Report - shrtlk.click/7XYCr

Report Overview

Visited public
2025-04-14 23:41:24
Tags
URL
shrtlk.click/7XYCr
Finishing URL
shrtlk.click/7XYCr
IP / ASN
172.67.171.149
#13335 CLOUDFLARENET
Title
Shrtlk

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
shrtfly.vip	unknown	2020-12-13	2021-02-11	2025-03-16	415 B	20 kB	104.21.6.151
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-09	1.5 kB	913 kB	142.250.74.168
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-09	1.1 kB	127 kB	142.250.74.35
pagead2.googlesyndication.com	101	2003-01-21	2012-05-21	2025-04-10	434 B	790 B	142.250.178.34
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-09	410 B	90 kB	104.17.24.14
aixukiwaikra.com	unknown	unknown	No data	No data	2.1 kB	110 kB	139.45.195.12
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-04-09	435 B	3.7 kB	151.101.129.229
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-09	485 B	4.7 kB	142.250.178.106
shrtlk.click	unknown	unknown	No data	No data	3.4 kB	269 kB	172.67.171.149
wkyddypocgbq.com	unknown	unknown	No data	No data	893 B	1.2 kB	139.45.197.100
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-04-09	439 B	835 B	104.18.41.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-14	medium	wkyddypocgbq.com	Sinkholed
2025-04-14	medium	aixukiwaikra.com	Sinkholed
2025-04-14	medium	aixukiwaikra.com	Sinkholed
2025-04-14	medium	wkyddypocgbq.com	Sinkholed
2025-04-14	medium	aixukiwaikra.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-02
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-02 12:48 Times Seen210248 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	shrtlk.click/7XYCr	ScriptElement	3.6 kB	2024-06-15	2025-06-01
Pretty URL shrtlk.click/7XYCr IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-01 22:18 Times Seen80 Hash f7d6f1db13dabce4d191fa96cda860bb 3558951400bc3338af9a584afbef8833c23eae6f 9ec4b80068b51b8e02426bc905eeddb2a3cd811e89154cd3f4ca46b1f603a3f5 Loading...

	shrtlk.click/7XYCr	ScriptElement	28 kB	2025-04-14	2025-06-01
Pretty URL shrtlk.click/7XYCr IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-14 03:19 Last Seen2025-06-01 22:18 Times Seen6 Hash b35fab64d44d6bb782f4fba1595dab40 6ce2990040b834f884991e2839ade45012e9ce5e 110f2d2efa48ef1417cb70500c96094d27f8d0477a7cd6ad1d81656ac78dc21a Loading...

	shrtlk.click/7XYCr	ScriptElement	449 B	2024-06-15	2025-06-01
Pretty URL shrtlk.click/7XYCr IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-15 09:59 Last Seen2025-06-01 22:18 Times Seen80 Hash 896c9a55ba6c6119f31c9c5c06fcd79b 8ec469494baa6b23e7a9b1a4578a1707d46b3139 141b67f81e42319fb83de74e7dd72a21c6590c8699c35adda3b4037b3e146d11 Loading...

	www.googletagmanager.com/gtag/js?id=UA-108199505-1	ScriptElement	272 kB	2025-04-14	2025-04-14
Pretty URL www.googletagmanager.com/gtag/js?id=UA-108199505-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-14 23:41 Last Seen2025-04-14 23:41 Times Seen1 Hash 469ee9b03220155512e409f8c24f1b5c 8f2a3e627ac0ca3125b02c931d72b8d0c9c0543a 7aa3816ad09a5addd7cf8635195135a29dcb8d775136dc20be14aaf15efb70e0 Loading...

	shrtlk.click/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-06-02
Pretty URL shrtlk.click/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-02 12:13 Times Seen71614 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	shrtlk.click/sandbox%20eval%20code		147 B	2023-04-11	2025-06-02
Pretty URL shrtlk.click/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-02 12:41 Times Seen348979 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465	ScriptElement	390 kB	2025-04-14	2025-04-14
Pretty URL www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-14 23:41 Last Seen2025-04-14 23:41 Times Seen1 Hash d63fb671d7c269f6052d2ebfb8c4084f c837430a741c5d9176592fdec4fe4cc1f5f60908 6bd96ff499f182a33344a8ec446dd86f955809048eb730884cd125638fec530b Loading...

	shrtlk.click/7XYCr	ScriptElement	155 B	2023-03-07	2025-06-01
Pretty URL shrtlk.click/7XYCr IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:18 Last Seen2025-06-01 22:18 Times Seen171 Hash 59ebe0b9de3964823af9e47ca93a4955 f8bc090309fd3f812825b06ac082ea98cd27a8f7 fcb5a666860ca97d0ad3ed1a21203060b8fc1ac42a73b4cf628f8044698d8a2a Loading...

	shrtlk.click/7XYCr	ScriptElement	2.4 kB	2025-04-14	2025-04-14
Pretty URL shrtlk.click/7XYCr IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-14 23:41 Last Seen2025-04-14 23:41 Times Seen1 Hash 451b3a8ce72578003cbc367702025941 34684daf55345d7723a938052574d860277f5b94 8640dd014865e27874993aad01d84681cc1226813d2841c43efec14d754d373e Loading...

	shrtlk.click/sandbox%20eval%20code		147 B	2023-04-11	2025-06-02
Pretty URL shrtlk.click/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-02 12:41 Times Seen348979 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-02
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-02 12:41 Times Seen348207 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	shrtlk.click/7XYCr	ScriptElement	172 B	2025-04-14	2025-04-14
Pretty URL shrtlk.click/7XYCr IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-14 23:41 Last Seen2025-04-14 23:41 Times Seen1 Hash 4c6fe5a9c27df60a89e4565844c245eb a0629849b07ff55a6cc78e4b5ae60c65d895c86c c3a623f6b8ea15a214233913ae19e4f4c095c6b0ba3a97358b6a4adc698a79d7 Loading...

	shrtlk.click/7XYCr	ScriptElement	1.2 kB	2025-04-14	2025-04-14
Pretty URL shrtlk.click/7XYCr IP 172.67.171.149 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-14 23:41 Last Seen2025-04-14 23:41 Times Seen1 Hash 3d2748dc0e1c75d5c70796ae04f7aa0e 5ae4a59f05e29d67c933d803619f41781ce8312d 50738ecea990cc6f9877d27a2ccabd79f99162a03d071cb4ee85f7149fd974a1 Loading...

	cdn.jsdelivr.net/npm/just-detect-adblock@1.1.0/dist/bundle.umd.min.js?rnd=35179241	ScriptElement	2.9 kB	2025-03-16	2025-06-01
Pretty URL cdn.jsdelivr.net/npm/just-detect-adblock@1.1.0/dist/bundle.umd.min.js?rnd=35179241 IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-16 22:15 Last Seen2025-06-01 22:18 Times Seen9 Hash 74af06ca299da3b8c68cd4665327ac37 7d6ab2e61e7122511cd0ce03951e967d443935ee ce62361aa35d64d8c6f4379f6c634f93fe045684971d028c4daf32a89c700412 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-02
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-02 12:41 Times Seen348207 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465	ScriptElement	248 kB	2025-04-14	2025-04-14
Pretty URL www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-14 23:41 Last Seen2025-04-14 23:41 Times Seen1 Hash 6c1bf2e319a4f91beba2c9388c21cb73 8ce3ac63577790d14ddfcb153bdc511ff6d543c1 25dfafd438d5635d18aa7f879d8ac88972b705f16ff639807187f6fbd1cadcf2 Loading...

	aixukiwaikra.com/5/7704232	ScriptElement	107 kB	2025-04-14	2025-04-14
Pretty URL aixukiwaikra.com/5/7704232 IP 139.45.195.12 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-14 23:41 Last Seen2025-04-14 23:41 Times Seen1 Hash 8c159dedf9e8f8ca70642c8eeb81a4fe 63d9240344081de2be928b7741d3c371f3c75709 92726d31a8d5e11b3c4c20cadc6077e62d630c7be48d7d413f9bab0bf3cbdd83 Loading...

HTTP Transactions (22)

URL IP Response Size

fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap

142.250.178.106

200 OK

4.1 kB

URL GET
fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT

File type
ASCII text
Size
4.1 kB (4055 bytes)
Hash
c3bed2a1cbedfc23051bdd39fc74e7e4
a26d610bf9625b90c204370a6ca3d03ec2c3d754
df56221c4793fd25012e3802cb39372bfc488eb4c7787ca29d4be78e4dff0734

HTTP Headers

GET /css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&family=Inter:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 14 Apr 2025 23:41:02 GMT
date: Mon, 14 Apr 2025 23:41:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

shrtlk.click/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

172.67.171.149

200 OK

1.2 kB

URL GET
shrtlk.click/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
172.67.171.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.click
Fingerprint9C:46:41:C6:13:1D:46:CA:DA:A7:75:FB:31:4E:AC:97:1C:A9:EE:67
ValidityMon, 07 Apr 2025 05:05:33 GMT - Sun, 06 Jul 2025 06:03:46 GMT

File type
JavaScript source, ASCII text, with very long lines (1238)
Size
1.2 kB (1239 bytes)
Hash
9e8f56e8e1806253ba01a95cfc3d392c
a8af90d7482e1e99d03de6bf88fed2315c5dd728
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: shrtlk.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.click/7XYCr
DNT: 1
Connection: keep-alive
Cookie: 2b6c33c2f738629627eea96f888fe649=9uINqUmI43QMmcuVvVmj8Lm0zR6S74m2QTjXHe3baxxlELa6n9TKvvQCRwtHVnWHfBt2CutoLFSgOGyTIFJANg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Apr 2025 23:41:02 GMT
content-type: application/javascript
expires: Tue, 15 Apr 2025 00:29:02 GMT
cache-control: public
vary: accept-encoding
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: br
server: cloudflare
cf-ray: 93070d380d331c0e-OSL
X-Firefox-Spdy: h2

shrtfly.vip/img/Join-Telegram-Channel.png

104.21.6.151

200 OK

20 kB

URL GET
shrtfly.vip/img/Join-Telegram-Channel.png
IP
104.21.6.151:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectshrtfly.vip
Fingerprint0A:24:29:29:12:3F:AA:28:43:8D:B0:9B:AC:DD:75:E6:64:C5:8C:7B
ValidityMon, 24 Feb 2025 16:19:33 GMT - Sun, 25 May 2025 17:17:45 GMT

File type
PNG image data, 768 x 245, 8-bit colormap, non-interlaced
Size
20 kB (20023 bytes)
Hash
06ac021d13ac2211cfac5de3f4c0cab6
45496ca6056a32e5cf396fa657960020df4ccb13
cc860eff23be351ffc4a3249e2365f3271f162295e944ba4c1de8c37ee9e8141

HTTP Headers

GET /img/Join-Telegram-Channel.png HTTP/1.1
Host: shrtfly.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Apr 2025 23:41:02 GMT
content-type: image/png
content-length: 20023
server: cloudflare
accept-ranges: bytes
last-modified: Thu, 16 May 2024 06:19:23 GMT
etag: "6645a56b-4e37"
expires: Mon, 12 May 2025 05:46:18 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 237284
cf-ray: 93070d38de097131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465

142.250.74.168

200 OK

248 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type
JavaScript source, ASCII text, with very long lines (2361)
Size
248 kB (248151 bytes)
Hash
6c1bf2e319a4f91beba2c9388c21cb73
8ce3ac63577790d14ddfcb153bdc511ff6d543c1
25dfafd438d5635d18aa7f879d8ac88972b705f16ff639807187f6fbd1cadcf2

HTTP Headers

GET /gtag/js?id=UA-354543616&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 14 Apr 2025 23:41:03 GMT
expires: Mon, 14 Apr 2025 23:41:03 GMT
cache-control: private, max-age=900
last-modified: Mon, 14 Apr 2025 21:40:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1052:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1052:0
report-to: {"group":"ascgcycc:1052:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1052:0"}],}
server: Google Tag Manager
content-length: 88365
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

wkyddypocgbq.com/

139.45.197.100

200 OK

0 B

URL HEAD
wkyddypocgbq.com/
IP
139.45.197.100:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerLet's Encrypt
Subjectwkyddypocgbq.com
Fingerprint05:41:A7:3A:98:4C:46:E2:C3:C8:01:D5:77:6A:0C:73:9C:89:4A:BA
ValiditySun, 13 Apr 2025 10:53:14 GMT - Sat, 12 Jul 2025 10:53:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

HEAD / HTTP/1.1
Host: wkyddypocgbq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: text/html
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 23:41:03 GMT
content-type: text/html
x-t20r5a2c17e9-93i65d59: 00000000000000000000000000000000
vary: Accept-Encoding, Origin
access-control-allow-origin: https://shrtlk.click
access-control-expose-headers: Link, X-Application-Token, X-Application-Key, X-Tag, X-Auth-Token, X-DirectionPartner-Id, X-ZoneType-Id, X-Hostname
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
x-application-key: e1fn4gzlrjvtOg74E3hfpfsw30pg
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=0081ab08c4bd4ca4f95a11a38d06fa44

104.18.41.22

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=0081ab08c4bd4ca4f95a11a38d06fa44
IP
104.18.41.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
618237b9a1e966c22da3fc1ff67e1f23
4d69f75b41daada4cc7b61579ba532ce10aac539
9a94db8ac8864d267e155e3d743dcfe4e7787b9200c408fd21e31a475c1f0dbe

HTTP Headers

GET /gid.js?userId=0081ab08c4bd4ca4f95a11a38d06fa44 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Apr 2025 23:41:04 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://shrtlk.click
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081ab08c4bd4ca4f95a11a38d06fa44; expires=Tue, 14 Apr 2026 23:41:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93070d452d1f56aa-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

200 OK

90 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Apr 2025 23:41:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
cf-ray: 93070d383b2756bf-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 321200
expires: Sat, 04 Apr 2026 23:41:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cF8DTUvDzPjNLAuxn1xoJyRnD2IHE6NfWX678zXwPTw5X2kh94ZDlX52qNn9sGCpRf2QOi3xZ6%2FzhOzEmSF%2FJrrffG8HxYb5lWZ3xeZ%2BW%2F3kQ%2F%2BXkOUX4an8UuHxjGHMVYy9rnsq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-108199505-1

142.250.74.168

200 OK

272 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-108199505-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type
JavaScript source, ASCII text, with very long lines (5436)
Size
272 kB (272336 bytes)
Hash
469ee9b03220155512e409f8c24f1b5c
8f2a3e627ac0ca3125b02c931d72b8d0c9c0543a
7aa3816ad09a5addd7cf8635195135a29dcb8d775136dc20be14aaf15efb70e0

HTTP Headers

GET /gtag/js?id=UA-108199505-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 14 Apr 2025 23:41:02 GMT
expires: Mon, 14 Apr 2025 23:41:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1052:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1052:0
report-to: {"group":"ascgcycc:1052:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1052:0"}],}
server: Google Tag Manager
content-length: 95934
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

shrtlk.click/7XYCr

172.67.171.149

200 OK

0 B

URL HEAD
shrtlk.click/7XYCr
IP
172.67.171.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.click
Fingerprint9C:46:41:C6:13:1D:46:CA:DA:A7:75:FB:31:4E:AC:97:1C:A9:EE:67
ValidityMon, 07 Apr 2025 05:05:33 GMT - Sun, 06 Jul 2025 06:03:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /7XYCr HTTP/1.1
Host: shrtlk.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.click/7XYCr
DNT: 1
Connection: keep-alive
Cookie: 2b6c33c2f738629627eea96f888fe649=9uINqUmI43QMmcuVvVmj8Lm0zR6S74m2QTjXHe3baxxlELa6n9TKvvQCRwtHVnWHfBt2CutoLFSgOGyTIFJANg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 14 Apr 2025 23:41:02 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TAFXVrEqI58LoScZjfUqEnKfUO9Gh7K%2BNPTVvTrDmxVuAB5XN87%2B1s03WPkTDOGFl%2BOZT5xh%2B%2FRgj580APBeuPp51e3LMjVSS0iPo7cSRvemL5TxFhVF7U7FjyDJ42Y%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: 2b6c33c2f738629627eea96f888fe649=VcHqVLvDIIlAX8Il95VCH_s3ftf-2dlvmWLiPjIaOIGlLnuOUvoP8ACpMtGk8VKbWTcpXRfnubeUCf3ZuhE3tg; expires=Tue, 15-Apr-2025 23:41:02 GMT; Max-Age=86400; path=/; domain=shrtlk.click; HttpOnly; SameSite=Lax
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93070d3b3cc0b500-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4036&min_rtt=857&rtt_var=2435&sent=134&recv=162&lost=0&retrans=0&sent_bytes=10367&recv_bytes=9261&delivery_rate=1566&cwnd=12000&unsent_bytes=0&cid=22fcaa52eeb339c3&ts=899&x=16"

fonts.gstatic.com/s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2

142.250.74.35

200 OK

77 kB

URL GET
fonts.gstatic.com/s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 76708, version 1.0
Size
77 kB (76708 bytes)
Hash
e4fb7cb2cabbdbaeb698e9107c10995b
6fcd8fb90adf70483ab37cd1055dd21f577c2ddf
37d43e1615cd7f5c6e41d0da9a45253b89c06837026ff7caed07519bf9493e05

HTTP Headers

GET /s/bricolagegrotesque/v8/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInHWUSNIpvI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 76708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 09:41:28 GMT
expires: Fri, 10 Apr 2026 09:41:28 GMT
cache-control: public, max-age=31536000
age: 395974
last-modified: Tue, 11 Mar 2025 01:16:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465

142.250.74.168

200 OK

390 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
390 kB (389734 bytes)
Hash
d63fb671d7c269f6052d2ebfb8c4084f
c837430a741c5d9176592fdec4fe4cc1f5f60908
6bd96ff499f182a33344a8ec446dd86f955809048eb730884cd125638fec530b

HTTP Headers

GET /gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c&gtm=457e54b0za200&tag_exp=102509683~102665699~102803279~102813109~102887800~102926062~103021830~103027016~103051953~103055465 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 14 Apr 2025 23:41:03 GMT
expires: Mon, 14 Apr 2025 23:41:03 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1052:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1052:0
report-to: {"group":"ascgcycc:1052:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1052:0"}],}
server: Google Tag Manager
content-length: 129344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

shrtlk.click/wp-content/uploads/2025/04/cropped-favicon.png

172.67.171.149

200 OK

78 kB

URL GET
shrtlk.click/wp-content/uploads/2025/04/cropped-favicon.png
IP
172.67.171.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.click
Fingerprint9C:46:41:C6:13:1D:46:CA:DA:A7:75:FB:31:4E:AC:97:1C:A9:EE:67
ValidityMon, 07 Apr 2025 05:05:33 GMT - Sun, 06 Jul 2025 06:03:46 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
78 kB (77488 bytes)
Hash
2d5df94bced776e4cc5a056487794b77
d1128fcd8129e57704183223daeca3984a1b1e3f
230317f6e92d3ece865b3745c679d5ede4509a14eb065b32ae34c2ccd4de543f

HTTP Headers

GET /wp-content/uploads/2025/04/cropped-favicon.png HTTP/1.1
Host: shrtlk.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.click/7XYCr
DNT: 1
Connection: keep-alive
Cookie: 2b6c33c2f738629627eea96f888fe649=VcHqVLvDIIlAX8Il95VCH_s3ftf-2dlvmWLiPjIaOIGlLnuOUvoP8ACpMtGk8VKbWTcpXRfnubeUCf3ZuhE3tg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 14 Apr 2025 23:41:03 GMT
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SkK%2F%2FOEHZOjWRUKkkNaPC54t1N3cDbJBXymsJdX3myf3ODzOcUjjKjJuAf0nUTamP%2BnMfhawG7CaFWX2qPGAnayVLMz48Ud%2B2Ch5KcNcdOXl3%2F4LQXpq00im2Psn6BA%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 07 Apr 2025 06:17:41 GMT
vary: Accept-Encoding
etag: W/"67f36e05-12eb0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: HIT
age: 654859
cf-ray: 93070d418cffb500-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4036&min_rtt=857&rtt_var=2435&sent=134&recv=162&lost=0&retrans=0&sent_bytes=10367&recv_bytes=9261&delivery_rate=1566&cwnd=12000&unsent_bytes=0&cid=22fcaa52eeb339c3&ts=1798&x=16"

shrtlk.click/wp-content/uploads/2025/04/logo_dark.png

172.67.171.149

200 OK

12 kB

URL GET
shrtlk.click/wp-content/uploads/2025/04/logo_dark.png
IP
172.67.171.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.click
Fingerprint9C:46:41:C6:13:1D:46:CA:DA:A7:75:FB:31:4E:AC:97:1C:A9:EE:67
ValidityMon, 07 Apr 2025 05:05:33 GMT - Sun, 06 Jul 2025 06:03:46 GMT

File type
PNG image data, 684 x 230, 8-bit colormap, non-interlaced
Size
12 kB (12402 bytes)
Hash
09bae29b50ce7910314ded2a5d6481ea
26074d868508b6a4ebac91afbea1b0888f4a948a
1fdf97d7e41f1a6dea5ea8dbccfe97ae4b2804a40b9e9b7dfeb500926e923dd7

HTTP Headers

GET /wp-content/uploads/2025/04/logo_dark.png HTTP/1.1
Host: shrtlk.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.click/7XYCr
DNT: 1
Connection: keep-alive
Cookie: 2b6c33c2f738629627eea96f888fe649=9uINqUmI43QMmcuVvVmj8Lm0zR6S74m2QTjXHe3baxxlELa6n9TKvvQCRwtHVnWHfBt2CutoLFSgOGyTIFJANg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Apr 2025 23:41:02 GMT
content-type: image/png
server: cloudflare
last-modified: Mon, 07 Apr 2025 06:17:41 GMT
vary: Accept-Encoding
etag: W/"67f36e05-3072"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
content-encoding: br
cf-cache-status: HIT
age: 453300
cf-ray: 93070d380d2e1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aixukiwaikra.com/5/7704232

139.45.195.12

200 OK

107 kB

URL GET
aixukiwaikra.com/5/7704232
IP
139.45.195.12:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerLet's Encrypt
Subjectaixukiwaikra.com
FingerprintD4:2F:7B:EC:C5:F1:9D:47:63:80:5E:EF:2A:0D:B4:86:DB:C9:8E:40
ValiditySun, 13 Apr 2025 07:29:14 GMT - Sat, 12 Jul 2025 07:29:13 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (106665 bytes)
Hash
8c159dedf9e8f8ca70642c8eeb81a4fe
63d9240344081de2be928b7741d3c371f3c75709
92726d31a8d5e11b3c4c20cadc6077e62d630c7be48d7d413f9bab0bf3cbdd83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/7704232 HTTP/1.1
Host: aixukiwaikra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 23:41:03 GMT
content-type: application/javascript
x-trace-id: 7d7426d9ae48e15e173410e8e379a6ba
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081ab08c4bd4ca4f95a11a38d06fa44; expires=Tue, 14 Apr 2026 23:41:03 GMT; path=/; secure; SameSite=None
oaidts=1744674063; expires=Tue, 14 Apr 2026 23:41:03 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

aixukiwaikra.com/wrr?z=7704232&p_rid=93af6bdb-1ac4-4849-bbe6-7de8669b0e27&rb=1c-ojqyneEJ5yXrMpvssU8_wa8xYRuuL3OWSZfo5hsPHANKuGXvNlfw_-g_hde56-G-aPAY9u7eHW59HI5PMj9Kv9welnQ4GGg9u-xcLBD3jaL9BZvZna1sICKdwMBtv6mNCHzU6jyhe1PI7WnijzgxrIt5rUjQ90MHKvWlI5YN4Hcoh_woQyX6tsH_ZsO30Kou5w_HVh9NGwD4a1DlIEbyAG5pg3IJu6Tkv8VEL8j1RD_xYV_uLHgeWzHsJ7hih&dmn=aixukiwaikra.com&userId=0081ab08c4bd4ca4f95a11a38d06fa44

139.45.195.12

204 No Content

0 B

URL POST
aixukiwaikra.com/wrr?z=7704232&p_rid=93af6bdb-1ac4-4849-bbe6-7de8669b0e27&rb=1c-ojqyneEJ5yXrMpvssU8_wa8xYRuuL3OWSZfo5hsPHANKuGXvNlfw_-g_hde56-G-aPAY9u7eHW59HI5PMj9Kv9welnQ4GGg9u-xcLBD3jaL9BZvZna1sICKdwMBtv6mNCHzU6jyhe1PI7WnijzgxrIt5rUjQ90MHKvWlI5YN4Hcoh_woQyX6tsH_ZsO30Kou5w_HVh9NGwD4a1DlIEbyAG5pg3IJu6Tkv8VEL8j1RD_xYV_uLHgeWzHsJ7hih&dmn=aixukiwaikra.com&userId=0081ab08c4bd4ca4f95a11a38d06fa44
IP
139.45.195.12:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerLet's Encrypt
Subjectaixukiwaikra.com
FingerprintD4:2F:7B:EC:C5:F1:9D:47:63:80:5E:EF:2A:0D:B4:86:DB:C9:8E:40
ValiditySun, 13 Apr 2025 07:29:14 GMT - Sat, 12 Jul 2025 07:29:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wrr?z=7704232&p_rid=93af6bdb-1ac4-4849-bbe6-7de8669b0e27&rb=1c-ojqyneEJ5yXrMpvssU8_wa8xYRuuL3OWSZfo5hsPHANKuGXvNlfw_-g_hde56-G-aPAY9u7eHW59HI5PMj9Kv9welnQ4GGg9u-xcLBD3jaL9BZvZna1sICKdwMBtv6mNCHzU6jyhe1PI7WnijzgxrIt5rUjQ90MHKvWlI5YN4Hcoh_woQyX6tsH_ZsO30Kou5w_HVh9NGwD4a1DlIEbyAG5pg3IJu6Tkv8VEL8j1RD_xYV_uLHgeWzHsJ7hih&dmn=aixukiwaikra.com&userId=0081ab08c4bd4ca4f95a11a38d06fa44 HTTP/1.1
Host: aixukiwaikra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 2530
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Mon, 14 Apr 2025 23:41:04 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

shrtlk.click/wp-content/plugins/api-blueprint-1.0.5/assets/style.css?v=1.0.5a

172.67.171.149

200 OK

124 kB

URL GET
shrtlk.click/wp-content/plugins/api-blueprint-1.0.5/assets/style.css?v=1.0.5a
IP
172.67.171.149:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subjectshrtlk.click
Fingerprint9C:46:41:C6:13:1D:46:CA:DA:A7:75:FB:31:4E:AC:97:1C:A9:EE:67
ValidityMon, 07 Apr 2025 05:05:33 GMT - Sun, 06 Jul 2025 06:03:46 GMT

File type
ASCII text
Size
124 kB (124157 bytes)
Hash
fecee00f27b98f2325707b0c1834938f
b715fb788d1f022f748e75b96e13f539c4478c08
b71515fb130226188620cdd236c56a9e69bf699518336d6610f858d989126866

HTTP Headers

GET /wp-content/plugins/api-blueprint-1.0.5/assets/style.css?v=1.0.5a HTTP/1.1
Host: shrtlk.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://shrtlk.click/7XYCr
DNT: 1
Connection: keep-alive
Cookie: 2b6c33c2f738629627eea96f888fe649=9uINqUmI43QMmcuVvVmj8Lm0zR6S74m2QTjXHe3baxxlELa6n9TKvvQCRwtHVnWHfBt2CutoLFSgOGyTIFJANg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Apr 2025 23:41:02 GMT
content-type: text/css
server: cloudflare
last-modified: Mon, 07 Apr 2025 06:14:42 GMT
vary: Accept-Encoding
etag: W/"67f36d52-1e4fd"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
content-encoding: br
cf-cache-status: HIT
age: 235934
cf-ray: 93070d380d2d1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48496, version 1.0
Size
48 kB (48496 bytes)
Hash
8b7943a41013101d892c4684617ed41d
1853b95f5ae2cc51c89edf6f2c44a676efe31f3b
9d9e7b21769c8048b64fbdc1743c32641c3aa1c70c37197987ffe14d0f0508cd

HTTP Headers

GET /s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48496
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:09:02 GMT
expires: Fri, 10 Apr 2026 10:09:02 GMT
cache-control: public, max-age=31536000
age: 394320
last-modified: Mon, 29 Jul 2024 22:47:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/just-detect-adblock@1.1.0/dist/bundle.umd.min.js?rnd=35179241

151.101.129.229

200 OK

2.9 kB

URL GET
cdn.jsdelivr.net/npm/just-detect-adblock@1.1.0/dist/bundle.umd.min.js?rnd=35179241
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (2579)
Size
2.9 kB (2866 bytes)
Hash
74af06ca299da3b8c68cd4665327ac37
7d6ab2e61e7122511cd0ce03951e967d443935ee
ce62361aa35d64d8c6f4379f6c634f93fe045684971d028c4daf32a89c700412

HTTP Headers

GET /npm/just-detect-adblock@1.1.0/dist/bundle.umd.min.js?rnd=35179241 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.1.0
x-jsd-version-type: version
etag: W/"b32-fWqy5h5xIlEc0M4DlR6WfUQ5Ne4"
content-encoding: br
accept-ranges: bytes
date: Mon, 14 Apr 2025 23:41:02 GMT
age: 2414008
x-served-by: cache-fra-eddf8230025-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1175
X-Firefox-Spdy: h2

wkyddypocgbq.com/

139.45.197.100

200 OK

0 B

URL OPTIONS
wkyddypocgbq.com/
IP
139.45.197.100:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerLet's Encrypt
Subjectwkyddypocgbq.com
Fingerprint05:41:A7:3A:98:4C:46:E2:C3:C8:01:D5:77:6A:0C:73:9C:89:4A:BA
ValiditySun, 13 Apr 2025 10:53:14 GMT - Sat, 12 Jul 2025 10:53:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS / HTTP/1.1
Host: wkyddypocgbq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: HEAD
Access-Control-Request-Headers: content-type
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 14 Apr 2025 23:41:03 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://shrtlk.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint78:5B:F8:FF:50:87:46:A8:DF:37:9D:38:26:34:7C:3B:1B:89:3C:DF
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Mon, 14 Apr 2025 23:41:04 GMT
expires: Mon, 14 Apr 2025 23:41:04 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 4413938758757598040
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52797
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

139.45.195.12

204 No Content

0 B

URL OPTIONS
aixukiwaikra.com/wrr?z=7704232&p_rid=93af6bdb-1ac4-4849-bbe6-7de8669b0e27&rb=1c-ojqyneEJ5yXrMpvssU8_wa8xYRuuL3OWSZfo5hsPHANKuGXvNlfw_-g_hde56-G-aPAY9u7eHW59HI5PMj9Kv9welnQ4GGg9u-xcLBD3jaL9BZvZna1sICKdwMBtv6mNCHzU6jyhe1PI7WnijzgxrIt5rUjQ90MHKvWlI5YN4Hcoh_woQyX6tsH_ZsO30Kou5w_HVh9NGwD4a1DlIEbyAG5pg3IJu6Tkv8VEL8j1RD_xYV_uLHgeWzHsJ7hih&dmn=aixukiwaikra.com&userId=0081ab08c4bd4ca4f95a11a38d06fa44
IP
139.45.195.12:443
ASN
#9002 RETN Limited

Requested by
https://shrtlk.click/7XYCr
Certificate
IssuerLet's Encrypt
Subjectaixukiwaikra.com
FingerprintD4:2F:7B:EC:C5:F1:9D:47:63:80:5E:EF:2A:0D:B4:86:DB:C9:8E:40
ValiditySun, 13 Apr 2025 07:29:14 GMT - Sat, 12 Jul 2025 07:29:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /wrr?z=7704232&p_rid=93af6bdb-1ac4-4849-bbe6-7de8669b0e27&rb=1c-ojqyneEJ5yXrMpvssU8_wa8xYRuuL3OWSZfo5hsPHANKuGXvNlfw_-g_hde56-G-aPAY9u7eHW59HI5PMj9Kv9welnQ4GGg9u-xcLBD3jaL9BZvZna1sICKdwMBtv6mNCHzU6jyhe1PI7WnijzgxrIt5rUjQ90MHKvWlI5YN4Hcoh_woQyX6tsH_ZsO30Kou5w_HVh9NGwD4a1DlIEbyAG5pg3IJu6Tkv8VEL8j1RD_xYV_uLHgeWzHsJ7hih&dmn=aixukiwaikra.com&userId=0081ab08c4bd4ca4f95a11a38d06fa44 HTTP/1.1
Host: aixukiwaikra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://shrtlk.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Mon, 14 Apr 2025 23:41:04 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://shrtlk.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

shrtlk.click/7XYCr

172.67.171.149

200 OK

49 kB

URL User Request GET
shrtlk.click/7XYCr
IP
172.67.171.149:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectshrtlk.click
Fingerprint9C:46:41:C6:13:1D:46:CA:DA:A7:75:FB:31:4E:AC:97:1C:A9:EE:67
ValidityMon, 07 Apr 2025 05:05:33 GMT - Sun, 06 Jul 2025 06:03:46 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (28513), with CRLF, LF line terminators
Size
49 kB (49223 bytes)
Hash
b1543f7657fc40014b64c4e9f3b7bd4b
f40c0f86c72a5ac2afccfa3d7437b6f4dc8ebdad
6f0ab5f8e8f5897df740230767c4ad71cce69bc1e0f330527aeab40d2a3b1312

HTTP Headers

GET /7XYCr HTTP/1.1
Host: shrtlk.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 14 Apr 2025 23:41:01 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
referrer-policy: same-origin
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: 2b6c33c2f738629627eea96f888fe649=9uINqUmI43QMmcuVvVmj8Lm0zR6S74m2QTjXHe3baxxlELa6n9TKvvQCRwtHVnWHfBt2CutoLFSgOGyTIFJANg; HttpOnly; SameSite=Lax; Path=/; Domain=shrtlk.click; Max-Age=86400; Expires=Tue, 15 Apr 2025 23:41:01 GMT
cf-ray: 93070d356c221c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML