Report - exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398

Report Overview

Visited public
2025-05-11 15:53:21
Tags
URL
exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Finishing URL
exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
IP / ASN
186.2.171.235
#59692 IQWeb FZ-LLC
Title
EXTEG - Easy Daily Crypto Earnings

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

104

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kit.fontawesome.com	1868	2012-10-18	2019-03-29	2025-05-07	439 B	514 B	172.64.147.188
exteg.com	unknown	2025-04-10	2025-05-11	2025-05-11	33 kB	8.5 MB	186.2.171.235
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-05-07	1.1 kB	22 kB	142.250.74.10
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-07	2.6 kB	116 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed
2025-05-11	medium	exteg.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	exteg.com/js/countdown-custom.js	ScriptElement	203 B	2025-05-11	2025-05-11
Pretty URL exteg.com/js/countdown-custom.js IP 186.2.171.235 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-11 15:53 Last Seen2025-05-11 15:53 Times Seen1 Hash 0b8188a3271bc392c01a85950f3c95f1 845a775f42015231220e96c3d74cc50706d6bc92 1ea0ce695c4b4f77d12c6e40a136c7cc3fb77bceb1398d899f8ee5fb10a82914 Loading...

	exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398	Function	37 B	2023-04-11	2025-05-17
Pretty URL exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398 IP 186.2.171.235 ASN #59692 IQWeb FZ-LLC Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-17 03:30 Times Seen265042 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	exteg.com/js/plugins.js	ScriptElement	662 kB	2025-05-11	2025-05-11
Pretty URL exteg.com/js/plugins.js IP 186.2.171.235 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-11 15:53 Last Seen2025-05-11 15:53 Times Seen1 Hash 8d0d7188763ced178223d09dbdcac8d3 cd47d3ce1444f12fbe8d2c5a9d3225d681737922 746b356db5df724a4fbed0d7f2bd1f36fa03219f7112692cc202fc4ef1ba3546 Loading...

	exteg.com/js/designesia.js	ScriptElement	70 kB	2025-05-11	2025-05-11
Pretty URL exteg.com/js/designesia.js IP 186.2.171.235 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-11 15:53 Last Seen2025-05-11 15:53 Times Seen1 Hash 04ef6877909079b18d7a1ae70b1d93ee 7db9bb6bfe0b1078a22d8317573399608c16d88d 7bfffe5950907491bc92960c9ac4e55e62db22c6b08f0da68c850869e3aec697 Loading...

	exteg.com/js/jquery.countdown.js	ScriptElement	36 kB	2023-03-07	2025-05-11
Pretty URL exteg.com/js/jquery.countdown.js IP 186.2.171.235 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10 Last Seen2025-05-11 15:53 Times Seen10 Hash 80a2a626d3d8fc07139139b0b862d9d2 43083dcd5ec3166873791b497b4e3a4c1ea0afba 7e78bd2c83fc2242aa28d2bb5056de3a57c5da19c865238f5a7362093105d707 Loading...

	exteg.com/js/custom-swiper-2.js	ScriptElement	1.1 kB	2025-05-11	2025-05-11
Pretty URL exteg.com/js/custom-swiper-2.js IP 186.2.171.235 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-11 15:53 Last Seen2025-05-11 15:53 Times Seen1 Hash 49c83a821cf66647d16d749bf594efda 0eab9348b30689eceda41f0363de0bf02f6df640 92c560122e4e16d4a5d4f1fb01c7feb22c1002eb72812d2fb075fd8e8309f4f8 Loading...

	exteg.com/js/custom-marquee.js	ScriptElement	423 B	2024-08-19	2025-05-14
Pretty URL exteg.com/js/custom-marquee.js IP 186.2.171.235 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 15:36 Last Seen2025-05-14 10:42 Times Seen4 Hash 0e833fdfdbbe745bf455b9bc9d0939ab bfc192d2ef6ce0a20e237ca469e582e23b1f8726 941bb206504f8422eeca496d903a6d4e969092d417069948e33bf39534716e45 Loading...

HTTP Transactions (60)

URL IP Response Size

exteg.com/images/Quantum1.png

186.2.171.235

200 OK

24 kB

URL GET
exteg.com/images/Quantum1.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 500 x 83, 16-bit/color RGBA, non-interlaced
Size
24 kB (24343 bytes)
Hash
a7bdc52a00288742ea1ed6877c8ca6bc
60ddd9289bbd18e5e3fdc51b5b260ca09f50edc0
90c4cb068712ac75b91a492ef389020ada3eed1e6aa18e9ac4e478fe5b823ff2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/Quantum1.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=OVdZCaBiYpcX7xZ2; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 13:28:47 GMT
last-modified: Sun, 20 Apr 2025 23:42:14 GMT
accept-ranges: bytes
content-length: 24343
content-type: image/png
ddg-cache-status: HIT,HIT
age: 95050
X-Firefox-Spdy: h2

exteg.com/js/jquery.countdown.js

186.2.171.235

200 OK

36 kB

URL GET
exteg.com/js/jquery.countdown.js
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
36 kB (35472 bytes)
Hash
80a2a626d3d8fc07139139b0b862d9d2
43083dcd5ec3166873791b497b4e3a4c1ea0afba
7e78bd2c83fc2242aa28d2bb5056de3a57c5da19c865238f5a7362093105d707

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.countdown.js HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=fD3lxZPaL8ycw2kK; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 20:43:32 GMT
last-modified: Sun, 20 Apr 2025 23:43:32 GMT
accept-ranges: bytes
content-type: text/javascript
content-encoding: gzip
vary: Accept-Encoding
content-length: 9193
ddg-cache-status: HIT,HIT
age: 68965
X-Firefox-Spdy: h2

exteg.com/fonts/fontawesome6/webfonts/fa-solid-900.woff2

186.2.171.235

200 OK

150 kB

URL GET
exteg.com/fonts/fontawesome6/webfonts/fa-solid-900.woff2
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280
Size
150 kB (150020 bytes)
Hash
d5e647388e2415268b700d3df2e30a0d
97f0942c6627ddd89fb62170e5cac9a2cbd6c98c
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/fonts/fontawesome6/css/solid.css
Cookie: __ddg8_=qowlpBJGc17rQ8ok; __ddg10_=1746978777; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=SI5JK0B4j9u8RuK8; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 15:00:36 GMT
last-modified: Sun, 20 Apr 2025 23:44:03 GMT
accept-ranges: bytes
content-length: 150020
content-type: font/woff2
age: 89541
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/css/bootstrap.min.css

186.2.171.235

200 OK

156 kB

URL GET
exteg.com/css/bootstrap.min.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65301), with CRLF line terminators
Size
156 kB (155851 bytes)
Hash
5e61e4d33af1e32a9143321b6e1fdcc0
21d575b07eae6ee577d0119b9e455e1638768ac4
cd7d64b0e5fcc2db8a7bc7a8779a1b11a84b494b2baf9b625f8b95f59be481a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jB8AeU9EhtoaWGeu; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 03:12:00 GMT
last-modified: Sun, 20 Apr 2025 23:43:38 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: br
vary: Accept-Encoding
age: 132056
content-length: 20502
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/images/coins/Ripple.png

186.2.171.235

200 OK

49 kB

URL GET
exteg.com/images/coins/Ripple.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
49 kB (49108 bytes)
Hash
5d4e7643878fc63d571374900724fcdd
dcb9c426cc6fe946921ab76e21899ce770d79f69
119a96782525bb8ca87d5d9db37008724d30caf7948d1740d93380b0aad5ac7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Ripple.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=mky2YjVBAHB5TsqM; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 09 May 2025 19:21:25 GMT
last-modified: Sun, 20 Apr 2025 23:42:35 GMT
accept-ranges: bytes
content-length: 49108
content-type: image/png
age: 160291
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/js/designesia.js

186.2.171.235

200 OK

70 kB

URL GET
exteg.com/js/designesia.js
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (414), with CRLF line terminators
Size
70 kB (70503 bytes)
Hash
04ef6877909079b18d7a1ae70b1d93ee
7db9bb6bfe0b1078a22d8317573399608c16d88d
7bfffe5950907491bc92960c9ac4e55e62db22c6b08f0da68c850869e3aec697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/designesia.js HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zrPBz6oYEwKf5TF6; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 07:48:14 GMT
last-modified: Sun, 20 Apr 2025 23:43:31 GMT
accept-ranges: bytes
content-type: text/javascript
content-encoding: gzip
vary: Accept-Encoding
content-length: 13094
ddg-cache-status: HIT,HIT
age: 29083
X-Firefox-Spdy: h2

exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398

186.2.171.235

200 OK

48 kB

URL User Request GET
exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (552)
Size
48 kB (48273 bytes)
Hash
2577c8a626077c41056d3c419fb74137
9682d78b4306d73765b37fb439f82e8701b4bb96
1b36528c6a13f5fa849ba3cf3faf72505dec37b33d25d646f0d7b3f7106088ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398 HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Nxl4hfc1bx8xTkeF; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg1_=EjyoS2BmszcDARlbg2zH; Domain=.exteg.com; HttpOnly; Path=/; Expires=Mon, 11-May-2026 15:52:56 GMT
CameFrom=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
PHPSESSID=30e8efb435714525822fb7e41f671cc3; path=/; domain=exteg.com; HttpOnly
Referer=bm; expires=Sat, 06-May-2045 15:52:56 GMT; Max-Age=630720000; path=/; domain=exteg.com
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 15:52:56 GMT
access-control-allow-origin: *;
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

exteg.com/images/Spark1.png

186.2.171.235

200 OK

24 kB

URL GET
exteg.com/images/Spark1.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 500 x 83, 16-bit/color RGBA, non-interlaced
Size
24 kB (23956 bytes)
Hash
3e64be0b945bcbeba35ef925689cfa56
921623e21d6fc029394a60e6e5e0eaa90a914912
b75448e036c444a2d7161699d7b5fc4ec40f142f57f8aaa799a0a118a40472c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/Spark1.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=QDVtUY3sAdmTkUks; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 09 May 2025 21:34:57 GMT
last-modified: Sun, 20 Apr 2025 23:42:15 GMT
accept-ranges: bytes
content-length: 23956
content-type: image/png
age: 152280
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/apple-touch-icon.png

186.2.171.235

200 OK

12 kB

URL GET
exteg.com/apple-touch-icon.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
12 kB (12473 bytes)
Hash
768066c1c12132a101653192f45fbcb7
24405e0dfbee0b76308055b91dd6d69411359cc4
223bf89b037f2092d798f8e41c04d39a51bc60fbb8407971101576ebdfcecf5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=SI5JK0B4j9u8RuK8; __ddg10_=1746978777; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=0o8VJik4NmxYV1Io; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 12:53:34 GMT
last-modified: Sat, 19 Apr 2025 21:47:48 GMT
accept-ranges: bytes
content-length: 12473
content-type: image/png
age: 97163
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/css/coloring.css

186.2.171.235

200 OK

17 kB

URL GET
exteg.com/css/coloring.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
17 kB (16929 bytes)
Hash
d81c045a0410c8c7191f3be3ddbf540b
73fc295e774c40f5cbb97f7d54e07d57cfe21fe9
6515171648c695631a72ec99fed82f167470353338c5f77084e523ef98ca4c31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/coloring.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=FtMhRbAULFbFEfrh; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 17:51:45 GMT
last-modified: Sun, 20 Apr 2025 23:43:38 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
ddg-cache-status: HIT,HIT
age: 79271
content-length: 3284
X-Firefox-Spdy: h2

exteg.com/images/coins/MATIC.png

186.2.171.235

200 OK

69 kB

URL GET
exteg.com/images/coins/MATIC.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
69 kB (69304 bytes)
Hash
73f9613689d5a9f93db957ec7d4e8273
7610ab67703062444e59e882e3a2b62edec4f2bf
2fea00fb01eaa913262d8e5f4790dc27e483aa980a0812ff85333e60662379e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/MATIC.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Ib6KEJwp9mDh8ChC; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 08:29:26 GMT
last-modified: Sun, 20 Apr 2025 23:42:34 GMT
accept-ranges: bytes
content-length: 69304
content-type: image/png
ddg-cache-status: HIT,HIT
age: 113010
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Oxanium:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

142.250.74.10

200 OK

5.9 kB

URL GET
fonts.googleapis.com/css2?family=Oxanium:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
ASCII text
Size
5.9 kB (5866 bytes)
Hash
b054fcacfe999ba203e29b9c7254377d
bb25a2f835684ad2a757944467bebce1f393139e
85166a82fe47c0cb5ebf1d32d09b23a0440ec7647dbea441231450c321856109

HTTP Headers

GET /css2?family=Oxanium:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 May 2025 15:52:57 GMT
date: Sun, 11 May 2025 15:52:57 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

exteg.com/fonts/fontawesome4/css/font-awesome.css

186.2.171.235

200 OK

35 kB

URL GET
exteg.com/fonts/fontawesome4/css/font-awesome.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (372)
Size
35 kB (35128 bytes)
Hash
a16730221cf9c8b1bad3dd5419edf16b
b5020c3860669185ba3f316fa7332cdf5c06f393
34f195f17d62b4789625aa8cb3535024a72d40fc4d88ee1383154688b9bfaa27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome4/css/font-awesome.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/css/style.css
Cookie: __ddg8_=XMzKNNMOhvEkcpTT; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=7Y9hoqrp0rHPAiaf; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:33:29 GMT
last-modified: Sun, 20 Apr 2025 23:43:48 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: br
vary: Accept-Encoding
content-length: 6673
ddg-cache-status: HIT,HIT
age: 37169
X-Firefox-Spdy: h2

exteg.com/fonts/fontawesome6/webfonts/fa-brands-400.woff2

186.2.171.235

200 OK

110 kB

URL GET
exteg.com/fonts/fontawesome6/webfonts/fa-brands-400.woff2
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 109808, version 772.1280
Size
110 kB (109808 bytes)
Hash
005c9aa92b564b73b7582cc4f1fa49cb
373361ed756b1fe68ce2f5968d467826b6973bb5
faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome6/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/fonts/fontawesome6/css/brands.css
Cookie: __ddg8_=qowlpBJGc17rQ8ok; __ddg10_=1746978777; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Y6xVPnwdfK3JkrYQ; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 05:03:04 GMT
last-modified: Sun, 20 Apr 2025 23:44:03 GMT
accept-ranges: bytes
content-length: 109808
content-type: font/woff2
ddg-cache-status: HIT,MISS
age: 125393
X-Firefox-Spdy: h2

exteg.com/images/coins/BNB.png

186.2.171.235

200 OK

51 kB

URL GET
exteg.com/images/coins/BNB.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
51 kB (50727 bytes)
Hash
fae8e162d74e1a52f503e415f27ffe0a
35af63ed0359b6eeb7e7c08d2fdb2c21322aacb1
cf88f17ef7e842085175691fdc01f58bd2858bf13bed0a3a7d2862c40f47e395

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/BNB.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=eZPU1Dpz9KCNLNZp; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 03:12:01 GMT
last-modified: Sun, 20 Apr 2025 23:42:34 GMT
accept-ranges: bytes
content-length: 50727
content-type: image/png
age: 132056
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/images/Ignite1.png

186.2.171.235

200 OK

29 kB

URL GET
exteg.com/images/Ignite1.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 500 x 83, 16-bit/color RGBA, non-interlaced
Size
29 kB (28772 bytes)
Hash
db2fbbb9a320e828f640da946dd2c3a4
f74de30c0843b754accabac569e255510f49afd8
2973655b6d4b47e5763e857dc4b8d36b5c9c24fef9ee6cb4e69ce3384de74acb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/Ignite1.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=McXN70geRFNwqWFe; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 08:29:26 GMT
last-modified: Sun, 20 Apr 2025 23:42:11 GMT
accept-ranges: bytes
content-length: 28772
content-type: image/png
ddg-cache-status: HIT,HIT
age: 113011
X-Firefox-Spdy: h2

exteg.com/images/background/136.jpg

186.2.171.235

200 OK

1.0 MB

URL GET
exteg.com/images/background/136.jpg
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.0 (Macintosh), datetime=2025:04:12 23:54:21], baseline, precision 8, 1920x1280, components 3
Size
1.0 MB (1041944 bytes)
Hash
b177aca85032e7cfb7ee2a857c61bdb6
2820bf5ac0ef1e4ffc7a9da0a1789f6b481cb944
b0846f3ca6451d08fb1681397f8a78d2e961f92f0b5373569e05b48d7ea89f5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/background/136.jpg HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=9KNQdCnRrXSMfaqS; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 17:21:17 GMT
last-modified: Sun, 20 Apr 2025 23:42:24 GMT
accept-ranges: bytes
content-length: 1041944
content-type: image/jpeg
age: 81100
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/js/custom-marquee.js

186.2.171.235

200 OK

423 B

URL GET
exteg.com/js/custom-marquee.js
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
423 B (423 bytes)
Hash
0e833fdfdbbe745bf455b9bc9d0939ab
bfc192d2ef6ce0a20e237ca469e582e23b1f8726
941bb206504f8422eeca496d903a6d4e969092d417069948e33bf39534716e45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/custom-marquee.js HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=TXJPsp3Au7f5fxxP; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 09:28:25 GMT
last-modified: Sun, 20 Apr 2025 23:43:32 GMT
accept-ranges: bytes
content-type: text/javascript
content-encoding: gzip
vary: Accept-Encoding
content-length: 181
ddg-cache-status: HIT,HIT
age: 23072
X-Firefox-Spdy: h2

exteg.com/css/plugins.css

186.2.171.235

200 OK

98 kB

URL GET
exteg.com/css/plugins.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text, with very long lines (56107), with CRLF line terminators
Size
98 kB (98060 bytes)
Hash
bb7648f089a152d9d4d0f5cc2318908a
0f9dc86d50098382635b0bcfbbd0df4d85dfea0b
03fbd02b497706f116e59497a3c9b5e16ccc97f263c7e094c833bede6b2f4773

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/plugins.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zfDCVBYNcfS8VR99; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 23:05:55 GMT
last-modified: Sun, 20 Apr 2025 23:43:38 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
content-length: 10883
ddg-cache-status: HIT,HIT
age: 60421
X-Firefox-Spdy: h2

exteg.com/images/background/132.jpg

186.2.171.235

200 OK

1.1 MB

URL GET
exteg.com/images/background/132.jpg
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.0 (Macintosh), datetime=2025:04:12 21:41:14], baseline, precision 8, 1920x1280, components 3
Size
1.1 MB (1074313 bytes)
Hash
20fd9d9b81a117d01a3c982b318a447b
2620f6a2151cdd28db144c93b8a8b27a2642a1aa
91c20e0879fe9084b72853ce702107181e7db30be16200a8dbbbd72a7a0368b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/background/132.jpg HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=i3j6mxla32JHJU4J; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 23:59:06 GMT
last-modified: Sun, 20 Apr 2025 23:42:24 GMT
accept-ranges: bytes
content-length: 1074313
content-type: image/jpeg
ddg-cache-status: HIT,HIT
age: 57230
X-Firefox-Spdy: h2

exteg.com/favicon.svg

186.2.171.235

200 OK

103 kB

URL GET
exteg.com/favicon.svg
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
103 kB (103037 bytes)
Hash
025f82d027ac51d9db53f0d8bfd8d8df
d63593b731c207eb483a69958877c7c58f7f1448
de801015540605820a568e3f48afe486b50e27ab68daf96b10c9386ec18caa8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.svg HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=SI5JK0B4j9u8RuK8; __ddg10_=1746978777; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=niDfEC3MWsqauUNk; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 08:29:27 GMT
last-modified: Sat, 19 Apr 2025 21:47:49 GMT
accept-ranges: bytes
content-type: image/svg+xml
content-encoding: gzip
vary: Accept-Encoding
age: 113010
ddg-cache-status: HIT,MISS
content-length: 69551
X-Firefox-Spdy: h2

exteg.com/images/icm1.png

186.2.171.235

200 OK

14 kB

URL GET
exteg.com/images/icm1.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
14 kB (13792 bytes)
Hash
a217a97bf51eb757aabda833f0a8100b
5f75ed988be848a7f0d19d6c956b61e9b2993681
d92445e3cf78274791dc43f4515fffa757fd2a82806b32f4a0fb5384eedb945b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/icm1.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=ko6gZSXwLta7SKfu; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:17:40 GMT
last-modified: Sun, 20 Apr 2025 23:42:10 GMT
accept-ranges: bytes
content-length: 13792
content-type: image/png
ddg-cache-status: HIT,HIT
age: 38117
X-Firefox-Spdy: h2

exteg.com/images/ref1.png

186.2.171.235

200 OK

339 kB

URL GET
exteg.com/images/ref1.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 600 x 550, 8-bit/color RGBA, non-interlaced
Size
339 kB (339070 bytes)
Hash
27f0295710672a93b7a4108e6d1d0cf6
775de0df1f8df11c843bd98f6ae403086524bd9a
56bc9d323de21db1663b7447ef1050ab8779f301720d812b31d2cbad0abb28fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/ref1.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=GoildOWwzIazRNDl; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 11:41:55 GMT
last-modified: Sun, 20 Apr 2025 23:42:15 GMT
accept-ranges: bytes
content-length: 339070
content-type: image/png
ddg-cache-status: HIT,HIT
age: 15062
X-Firefox-Spdy: h2

exteg.com/images/coins/Dash.png

186.2.171.235

200 OK

39 kB

URL GET
exteg.com/images/coins/Dash.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
39 kB (38785 bytes)
Hash
da130d2d2e497a818f95fa857e920b7f
25a848da1395f39c9d4825146da2fe539e657586
4bda9bb504e9efd4d10257bf145b2dc4e34938212e6e9b0b54dee6282c0c301b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Dash.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=jG1PlBt7Eh01lUno; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 09:08:13 GMT
last-modified: Sun, 20 Apr 2025 23:42:33 GMT
accept-ranges: bytes
content-length: 38785
content-type: image/png
ddg-cache-status: HIT,MISS
age: 24283
X-Firefox-Spdy: h2

exteg.com/images/background/134.jpg

186.2.171.235

200 OK

970 kB

URL GET
exteg.com/images/background/134.jpg
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.0 (Macintosh), datetime=2025:04:12 23:44:36], baseline, precision 8, 1920x1097, components 3
Size
970 kB (969804 bytes)
Hash
c6fce90205dc4299e33955d50446cd76
063f2dc3cf49b1e7922c295038b750bcae6f281c
b770c3b075e02165b316793fcdea6b14bf44f7020cb681d78b8f76dd122c04e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/background/134.jpg HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=LZon5THuRILAe1RJ; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 11:49:03 GMT
last-modified: Sun, 20 Apr 2025 23:42:22 GMT
accept-ranges: bytes
content-length: 969804
content-type: image/jpeg
ddg-cache-status: HIT,HIT
age: 101034
X-Firefox-Spdy: h2

exteg.com/js/custom-swiper-2.js

186.2.171.235

200 OK

1.1 kB

URL GET
exteg.com/js/custom-swiper-2.js
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.1 kB (1118 bytes)
Hash
49c83a821cf66647d16d749bf594efda
0eab9348b30689eceda41f0363de0bf02f6df640
92c560122e4e16d4a5d4f1fb01c7feb22c1002eb72812d2fb075fd8e8309f4f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/custom-swiper-2.js HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=UmOchhSmzXaLUPHb; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 17:51:45 GMT
last-modified: Sun, 20 Apr 2025 23:43:31 GMT
accept-ranges: bytes
content-type: text/javascript
content-encoding: br
vary: Accept-Encoding
content-length: 379
ddg-cache-status: HIT,HIT
age: 79272
X-Firefox-Spdy: h2

exteg.com/fonts/et-line-font/style.css

186.2.171.235

200 OK

7.1 kB

URL GET
exteg.com/fonts/et-line-font/style.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text, with very long lines (1512)
Size
7.1 kB (7052 bytes)
Hash
a6431aff83b44ab55177544ec4113613
c4778f90c7a1d4bc49eae5f83323cb2ff9aaf3dc
4b2ef7a267f6e6ec05e6c4cf9c71247271650a82716774767ce4285edb5c2ac1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/et-line-font/style.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/css/style.css
Cookie: __ddg8_=GMHrRrJpN8U3Cdc4; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=gDGLJtf24hE0WHHM; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:17:41 GMT
last-modified: Sun, 20 Apr 2025 23:43:46 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
ddg-cache-status: HIT,HIT
age: 38116
content-length: 1637
X-Firefox-Spdy: h2

exteg.com/css/style.css

186.2.171.235

200 OK

366 kB

URL GET
exteg.com/css/style.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text, with CRLF, CR, LF line terminators
Size
366 kB (365991 bytes)
Hash
ef235851d09990260f59524f00ed6559
a9f1f6a6321887212db17774f36aaae0f62b2b1b
92705039c1056ef95e42bee8ecf0a59a7100f88d42d1e4660a673544ad0ab168

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=H70GnftTAip6OFBZ; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:17:40 GMT
last-modified: Sun, 20 Apr 2025 23:43:39 GMT
accept-ranges: bytes
content-type: text/css
ddg-cache-status: HIT,HIT
vary: Accept-Encoding
age: 38116
content-encoding: br
X-Firefox-Spdy: h2

exteg.com/images/coins/Dogecoin.png

186.2.171.235

200 OK

43 kB

URL GET
exteg.com/images/coins/Dogecoin.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
43 kB (42558 bytes)
Hash
8f75457ac8efd13105355f80b8ac2c97
270b88d7539d8186bb6f2a868cc71e12c494d268
431c6ebdde69fee40acfa80d520c714e78415c1fdb57cf9fac8302b26bd93964

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Dogecoin.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=zYU5LRCnSaKXmQC2; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 07:37:38 GMT
last-modified: Sun, 20 Apr 2025 23:42:34 GMT
accept-ranges: bytes
content-length: 42558
content-type: image/png
ddg-cache-status: HIT,MISS
age: 29718
X-Firefox-Spdy: h2

exteg.com/images/coins/Solana.png

186.2.171.235

200 OK

41 kB

URL GET
exteg.com/images/coins/Solana.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
41 kB (40844 bytes)
Hash
5b0c4bde34a84b711c21f797761c9bee
41b5a8c5f78831c6d6f138c8d767e09dafded0c3
33f30dff3022a0897c3d735eff6194841c2099dfa556c0728a55021aee5cee92

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Solana.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=GMHrRrJpN8U3Cdc4; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:17:40 GMT
last-modified: Sun, 20 Apr 2025 23:42:35 GMT
accept-ranges: bytes
content-length: 40844
content-type: image/png
ddg-cache-status: HIT,HIT
age: 38116
X-Firefox-Spdy: h2

exteg.com/images/icm4.png

186.2.171.235

200 OK

14 kB

URL GET
exteg.com/images/icm4.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
14 kB (13707 bytes)
Hash
cab0f737b9cc30040bc51dd9ee847c30
40ccc607941f08fc8b8320f1e5c2191f81d4bd64
03702792e5a18911056f327113e33d49cad94512a652f45941b9522dde2281d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/icm4.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=DZBfCZNyTFT3Fzov; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 08:29:26 GMT
last-modified: Sun, 20 Apr 2025 23:42:11 GMT
accept-ranges: bytes
content-length: 13707
content-type: image/png
ddg-cache-status: HIT,HIT
age: 113011
X-Firefox-Spdy: h2

exteg.com/js/plugins.js

186.2.171.235

200 OK

662 kB

URL GET
exteg.com/js/plugins.js
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators
Size
662 kB (661618 bytes)
Hash
8d0d7188763ced178223d09dbdcac8d3
cd47d3ce1444f12fbe8d2c5a9d3225d681737922
746b356db5df724a4fbed0d7f2bd1f36fa03219f7112692cc202fc4ef1ba3546

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/plugins.js HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=qowlpBJGc17rQ8ok; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 07:04:02 GMT
last-modified: Sun, 20 Apr 2025 23:43:31 GMT
accept-ranges: bytes
content-type: text/javascript
content-encoding: br
vary: Accept-Encoding
age: 118136
content-length: 167209
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/fonts/fontawesome6/css/brands.css

186.2.171.235

200 OK

24 kB

URL GET
exteg.com/fonts/fontawesome6/css/brands.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text
Size
24 kB (24006 bytes)
Hash
c414dbc291e26b589fe95d30cab2dac6
ed826051c5132eef9e2da7e1f6782e92f698df92
22abda6f6d01231b604c563d79ead2b09ea57b28ccdedb02e34538a5cf7eba31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome6/css/brands.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/css/style.css
Cookie: __ddg8_=XMzKNNMOhvEkcpTT; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=gSLkeTB9PdroPP0h; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 04:56:19 GMT
last-modified: Sun, 20 Apr 2025 23:43:59 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
content-length: 4882
ddg-cache-status: HIT,HIT
age: 125798
X-Firefox-Spdy: h2

exteg.com/images/news01.jpg

186.2.171.235

200 OK

200 kB

URL GET
exteg.com/images/news01.jpg
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.0 (Macintosh), datetime=2025:04:20 15:26:02], baseline, precision 8, 600x550, components 3
Size
200 kB (199808 bytes)
Hash
4b94325e8e36c9b8ca8de85ed38c6e17
0b16f9b84f6b7fce9e8730f57a9d831199bf382c
cdf05a13c100033eaa8950331c0caeb8d1a3624ef67cbf87d51d80bf1e7da210

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/news01.jpg HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=KHetcQe6F1iupbBc; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 23:05:57 GMT
last-modified: Sun, 20 Apr 2025 23:42:12 GMT
accept-ranges: bytes
content-length: 199808
content-type: image/jpeg
ddg-cache-status: HIT,HIT
age: 60420
X-Firefox-Spdy: h2

exteg.com/images/coins/Tron.png

186.2.171.235

200 OK

61 kB

URL GET
exteg.com/images/coins/Tron.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
61 kB (60869 bytes)
Hash
50b465c7948706af5714f918f34c4108
32ccefa79d0502a2e5511517e96b9b2dfb4178a7
845a9789a5ae82c9eb0cb7cae92c405245db749a5fb1eeadd90b2252d021b9b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Tron.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=XMzKNNMOhvEkcpTT; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 09:08:12 GMT
last-modified: Sun, 20 Apr 2025 23:42:34 GMT
accept-ranges: bytes
content-length: 60869
content-type: image/png
ddg-cache-status: HIT,HIT
age: 24284
X-Firefox-Spdy: h2

exteg.com/fonts/elegant_font/HTML_CSS/style.css

186.2.171.235

200 OK

25 kB

URL GET
exteg.com/fonts/elegant_font/HTML_CSS/style.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text, with very long lines (6610)
Size
25 kB (25237 bytes)
Hash
bbb79964f1980eaab2822f83c2c75d9d
ccbe8e1941d3b01bcc706861100b48cab6248a18
ef20e6454d107e698e67fc13a44c9ecb7d76d4ea84900371682502f75c99c8b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/elegant_font/HTML_CSS/style.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/css/style.css
Cookie: __ddg8_=GMHrRrJpN8U3Cdc4; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=tPDqRo4cpr9XA7lr; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 20:43:32 GMT
last-modified: Sun, 20 Apr 2025 23:44:10 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
content-length: 4359
ddg-cache-status: HIT,HIT
age: 68965
X-Firefox-Spdy: h2

exteg.com/images/coins/TON.png

186.2.171.235

200 OK

45 kB

URL GET
exteg.com/images/coins/TON.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
45 kB (45349 bytes)
Hash
d762bbd63936858e26763c873f1d7fb2
a41f4281bbe4b6e5f54dfa1afcf68a5f945cb955
ad00ff7552f4dd9b12c3d89efde61fc06f92d5f9a0031e9c8a415a5b5cbe3baa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/TON.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=HX79auODi7j4uSWX; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 05:03:03 GMT
last-modified: Sun, 20 Apr 2025 23:42:34 GMT
accept-ranges: bytes
content-length: 45349
content-type: image/png
ddg-cache-status: HIT,HIT
age: 125393
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Manrope:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap

142.250.74.10

200 OK

15 kB

URL GET
fonts.googleapis.com/css2?family=Manrope:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
ASCII text
Size
15 kB (15008 bytes)
Hash
69488a53a20a196dd9752fb3b8458989
9227f7f5b5c55981ab492f3e3689552bdeabf57d
266c0ac2bb224ff8cadd9fd00a7d2e93bfa91eb520376600dbea05fdf8882d63

HTTP Headers

GET /css2?family=Manrope:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 May 2025 15:52:57 GMT
date: Sun, 11 May 2025 15:52:57 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

exteg.com/images/coins/Bitcoin.png

186.2.171.235

200 OK

46 kB

URL GET
exteg.com/images/coins/Bitcoin.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
46 kB (45767 bytes)
Hash
307c0235e1432c159386209bfd107ae5
747ac40ed4934393f71e457df5ad30dbe8fdbdd3
27c83329d80bd56e80ad0a41637a180deafdb2db5c0ddfff7b75345a333d0fa0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Bitcoin.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=KZbCMKOTmeo8ZKEo; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 07:19:47 GMT
last-modified: Sun, 20 Apr 2025 23:42:33 GMT
accept-ranges: bytes
content-length: 45767
content-type: image/png
ddg-cache-status: HIT,HIT
age: 117189
X-Firefox-Spdy: h2

exteg.com/images/coins/Litecoin.png

186.2.171.235

200 OK

51 kB

URL GET
exteg.com/images/coins/Litecoin.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
51 kB (50636 bytes)
Hash
fa28d5048e7feb808a6c1b650bc3202c
defcaf78f4fc05a2cdf42eae33864d366935be8f
c8b4e7676d96f935788f3f53346ecbaf4343005426be6fc3018fc3360077ced8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Litecoin.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=R2WoUK1Ni0iaHsON; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 23:05:56 GMT
last-modified: Sun, 20 Apr 2025 23:42:33 GMT
accept-ranges: bytes
content-length: 50636
content-type: image/png
ddg-cache-status: HIT,HIT
age: 60420
X-Firefox-Spdy: h2

exteg.com/fonts/fontawesome6/css/solid.css

186.2.171.235

200 OK

625 B

URL GET
exteg.com/fonts/fontawesome6/css/solid.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text
Size
625 B (625 bytes)
Hash
9d91672b52968ff0b484197ca014884c
118a19dc258a1834cbc1559d4127fcaeff0477e3
9f3c14f2da45ab9994aa0aa388ef49c48538e5930fbf083c37caf633e02b6219

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome6/css/solid.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/css/style.css
Cookie: __ddg8_=XMzKNNMOhvEkcpTT; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=DygtU9OtE5PWFz1Y; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 17:51:45 GMT
last-modified: Sun, 20 Apr 2025 23:43:59 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: br
vary: Accept-Encoding
content-length: 309
ddg-cache-status: HIT,HIT
age: 79272
X-Firefox-Spdy: h2

fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2

142.250.74.35

200 OK

24 kB

URL GET
fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24376, version 1.0
Size
24 kB (24376 bytes)
Hash
fc03edc2c67353b7608b593ee05565c6
72106071998b0ef5f145ea4f9d53459e52a33e9f
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7

HTTP Headers

GET /s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exteg.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 10:29:39 GMT
expires: Fri, 08 May 2026 10:29:39 GMT
cache-control: public, max-age=31536000
age: 278598
last-modified: Wed, 13 Sep 2023 23:22:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

exteg.com/css/swiper.css

186.2.171.235

200 OK

18 kB

URL GET
exteg.com/css/swiper.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text, with very long lines (18192), with CRLF line terminators
Size
18 kB (18463 bytes)
Hash
95f68d29d0f7aa9761e7cc8143247898
83337bf1f86bac57f063660d849f4f2fe874fafa
b7e2b3487fc77b47f9b3f1dc427a520f05ea1ba65ad9771c15dd1577dc8bf5e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/swiper.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=K8kx2LuIjifpV8ik; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:17:40 GMT
last-modified: Sun, 20 Apr 2025 23:43:38 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
content-length: 4797
ddg-cache-status: HIT,HIT
age: 38116
X-Firefox-Spdy: h2

exteg.com/images/a4.png

186.2.171.235

200 OK

1.6 MB

URL GET
exteg.com/images/a4.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 1100 x 1282, 8-bit/color RGBA, non-interlaced
Size
1.6 MB (1571313 bytes)
Hash
f7c96373d80eef354b510c4ded0170d0
368cb7bad24f16835955d10aebd3800682512beb
bca5af9e07cc64a88c745ea391a52c5ee397c8f899aa3a379448fcc900407e30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/a4.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=kWstitbZPBDePMFf; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 15:03:50 GMT
last-modified: Sun, 20 Apr 2025 23:42:08 GMT
accept-ranges: bytes
content-length: 1571313
content-type: image/png
ddg-cache-status: HIT,HIT
age: 89346
X-Firefox-Spdy: h2

exteg.com/images/coins/Tether.png

186.2.171.235

200 OK

55 kB

URL GET
exteg.com/images/coins/Tether.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
55 kB (55094 bytes)
Hash
b5674f41095415606849063119231493
e87c222b0275c9cc0f44846fad5b53cc290dc97f
1233fb71585262891c36bac633f45a32b57a563c3e404b6acb2c5c06ef0b982c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Tether.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=8F1CsvONXKhZAXv4; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 14:20:52 GMT
last-modified: Sun, 20 Apr 2025 23:42:35 GMT
accept-ranges: bytes
content-length: 55094
content-type: image/png
ddg-cache-status: HIT,HIT
age: 5524
X-Firefox-Spdy: h2

fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2

142.250.74.35

200 OK

24 kB

URL GET
fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24376, version 1.0
Size
24 kB (24376 bytes)
Hash
fc03edc2c67353b7608b593ee05565c6
72106071998b0ef5f145ea4f9d53459e52a33e9f
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7

HTTP Headers

GET /s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exteg.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 10:29:39 GMT
expires: Fri, 08 May 2026 10:29:39 GMT
cache-control: public, max-age=31536000
age: 278598
last-modified: Wed, 13 Sep 2023 23:22:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2

142.250.74.35

200 OK

24 kB

URL GET
fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24376, version 1.0
Size
24 kB (24376 bytes)
Hash
fc03edc2c67353b7608b593ee05565c6
72106071998b0ef5f145ea4f9d53459e52a33e9f
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7

HTTP Headers

GET /s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exteg.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 10:29:39 GMT
expires: Fri, 08 May 2026 10:29:39 GMT
cache-control: public, max-age=31536000
age: 278598
last-modified: Wed, 13 Sep 2023 23:22:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

exteg.com/images/logo.png

186.2.171.235

200 OK

65 kB

URL GET
exteg.com/images/logo.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 600 x 150, 16-bit/color RGBA, non-interlaced
Size
65 kB (64839 bytes)
Hash
2dbc4b1fc3d127cceecb10518c772610
59362f0b953ba9f05e04686889053fec6e12dea7
298b09739ea89539c617a428c8fe391200ab96a4f2c735d4e88823bebf996e89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=T0rJa4LXUBliRci4; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 09:38:15 GMT
last-modified: Sun, 20 Apr 2025 23:42:11 GMT
accept-ranges: bytes
content-length: 64839
content-type: image/png
age: 108881
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/images/coins/Ethereum.png

186.2.171.235

200 OK

42 kB

URL GET
exteg.com/images/coins/Ethereum.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 300 x 300, 16-bit/color RGBA, non-interlaced
Size
42 kB (41717 bytes)
Hash
647a29ff6b5e3c8ea61c677f39b82bcc
b8c27e095ecf00d4b55ca63312e1b2a33b49e70f
1ef511e741a3568f0d0acec4c253c076d0963d5c7fedb5cc2595cdcb03331208

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/coins/Ethereum.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=5LQ6yEjtu2onjvr0; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 07:37:37 GMT
last-modified: Sun, 20 Apr 2025 23:42:35 GMT
accept-ranges: bytes
content-length: 41717
content-type: image/png
ddg-cache-status: HIT,MISS
age: 29719
X-Firefox-Spdy: h2

exteg.com/images/icm3.png

186.2.171.235

200 OK

12 kB

URL GET
exteg.com/images/icm3.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
12 kB (11806 bytes)
Hash
364ed2004a5b6784bb551559bbdde889
6d9d8cd579b6b165baf99ea9b7d7d1dc098cb063
ee3a9fc76d51c3fbdac8f99a4baa017306839a79d68cbe2f570e90edc741d994

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/icm3.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=AfwpG42GTV12jASG; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 08:29:26 GMT
last-modified: Sun, 20 Apr 2025 23:42:10 GMT
accept-ranges: bytes
content-length: 11806
content-type: image/png
ddg-cache-status: HIT,HIT
age: 113011
X-Firefox-Spdy: h2

exteg.com/images/logo-mobile.png

186.2.171.235

200 OK

65 kB

URL GET
exteg.com/images/logo-mobile.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 600 x 150, 16-bit/color RGBA, non-interlaced
Size
65 kB (64839 bytes)
Hash
2dbc4b1fc3d127cceecb10518c772610
59362f0b953ba9f05e04686889053fec6e12dea7
298b09739ea89539c617a428c8fe391200ab96a4f2c735d4e88823bebf996e89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/logo-mobile.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=sNNF6R0RuYyrdkbJ; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 06:53:34 GMT
last-modified: Sun, 20 Apr 2025 23:42:11 GMT
accept-ranges: bytes
content-length: 64839
content-type: image/png
age: 118762
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/images/icm2.png

186.2.171.235

200 OK

9.7 kB

URL GET
exteg.com/images/icm2.png
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
9.7 kB (9681 bytes)
Hash
c8583e66f17f59b2ea97f5bb2bcef2a5
f2d7cb6a3c0bb57cdb1f47adb4609cda19dc25ac
779abbe589425dedac3740d2df679cffc8c63984f2b2849f8881a1397acef091

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/icm2.png HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=tgvRHgNxqH9OrmHL; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 13:28:47 GMT
last-modified: Sun, 20 Apr 2025 23:42:10 GMT
accept-ranges: bytes
content-length: 9681
content-type: image/png
ddg-cache-status: HIT,HIT
age: 95050
X-Firefox-Spdy: h2

fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2

142.250.74.35

200 OK

24 kB

URL GET
fonts.gstatic.com/s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24376, version 1.0
Size
24 kB (24376 bytes)
Hash
fc03edc2c67353b7608b593ee05565c6
72106071998b0ef5f145ea4f9d53459e52a33e9f
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7

HTTP Headers

GET /s/manrope/v15/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exteg.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 10:29:39 GMT
expires: Fri, 08 May 2026 10:29:39 GMT
cache-control: public, max-age=31536000
age: 278598
last-modified: Wed, 13 Sep 2023 23:22:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

exteg.com/fonts/fontawesome4/fonts/fontawesome-webfont.woff2?v=4.6.3

186.2.171.235

200 OK

72 kB

URL GET
exteg.com/fonts/fontawesome4/fonts/fontawesome-webfont.woff2?v=4.6.3
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 71896, version 4.393
Size
72 kB (71896 bytes)
Hash
e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome4/fonts/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/fonts/fontawesome4/css/font-awesome.css
Cookie: __ddg8_=qowlpBJGc17rQ8ok; __ddg10_=1746978777; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=K0HyvYLv8KpMhX8f; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 14:25:20 GMT
last-modified: Sun, 20 Apr 2025 23:43:56 GMT
accept-ranges: bytes
content-length: 71896
content-type: font/woff2
age: 5257
ddg-cache-status: HIT,MISS
X-Firefox-Spdy: h2

kit.fontawesome.com/2c3f853d3a.js

172.64.147.188

403 Forbidden

22 B

URL GET
kit.fontawesome.com/2c3f853d3a.js
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subjectfontawesome.com
FingerprintB6:27:5D:7E:5E:68:5C:A4:3C:22:27:23:51:CC:9A:5C:3A:7A:AF:0D
ValidityMon, 28 Apr 2025 18:51:58 GMT - Sun, 27 Jul 2025 19:51:56 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
fd97e4f669829c0ab67c2203a6840a09
3cf1ecf50b3c929fb32a43896505db3ff9602275
6ee8906b2c990cc0ccd14c16ed0482a5b6dcacf438908ff2d8a98a4c4d5a35e3

HTTP Headers

GET /2c3f853d3a.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exteg.com
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 11 May 2025 15:52:57 GMT
content-length: 22
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=0, private, must-revalidate
x-request-id: GD6D8RcNUF8CGkq8SAth
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 93e2d8ab5f87b523-OSL
X-Firefox-Spdy: h2

exteg.com/fonts/fontawesome6/css/fontawesome.css

186.2.171.235

200 OK

113 kB

URL GET
exteg.com/fonts/fontawesome6/css/fontawesome.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
troff or preprocessor input, ASCII text
Size
113 kB (113421 bytes)
Hash
ebf19a7b820e73c830eea258b1b13c55
4b5656edeaf525ad5c10f001b53faa9af438efc5
559c95bb2f42eed126f18be7faae707ff36535ec96d45e92637188d300a3ab59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/fontawesome6/css/fontawesome.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/css/style.css
Cookie: __ddg8_=XMzKNNMOhvEkcpTT; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=vkUSuFGSIckVsgcf; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 10 May 2025 03:12:00 GMT
last-modified: Sun, 20 Apr 2025 23:44:01 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
age: 132057
content-length: 18374
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

exteg.com/js/countdown-custom.js

186.2.171.235

200 OK

203 B

URL GET
exteg.com/js/countdown-custom.js
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
203 B (203 bytes)
Hash
0b8188a3271bc392c01a85950f3c95f1
845a775f42015231220e96c3d74cc50706d6bc92
1ea0ce695c4b4f77d12c6e40a136c7cc3fb77bceb1398d899f8ee5fb10a82914

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/countdown-custom.js HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=bnR5SqGD45bnqsXp; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg10_=1746978777; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:57 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:17:41 GMT
last-modified: Sun, 20 Apr 2025 23:43:31 GMT
accept-ranges: bytes
content-type: text/javascript
content-encoding: gzip
vary: Accept-Encoding
content-length: 161
ddg-cache-status: HIT,HIT
age: 38116
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oxanium/v19/RrQQboN_4yJ0JmiMe2LE0Q.woff2

142.250.74.35

200 OK

14 kB

URL GET
fonts.gstatic.com/s/oxanium/v19/RrQQboN_4yJ0JmiMe2LE0Q.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14012, version 1.0
Size
14 kB (14012 bytes)
Hash
5b2fdb63c78397858e0b0af92f9a8ee0
c304cdc096093a65e6daf8acf3812c0c3e1511ef
41b5d0b11cefa47f4c3a0e6557aa6e1df2f64ce3ca7e2f48c00c251e008f510f

HTTP Headers

GET /s/oxanium/v19/RrQQboN_4yJ0JmiMe2LE0Q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exteg.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14012
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 09:28:09 GMT
expires: Fri, 08 May 2026 09:28:09 GMT
cache-control: public, max-age=31536000
age: 282288
last-modified: Thu, 24 Aug 2023 21:07:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

exteg.com/css/colors/scheme-01.css

186.2.171.235

200 OK

228 B

URL GET
exteg.com/css/colors/scheme-01.css
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
228 B (228 bytes)
Hash
e68b24f688a506e8eb9e3ac5423e7444
7d0aba5bd74f9386b93541770840961908efe4db
1de63faa21dfde6d7fa6cca84de0b5c0d9aac7b442b4c4b989760c833ce44d81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/colors/scheme-01.css HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=MosSVitAdb7V0dAg; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 05:17:40 GMT
last-modified: Sun, 20 Apr 2025 23:43:44 GMT
accept-ranges: bytes
content-type: text/css
content-encoding: gzip
vary: Accept-Encoding
ddg-cache-status: HIT,HIT
age: 38116
content-length: 147
X-Firefox-Spdy: h2

exteg.com/images/news02.jpg

186.2.171.235

200 OK

326 kB

URL GET
exteg.com/images/news02.jpg
IP
186.2.171.235:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Certificate
IssuerSectigo Limited
Subject*.exteg.com
Fingerprint93:C7:CA:2B:12:6D:61:EB:E8:BE:48:23:CA:89:3E:F6:C6:B4:26:68
ValiditySat, 19 Apr 2025 00:00:00 GMT - Sun, 19 Apr 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=550, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=600], baseline, precision 8, 600x550, components 3
Size
326 kB (326192 bytes)
Hash
90cf76bafd00676f340c59d6c6f3d9e4
3a7726611731ee5410451eb2962e7e9dcde18fa6
5c65187c1744282fda43b2e31206c1d0b2f91dd668a7f6e90fc1fcf8708b78ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/news02.jpg HTTP/1.1
Host: exteg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exteg.com/ref/bm?clickID=6a81e892-e20c-4a1d-a243-65e5485cc398
Cookie: __ddg8_=Nxl4hfc1bx8xTkeF; __ddg10_=1746978776; __ddg9_=91.90.42.154; __ddg1_=EjyoS2BmszcDARlbg2zH; PHPSESSID=30e8efb435714525822fb7e41f671cc3; Referer=bm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Xvud2Wpp26TyGzm0; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg10_=1746978776; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
__ddg9_=91.90.42.154; Domain=.exteg.com; Path=/; Expires=Sun, 11-May-2025 16:12:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 11 May 2025 06:15:15 GMT
last-modified: Tue, 06 May 2025 23:23:18 GMT
accept-ranges: bytes
content-length: 326192
content-type: image/jpeg
ddg-cache-status: HIT,HIT
age: 34661
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (60)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash