Report - rutor.xproxy.org/

Report Overview

Visited public
2024-01-26 20:08:33
Tags
URL
rutor.xproxy.org/
Finishing URL
rutor.xproxy.org/
IP / ASN
104.21.34.53
#13335 CLOUDFLARENET
Title
rutor.info :: Свободный торрент трекер

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
i.ibb.co	13485	2010-07-20	2018-11-25 11:13:48	2024-01-26 08:43:01	426 B	5.9 kB	162.19.58.156
cdnbunny.org	unknown	2022-04-20	2022-04-23 09:54:02	2024-01-26 17:22:19	424 B	2.3 kB	77.91.100.49
rutor.xproxy.org	unknown	2021-01-06	2023-03-21 18:01:27	2023-10-29 21:40:29	4.4 kB	511 kB	172.67.198.142
matomo.hellohi.me	545402	2019-07-03	2019-07-03 22:13:04	2024-01-22 02:20:03	404 B	67 kB	188.114.97.1
theusualsuspectz.biz	unknown	2023-01-27	2023-01-27 02:27:31	2024-01-18 02:41:06	409 B	49 kB	188.114.97.1
metrica-yandex.com	783336	2021-09-14	2021-09-19 06:17:37	2024-01-18 02:41:41	415 B	61 kB	188.114.97.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-01-26 11:18:50	519 B	17 kB	216.58.207.227
heartilyscales.com	unknown	2022-12-16	2022-12-16 09:32:11	2024-01-22 18:55:04	438 B	16 kB	192.243.59.13
s-rutor.xproxy.org	unknown	2021-01-06	2023-03-22 01:58:13	2023-07-29 18:19:51	4.3 kB	82 kB	172.67.198.142
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-01-26 11:20:27	452 B	2.9 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-01-26 20:08:08	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-01-26	medium	heartilyscales.com	Sinkholed
2024-01-26	medium	theusualsuspectz.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	rutor.xproxy.org/	ScriptElement	26 B	2023-03-07	2025-05-24
Pretty URL rutor.xproxy.org/ IP 172.67.198.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:40 Last Seen2025-05-24 08:16 Times Seen795 Hash 5779365b0a28c08298ca5847c65b769d 3076ad9e094690cd6c4ee200ae254e6e7260fd30 57c620405714b8baa51067e0ca9bc9a9b252985292b857360aec8a9936688709 Loading...

	rutor.xproxy.org/	ScriptElement	551 B	2023-03-10	2025-04-08
Pretty URL rutor.xproxy.org/ IP 172.67.198.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:04 Last Seen2025-04-08 08:27 Times Seen87 Hash b85b27987b7c92064e74b404f8a00fb0 43647fe515e06f0134195978c737a8edac8758b8 9bd4d3bba5b8f86e8322f0b65bb3a5c3d31f1d16a0da3346dba895c36cede91e Loading...

	rutor.xproxy.org/app/apx19.js	ScriptElement	9.2 kB	2023-03-07	2025-05-24
Pretty URL rutor.xproxy.org/app/apx19.js IP 172.67.198.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:40 Last Seen2025-05-24 08:16 Times Seen826 Hash 2344c3f05f624d595f6fb920e4d74ded eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1 3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a Loading...

	unknown	Function	34 B	2023-04-11	2025-05-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-05-25 07:38 Times Seen67068 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	rutor.xproxy.org/	ScriptElement	816 B	2024-08-20	2024-08-20
Pretty URL rutor.xproxy.org/ IP 172.67.198.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 11:00 Last Seen2024-08-20 11:00 Times Seen1 Hash 6b4629151dab418545e4450212731812 2008b918c7f890ffe836a94e08692161e9adfebf 8f0f0758166f3902700dbcacf194ed9210ec8c40b6860295acf8206c728c7cfa Loading...

	rutor.xproxy.org/	ScriptElement	464 B	2023-03-26	2024-08-20
Pretty URL rutor.xproxy.org/ IP 172.67.198.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:34 Last Seen2024-08-20 21:44 Times Seen7 Hash 6b94ae63cf1dfc749b1c59a4264cfdb8 7b5d3f84858f4398046cc73010c2b489060506b2 381a76a60930e91d9498f59c2a42a051c9e38bbf97a7c08bf232a605c72baf90 Loading...

	rutor.xproxy.org/	ScriptElement	449 B	2023-03-07	2025-04-15
Pretty URL rutor.xproxy.org/ IP 172.67.198.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:40 Last Seen2025-04-15 12:49 Times Seen391 Hash 8ec4ea2cc07fb4298dd793cbc67d3755 04c34c92ef5baad58af7c56b728d4a84c55f7185 9a0e8ee9789c9f554b318f332bf0d2c61f85cdcf33afc1228b6f94181f841b1d Loading...

	rutor.xproxy.org/app/apx14.js	ScriptElement	7.7 kB	2023-03-07	2025-05-24
Pretty URL rutor.xproxy.org/app/apx14.js IP 172.67.198.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:40 Last Seen2025-05-24 08:16 Times Seen830 Hash dfb1f327618e201778f2de85cfbcd173 fceb89a2221463e5bc5a71feff1247683ab08cc5 dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33 Loading...

HTTP Transactions (27)

URL IP Response Size

i.ibb.co/pyC2VvJ/alert-xxl.png

162.19.58.156

200 OK

5.6 kB

URL GET HTTP/2
i.ibb.co/pyC2VvJ/alert-xxl.png
IP
162.19.58.156:443
ASN
#16276 OVH SAS

Requested by
https://rutor.xproxy.org/
Certificate
IssuerLet's Encrypt
Subjectibb.co
FingerprintFC:63:8C:C6:92:83:4E:13:94:18:9A:03:C2:BB:CC:F0:23:97:AA:8C
ValiditySat, 09 Dec 2023 13:40:45 GMT - Fri, 08 Mar 2024 13:40:44 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
5.6 kB (5554 bytes)
Hash
8d0eed07b450044fdca282d1daf8a58c
794e1284cdf81fd60154955c1805282ae21240cd
baac89456a2d4dfdcdc14244fbe50a04ade7a401c82de605938a92e16f35c1af

HTTP Headers

GET /pyC2VvJ/alert-xxl.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/png
content-length: 5554
last-modified: Mon, 07 Aug 2023 04:09:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint4C:E1:1E:E3:63:49:81:BB:F5:53:CE:44:91:07:8A:14:84:70:7F:66
ValidityTue, 02 Jan 2024 13:09:26 GMT - Tue, 26 Mar 2024 13:09:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rutor.xproxy.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Jan 2024 19:02:01 GMT
expires: Thu, 23 Jan 2025 19:02:01 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 176767
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnbunny.org/i/poisk_bg.gif?

77.91.100.49

200 OK

2.0 kB

URL GET HTTP/1.1
cdnbunny.org/i/poisk_bg.gif?
IP
77.91.100.49:443
ASN
#42861 Foton Telecom CJSC

Requested by
https://rutor.xproxy.org/
Certificate
IssuerLet's Encrypt
Subjectcdnbunny.org
Fingerprint5D:CC:55:58:2F:1E:E5:CA:BB:12:CF:58:F0:80:25:41:D2:76:D9:68
ValidityTue, 14 Nov 2023 03:18:33 GMT - Mon, 12 Feb 2024 03:18:32 GMT

File type
GIF image data, version 89a, 46 x 56
Size
2.0 kB (1998 bytes)
Hash
76118a48fd5ae4b926e34f4edb427386
4aa5f228e3f511bf626afa6703488d1d7c6df5e0
4912841156c4582948d016867a6c71845a0221f1dd6419ea911f6f83bbc431d7

HTTP Headers

GET /i/poisk_bg.gif? HTTP/1.1
Host: cdnbunny.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 26 Jan 2024 20:08:08 GMT
Content-Type: image/gif
Content-Length: 1998
Connection: keep-alive
Last-Modified: Sat, 12 Nov 2011 15:28:37 GMT
ETag: "4ebe90a5-7ce"
Cache-Control: max-age=604800
Age: 128490
X-Debug: 604800.000 4779
Accept-Ranges: bytes

heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js

192.243.59.13

200 OK

15 kB

URL GET HTTP/1.1
heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://rutor.xproxy.org/
Certificate
IssuerLet's Encrypt
Subjectheartilyscales.com
Fingerprint23:E8:9C:3B:65:9E:0E:40:38:6B:05:60:33:60:67:1F:47:1B:AE:CA
ValidityTue, 12 Dec 2023 06:46:41 GMT - Mon, 11 Mar 2024 06:46:40 GMT

File type
JavaScript source, ASCII text, with very long lines (42809), with no line terminators
Size
15 kB (15285 bytes)
Hash
0fd47d45d2a5939d2825df33da963d97
6817d6aa580543448726a2b8e4ec78c6b0e080e2
f2551b151ae7269a5ab8a99b6f590debd835ddafbe6e8d4958a663ebfd55897b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Jan 2024 20:08:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 258e3c8cbe2d858fb69937f126825a97
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

s-rutor.xproxy.org/t/top.gif?

172.67.198.142

200 OK

10 kB

URL GET HTTP/3
s-rutor.xproxy.org/t/top.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 24 x 24
Size
10 kB (10192 bytes)
Hash
f89828d017300039ecb142786920fc4d
bfc2eb412e870b7ceda6082d32ba4ea8d03f473f
0d4365a38dffd40285e1daa6a6d48f0922f276b2c25a393f0e1323ff3d788dda

HTTP Headers

GET /t/top.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=anfrpeeeqf1t633b9bpomtdts7; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RzyFuQM4lK6cO6Y8OFJxMenf1xbygFaHQzrppqbi9cRTzJDklEMfOVXPvh9tgFV4dv8BeYwNTm8kRTj31I1LoABnCV1BBpQfh8LbNtAzdzjK8GyNey%2BrV%2F5KwXEwycNx4lTBAaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf8070b4d-OSL
alt-svc: h3=":443"; ma=86400

s-rutor.xproxy.org/i/forum.gif?

172.67.198.142

200 OK

13 kB

URL GET HTTP/3
s-rutor.xproxy.org/i/forum.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 250 x 42
Size
13 kB (12758 bytes)
Hash
6f47abc0920d730498a844c0ddb8f3c1
740de41bdc0be6a07ddfcad00c7452bc51f0c18f
24159e369d77549d74f35bb0f28827e8b6a549062e4048c96b80f62b0741cff9

HTTP Headers

GET /i/forum.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=1955f2skjg0sss1fak67o1qcfk; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMcXoWUz7WN7HF6XyMk5WKe1mqiYaG0W0%2FX74XVgIc511vDg0qj%2FHxlmMr9wDoUw0DaibMubtynadPeoNe2606jUEophkp%2FTGepw0ueLGaUMyXPSsaG82tU3dHSxFe4XA2pWAp8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf80f0b4d-OSL
alt-svc: h3=":443"; ma=86400

rutor.xproxy.org/js/rutor-favicon.ico

172.67.198.142

200 OK

8.5 kB

URL GET HTTP/3
rutor.xproxy.org/js/rutor-favicon.ico
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Size
8.5 kB (8461 bytes)
Hash
ab55f59a775976829d8352a7a0584d3e
e4b29ec4ac46d97ea15c582d61d02c523dd0485b
e68d4b7f22b5027fef4672cc5ba884fb52ac248fd1ca4648c9ac89d95b0e58f4

HTTP Headers

GET /js/rutor-favicon.ico HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:10 GMT
content-type: image/x-icon
last-modified: Thu, 21 Apr 2022 20:53:29 GMT
etag: W/"6261c449-37e"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kOUBqpaIJ9mTgNylrkILJzpamJFWWwhcXCNZShk4HerNMEU4%2FPheFi8UZcXlTdgYY1jww8Fnw%2FE3genDhzUMPispxIYAv91VSR%2FBW2U87W3YpXM3XX3bAvAO%2F8f1GeyxyxdP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62e65d750b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rutor.xproxy.org/hy.js?q22q2q2

172.67.198.142

200 OK

56 kB

URL GET HTTP/3
rutor.xproxy.org/hy.js?q22q2q2
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
JavaScript source, ASCII text, with very long lines (56131), with no line terminators
Size
56 kB (56131 bytes)
Hash
667d77da844b6d5ad62b2f26e77b4b12
01ae61192a38af73a93c67468fb8271d7bbfa4f6
f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1

HTTP Headers

GET /hy.js?q22q2q2 HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 05:53:27 GMT
etag: W/"603dd2d7-db43"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttcKreWHEnINnapH2QAQbf8wqJJFY5dAOOYBi2kWvPI%2FqHP%2Fw3y2tEmN%2BAF%2Bgl8OwsruMS4%2BVjaNHThV4VePIdFZbLWaeN6Y%2BYLTM%2FzBEMCVbhAeUN6OdM1mUDYUXbAVX47p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62dcbe3c0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

matomo.hellohi.me/matomo.js

188.114.97.1

200 OK

66 kB

URL GET HTTP/2
matomo.hellohi.me/matomo.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint3B:19:FF:F4:F0:F2:6F:BE:66:7F:4C:A0:E8:02:E6:F4:94:A8:6C:68
ValidityWed, 01 Mar 2023 00:00:00 GMT - Thu, 29 Feb 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1601)
Size
66 kB (65842 bytes)
Hash
a3a7245d6daf7d31d2069c0ba05879dd
ec1bf464889e71aec1ced6d8361a26c76e4a1460
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693

HTTP Headers

GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 19 Oct 2023 04:58:52 GMT
etag: W/"6530b78c-10132"
expires: Fri, 26 Jan 2024 20:17:35 GMT
cache-control: public, max-age=14400
pragma: public
cf-cache-status: HIT
age: 3033
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHfm%2BjDIasDkoHmDm%2BG4anLaPYu7fYWcrE08u0ZxxXLEgsxpN0%2Bc0qlGOAp7NLtTViI54rL1MLgzX8QlrG55BYQ5LEelPTdyxg%2BPuv0WfF6H62Utgh0UTr%2FRUwGzbiXBxgYhBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84bb62df0d3d5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s-rutor.xproxy.org/t/arrowdown.gif?

172.67.198.142

200 OK

51 B

URL GET HTTP/3
s-rutor.xproxy.org/t/arrowdown.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 5 x 8
Size
51 B (51 bytes)
Hash
fe98a58fe6509fb7cb897d25228329d3
34d9e63fe61d4b543f84003c70d0473b6893926f
a045e7b1f5ceaefbab2ef782b86b12de0a41fc2ca34c43cbf6b8b8a107d339ff

HTTP Headers

GET /t/arrowdown.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=gtgoslju56avfvbg4i6vmhaave; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QraIM7OhM4yn0bvQPoHsRuw9%2BRoA%2Blkg6OGfIbkuJBCviqtrDu7jWrcN89It49B3Ym82b%2F4k%2Fk0%2BbkKw8ypZISrwz4o8w0f5dnEZVDaAjes24z9xVp%2B8eSvh5Ej5ZghS2xCed4E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf81b0b4d-OSL
alt-svc: h3=":443"; ma=86400

s-rutor.xproxy.org/i/com.gif?

172.67.198.142

200 OK

295 B

URL GET HTTP/3
s-rutor.xproxy.org/i/com.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 11 x 9
Size
295 B (295 bytes)
Hash
e91f48c29a8f6285ade898585e58f8ad
c171b970bbdb33210c1e9714bc7fa96e42bdb0bf
30bacf9c5db02b0b5fdbe670c15301ec8231d2e526ab20ea5f8dfb8692e02f17

HTTP Headers

GET /i/com.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=8sop9reg1p9m1m5uq13ei31jqn; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgZIAkWizr4ZJHeuMkPjC8MMOh%2FzRp4VllZsCnFtEmzJjMfD69VEJZZpZooZ6AUhj9X9i6vBLLc%2FMu9OJh9T7wgEnHyG9bO4cZekzaR9N2WYDupfWPoyRgbft%2FHJ2dlt7yANBq8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf80b0b4d-OSL
alt-svc: h3=":443"; ma=86400

s-rutor.xproxy.org/i/lupa.gif?

172.67.198.142

200 OK

3.1 kB

URL GET HTTP/3
s-rutor.xproxy.org/i/lupa.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 55 x 56
Size
3.1 kB (3079 bytes)
Hash
e2c8f8537818f7880be3ae505852b9ff
2a1f5572e6f4c9efc1700f34d6c6969bedbd8535
6946c64a41b61a1e8708b7bcf8274274c71cdc23932aab32da5b868d19212b3a

HTTP Headers

GET /i/lupa.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=435hqqfl7sbdia8igdkph03jub; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oE2Oy15rV2DjL2jXwCcxpq2zu%2FscJrfyeIfB9Pf65yk7QEUb%2FSul9ryxh39a80wHN0F91D756uw6yJ0cHfA%2Fyz6XqWMoLpLD6Ccx%2BDYrYRRdlbB1HmemJJpICJk3QKDV59LX01Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf80d0b4d-OSL
alt-svc: h3=":443"; ma=86400

rutor.xproxy.org/app/apx14.js

172.67.198.142

200 OK

7.7 kB

URL GET HTTP/3
rutor.xproxy.org/app/apx14.js
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
JavaScript source, ASCII text, with very long lines (8720), with no line terminators
Size
7.7 kB (7663 bytes)
Hash
3db7729f5768690d08cfbb852bda88b3
29d50e49674a25263da47dec24318c1a68f003e0
997dcda1cc75d9821ee6a9b2dba6fff73b5f104ed1a49792f998d7fe70d24893

HTTP Headers

GET /app/apx14.js HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 15 Sep 2020 18:26:26 GMT
etag: W/"5f610752-1def"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgbDmAYps7ZDurTzOpONS7dsEuaC%2F%2Fabt%2Bgld1HC8vBGUpr1gJBJukZd2oiUAblXCkmXavIQqrpnEOtj%2F%2FPu3B2WpTAllPKjFKmRqppQD4c05VmO40%2FT78%2FirSM6mAUVBsX1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62dcbe4e0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

s-rutor.xproxy.org/t/arrowup.gif?

172.67.198.142

200 OK

52 B

URL GET HTTP/3
s-rutor.xproxy.org/t/arrowup.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 5 x 8
Size
52 B (52 bytes)
Hash
7cbfc089fd0b0d261187a0c1ef0826af
1583fd0ccdd6a7dcb24ef670761ab01387cf87cf
b88cfd011c972f65586f207621005b8b3336773a252e2a309ddbd9b7dda7b8b9

HTTP Headers

GET /t/arrowup.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=v4jh879aitksqscv4b5054ml28; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pv%2FDxE1GM2pCYxPRafwVj9t5wTkVBB0mLZTGlx2XcxrDIHNoaPS8YoMHaX%2F8JIJ5gcrso%2FT6Fv8M1iKEX5zBSY%2F9HfX7GaK2fCjRPcPeIJFiCucdKcX49ugQJMskkyTxtVA%2F4TI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf8200b4d-OSL
alt-svc: h3=":443"; ma=86400

rutor.xproxy.org/app/apx19.js

172.67.198.142

200 OK

9.2 kB

URL GET HTTP/3
rutor.xproxy.org/app/apx19.js
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
JavaScript source, ASCII text, with very long lines (10516), with no line terminators
Size
9.2 kB (9183 bytes)
Hash
d26dea46bd49f9297502159ed377f84c
2da344f74215617efd03c4805e5e15d7d8039515
77d7964a36f5c3105bc99271b3ffe2d4ebc5541e4acd38def734b3eaea38fd38

HTTP Headers

GET /app/apx19.js HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 15 Sep 2020 18:46:55 GMT
etag: W/"5f610c1f-23df"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zwC%2F8lgZ4XNb6H5elUmXG3KnzHSLy8i5h4bGV9iXmmu1zIKy8F3m3NaQVCg%2FWx3N9ra3Chg1ALvIBb8MaQAWuXNVet9FsiMg%2FMFDtgEn1qoxIzamUnUEvYJaTt7YGu0SgS5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62dcbe350b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

theusualsuspectz.biz/j/m/qqqq.js

188.114.97.1

200 OK

48 kB

URL GET HTTP/2
theusualsuspectz.biz/j/m/qqqq.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjecttheusualsuspectz.biz
FingerprintFA:DB:F4:92:9B:AC:6B:09:63:48:5A:A7:A1:A9:FC:F7:DA:5F:A2:E6
ValidityTue, 16 Jan 2024 02:50:00 GMT - Mon, 15 Apr 2024 02:49:59 GMT

File type
JavaScript source, ASCII text, with very long lines (48351), with no line terminators
Size
48 kB (48351 bytes)
Hash
febd5bfc829d7c8aa363e93e2e61f414
10d66213a9249bea47b15acf295323f01d217ef0
ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 03:16:06 GMT
etag: W/"603dadf6-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 4990776
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xE5aSh3ozrXnw2TjyYCa7Cviaa5hRHXYD%2BC%2Fv0yXse3D5g%2F5SfQoCAvrFK9UMOoEgL%2FStnSFYi%2F6HItu1gpWJ7d3YY0wW0Lg8M%2BroVQEvIfaUYk9Ek0ZKSytSEf1uoN5PVYoSJ6yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84bb62dd1972b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rutor.xproxy.org/

172.67.198.142

200 OK

350 kB

URL User Request GET HTTP/2
rutor.xproxy.org/
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type

Size
350 kB (350277 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: text/html;charset=UTF-8
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cinuZ05A5dtanPfNIlaY2CyEcm%2BQa3d4nh%2BihgH5wbnTpeXKsLohuESx74fd7Y0nuhorHQFmIPMIDRFtqcjIlBTP3Eysl60DqoKQg92Hc5VKvpAfEEHW30LurCamduqLb7Gc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62d99a6f56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rutor.xproxy.org/zpp/zpp4.js?q22q2q2

172.67.198.142

200 OK

39 kB

URL GET HTTP/3
rutor.xproxy.org/zpp/zpp4.js?q22q2q2
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
JavaScript source, ASCII text, with very long lines (38995), with no line terminators
Size
39 kB (38995 bytes)
Hash
7dc63553536847077855df4f82f1ec18
146c3aac34cb4e7e1e9c692ccd0161b2e4f018de
3a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960

HTTP Headers

GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 02 Mar 2021 05:53:32 GMT
etag: W/"603dd2dc-9853"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ENTeYJNLTCb%2B3jgieausvVjq9lvO6AXhs9NZUyA8EFxIMtVJlZ2jL4oOZhu5WBzGi0cqYXtS7y0g%2FkfJ1gQzVzdDwMheFehkjwh1osKzgR87%2BTiu%2BSlhPAI3I3r6nUNmHLIV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62dcbe3f0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

metrica-yandex.com/metrika/tag.js?1001

188.114.97.1

200 OK

60 kB

URL GET HTTP/2
metrica-yandex.com/metrika/tag.js?1001
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrica-yandex.com
FingerprintE2:76:38:E7:71:A4:73:C7:0B:ED:FE:19:0D:51:10:1B:69:49:E1:25
ValiditySat, 13 Jan 2024 10:45:37 GMT - Fri, 12 Apr 2024 10:45:36 GMT

File type
JavaScript source, ASCII text, with very long lines (60271), with no line terminators
Size
60 kB (60271 bytes)
Hash
ea67b2343fc359662afdae5d4c8c8e03
7f07219a8cd9d6d5c17e20bd7e80fac0281c2b18
5e31460a6eacabdc5895ad2ad898a4a570ac88f2794c61ddce6b0beee304eb11

HTTP Headers

GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 30 Sep 2021 23:00:22 GMT
etag: W/"61564186-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 5144167
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqMCViuWwXbfLYVclqf0kGiu5%2BOv%2FiJ2Zf4S5ZbtQ2gfDh5XbIIdB7GWaPrM2cfu1iVZsCa1KdQeumBgTt%2BQmOeBfR4TSefqXGLWzA08PlGWH7SVi7OQZlTZ198mEqLmdwsNnBg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84bb62dd0f690b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s-rutor.xproxy.org/logo.jpg?

172.67.198.142

200 OK

45 kB

URL GET HTTP/3
s-rutor.xproxy.org/logo.jpg?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=120, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=450], baseline, precision 8, 420x110, components 3
Size
45 kB (44893 bytes)
Hash
dc4a948f3ccf35b2c39269cde1aad6f3
1b952aa88121ee56b0648e0e2476a0dacc39da5e
eabb9097a448d6066ceac9b449f2a3759776e14aea3d574208495af12ed84f56

HTTP Headers

GET /logo.jpg? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/jpeg
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=hd449f8oq59rlk20aibuqpmh09; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E2JuBKpGY6O5RbSyMeSDNyC9PuUf%2Bo4j0W2IUHJvd4QhlU9g40jITB2OFmpv%2F%2FrAO2IgzxjV3CV8icutY%2Fapv0dNilccSSii3oJ8YpvgdH3VrpAgwvXa3liddqnkY9PNWMdGwBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf8170b4d-OSL
alt-svc: h3=":443"; ma=86400

rutor.xproxy.org/app/x12.js

172.67.198.142

200 OK

11 kB

URL GET HTTP/3
rutor.xproxy.org/app/x12.js
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
JavaScript source, ASCII text, with very long lines (11180), with no line terminators
Size
11 kB (11180 bytes)
Hash
94efa3c05291ac5cccd32cc3a11c9724
3a033e4d6f5e5eaf76030a81c8a05c619de436c2
58c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102

HTTP Headers

GET /app/x12.js HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 15 Sep 2020 18:26:27 GMT
etag: W/"5f610753-2bac"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RbpEmEp7nr0nbwrw%2FH2%2FByPk0Iy2sc1R4jiD2XECDHR4sNIvxaylhFJBq8TYqc4xJYVy978oBtkJ4ZFH7mtakRCW8FT6gdmno314SiPunugBccf26DHQsy%2BpPG9hXvo7dD%2Bw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62dcbe560b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

s-rutor.xproxy.org/i/ic24.gif?

172.67.198.142

200 OK

2.4 kB

URL GET HTTP/3
s-rutor.xproxy.org/i/ic24.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 60 x 41
Size
2.4 kB (2362 bytes)
Hash
976d75e1c6afb21afa4241fca3aa0aaf
8da3af404aad55e592caecbb640936facba38856
8cebaa55f91e1628a7b4729ef423d6947dd2efad0d0bf06bd0371912cdd21404

HTTP Headers

GET /i/ic24.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=2novsbu936bk5n9ko8t6k02f6v; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=herSVoYfwYuoM%2BZ%2BRZDSGQ6wmJOj2vqh7rw4ZvPz8LgEyO1rYU7rFkHEu8mS0KMtfMJA%2BxNS0hgurkmwGwTreLIlyIepZDG%2FJjRXhCIxbUp%2Bs%2BymUnQFM8yCmrr6%2BI6rVatjWR0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf8190b4d-OSL
alt-svc: h3=":443"; ma=86400

s-rutor.xproxy.org/i/m.png?

172.67.198.142

200 OK

656 B

URL GET HTTP/3
s-rutor.xproxy.org/i/m.png?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
656 B (656 bytes)
Hash
1c923e4247dd2fbbc7e407beecf6028c
37a7cd424c135206071cad59df92511df4fb6e5e
efb2d84b9882f1e58d07b358cb77ad0b67fcce154bc7dc70086532abe8f57fff

HTTP Headers

GET /i/m.png? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/png
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=dooj4um6upbkhtsiiffta2l13v; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Huxu7oQmueeXZNuZWJrcvjnySbArjRXllewMTteJW4sNGIl8ubu3nHX08QfTRzo96MA9m26QdR8M0YEtzHjDq0VEMQz7X2hR%2FAJjGDwvei0KQy1BkVWgYExhTLLPampcPyWiObE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf8130b4d-OSL
alt-svc: h3=":443"; ma=86400

rutor.xproxy.org/js/rutor-css.css

172.67.198.142

200 OK

23 kB

URL GET HTTP/3
rutor.xproxy.org/js/rutor-css.css
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
ASCII text, with very long lines (3877)
Size
23 kB (23045 bytes)
Hash
0de953836b820f628a50a1e48e04d5fe
b5f7c2b57caa8723051c15c30585a65d03595a01
656e2438ea6a9eb85ca7ac478fdae0d4ef13c3cca617cca66410fc970c383064

HTTP Headers

GET /js/rutor-css.css HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: text/css
last-modified: Thu, 21 Apr 2022 20:53:29 GMT
etag: W/"6261c449-5a05"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AH%2BImVXO5dOfSImPODXLenkUly2QfXurZ%2BPkGy%2Br76TqPKtSwFGcUHDwqu7CQZkigWRzSpomqrdT7ZCYSzGJoqUPzYkURgNnfGnfifvwmnUptRe7LsZq2ShPWmIbThBxXaEu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62dc9e040b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

142.250.74.106

200 OK

2.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint89:28:B5:6E:7C:E5:97:43:A6:48:34:12:2C:71:3F:67:E0:7C:6A:66
ValidityTue, 02 Jan 2024 13:09:23 GMT - Tue, 26 Mar 2024 13:09:22 GMT

File type
ASCII text, with very long lines (2319), with no line terminators
Size
2.3 kB (2256 bytes)
Hash
a923b98baca4b55a4d2a4f806222686b
767d3e48a33b662bdb12e0f498fd2510a59a7db4
e927b86850ae1f8b6c9ab3722b76d1f1f72f224d0a3523b04ca29df0e7aee222

HTTP Headers

GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Jan 2024 20:08:08 GMT
date: Fri, 26 Jan 2024 20:08:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

s-rutor.xproxy.org/i/d.gif?

172.67.198.142

200 OK

359 B

URL GET HTTP/3
s-rutor.xproxy.org/i/d.gif?
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type
GIF image data, version 89a, 13 x 13
Size
359 B (359 bytes)
Hash
3def66024a583b6ca763e249acb3c426
82f2f897d3e2746181b889811ac675565dcaf0fa
7d4fb7d5a9e681b2313ca88338e3255364aa452f243d6397aa905783e98bfca0

HTTP Headers

GET /i/d.gif? HTTP/1.1
Host: s-rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: image/gif
set-cookie: view=1; expires=Sat, 27-Jan-2024 20:08:08 GMT; Max-Age=86400
PHPSESSID=3o4b5948vc4hstr4mhdsf9gn4v; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHazaiaoowEQ0w22BBXNDrAlepMSMH6xfG%2FK2dhjMcjAaTAZu%2BT63r9FHNwEi%2BLCvKWRfw1KcJH7Pw0KiLd%2BNdQZnhdt022sS5XYqv9mE0W5dAUOrysL68X9lTwuIThJOqDk%2FVw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62ddf81d0b4d-OSL
alt-svc: h3=":443"; ma=86400

rutor.xproxy.org/user.php

172.67.198.142

200 OK

0 B

URL POST HTTP/3
rutor.xproxy.org/user.php
IP
172.67.198.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rutor.xproxy.org/
Certificate
IssuerGoogle Trust Services LLC
Subjectxproxy.org
Fingerprint35:53:4B:59:6C:49:E9:03:2B:E4:55:7E:90:7F:6A:27:A6:CA:03:A6
ValiditySun, 03 Dec 2023 23:19:18 GMT - Sat, 02 Mar 2024 23:19:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /user.php HTTP/1.1
Host: rutor.xproxy.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: https://rutor.xproxy.org
DNT: 1
Connection: keep-alive
Referer: https://rutor.xproxy.org/
Cookie: view=1; PHPSESSID=9qsoem1tm3lj78bmg6ce6l8v6s
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 20:08:08 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2RHXWejSD4WJH4uSwAQUQADCv1UqpX9C8px2rHz%2B3hphG79L%2BjPr64JvmcrwQ3gDfQp5ARdbhD16NVo8r5iu5cyIWv%2BlL9Fl6c6cCE0vf8YFP1Yl0Av3WdCW%2BMyHy6ghpEs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84bb62de98f00b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by