Report - stfly.biz/76nwF

Report Overview

Visited public
2024-06-29 14:50:59
Tags
URL
stfly.biz/76nwF
Finishing URL
stfly.biz/76nwF
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Stfly

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-06-28 18:16:21	1.1 kB	127 kB	216.58.207.227
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-06-28 18:12:11	327 B	887 B	2.23.172.201
gloaphoo.net	unknown	2022-09-09	2022-09-10 14:44:27	2024-06-18 18:21:10	365 B	90 kB	139.45.197.239
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-06-29 09:07:46	396 B	29 kB	104.17.24.14
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-06-28 18:16:25	1.2 kB	259 kB	142.251.9.97
stfly.biz	unknown	2024-04-09	2024-04-09 11:51:20	2024-04-18 11:01:12	3.4 kB	72 kB	188.114.97.1
shrtfly.vip	unknown	2020-12-13	2021-02-11 17:12:03	2024-03-17 23:21:09	415 B	21 kB	104.21.6.151
unpkg.com	11693	2016-01-06	2016-01-08 00:26:01	2024-06-28 19:26:50	1.2 kB	17 kB	104.17.247.203
zunsoach.com	195727	2020-11-23	2020-12-11 04:22:46	2023-06-14 12:33:54	762 B	87 kB	139.45.197.248
ui.cleverwebserver.com	35752	2016-12-30	2021-06-23 10:11:11	2024-06-28 17:50:38	364 B	726 B	104.18.33.247
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-06-28 18:20:08	473 B	4.9 kB	142.250.74.106
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-28 18:12:58	2.0 kB	5.3 kB	23.36.77.32
jouteetu.net	260109	2021-07-08	2021-07-15 09:15:22	2024-06-28 22:40:02	1.2 kB	1.7 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2024-06-28 21:32:25	925 B	1.1 kB	139.45.197.250
scripts.cleverwebserver.com	33131	2016-12-30	2021-06-23 10:11:10	2024-06-28 17:50:35	404 B	190 kB	104.18.33.247
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-06-28 18:15:27	2.0 kB	4.2 kB	142.250.147.94
phicmune.net	199064	2021-04-03	2021-04-07 16:53:43	2024-04-13 16:38:20	952 B	39 kB	139.45.197.251
e5.o.lencr.org	unknown	2020-06-29	2024-06-07 07:39:25	2024-06-28 18:13:00	652 B	1.5 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-29	medium	amunfezanttor.com	Sinkholed
2024-06-29	medium	amunfezanttor.com	Sinkholed
2024-06-29	medium	gloaphoo.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	phicmune.net/pfe/current/micro.tag.min.js?z=7521570&sw=/sw-check-permissions.js	ScriptElement	39 kB	2024-06-28	2024-08-19
Pretty URL phicmune.net/pfe/current/micro.tag.min.js?z=7521570&sw=/sw-check-permissions.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-28 11:16 Last Seen2024-08-19 18:56 Times Seen679 Hash f73af5c8bf882a63afd501c759684e54 b7dd22ff677e4d3c5d1bd4af6ea618aabb7dc1ee 762f189600317b0c21b11c1ea3a49b3caf3cd01e835d48310b8daf1336622b78 Loading...

	www.googletagmanager.com/gtag/js?id=UA-108199505-1	ScriptElement	214 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-108199505-1 IP 142.251.9.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:49 Last Seen2024-08-19 18:49 Times Seen1 Hash 1e5f94c10a4fa6beb6152c82400cbfee f9719738a58f69cda0788584253838f66303f7a5 ad2d6c4c9b0dc89d214613fd2601bd8570d887ca3145ba57bb69e9645336edeb Loading...

	stfly.biz/sandbox%20eval%20code		147 B	2023-04-11	2025-06-23
Pretty URL stfly.biz/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-23 05:59 Times Seen362451 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	stfly.biz/76nwF	ScriptElement	3.6 kB	2024-06-15	2025-06-15
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-15 09:16 Times Seen84 Hash f7d6f1db13dabce4d191fa96cda860bb 3558951400bc3338af9a584afbef8833c23eae6f 9ec4b80068b51b8e02426bc905eeddb2a3cd811e89154cd3f4ca46b1f603a3f5 Loading...

	stfly.biz/76nwF	ScriptElement	1.0 kB	2024-03-16	2025-04-01
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 08:54 Last Seen2025-04-01 00:31 Times Seen73 Hash f87f721407f8bb2ad4a3cc3a3caa58e3 cebb93256e55ac459197b3a664d272b094fa4ab3 7f013f3d8886efe6cd52171657c2c5373151135d09a275ad031afbca21d0a782 Loading...

	www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c	ScriptElement	206 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c IP 142.251.9.97 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:49 Last Seen2024-08-19 18:49 Times Seen1 Hash 974fdd309097189ad8d338073590625a b6899549f327804a456955d6c3f79e4eda7318e2 fcb0c0d6ff86e747d501b8fc96aa4f54b9af8487e09cef1a7980a9e21fe6697e Loading...

	stfly.biz/76nwF	ScriptElement	59 kB	2023-11-30	2024-08-20
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-30 06:29 Last Seen2024-08-20 17:23 Times Seen61 Hash ee30c752d9d58072a905b184ddd011e8 9c218a8ba18d4722c896fc8444baa90a86139b15 a632e8f4882d559b4de923102c4bfbb788057d47984a03959e174813233f3286 Loading...

	stfly.biz/76nwF	ScriptElement	447 B	2023-11-30	2024-08-20
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-30 06:29 Last Seen2024-08-20 17:23 Times Seen61 Hash 644a568427e03be45d48ded6add2cc76 051f0dce440fe7c2e6138fd600931cd6a95f5427 0311733ea63071e5c6085cf79a53d69a69bbd14c487b4f643c340e7af7f30650 Loading...

	stfly.biz/76nwF	ScriptElement	449 B	2024-06-15	2025-06-15
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-15 09:16 Times Seen84 Hash 896c9a55ba6c6119f31c9c5c06fcd79b 8ec469494baa6b23e7a9b1a4578a1707d46b3139 141b67f81e42319fb83de74e7dd72a21c6590c8699c35adda3b4037b3e146d11 Loading...

	stfly.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-06-23
Pretty URL stfly.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 05:57 Times Seen76607 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	scripts.cleverwebserver.com/fb4c22779132836cac71d72c4d15b8e1.js	ScriptElement	190 kB	2024-06-21	2024-08-19
Pretty URL scripts.cleverwebserver.com/fb4c22779132836cac71d72c4d15b8e1.js IP 104.18.33.247 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-21 18:42 Last Seen2024-08-19 19:16 Times Seen17 Hash b473c5cb37c5d9f68c35851305347120 14b554d239c4c04c384ccdbeb63c345acd86817f a59c235dea89a8476a26b9d125da6aaffbd387d6e5ff86f943cdc38a1e97ffcb Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-23
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-23 05:59 Times Seen361767 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 05:57 Times Seen222489 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	stfly.biz/76nwF	ScriptElement	155 B	2023-03-07	2025-06-15
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:18 Last Seen2025-06-15 09:16 Times Seen175 Hash 59ebe0b9de3964823af9e47ca93a4955 f8bc090309fd3f812825b06ac082ea98cd27a8f7 fcb5a666860ca97d0ad3ed1a21203060b8fc1ac42a73b4cf628f8044698d8a2a Loading...

	stfly.biz/76nwF	ScriptElement	176 B	2024-05-25	2024-09-19
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-25 21:32 Last Seen2024-09-19 22:57 Times Seen66 Hash 47640eade13c0e30b87c9f1310e5ac95 9535b5dc9e50848397412a28978766b9482e09ee b6109b081c0f7ab57ad73a64ba072dbde3a62de4868f865fb2c91c7d22101124 Loading...

	gloaphoo.net/401/7521789	ScriptElement	89 kB	2024-08-19	2024-08-19
Pretty URL gloaphoo.net/401/7521789 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:49 Last Seen2024-08-19 18:49 Times Seen1 Hash a1c8dac6a9203befbfe1ba02b0e383ac 402161e98cd7c4e75abc24fe3953a3171f6bacf8 45ddde08c50e270e7150c087e290b93d461ddaa8f9f0c069692d6024023c4b49 Loading...

	stfly.biz/76nwF	ScriptElement	2.4 kB	2024-08-19	2024-08-19
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 18:49 Last Seen2024-08-19 18:49 Times Seen1 Hash 766cd5759f6d2acabd91cfcd616e2d0b 88ee503b3e0c71aa5235dd2fc5e8d3878530f6b8 2cb19f929ca514c484dff2e763b6ca7e06a24d62ce5775d235cd74011fdb5383 Loading...

	stfly.biz/76nwF	ScriptElement	1.2 kB	2024-08-19	2024-08-19
Pretty URL stfly.biz/76nwF IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 18:49 Last Seen2024-08-19 18:49 Times Seen1 Hash a1c15eafbd517f849b7dc3a8868a4223 96e644ba39ac72f2b780b5117db5497c68e3e6d5 9c67a98821a71e2dfaf9b879967766c5695811a7ee29db7f75f2b70c415f8202 Loading...

HTTP Transactions (44)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
11d12f1fba8aca9d9418e9d8dc4952bf
815abf5c4b5eb6f908e3c9aa829ee2e6ccdcc449
97f30de1fa8e41bf859ba482af92cec319429e14f4f81a9c675977b672ed7b9a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "97F30DE1FA8E41BF859BA482AF92CEC319429E14F4F81A9C675977B672ED7B9A"
Last-Modified: Fri, 28 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13058
Expires: Sat, 29 Jun 2024 18:28:09 GMT
Date: Sat, 29 Jun 2024 14:50:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
116ef0f15d988075de9127b4d85aeeac
cd431538d40d2097891757fd0ca8c06b576051e9
7dd2781a8624ca9b8c54539a3c46c44cdd86477de3078e4dab624bfc7ce5b7ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7DD2781A8624CA9B8C54539A3C46C44CDD86477DE3078E4DAB624BFC7CE5B7AE"
Last-Modified: Thu, 27 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4298
Expires: Sat, 29 Jun 2024 16:02:10 GMT
Date: Sat, 29 Jun 2024 14:50:32 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1a0a218c9c80fb05585b4f6c937a462a
e888eb5099221806dda66adb4bf792f352ef6610
bb1019aa57ae13a1711a36128a9cd37fba1ed8dfa97bef742765067f4ed17d50

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BB1019AA57AE13A1711A36128A9CD37FBA1ED8DFA97BEF742765067F4ED17D50"
Last-Modified: Thu, 27 Jun 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19562
Expires: Sat, 29 Jun 2024 20:16:34 GMT
Date: Sat, 29 Jun 2024 14:50:32 GMT
Connection: keep-alive

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Jun 2024 14:50:33 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 839897
expires: Thu, 19 Jun 2025 14:50:33 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qy36QOFJzOwkvIh%2Fs1SfJQpwG8TS8Zd2fYjp%2FLgQjUEM%2BUexPAHHPn8%2FkaFuvS48rgAH4ErnZ%2BXIEE1Ff%2FMaVxmyN1uhMo6PjpvL7vZqrC0Hi5ARKUyv3wXmc1JdVKOVoyH0AkjM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 89b6bac47d3e92e0-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.147.94

472 B

URL
o.pki.goog/wr2
IP
142.250.147.94:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bef2decfc002a28553f98c40ec13611e
75c1154a73259d53dcd44b04b422d6255008b8f9
d6d8f09a03cc5eed81e48f5876354d1fbbf0ff00b1431ef86921c890d043554a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 29 Jun 2024 14:50:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET shrtfly.vip/img/Join-Telegram-Channel.png

104.21.6.151

200 OK

20 kB

URL GET HTTP/2
shrtfly.vip/img/Join-Telegram-Channel.png
IP
104.21.6.151:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectshrtfly.vip
Fingerprint30:E3:90:B4:CE:C3:6B:6A:44:06:BD:58:E5:36:C6:2D:12:C9:C4:04
ValiditySun, 05 May 2024 08:01:23 GMT - Sat, 03 Aug 2024 08:01:22 GMT

File type
PNG image data, 768 x 245, 8-bit colormap, non-interlaced
Size
20 kB (20023 bytes)
Hash
06ac021d13ac2211cfac5de3f4c0cab6
45496ca6056a32e5cf396fa657960020df4ccb13
cc860eff23be351ffc4a3249e2365f3271f162295e944ba4c1de8c37ee9e8141

HTTP Headers

GET /img/Join-Telegram-Channel.png HTTP/1.1
Host: shrtfly.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 29 Jun 2024 14:50:33 GMT
content-type: image/png
content-length: 20023
last-modified: Thu, 16 May 2024 06:19:23 GMT
etag: "6645a56b-4e37"
expires: Wed, 03 Jul 2024 07:23:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 2273194
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6toTOlfipv5RQd8CNQxQ061iE7gUQhVMXu%2BNfgCeubkcH9lTx3y7SxgpF9LDWvOvLaBThzy5gh8sNFjD3J53%2FIei1c8B%2B2fw6yYD%2B4vv0Dc4gAvjmMXvt%2BlngLCglQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89b6bac4ca1cabe4-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.147.94

472 B

URL
o.pki.goog/wr2
IP
142.250.147.94:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ff51be611c9cc3f7e611b23aad00dea6
76e8fefa896d4e9fa2c6aa4a1a30bd60433b9662
33b243fe9a28615ae6f0c7357c7c7c30e88e556450988102f4a22b01c10d212a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 29 Jun 2024 14:50:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.googletagmanager.com/gtag/js?id=UA-108199505-1

142.251.9.97

200 OK

77 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-108199505-1
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintBA:5D:A9:7F:41:46:B0:37:01:9E:05:B0:92:BA:41:C9:31:5B:4B:4A
ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
77 kB (76742 bytes)
Hash
1e5f94c10a4fa6beb6152c82400cbfee
f9719738a58f69cda0788584253838f66303f7a5
ad2d6c4c9b0dc89d214613fd2601bd8570d887ca3145ba57bb69e9645336edeb

HTTP Headers

GET /gtag/js?id=UA-108199505-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 29 Jun 2024 14:50:33 GMT
expires: Sat, 29 Jun 2024 14:50:33 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76742
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.147.94

472 B

URL
o.pki.goog/wr2
IP
142.250.147.94:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bef2decfc002a28553f98c40ec13611e
75c1154a73259d53dcd44b04b422d6255008b8f9
d6d8f09a03cc5eed81e48f5876354d1fbbf0ff00b1431ef86921c890d043554a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 29 Jun 2024 14:50:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.147.94

472 B

URL
o.pki.goog/wr2
IP
142.250.147.94:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ff51be611c9cc3f7e611b23aad00dea6
76e8fefa896d4e9fa2c6aa4a1a30bd60433b9662
33b243fe9a28615ae6f0c7357c7c7c30e88e556450988102f4a22b01c10d212a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 29 Jun 2024 14:50:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13285
Expires: Sat, 29 Jun 2024 18:31:59 GMT
Date: Sat, 29 Jun 2024 14:50:34 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13285
Expires: Sat, 29 Jun 2024 18:31:59 GMT
Date: Sat, 29 Jun 2024 14:50:34 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13285
Expires: Sat, 29 Jun 2024 18:31:59 GMT
Date: Sat, 29 Jun 2024 14:50:34 GMT
Connection: keep-alive

GET stfly.biz/76nwF

188.114.97.1

200 OK

0 B

URL User Request GET HTTP/2
stfly.biz/76nwF
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectstfly.biz
Fingerprint03:DF:51:46:EE:71:42:F1:CE:4C:90:93:07:DC:3A:AA:6E:5C:CB:EF
ValidityFri, 07 Jun 2024 09:35:04 GMT - Thu, 05 Sep 2024 09:35:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /76nwF HTTP/1.1
Host: stfly.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.biz/76nwF
DNT: 1
Connection: keep-alive
Cookie: e73fdc2e0605ccc756172d60e28aa237=r3GGWZAJ9-4sriPMXeUURYib-kVgnmAFiwRuIvw44TTxlymSAya8ecMvI7IgDf7ozY0UH9c9SBWz8el1Bbl9jg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: e73fdc2e0605ccc756172d60e28aa237=sjHynkgV2BYxi9-rw2HYs5GTiKPrXdR6PxT5xVLTPi9EgkeTZOS8Wn8MLPEtOUstA2jnZPVVyzY3wB2OfaHK0Q; expires=Sun, 30-Jun-2024 14:50:34 GMT; Max-Age=86400; path=/; domain=stfly.biz; HttpOnly; SameSite=Lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=isODNuo3LvjOMi6Gwg4VYDYLHq3jKgY3%2F42StLV6e59a%2FyW6doP6cLky%2BGLZ2E1SzPi%2BAvPUUdrmziIcRCjAruHw9EO6oAX4vEaxBT6QbdoqaVu7um4fp8gOLgU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89b6baccaf1492c7-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET stfly.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/3
stfly.biz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subjectstfly.biz
Fingerprint03:DF:51:46:EE:71:42:F1:CE:4C:90:93:07:DC:3A:AA:6E:5C:CB:EF
ValidityFri, 07 Jun 2024 09:35:04 GMT - Thu, 05 Sep 2024 09:35:03 GMT

File type
gzip compressed data, from Unix
Size
1.1 kB (1126 bytes)
Hash
04a5d45d1437c085b499e2ac39f37acf
bc932206ff73318dc66190f033ed44ab2e1f2119
ca72570f96fd185f73b0a280b2e7eb8f7e0040e70dda857bd236a30d15e9a5cc

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: stfly.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.biz/76nwF
DNT: 1
Connection: keep-alive
Cookie: e73fdc2e0605ccc756172d60e28aa237=r3GGWZAJ9-4sriPMXeUURYib-kVgnmAFiwRuIvw44TTxlymSAya8ecMvI7IgDf7ozY0UH9c9SBWz8el1Bbl9jg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 29 Jun 2024 14:50:32 GMT
content-type: application/javascript
last-modified: Wed, 26 Jun 2024 17:43:16 GMT
etag: W/"667c5334-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CBCsLVR%2FjNFm0gehPgTjVwSU289UQ68YVuJ1KF5MVvN0%2FZMuvDP1Bzeo6t0Y8EzdgRCdn9ya79YIsd3cpb%2BjXEo4TYmGY%2BULnMnACiBOPlu7p4R41YagCxlXbnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89b6bac3fa5992c7-CPH
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 01 Jul 2024 14:50:32 GMT
cache-control: max-age=172800, public
content-encoding: gzip

POST phicmune.net/zone?&pub=0&zone_id=7521570&is_mobile=false&domain=stfly.biz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.529&trace_id=abedaac2-6a72-4e76-9ffe-36de3f4518e8&action=prerequest&drf=

139.45.197.251

200 OK

0 B

URL POST HTTP/2
phicmune.net/zone?&pub=0&zone_id=7521570&is_mobile=false&domain=stfly.biz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.529&trace_id=abedaac2-6a72-4e76-9ffe-36de3f4518e8&action=prerequest&drf=
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectphicmune.net
Fingerprint7D:75:9F:1D:2C:1C:0C:44:61:C8:BD:B5:3C:45:F7:13:B3:08:B6:8F
ValidityMon, 29 Apr 2024 05:12:14 GMT - Sun, 28 Jul 2024 05:12:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=7521570&is_mobile=false&domain=stfly.biz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.529&trace_id=abedaac2-6a72-4e76-9ffe-36de3f4518e8&action=prerequest&drf= HTTP/1.1
Host: phicmune.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.147.94

471 B

URL
o.pki.goog/wr2
IP
142.250.147.94:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
559aa414317bf1f850db09285be67d56
92aa13c1573ee06a9bd63aa9c86ce554634d5b62
2bd132d3f876dd0bcfbd9f75f7440f2c446bf69fad4fa9514012cb2b13565e91

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 29 Jun 2024 14:50:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET fonts.gstatic.com/s/bricolagegrotesque/v2/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInE.woff2

216.58.207.227

200 OK

79 kB

URL GET HTTP/2
fonts.gstatic.com/s/bricolagegrotesque/v2/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInE.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintC4:9C:27:09:1C:F7:14:C9:86:F0:B5:42:0B:8A:D2:AE:5E:AE:98:04
ValidityThu, 13 Jun 2024 16:31:03 GMT - Thu, 05 Sep 2024 16:31:02 GMT

File type
Web Open Font Format (Version 2), TrueType, length 78872, version 1.0
Size
79 kB (78872 bytes)
Hash
ad008889ef482594dfd0f1d76589a79c
5f84cc4af2471205548560560a6fa123bb92cf0e
87dd7a40f7e7b3a454c2936f4c657a8c64cb8eabf626b2a96c130f537100fd0e

HTTP Headers

GET /s/bricolagegrotesque/v2/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stfly.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 78872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Jun 2024 00:15:39 GMT
expires: Sun, 29 Jun 2025 00:15:39 GMT
cache-control: public, max-age=31536000
age: 52495
last-modified: Tue, 12 Sep 2023 21:32:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r11.o.lencr.org/

2.23.172.201

504 B

URL
r11.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ac120241d0583ac4f5eb4c027d29a337
cee4ba6c91b23742aafe6f59131410edbdec1f91
544aef313006b4d7d41fb912070ff78a410e055432573dbfb0d680d24164569e

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "544AEF313006B4D7D41FB912070FF78A410E055432573DBFB0D680D24164569E"
Last-Modified: Thu, 27 Jun 2024 17:46:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4193
Expires: Sat, 29 Jun 2024 16:00:27 GMT
Date: Sat, 29 Jun 2024 14:50:34 GMT
Connection: keep-alive

GET stfly.biz/wp-content/plugins/api-blueprint/assets/style.css?v=1.0.4a

188.114.97.1

200 OK

53 kB

URL GET HTTP/3
stfly.biz/wp-content/plugins/api-blueprint/assets/style.css?v=1.0.4a
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subjectstfly.biz
Fingerprint03:DF:51:46:EE:71:42:F1:CE:4C:90:93:07:DC:3A:AA:6E:5C:CB:EF
ValidityFri, 07 Jun 2024 09:35:04 GMT - Thu, 05 Sep 2024 09:35:03 GMT

File type
ASCII text
Size
53 kB (52800 bytes)
Hash
fecee00f27b98f2325707b0c1834938f
b715fb788d1f022f748e75b96e13f539c4478c08
b71515fb130226188620cdd236c56a9e69bf699518336d6610f858d989126866

HTTP Headers

GET /wp-content/plugins/api-blueprint/assets/style.css?v=1.0.4a HTTP/1.1
Host: stfly.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.biz/76nwF
DNT: 1
Connection: keep-alive
Cookie: e73fdc2e0605ccc756172d60e28aa237=r3GGWZAJ9-4sriPMXeUURYib-kVgnmAFiwRuIvw44TTxlymSAya8ecMvI7IgDf7ozY0UH9c9SBWz8el1Bbl9jg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: text/css
last-modified: Fri, 14 Jun 2024 06:06:00 GMT
vary: Accept-Encoding
etag: W/"666bddc8-1e4fd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: HIT
age: 1309687
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SIFyYyryKkeATsSHDPxNW9HcjBnlXjG92p4c%2Bt9%2F%2BSgytaM3PY4mP9Q6o4m7uaZgxVebLtKx4OHv6B2DHqCGnrkbkBNuCTyZR1YcJyXdGLHBDY3FAt7mPNt%2BAFI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89b6bacbbdc892c7-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintC4:9C:27:09:1C:F7:14:C9:86:F0:B5:42:0B:8A:D2:AE:5E:AE:98:04
ValidityThu, 13 Jun 2024 16:31:03 GMT - Thu, 05 Sep 2024 16:31:02 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stfly.biz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jun 2024 20:09:17 GMT
expires: Sat, 28 Jun 2025 20:09:17 GMT
cache-control: public, max-age=31536000
age: 67277
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

e5.o.lencr.org/

23.36.77.32

344 B

URL
e5.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
052fa6e334c039cec021aa2f6a8da381
39883e723220fbfd1bdbbae75d4704c90e86d169
6962499435b8bed449f28311f73a67e7e455794fdb510899ad8c55dfde20924e

HTTP Headers

POST / HTTP/1.1
Host: e5.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6962499435B8BED449F28311F73A67E7E455794FDB510899AD8C55DFDE20924E"
Last-Modified: Fri, 28 Jun 2024 20:41:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12921
Expires: Sat, 29 Jun 2024 18:25:55 GMT
Date: Sat, 29 Jun 2024 14:50:34 GMT
Connection: keep-alive

POST jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintAE:2B:DC:31:5E:3D:96:83:80:87:A0:F1:B4:8C:1E:42:C2:47:37:79
ValidityTue, 14 May 2024 06:06:14 GMT - Mon, 12 Aug 2024 06:06:13 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 238
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/json; charset=utf-8
content-length: 39
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

e5.o.lencr.org/

23.36.77.32

344 B

URL
e5.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
052fa6e334c039cec021aa2f6a8da381
39883e723220fbfd1bdbbae75d4704c90e86d169
6962499435b8bed449f28311f73a67e7e455794fdb510899ad8c55dfde20924e

HTTP Headers

POST / HTTP/1.1
Host: e5.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6962499435B8BED449F28311F73A67E7E455794FDB510899AD8C55DFDE20924E"
Last-Modified: Fri, 28 Jun 2024 20:41:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12921
Expires: Sat, 29 Jun 2024 18:25:55 GMT
Date: Sat, 29 Jun 2024 14:50:34 GMT
Connection: keep-alive

GET www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c

142.251.9.97

200 OK

75 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintBA:5D:A9:7F:41:46:B0:37:01:9E:05:B0:92:BA:41:C9:31:5B:4B:4A
ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
75 kB (74991 bytes)
Hash
974fdd309097189ad8d338073590625a
b6899549f327804a456955d6c3f79e4eda7318e2
fcb0c0d6ff86e747d501b8fc96aa4f54b9af8487e09cef1a7980a9e21fe6697e

HTTP Headers

GET /gtag/js?id=UA-354543616&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 29 Jun 2024 14:50:34 GMT
expires: Sat, 29 Jun 2024 14:50:34 GMT
cache-control: private, max-age=900
last-modified: Sat, 29 Jun 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74991
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c

142.251.9.97

200 OK

106 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c
IP
142.251.9.97:443
ASN
#15169 GOOGLE

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintBA:5D:A9:7F:41:46:B0:37:01:9E:05:B0:92:BA:41:C9:31:5B:4B:4A
ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
106 kB (105874 bytes)
Hash
ef9d0f2881f501103b1a6859177d0b74
863d9578050ed371013844c9542da91071eaae93
a9094b209c8811700eab374ce0ac21575748ed2fbf754ecb1d547ff61642a7ff

HTTP Headers

GET /gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 29 Jun 2024 14:50:34 GMT
expires: Sat, 29 Jun 2024 14:50:34 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105874
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintAE:2B:DC:31:5E:3D:96:83:80:87:A0:F1:B4:8C:1E:42:C2:47:37:79
ValidityTue, 14 May 2024 06:06:14 GMT - Mon, 12 Aug 2024 06:06:13 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 241
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/json; charset=utf-8
content-length: 39
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.147.94

471 B

URL
o.pki.goog/wr2
IP
142.250.147.94:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
559aa414317bf1f850db09285be67d56
92aa13c1573ee06a9bd63aa9c86ce554634d5b62
2bd132d3f876dd0bcfbd9f75f7440f2c446bf69fad4fa9514012cb2b13565e91

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 29 Jun 2024 14:50:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

OPTIONS amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint35:05:E9:62:1A:8D:04:BD:DA:84:F3:3F:9A:08:F4:0E:32:53:93:08
ValidityTue, 18 Jun 2024 19:23:47 GMT - Mon, 16 Sep 2024 19:23:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://stfly.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://stfly.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

POST jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintAE:2B:DC:31:5E:3D:96:83:80:87:A0:F1:B4:8C:1E:42:C2:47:37:79
ValidityTue, 14 May 2024 06:06:14 GMT - Mon, 12 Aug 2024 06:06:13 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 240
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/json; charset=utf-8
content-length: 39
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

OPTIONS amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint35:05:E9:62:1A:8D:04:BD:DA:84:F3:3F:9A:08:F4:0E:32:53:93:08
ValidityTue, 18 Jun 2024 19:23:47 GMT - Mon, 16 Sep 2024 19:23:46 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
2da48ef24616ab14a245f4046bda800e
61001344187eb9e36ac4877727644434e9e03729
2a5481109e75b2935dc86decf6d4c1cad2953d3df4ffe7dcca223148d6a54be9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 837
Origin: https://stfly.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://stfly.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js

104.17.247.203

302 Found

4.5 kB

URL GET HTTP/2
unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint1E:BD:61:21:20:80:6D:7A:38:A4:15:7A:FB:C2:B0:50:AF:1F:F6:31
ValidityThu, 30 May 2024 03:44:12 GMT - Wed, 28 Aug 2024 03:44:11 GMT

File type
ASCII text, with no line terminators
Size
4.5 kB (4506 bytes)
Hash
ce7389806cfff99dd47714678d6b1ac0
bcb3e6e7c0646dfe9a3a0b8a269b2495a54b0fc1
75cd8f733566f31c03546a940468003112cf8e504307912d825c58a96195d746

HTTP Headers

GET /just-detect-adblock@latest/dist/bundle.umd.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /just-detect-adblock@1.1.0/dist/bundle.umd.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01J1J72V75HZ5PGMS0JKMNCK2B-arn
cf-cache-status: HIT
age: 561
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 89b6bacf9ac8be5b-CPH
X-Firefox-Spdy: h2

GET unpkg.com/just-detect-adblock@1.1.0/dist/bundle.umd.js

104.17.247.203

200 OK

8.0 kB

URL GET HTTP/2
unpkg.com/just-detect-adblock@1.1.0/dist/bundle.umd.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint1E:BD:61:21:20:80:6D:7A:38:A4:15:7A:FB:C2:B0:50:AF:1F:F6:31
ValidityThu, 30 May 2024 03:44:12 GMT - Wed, 28 Aug 2024 03:44:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2579)
Size
8.0 kB (8047 bytes)
Hash
09f554e0361d2bb83c02eca48ec2a0ee
e80452ce6ee60b10f8edd2c134db6566effbd0eb
6ea0709e076a8dd6569a1d148aabce6669d3bb30087be54fd8368ac1293bd771

HTTP Headers

GET /just-detect-adblock@1.1.0/dist/bundle.umd.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "a14-6ARSzm7mCxD47dLBNNtlZu/70Os"
via: 1.1 fly.io
fly-request-id: 01HWTS5JR8A2PNSXSGG3SXX42D-ams
cf-cache-status: HIT
age: 5081871
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 89b6bacfdb25be5b-CPH
X-Firefox-Spdy: h2

GET stfly.biz/wp-content/uploads/2024/04/favicon.png

188.114.97.1

404 Not Found

146 B

URL GET HTTP/3
stfly.biz/wp-content/uploads/2024/04/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subjectstfly.biz
Fingerprint03:DF:51:46:EE:71:42:F1:CE:4C:90:93:07:DC:3A:AA:6E:5C:CB:EF
ValidityFri, 07 Jun 2024 09:35:04 GMT - Thu, 05 Sep 2024 09:35:03 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

HTTP Headers

GET /wp-content/uploads/2024/04/favicon.png HTTP/1.1
Host: stfly.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.biz/76nwF
DNT: 1
Connection: keep-alive
Cookie: e73fdc2e0605ccc756172d60e28aa237=sjHynkgV2BYxi9-rw2HYs5GTiKPrXdR6PxT5xVLTPi9EgkeTZOS8Wn8MLPEtOUstA2jnZPVVyzY3wB2OfaHK0Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 29 Jun 2024 14:50:35 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvyLYp4lIaetycySJkB0GBilHC4Lgp55INorF0ibUCz%2F8BeX1oV2Gkl9560xVcUzkSvktZvvLUqKfJKtWAEPQ2ezOLBsA8FiBVr1kkWTb6hkVEfIpkGVjmQlj5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89b6bad10c8c92c7-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET gloaphoo.net/401/7521789

139.45.197.239

200 OK

89 kB

URL GET HTTP/2
gloaphoo.net/401/7521789
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectgloaphoo.net
Fingerprint78:85:5C:F5:37:7E:53:39:CF:15:7F:04:3F:F0:94:6C:BB:17:D1:7A
ValidityMon, 10 Jun 2024 04:05:26 GMT - Sun, 08 Sep 2024 04:05:25 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (89437 bytes)
Hash
a1c8dac6a9203befbfe1ba02b0e383ac
402161e98cd7c4e75abc24fe3953a3171f6bacf8
45ddde08c50e270e7150c087e290b93d461ddaa8f9f0c069692d6024023c4b49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/7521789 HTTP/1.1
Host: gloaphoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/javascript
x-trace-id: 99711638439d89b4b6360b0979576027
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03008a03060e4245fc5ee327f0cf4abd; expires=Sun, 29 Jun 2025 14:50:34 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET stfly.biz/sw-check-permissions.js?zoneId=7521570

188.114.97.1

200 OK

566 B

URL GET HTTP/3
stfly.biz/sw-check-permissions.js?zoneId=7521570
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subjectstfly.biz
Fingerprint03:DF:51:46:EE:71:42:F1:CE:4C:90:93:07:DC:3A:AA:6E:5C:CB:EF
ValidityFri, 07 Jun 2024 09:35:04 GMT - Thu, 05 Sep 2024 09:35:03 GMT

File type
ASCII text, with very long lines (605), with no line terminators
Size
566 B (566 bytes)
Hash
09301e3e4d92af40e622b21d0b436a71
3988fcf715e339df14681a3b1231214e99b4589c
66963cabcbfc420dd0173ce84258126e012d66841b5f446bda69970bec81f842

HTTP Headers

GET /sw-check-permissions.js?zoneId=7521570 HTTP/1.1
Host: stfly.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.biz/76nwF
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: e73fdc2e0605ccc756172d60e28aa237=sjHynkgV2BYxi9-rw2HYs5GTiKPrXdR6PxT5xVLTPi9EgkeTZOS8Wn8MLPEtOUstA2jnZPVVyzY3wB2OfaHK0Q
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/javascript
last-modified: Thu, 23 May 2024 12:16:59 GMT
vary: Accept-Encoding
etag: W/"664f33bb-236"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: HIT
age: 1309686
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TbOTd8csEdlVzylZ9s8YP6Mo26li7w2weTwyqbEqcuuh9msPR67BhfYHG%2B1KfaRxubWZXMUrGV8USKgzOvjt7qRgf0Ug%2BVaDMVZUuWAmXf4Izy1r6JEKZpjgGYI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89b6bace18fd92c7-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET stfly.biz/wp-content/uploads/2024/06/logo_dark.png

188.114.97.1

200 OK

12 kB

URL GET HTTP/3
stfly.biz/wp-content/uploads/2024/06/logo_dark.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subjectstfly.biz
Fingerprint03:DF:51:46:EE:71:42:F1:CE:4C:90:93:07:DC:3A:AA:6E:5C:CB:EF
ValidityFri, 07 Jun 2024 09:35:04 GMT - Thu, 05 Sep 2024 09:35:03 GMT

File type
PNG image data, 684 x 230, 8-bit colormap, non-interlaced
Size
12 kB (12402 bytes)
Hash
09bae29b50ce7910314ded2a5d6481ea
26074d868508b6a4ebac91afbea1b0888f4a948a
1fdf97d7e41f1a6dea5ea8dbccfe97ae4b2804a40b9e9b7dfeb500926e923dd7

HTTP Headers

GET /wp-content/uploads/2024/06/logo_dark.png HTTP/1.1
Host: stfly.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.biz/76nwF
DNT: 1
Connection: keep-alive
Cookie: e73fdc2e0605ccc756172d60e28aa237=r3GGWZAJ9-4sriPMXeUURYib-kVgnmAFiwRuIvw44TTxlymSAya8ecMvI7IgDf7ozY0UH9c9SBWz8el1Bbl9jg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Jun 2024 14:50:32 GMT
content-type: image/png
last-modified: Tue, 11 Jun 2024 17:49:44 GMT
vary: Accept-Encoding
etag: W/"66688e38-3072"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: HIT
age: 1309685
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dhfyMjIv9NdBqSeG%2BY0gCHWLOiDMbs1i82p94htpS6CO%2BO1vUfSwvITM78KcmywW7cxEXQONAWVEMqk4hYQm4L6ABgDQ6Gr4D%2Fp%2BGALj5Bjq%2FZYMAVEvU1JiuHk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89b6bac3fa5692c7-CPH
alt-svc: h3=":443"; ma=86400

GET phicmune.net/pfe/current/micro.tag.min.js?z=7521570&sw=/sw-check-permissions.js

139.45.197.251

200 OK

39 kB

URL GET HTTP/2
phicmune.net/pfe/current/micro.tag.min.js?z=7521570&sw=/sw-check-permissions.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectphicmune.net
Fingerprint7D:75:9F:1D:2C:1C:0C:44:61:C8:BD:B5:3C:45:F7:13:B3:08:B6:8F
ValidityMon, 29 Apr 2024 05:12:14 GMT - Sun, 28 Jul 2024 05:12:13 GMT

File type
JavaScript source, ASCII text, with very long lines (38652), with no line terminators
Size
39 kB (38652 bytes)
Hash
f73af5c8bf882a63afd501c759684e54
b7dd22ff677e4d3c5d1bd4af6ea618aabb7dc1ee
762f189600317b0c21b11c1ea3a49b3caf3cd01e835d48310b8daf1336622b78

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7521570&sw=/sw-check-permissions.js HTTP/1.1
Host: phicmune.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:33 GMT
content-type: application/javascript
last-modified: Fri, 28 Jun 2024 09:14:13 GMT
etag: W/"667e7ee5-96fc"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

GET zunsoach.com/tag.min.js

139.45.197.248

200 OK

81 kB

URL GET HTTP/2
zunsoach.com/tag.min.js
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectzunsoach.com
Fingerprint04:7E:FD:1D:0D:34:3D:43:A5:E4:C9:D5:3F:39:A0:A9:4C:45:28:37
ValidityTue, 21 May 2024 22:45:10 GMT - Mon, 19 Aug 2024 22:45:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (81179 bytes)
Hash
bb41c43791a15e37090b8a9ff5bc8387
27117182cedcc9cc10850be0e18ad74f5559b32d
649c2abfa8162f1573c09ba6cd5cf73a8a4e3c20652af9ecb9ec1a6a930dc215

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: zunsoach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: text/javascript; charset=utf-8
content-length: 28690
content-encoding: br
x-trace-id: b9ce42f44a2531537c8ddcca8d31597d
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 29 Jun 2024 13:50:15 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET ui.cleverwebserver.com/

104.18.33.247

200 OK

241 B

URL GET HTTP/2
ui.cleverwebserver.com/
IP
104.18.33.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectcleverwebserver.com
Fingerprint3D:F6:AA:0B:DD:E3:AE:94:0F:74:E6:20:A3:2D:F5:D2:84:63:1F:F0
ValidityThu, 30 May 2024 18:12:44 GMT - Wed, 28 Aug 2024 18:12:43 GMT

File type
ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
d79f490b99864e09f51cef3c263cdd0b
dd91886f23247bca23809a988a4a2ae6f5ca97e3
34013b3174a036f9d06834b887c545542295823a0665d57bc309076fb4e4a8bd

HTTP Headers

GET / HTTP/1.1
Host: ui.cleverwebserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/javascript
cf-cache-status: DYNAMIC
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: *
server: cloudflare
cf-ray: 89b6bace2ea492ee-CPH
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap

142.250.74.106

200 OK

4.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC7:12:52:3A:BD:E0:73:20:AD:A8:5F:DF:12:DB:C6:DE:AF:63:88:6B
ValidityThu, 13 Jun 2024 16:32:33 GMT - Thu, 05 Sep 2024 16:32:32 GMT

File type
ASCII text, with very long lines (4360), with no line terminators
Size
4.3 kB (4257 bytes)
Hash
971d80e47e337b176aef2102db402931
e1d63a9b20a8f6f262e1cd195b89717a539288ae
43d1aa1ce0cc98d1ec0f8eae9ad996ee46929740b9d0dfc44911cb1143c52e70

HTTP Headers

GET /css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 29 Jun 2024 14:50:33 GMT
date: Sat, 29 Jun 2024 14:50:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET scripts.cleverwebserver.com/fb4c22779132836cac71d72c4d15b8e1.js

104.18.33.247

200 OK

190 kB

URL GET HTTP/2
scripts.cleverwebserver.com/fb4c22779132836cac71d72c4d15b8e1.js
IP
104.18.33.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectcleverwebserver.com
Fingerprint3D:F6:AA:0B:DD:E3:AE:94:0F:74:E6:20:A3:2D:F5:D2:84:63:1F:F0
ValidityThu, 30 May 2024 18:12:44 GMT - Wed, 28 Aug 2024 18:12:43 GMT

File type

Size
190 kB (189740 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fb4c22779132836cac71d72c4d15b8e1.js HTTP/1.1
Host: scripts.cleverwebserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/javascript
x-amz-id-2: hWilaTYXs0kfmHhNLlMaXuqfTbYHa5nFnW/4QeTJUmwhf5Zm8eaFnjpfHeluGMeddsVuCFlEhp4=
x-amz-request-id: 00P5M2KQ5QXRCFXF
last-modified: Fri, 21 Jun 2024 09:58:15 GMT
x-amz-version-id: svltCuIpgm25Gk..LsO3h8kJ9tZrlsax
etag: W/"b473c5cb37c5d9f68c35851305347120"
cf-cache-status: HIT
expires: Sat, 29 Jun 2024 15:20:34 GMT
cache-control: public, max-age=1800
vary: Accept-Encoding
server: cloudflare
cf-ray: 89b6bacccc0892ee-CPH
content-encoding: br
X-Firefox-Spdy: h2

GET zunsoach.com/5/3381289/?oo=1&aab=1

139.45.197.248

200 OK

3.3 kB

URL GET HTTP/2
zunsoach.com/5/3381289/?oo=1&aab=1
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://stfly.biz/76nwF
Certificate
IssuerLet's Encrypt
Subjectzunsoach.com
Fingerprint04:7E:FD:1D:0D:34:3D:43:A5:E4:C9:D5:3F:39:A0:A9:4C:45:28:37
ValidityTue, 21 May 2024 22:45:10 GMT - Mon, 19 Aug 2024 22:45:09 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3571), with no line terminators
Size
3.3 kB (3289 bytes)
Hash
02deaa69c4a16d2588137a53be1553e9
c83b4aa365a14b1cb57b5c61a7613a6567b40c09
feae6e98596e24075f14529f47f642d1eef3a6d83dd83c8ef18386d8b9eedc5c

HTTP Headers

GET /5/3381289/?oo=1&aab=1 HTTP/1.1
Host: zunsoach.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://stfly.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: application/json
x-trace-id: 41fae3f2eafe4d622c5612258c3d414e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://stfly.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00808aca592c488aeea02f39b7dcfa8a; expires=Sun, 29 Jun 2025 14:50:34 GMT; path=/; secure; SameSite=None
oaidts=1719672634; expires=Sun, 29 Jun 2025 14:50:34 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js?rnd=36173721

104.17.247.203

302 Found

2.6 kB

URL GET HTTP/2
unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js?rnd=36173721
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.biz/76nwF
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint1E:BD:61:21:20:80:6D:7A:38:A4:15:7A:FB:C2:B0:50:AF:1F:F6:31
ValidityThu, 30 May 2024 03:44:12 GMT - Wed, 28 Aug 2024 03:44:11 GMT

File type

Size
2.6 kB (2580 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /just-detect-adblock@latest/dist/bundle.umd.js?rnd=36173721 HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 29 Jun 2024 14:50:34 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /just-detect-adblock@latest/dist/bundle.umd.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01J1J7KZC25V8VRD8AGE9VEEA4-arn
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 89b6bacd8f5fbe5b-CPH
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by