e9fa8f224d96704899908dbb2fd0bf9df471246eaa598 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 04:23 Times Seen222465 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	shrtlk.biz/82RY7	ScriptElement	3.6 kB	2024-06-15	2025-06-15
Pretty URL shrtlk.biz/82RY7 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-15 09:16 Times Seen84 Hash f7d6f1db13dabce4d191fa96cda860bb 3558951400bc3338af9a584afbef8833c23eae6f 9ec4b80068b51b8e02426bc905eeddb2a3cd811e89154cd3f4ca46b1f603a3f5 Loading...

	www.googletagmanager.com/gtag/js?id=UA-108199505-1	ScriptElement	280 kB	2025-06-07	2025-06-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-108199505-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-07 05:21 Last Seen2025-06-07 05:21 Times Seen1 Hash 848f19513b57dc46199449196295db92 0cfe6ff966ff4561ecc46a5611bbe7d589bb93e4 7e8a2c133d702d0e483ff4b990e03acf03c92d31212d8249d33303713e44c7fe Loading...

	shrtlk.biz/sandbox%20eval%20code		147 B	2023-04-11	2025-06-22
Pretty URL shrtlk.biz/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen362372 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	shrtlk.biz/sandbox%20eval%20code		147 B	2023-04-11	2025-06-22
Pretty URL shrtlk.biz/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen362372 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-06-23
Pretty URL shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 04:25 Times Seen76574 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	shrtlk.biz/82RY7	ScriptElement	28 kB	2025-04-14	2025-06-15
Pretty URL shrtlk.biz/82RY7 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-14 03:19 Last Seen2025-06-15 09:16 Times Seen10 Hash b35fab64d44d6bb782f4fba1595dab40 6ce2990040b834f884991e2839ade45012e9ce5e 110f2d2efa48ef1417cb70500c96094d27f8d0477a7cd6ad1d81656ac78dc21a Loading...

	push-sdk.com/f/sdk.js?z=1558819	ScriptElement	55 kB	2025-04-01	2025-06-23
Pretty URL push-sdk.com/f/sdk.js?z=1558819 IP 157.90.33.72 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-01 19:54 Last Seen2025-06-23 04:20 Times Seen170 Hash f4d87b22393ed5eef57d01d86c6a88f6 5e1aaee78cd735c23cc423fc863decca30aee219 91cf9b34af48f3b62d706127b1140c89d8bb3a5455120acd2cfcfc41ab4ad5ee Loading...

	www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129	ScriptElement	400 kB	2025-06-07	2025-06-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-07 05:21 Last Seen2025-06-07 05:21 Times Seen1 Hash 149309a42bb9a294d387a69192d69f06 f358c8bfe9759b29c53112a54c0cdd2f39abfc46 bd8520a79eb854d87af1f0d0f2c31ab5705c410d09f84337b35cd5231a2d9805 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-22
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen361686 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	shrtlk.biz/82RY7	ScriptElement	449 B	2024-06-15	2025-06-15
Pretty URL shrtlk.biz/82RY7 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-15 09:16 Times Seen84 Hash 896c9a55ba6c6119f31c9c5c06fcd79b 8ec469494baa6b23e7a9b1a4578a1707d46b3139 141b67f81e42319fb83de74e7dd72a21c6590c8699c35adda3b4037b3e146d11 Loading...

	shrtlk.biz/82RY7	ScriptElement	155 B	2023-03-07	2025-06-15
Pretty URL shrtlk.biz/82RY7 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:18 Last Seen2025-06-15 09:16 Times Seen175 Hash 59ebe0b9de3964823af9e47ca93a4955 f8bc090309fd3f812825b06ac082ea98cd27a8f7 fcb5a666860ca97d0ad3ed1a21203060b8fc1ac42a73b4cf628f8044698d8a2a Loading...

	shrtlk.biz/82RY7	ScriptElement	715 B	2025-05-30	2025-06-15
Pretty URL shrtlk.biz/82RY7 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-30 05:08 Last Seen2025-06-15 09:16 Times Seen6 Hash beb77df1fb69a94904b70ecd590ad14a 01bbf7153c796c4d065e281d8d17264b44d7c790 cfdc1a382906354bf481864b46da43a0539fed3952bf86a41b6cca99d0554287 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-22
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-22 12:43 Times Seen361686 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129	ScriptElement	261 kB	2025-06-07	2025-06-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-07 05:21 Last Seen2025-06-07 05:21 Times Seen1 Hash be74b7bc5bddd3ca78b4320e09bf11cb 65d8e7bd3b85df12f1eb5bb0be500fc7f467eca6 9dff97da5cebab8f857dd4098ba881af159f36487ac329e5efa5cd194a59049b Loading...

	shrtlk.biz/82RY7	ScriptElement	2.4 kB	2025-06-07	2025-06-07
Pretty URL shrtlk.biz/82RY7 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-07 05:21 Last Seen2025-06-07 05:21 Times Seen1 Hash 546c366de7a3f2bce43c95235c23ee1e 5ae6de83e7b743fa2690bdbb9a98fbb4c39f4eb9 6bc610a1ebefd3afaeb02a315ddb3a5bb6a388d18527c88531e5fec628d1101d Loading...

HTTP Transactions (23)

URL IP Response Size

GET shrtlk.biz/82RY7

188.114.97.1

200 OK

47 kB

URL User Request GET
shrtlk.biz/82RY7
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (28513), with CRLF, LF line terminators
Size
47 kB (47234 bytes)
Hash
d475ed6564205778f3ce2fbff1b6fcfa
aac5f7e68e3db526250be723c22e5feb091f1b80
f5f511892bdcfaea74c48a75bff447fb1b2b85a9f2d130a4c50a25a16ba9dd23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /82RY7 HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 07 Jun 2025 05:21:28 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=26b8OhqswRkF3qmGc4%2Bblk4KBXWFRW5O3pcuaEAIx2B3Loji4Jms12zGgneBi%2B25Jw6u034wLbiu1iEC0tWu49JajNcstL0u"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: 59334c111521b65a6c338ddf278a8782=pNtpLPXQNKVIRn_m5yG99B0MBt0XTvUZ1QS9_NHYamaBRcxXV9TIcin__54f-wrM0SOTemIpTzp_sHgd5gowZw; HttpOnly; SameSite=Lax; Path=/; Domain=shrtlk.biz; Max-Age=86400; Expires=Sun, 08 Jun 2025 05:21:28 GMT
cf-ray: 94bdb4c80e400b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-108199505-1

142.250.74.168

200 OK

280 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-108199505-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (5359)
Size
280 kB (279856 bytes)
Hash
848f19513b57dc46199449196295db92
0cfe6ff966ff4561ecc46a5611bbe7d589bb93e4
7e8a2c133d702d0e483ff4b990e03acf03c92d31212d8249d33303713e44c7fe

HTTP Headers

GET /gtag/js?id=UA-108199505-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 07 Jun 2025 05:21:28 GMT
expires: Sat, 07 Jun 2025 05:21:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 98630
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

HEAD nuirajiqyxbh.com/

139.45.197.163

200 OK

0 B

URL HEAD
nuirajiqyxbh.com/
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subjectnuirajiqyxbh.com
Fingerprint6E:62:DC:7A:56:40:A0:10:7D:03:C3:3E:60:8C:20:E6:35:2A:B2:35
ValidityFri, 06 Jun 2025 11:21:37 GMT - Thu, 04 Sep 2025 11:21:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

HEAD / HTTP/1.1
Host: nuirajiqyxbh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: text/html
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jun 2025 05:21:29 GMT
content-type: text/html
x-t48r15a27c72e79-20i47d67: 00000000000000000000000000000000
vary: Accept-Encoding, Origin
access-control-allow-origin: https://shrtlk.biz
access-control-expose-headers: Link, X-Application-Token, X-Application-Key, X-Tag, X-Auth-Token, X-DirectionPartner-Id, X-ZoneType-Id, X-Hostname
access-control-allow-credentials: true
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-application-key: thcixGttiXg3t5si88aa0
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

POST ccg90.com/wrr?z=7704232&p_rid=6802a623-4901-40f4-b597-62adad95d9c3&rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY=&dmn=ccg90.com&userId=0081e1ef6a0746d1f02e595c96196766

139.45.197.106

204 No Content

0 B

URL POST
ccg90.com/wrr?z=7704232&p_rid=6802a623-4901-40f4-b597-62adad95d9c3&rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY=&dmn=ccg90.com&userId=0081e1ef6a0746d1f02e595c96196766
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subjectccg90.com
Fingerprint56:09:8B:A2:B0:CC:2D:94:BB:34:A2:E9:A2:FD:C7:53:D9:F4:20:83
ValidityWed, 23 Apr 2025 09:55:55 GMT - Tue, 22 Jul 2025 09:55:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /wrr?z=7704232&p_rid=6802a623-4901-40f4-b597-62adad95d9c3&rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY=&dmn=ccg90.com&userId=0081e1ef6a0746d1f02e595c96196766 HTTP/1.1
Host: ccg90.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 2580
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 07 Jun 2025 05:21:31 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap

142.250.74.10

200 OK

4.1 kB

URL GET
fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
ASCII text
Size
4.1 kB (4055 bytes)
Hash
c9f6a45a2a14d02a3541a1353aeb14d2
f9701501760cd4e6813d672fb73a7ca5c7139608
c9a1fa60eb7df47c3edd61c002806df25d2e7e6f6e956670dcece52fd207181c

HTTP Headers

GET /css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 07 Jun 2025 05:21:28 GMT
date: Sat, 07 Jun 2025 05:21:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET shrtlk.biz/wp-content/uploads/2025/04/logo.png

188.114.97.1

200 OK

12 kB

URL GET
shrtlk.biz/wp-content/uploads/2025/04/logo.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
PNG image data, 684 x 230, 8-bit colormap, non-interlaced
Size
12 kB (12402 bytes)
Hash
09bae29b50ce7910314ded2a5d6481ea
26074d868508b6a4ebac91afbea1b0888f4a948a
1fdf97d7e41f1a6dea5ea8dbccfe97ae4b2804a40b9e9b7dfeb500926e923dd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2025/04/logo.png HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/82RY7
DNT: 1
Connection: keep-alive
Cookie: 59334c111521b65a6c338ddf278a8782=pNtpLPXQNKVIRn_m5yG99B0MBt0XTvUZ1QS9_NHYamaBRcxXV9TIcin__54f-wrM0SOTemIpTzp_sHgd5gowZw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 07 Jun 2025 05:21:28 GMT
content-type: image/png
server: cloudflare
last-modified: Sat, 19 Apr 2025 08:25:23 GMT
vary: Accept-Encoding
etag: W/"68035df3-3072"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
content-encoding: br
age: 1849434
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rKPEQugkaN%2Be4ek%2Ba%2Bc1FTwuI0p59xdQXK%2BAVLkI5jP0EP4MkBQNy4iwX98S9u5%2FCn32UXADoRhsGwoF7lHyR7YxlQrg3XP8"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 94bdb4ca8dd056ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

HEAD shrtlk.biz/82RY7

188.114.97.1

200 OK

0 B

URL HEAD
shrtlk.biz/82RY7
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

HEAD /82RY7 HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/82RY7
DNT: 1
Connection: keep-alive
Cookie: 59334c111521b65a6c338ddf278a8782=pNtpLPXQNKVIRn_m5yG99B0MBt0XTvUZ1QS9_NHYamaBRcxXV9TIcin__54f-wrM0SOTemIpTzp_sHgd5gowZw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 07 Jun 2025 05:21:29 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2F%2Bx4Z2fhgGXF1fG%2BMUbNqHIaHX0nycVTamb4FV5v9SIy7yFd1KahaYxOAo57jvKKi%2BLEX9xoNvpbbX660U67L5JLC4GPwArH"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
set-cookie: 59334c111521b65a6c338ddf278a8782=iz67WbmHLkqAZEh8UQethuK-2TckT3pl0djgWFp5DKmNnjXp9rNJYQWBbc1RkXYgHgxtW4w1W4HSthcBeG6wrg; HttpOnly; SameSite=Lax; Path=/; Domain=shrtlk.biz; Max-Age=86400; Expires=Sun, 08 Jun 2025 05:21:29 GMT
cf-ray: 94bdb4cd6f6256ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48532, version 1.0
Size
48 kB (48532 bytes)
Hash
225835e6e0496c54dc2aca9f3d533892
942ef5298bbe74bfe44e445def5f2bfc94027fa8
acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087

HTTP Headers

GET /s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48532
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jun 2025 13:23:43 GMT
expires: Fri, 05 Jun 2026 13:23:43 GMT
cache-control: public, max-age=31536000
age: 143866
last-modified: Wed, 28 May 2025 18:51:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 0019x.com/?rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY%3D&request_ab2=0&zoneid=7704232&js_build=iclick-v1.1456.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fshrtlk.biz%2F82RY7&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=4&wgl=llvmpipe&js_build=iclick-v1.1456.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=6802a623-4901-40f4-b597-62adad95d9c3&userId=0081e1ef6a0746d1f02e595c96196766&m=link

139.45.197.247

200 OK

2.8 kB

URL GET
0019x.com/?rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY%3D&request_ab2=0&zoneid=7704232&js_build=iclick-v1.1456.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fshrtlk.biz%2F82RY7&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=4&wgl=llvmpipe&js_build=iclick-v1.1456.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=6802a623-4901-40f4-b597-62adad95d9c3&userId=0081e1ef6a0746d1f02e595c96196766&m=link
IP
139.45.197.247:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subject0019x.com
Fingerprint1A:74:70:52:50:28:3C:32:E8:00:D5:10:3B:27:73:E4:1B:54:93:CE
ValidityTue, 22 Apr 2025 13:50:28 GMT - Mon, 21 Jul 2025 13:50:27 GMT

File type
JSON text data
Size
2.8 kB (2753 bytes)
Hash
e4387d0c32cc0fe03d8a81bfd6c026bd
31ad5c062fd71253b3b1a31f2fd8e5f74e83dbbf
83124f0a9e88846e0bb2b7aa4f483c515b93c7ce45314856f0d6a58259683af8

HTTP Headers

GET /?rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY%3D&request_ab2=0&zoneid=7704232&js_build=iclick-v1.1456.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Fshrtlk.biz%2F82RY7&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=4&wgl=llvmpipe&js_build=iclick-v1.1456.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=6802a623-4901-40f4-b597-62adad95d9c3&userId=0081e1ef6a0746d1f02e595c96196766&m=link HTTP/1.1
Host: 0019x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jun 2025 05:21:30 GMT
content-type: application/json
x-trace-id: 65349ed8790aef82b1e533980ea0fb66
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081e1ef6a0746d1f02e595c96196766; expires=Sun, 07 Jun 2026 05:21:30 GMT; path=/; secure; SameSite=None
oaidts=1749273690; expires=Sun, 07 Jun 2026 05:21:30 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 14 Jun 2025 05:21:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

OPTIONS ccg90.com/wrr?z=7704232&p_rid=6802a623-4901-40f4-b597-62adad95d9c3&rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY=&dmn=ccg90.com&userId=0081e1ef6a0746d1f02e595c96196766

139.45.197.106

204 No Content

0 B

URL OPTIONS
ccg90.com/wrr?z=7704232&p_rid=6802a623-4901-40f4-b597-62adad95d9c3&rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY=&dmn=ccg90.com&userId=0081e1ef6a0746d1f02e595c96196766
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subjectccg90.com
Fingerprint56:09:8B:A2:B0:CC:2D:94:BB:34:A2:E9:A2:FD:C7:53:D9:F4:20:83
ValidityWed, 23 Apr 2025 09:55:55 GMT - Tue, 22 Jul 2025 09:55:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /wrr?z=7704232&p_rid=6802a623-4901-40f4-b597-62adad95d9c3&rb=uMF2osNrNQUvQgfaLK37OgbkDKt__y8WdWAbttCss68mr9pUQIl9PljXER0ZzvRdKgLMTr1NiII01lQG-QmkLN7lIMI-SYTV6SvsAWjdI2v6IYbwG4IyfEF1WwDX3MtklglAUehqnR3_Y1PO47UOEp0My7fPAh752jJEhQe7i0uirUnEoRLUKKP2SOWZ8k_ZsTFN9Zr4FKxEWzGTyGoHvlJ48-SzT2J6Z6P4sW6NQQnexmlbnI5Fc7TpFxJ4T-YLmkkLhDFXmuY=&dmn=ccg90.com&userId=0081e1ef6a0746d1f02e595c96196766 HTTP/1.1
Host: ccg90.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 07 Jun 2025 05:21:31 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

OPTIONS nuirajiqyxbh.com/

139.45.197.163

200 OK

0 B

URL OPTIONS
nuirajiqyxbh.com/
IP
139.45.197.163:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subjectnuirajiqyxbh.com
Fingerprint6E:62:DC:7A:56:40:A0:10:7D:03:C3:3E:60:8C:20:E6:35:2A:B2:35
ValidityFri, 06 Jun 2025 11:21:37 GMT - Thu, 04 Sep 2025 11:21:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS / HTTP/1.1
Host: nuirajiqyxbh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: HEAD
Access-Control-Request-Headers: content-type
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jun 2025 05:21:29 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://shrtlk.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

GET shrtfly.vip/img/Join-Telegram-Channel.png

172.67.134.233

200 OK

20 kB

URL GET
shrtfly.vip/img/Join-Telegram-Channel.png
IP
172.67.134.233:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectshrtfly.vip
FingerprintB1:4D:83:BF:40:AB:E2:96:3B:67:68:28:FD:E9:16:35:76:F7:CB:88
ValidityThu, 24 Apr 2025 17:49:04 GMT - Wed, 23 Jul 2025 18:44:25 GMT

File type
PNG image data, 768 x 245, 8-bit colormap, non-interlaced
Size
20 kB (20023 bytes)
Hash
06ac021d13ac2211cfac5de3f4c0cab6
45496ca6056a32e5cf396fa657960020df4ccb13
cc860eff23be351ffc4a3249e2365f3271f162295e944ba4c1de8c37ee9e8141

HTTP Headers

GET /img/Join-Telegram-Channel.png HTTP/1.1
Host: shrtfly.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 07 Jun 2025 05:21:28 GMT
content-type: image/png
content-length: 20023
server: cloudflare
last-modified: Thu, 16 May 2024 06:19:23 GMT
etag: "6645a56b-4e37"
expires: Sat, 21 Jun 2025 21:31:02 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
age: 1324226
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=LDu1ecZ%2Fyb1FoLp0DPyTvSSL69q9BFG3parxReTPsmjBTKbQhCepGRZgvvIAOUTi7sGnEyND5aT7Xx5E2fSE1TAdNnDAqy9iyg%3D%3D"}]}
cf-ray: 94bdb4cb0ef1b529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET push-sdk.com/f/sdk.js?z=1558819

157.90.33.72

200 OK

55 kB

URL GET
push-sdk.com/f/sdk.js?z=1558819
IP
157.90.33.72:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subjectpush-sdk.com
Fingerprint43:6C:A5:4F:73:7D:B7:09:5D:88:3F:9F:29:2F:F4:C3:F2:29:12:E3
ValiditySun, 06 Apr 2025 03:46:49 GMT - Sat, 05 Jul 2025 03:46:48 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (54745), with no line terminators
Size
55 kB (54787 bytes)
Hash
f4d87b22393ed5eef57d01d86c6a88f6
5e1aaee78cd735c23cc423fc863decca30aee219
91cf9b34af48f3b62d706127b1140c89d8bb3a5455120acd2cfcfc41ab4ad5ee

HTTP Headers

GET /f/sdk.js?z=1558819 HTTP/1.1
Host: push-sdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Angie
date: Sat, 07 Jun 2025 05:21:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 15242
content-encoding: gzip
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate
vary: Accept-Encoding
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2

142.250.74.35

200 OK

77 kB

URL GET
fonts.gstatic.com/s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 76708, version 1.0
Size
77 kB (76708 bytes)
Hash
e4fb7cb2cabbdbaeb698e9107c10995b
6fcd8fb90adf70483ab37cd1055dd21f577c2ddf
37d43e1615cd7f5c6e41d0da9a45253b89c06837026ff7caed07519bf9493e05

HTTP Headers

GET /s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 76708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jun 2025 10:57:22 GMT
expires: Fri, 05 Jun 2026 10:57:22 GMT
cache-control: public, max-age=31536000
age: 152647
last-modified: Tue, 11 Mar 2025 01:16:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129

142.250.74.168

200 OK

261 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-354543616&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2385)
Size
261 kB (261103 bytes)
Hash
be74b7bc5bddd3ca78b4320e09bf11cb
65d8e7bd3b85df12f1eb5bb0be500fc7f467eca6
9dff97da5cebab8f857dd4098ba881af159f36487ac329e5efa5cd194a59049b

HTTP Headers

GET /gtag/js?id=UA-354543616&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 07 Jun 2025 05:21:29 GMT
expires: Sat, 07 Jun 2025 05:21:29 GMT
cache-control: private, max-age=900
last-modified: Sat, 07 Jun 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 93447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST push-sdk.com/event?z=1558819

157.90.33.72

200 OK

0 B

URL POST
push-sdk.com/event?z=1558819
IP
157.90.33.72:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subjectpush-sdk.com
Fingerprint43:6C:A5:4F:73:7D:B7:09:5D:88:3F:9F:29:2F:F4:C3:F2:29:12:E3
ValiditySun, 06 Apr 2025 03:46:49 GMT - Sat, 05 Jul 2025 03:46:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /event?z=1558819 HTTP/1.1
Host: push-sdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 83
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Angie
date: Sat, 07 Jun 2025 05:21:29 GMT
content-length: 0
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-expose-headers: Authorization
cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
pragma: no-cache
expires: Tue, 11 Jan 1994 00:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
X-Firefox-Spdy: h2

GET shrtlk.biz/wp-content/uploads/2025/04/favicon.png

188.114.97.1

200 OK

1.3 kB

URL GET
shrtlk.biz/wp-content/uploads/2025/04/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
1.3 kB (1273 bytes)
Hash
77004a5b31f1c5ab30755cad675630cb
9ff49298b2f92e7895b7d47a115b2473fe3d35e1
f75a1c9fe89949bcaa5941eb8f583e9df82b4b07da88162fdb552660b7909b60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2025/04/favicon.png HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/82RY7
DNT: 1
Connection: keep-alive
Cookie: 59334c111521b65a6c338ddf278a8782=iz67WbmHLkqAZEh8UQethuK-2TckT3pl0djgWFp5DKmNnjXp9rNJYQWBbc1RkXYgHgxtW4w1W4HSthcBeG6wrg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 07 Jun 2025 05:21:29 GMT
content-type: image/png
server: cloudflare
last-modified: Sat, 19 Apr 2025 08:25:23 GMT
vary: Accept-Encoding
etag: W/"68035df3-4f9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
content-encoding: br
age: 23440
cf-cache-status: HIT
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=W9BRMnP7nhFoNrrnoipXeWPUhymvByb3SNotXfsfOWLo0c%2FN5Q%2Bsp0OwtG6ebqEWEOeBm%2BfZfGOiZyN6waGHCO3cUoqCq%2B7z"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 94bdb4d018d856ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

90 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 07 Jun 2025 05:21:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
cf-ray: 94bdb4caab515697-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 106877
expires: Thu, 28 May 2026 05:21:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOr6mT3Qu4nBU6OTrWI9WAzxq3b5GsS0F7iGM4sok0AzC0bYokMxR6o6GUc%2FIZw6F5ccwwqrJYXOSTHAKlOQNn07WdTW8qBoIW%2B%2B2CPL0LaGPdrqtMYqevZBH3atLS4pgLXjWM3F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET shrtlk.biz/wp-content/plugins/api-blueprint/assets/style.css?v=1.0.6a

188.114.97.1

200 OK

124 kB

URL GET
shrtlk.biz/wp-content/plugins/api-blueprint/assets/style.css?v=1.0.6a
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
ASCII text
Size
124 kB (124157 bytes)
Hash
fecee00f27b98f2325707b0c1834938f
b715fb788d1f022f748e75b96e13f539c4478c08
b71515fb130226188620cdd236c56a9e69bf699518336d6610f858d989126866

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/api-blueprint/assets/style.css?v=1.0.6a HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/82RY7
DNT: 1
Connection: keep-alive
Cookie: 59334c111521b65a6c338ddf278a8782=pNtpLPXQNKVIRn_m5yG99B0MBt0XTvUZ1QS9_NHYamaBRcxXV9TIcin__54f-wrM0SOTemIpTzp_sHgd5gowZw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 07 Jun 2025 05:21:28 GMT
content-type: text/css
server: cloudflare
last-modified: Sat, 19 Apr 2025 08:24:24 GMT
vary: Accept-Encoding
etag: W/"68035db8-1e4fd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
content-encoding: br
age: 3915833
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=JsVgc32JRk2vk%2FI5VXTGLpKWELuAUuTcZMvxhnn6Qpu%2BNQ10hUREPVxFbQo7rFA0SdarPBnaaUbOtn6MNqG8eCEtu9B9vZaC"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 94bdb4ca8dcf56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.97.1

200 OK

1.2 kB

URL GET
shrtlk.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.biz
FingerprintC7:EB:04:2F:65:68:90:27:22:EC:37:38:55:C9:F8:6E:40:40:FB:58
ValiditySat, 19 Apr 2025 07:20:55 GMT - Fri, 18 Jul 2025 08:19:35 GMT

File type
JavaScript source, ASCII text, with very long lines (1238)
Size
1.2 kB (1239 bytes)
Hash
9e8f56e8e1806253ba01a95cfc3d392c
a8af90d7482e1e99d03de6bf88fed2315c5dd728
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: shrtlk.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.biz/82RY7
DNT: 1
Connection: keep-alive
Cookie: 59334c111521b65a6c338ddf278a8782=pNtpLPXQNKVIRn_m5yG99B0MBt0XTvUZ1QS9_NHYamaBRcxXV9TIcin__54f-wrM0SOTemIpTzp_sHgd5gowZw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 07 Jun 2025 05:21:28 GMT
content-type: application/javascript
expires: Sat, 07 Jun 2025 06:09:28 GMT
cache-control: public
vary: accept-encoding
x-frame-options: DENY
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=49ICEYeZmvktFvpbC2gIb9duLIhCGsvdJzX0je9DkaFeGG%2BsTT1qTZ91JccvJ%2BwU5ZX5FELtn1QrXis1RNRwDbqFhEiOtDkR"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 94bdb4ca8dd656ae-OSL

GET www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129

142.250.74.168

200 OK

400 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (6079)
Size
400 kB (399614 bytes)
Hash
149309a42bb9a294d387a69192d69f06
f358c8bfe9759b29c53112a54c0cdd2f39abfc46
bd8520a79eb854d87af1f0d0f2c31ab5705c410d09f84337b35cd5231a2d9805

HTTP Headers

GET /gtag/js?id=G-PDV6XHL2ZF&cx=c&gtm=457e5641za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 07 Jun 2025 05:21:29 GMT
expires: Sat, 07 Jun 2025 05:21:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 132250
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET ccg90.com/5/7704232

139.45.197.106

200 OK

112 kB

URL GET
ccg90.com/5/7704232
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerLet's Encrypt
Subjectccg90.com
Fingerprint56:09:8B:A2:B0:CC:2D:94:BB:34:A2:E9:A2:FD:C7:53:D9:F4:20:83
ValidityWed, 23 Apr 2025 09:55:55 GMT - Tue, 22 Jul 2025 09:55:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
112 kB (111643 bytes)
Hash
47f39347c91ab89424731b4d2ce36203
c3d30749a85e609625bad603570367c8105441f7
887e1fd4eb9d2629eb9e9fa8f224d96704899908dbb2fd0bf9df471246eaa598

HTTP Headers

GET /5/7704232 HTTP/1.1
Host: ccg90.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 07 Jun 2025 05:21:30 GMT
content-type: application/javascript
x-trace-id: 291e439b8d953d1b4e3c4eebb5979aad
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081e1ef6a0746d1f02e595c96196766; expires=Sun, 07 Jun 2026 05:21:30 GMT; path=/; secure; SameSite=None
oaidts=1749273690; expires=Sun, 07 Jun 2026 05:21:30 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js?userId=0081e1ef6a0746d1f02e595c96196766

172.64.146.234

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=0081e1ef6a0746d1f02e595c96196766
IP
172.64.146.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.biz/82RY7
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82
ValidityFri, 02 May 2025 11:10:51 GMT - Thu, 31 Jul 2025 12:10:47 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
7fc7e11ad7ddf87cd9ad481d7e9141d4
06416b697d2f9fc6ce44905041a12b2edd42fcde
351b4dbc1b8ed19ee2c90b5dedba7e0b30791ae69ae31d61613fec20879c14aa

HTTP Headers

GET /gid.js?userId=0081e1ef6a0746d1f02e595c96196766 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shrtlk.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 07 Jun 2025 05:21:30 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrtlk.biz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081e1ef6a0746d1f02e595c96196766; expires=Sun, 07 Jun 2026 05:21:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 94bdb4d41ff15699-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML