Report - stfly.xyz/6bXHh

Report Overview

Visited public
2023-11-28 17:59:56
Tags
URL
stfly.xyz/6bXHh
Finishing URL
stfly.xyz/6bXHh
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Stfly

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
indelphoxom.com	unknown	2023-08-14	2023-08-14 10:42:19	2023-11-18 23:56:00	1.5 kB	76 kB	139.45.197.239
stfly.xyz	unknown	2023-06-09	2023-06-09 16:37:14	2023-11-23 17:09:32	2.4 kB	32 kB	188.114.97.1
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-28 05:09:25	437 B	29 kB	104.17.24.14
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15 22:36:43	2023-11-28 08:49:31	458 B	26 kB	104.18.11.207
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-28 07:52:06	435 B	20 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-28 07:50:39	567 B	20 kB	216.58.207.227
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-28 07:59:41	1.3 kB	231 kB	142.250.74.72
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-27 18:56:26	463 B	738 B	139.45.195.8
gishejuy.com	unknown	2023-10-25	2023-10-25 15:14:32	2023-11-25 21:49:25	404 B	675 B	139.45.197.242
unpkg.com	11693	2016-01-06	2016-01-08 00:26:01	2023-11-28 08:26:21	873 B	6.3 kB	104.16.124.175

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	gishejuy.com	Sinkholed
2023-11-28	medium	indelphoxom.com	Sinkholed
2023-11-28	medium	indelphoxom.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	stfly.xyz/6bXHh	ScriptElement	155 B	2023-03-07	2025-04-20
Pretty URL stfly.xyz/6bXHh IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:18 Last Seen2025-04-20 18:23 Times Seen169 Hash 59ebe0b9de3964823af9e47ca93a4955 f8bc090309fd3f812825b06ac082ea98cd27a8f7 fcb5a666860ca97d0ad3ed1a21203060b8fc1ac42a73b4cf628f8044698d8a2a Loading...

	www.googletagmanager.com/gtag/js?id=UA-108199505-1	ScriptElement	191 kB	2023-11-28	2023-11-28
Pretty URL www.googletagmanager.com/gtag/js?id=UA-108199505-1 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 18:59 Last Seen2023-11-28 18:59 Times Seen1 Hash 8e76594bd973c689b5db5293507f4919 c25286d2a755aad333445a5b59dd0ac84d0027e5 e2714eedca5063a255e4b3df84662a988a6f3a5bf46a20266270545511caaaf9 Loading...

	stfly.xyz/sandbox%20eval%20code		147 B	2023-04-11	2025-05-11
Pretty URL stfly.xyz/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 17:50 Times Seen341971 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js	ScriptElement	2.6 kB	2023-03-07	2025-03-25
Pretty URL unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js IP 104.16.124.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:06 Last Seen2025-03-25 00:43 Times Seen143 Hash 09f554e0361d2bb83c02eca48ec2a0ee e80452ce6ee60b10f8edd2c134db6566effbd0eb 6ea0709e076a8dd6569a1d148aabce6669d3bb30087be54fd8368ac1293bd771 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 17:49 Times Seen205898 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	stfly.xyz/6bXHh	ScriptElement	2.4 kB	2023-03-08	2024-08-21
Pretty URL stfly.xyz/6bXHh IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 14:35 Last Seen2024-08-21 08:44 Times Seen77 Hash a1704fd491a577a58e2d012ac00ef92b be2f0459eaa4565828d125bf90a13b69d4e7b437 62d2ea0f5f0040686256ce7936143e9a6233f336f7d1efbd7dca27fd73e90b12 Loading...

	indelphoxom.com/5/3381289	ScriptElement	72 kB	2023-11-28	2023-11-28
Pretty URL indelphoxom.com/5/3381289 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 18:59 Last Seen2023-11-28 18:59 Times Seen1 Hash da85890c431c8eb467487100768a2b68 44e7a1cf2dfc48ceffc05318a46f992c2c566679 dc36a82e3dcf0ca93f38f958ac5733bb89b4c565350304d1e0b6ba1dce8e69a3 Loading...

	www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c	ScriptElement	177 kB	2023-11-28	2023-11-28
Pretty URL www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 18:59 Last Seen2023-11-28 18:59 Times Seen1 Hash 90a52443663b6cda0a325fefb23a8533 e7bc98504c6fd073d4df3292187ab9bc38bf90ec ce909868711bb0179d03f0d551fa2c45eeabd29efa597fbce25718986ef57dc6 Loading...

	stfly.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-05-11
Pretty URL stfly.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 17:51 Times Seen68492 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-11
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 17:50 Times Seen341170 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	stfly.xyz/6bXHh	ScriptElement	886 B	2024-08-20	2024-08-20
Pretty URL stfly.xyz/6bXHh IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:33 Last Seen2024-08-20 17:33 Times Seen1 Hash 038d27f2b3315044e64a48627e8a3373 bc9cee89c43690b61602267a27ce948d27fea0db 7020a17b1505fd8f40ce1ab9125f834c8689008ad2eaac56703b115d16459f63 Loading...

	www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c	ScriptElement	291 kB	2023-11-28	2023-11-28
Pretty URL www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 18:59 Last Seen2023-11-28 18:59 Times Seen1 Hash e6e69fc9d26d11dbcb77127d1e9544d5 325acbab61c4203dc184bb722c355532cfbd2c5a 13aa12ced007d69176e1e2b3ff36ccfb1a7e3a5abf3c76743b4d8eacc7e1b2cd Loading...

HTTP Transactions (17)

URL IP Response Size

stfly.xyz/6bXHh

188.114.97.1

200 OK

16 kB

URL User Request GET HTTP/2
stfly.xyz/6bXHh
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectstfly.xyz
FingerprintEE:82:76:08:0D:7E:FE:9B:ED:86:CE:1E:8B:C1:D5:56:73:23:97:F9
ValidityThu, 05 Oct 2023 14:13:29 GMT - Wed, 03 Jan 2024 14:13:28 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4906), with CRLF, LF line terminators
Size
16 kB (16130 bytes)
Hash
f1480f713cd9d238821d41f583c524f0
604e179fe9025d2351b843f6d17b0144c5890f94
ba65738b6251e2484b16356c08e2279c3a641bc0dab6bcfdd2f6bf4e24309eb8

HTTP Headers

GET /6bXHh HTTP/1.1
Host: stfly.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 17:59:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie: a97dec166db543b83d884ee6929041cb=LlYzjBMKcXKUWP7TQhBlzINHSuAHWr1C7YUfhGO5uqPPyl1hzmdJ3x8fHRwb89-cIT39c3XSZDDaLFsLVNkI4w; expires=Wed, 29-Nov-2023 17:59:37 GMT; Max-Age=86400; path=/; domain=stfly.xyz; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TqfZ5PdtaoAy%2F1WOLSVtnPQ9LbZUSDYeBHBnQnmsD6cNLqfudSw%2Fdn%2FJLAgv17fjDR1Npm1m%2FTPSwvCGgBRO4D%2F9BMJicBMFaCN3SsVtNfIiVcisGDFkoxZKHbE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d4817d0b2ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 17:59:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 302076
expires: Sun, 17 Nov 2024 17:59:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BB6aL8PRNKvL%2Bz3d%2Bm33E6epSIYfo%2BN1HCAAAJRQD0wJshzGOlflp6t2SyF0fsObgr3T4Kf8lsaQhTIjy5Ep14A9Y5Em7yerYTjxU7dIlLXbHPwbo%2F9saUi4CcOCM85Sm6Rd8%2Fl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82d481812b6c56b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

104.18.11.207

200 OK

25 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
25 kB (24926 bytes)
Hash
a15c2ac3234aa8f6064ef9c1f7383c37
6e10354828454898fda80f55f3decb347fd9ed21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

HTTP Headers

GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 17:59:38 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 10/31/2023 18:59:49
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 781fdf1c6e823e65290dac5eeb884a47
cdn-cache: HIT
cf-cache-status: HIT
age: 485159
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82d481814d560b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-108199505-1

142.250.74.72

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-108199505-1
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68800 bytes)
Hash
8e76594bd973c689b5db5293507f4919
c25286d2a755aad333445a5b59dd0ac84d0027e5
e2714eedca5063a255e4b3df84662a988a6f3a5bf46a20266270545511caaaf9

HTTP Headers

GET /gtag/js?id=UA-108199505-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Nov 2023 17:59:38 GMT
expires: Tue, 28 Nov 2023 17:59:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68800
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans

142.250.74.106

200 OK

19 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
19 kB (19301 bytes)
Hash
756a3b6043b76c007a41f8955272f5d6
b6f57b60347b9c67f8ce429fa5cc4a0ace106a3b
36f2da0e4392c775d4775386959791fd73d53a7eb7d31c4ef5f980d36378fa30

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 28 Nov 2023 17:59:38 GMT
date: Tue, 28 Nov 2023 17:59:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c

142.250.74.72

200 OK

65 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-354543616&l=dataLayer&cx=c
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (3026)
Size
65 kB (64629 bytes)
Hash
90a52443663b6cda0a325fefb23a8533
e7bc98504c6fd073d4df3292187ab9bc38bf90ec
ce909868711bb0179d03f0d551fa2c45eeabd29efa597fbce25718986ef57dc6

HTTP Headers

GET /gtag/js?id=UA-354543616&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Nov 2023 17:59:38 GMT
expires: Tue, 28 Nov 2023 17:59:38 GMT
cache-control: private, max-age=900
last-modified: Tue, 28 Nov 2023 17:34:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64629
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c

142.250.74.72

200 OK

96 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
96 kB (95462 bytes)
Hash
e6e69fc9d26d11dbcb77127d1e9544d5
325acbab61c4203dc184bb722c355532cfbd2c5a
13aa12ced007d69176e1e2b3ff36ccfb1a7e3a5abf3c76743b4d8eacc7e1b2cd

HTTP Headers

GET /gtag/js?id=G-PDV6XHL2ZF&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 28 Nov 2023 17:59:39 GMT
expires: Tue, 28 Nov 2023 17:59:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 95462
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

my.rtmark.net/gid.js?userId=ceb19de6c1494e8485d1a55777edf962

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=ceb19de6c1494e8485d1a55777edf962
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
d126fc351ba03ae38e21ddde7659e94f
d903cd71d3a9efa85931d5df9e1893d3cb1fa946
609110eabb59b71a2df8621dd1bf3ba86ddadbab73bc3487477201162a64d23b

HTTP Headers

GET /gid.js?userId=ceb19de6c1494e8485d1a55777edf962 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://stfly.xyz
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 17:59:39 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://stfly.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ceb19de6c1494e8485d1a55777edf962; expires=Wed, 27 Nov 2024 17:59:39 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gishejuy.com/400/4495548

139.45.197.242

403 Forbidden

22 B

URL GET HTTP/2
gishejuy.com/400/4495548
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
b5e50d07b6b24e1e105e6e4fceb97bf6
95d7e8119b8befc7153b44b4c7be59f26bd6ad33
61c3148fba3befcce5b4636c4209a440913a136138bf62005df97386827f2ae2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/4495548 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: nginx
date: Tue, 28 Nov 2023 17:59:39 GMT
content-type: text/plain; charset=utf-8
content-length: 22
x-trace-id: 4b61488d881ac448ba785cf0b35551b2
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
X-Firefox-Spdy: h2

stfly.xyz/wp-content/uploads/2023/06/favicon.png

188.114.97.1

200 OK

1.3 kB

URL GET HTTP/3
stfly.xyz/wp-content/uploads/2023/06/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerLet's Encrypt
Subjectstfly.xyz
FingerprintEE:82:76:08:0D:7E:FE:9B:ED:86:CE:1E:8B:C1:D5:56:73:23:97:F9
ValidityThu, 05 Oct 2023 14:13:29 GMT - Wed, 03 Jan 2024 14:13:28 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1273 bytes)
Hash
77004a5b31f1c5ab30755cad675630cb
9ff49298b2f92e7895b7d47a115b2473fe3d35e1
f75a1c9fe89949bcaa5941eb8f583e9df82b4b07da88162fdb552660b7909b60

HTTP Headers

GET /wp-content/uploads/2023/06/favicon.png HTTP/1.1
Host: stfly.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/6bXHh
Cookie: a97dec166db543b83d884ee6929041cb=LlYzjBMKcXKUWP7TQhBlzINHSuAHWr1C7YUfhGO5uqPPyl1hzmdJ3x8fHRwb89-cIT39c3XSZDDaLFsLVNkI4w; _ga_PDV6XHL2ZF=GS1.1.1701194383.1.0.1701194383.0.0.0; _ga=GA1.1.1165997722.1701194383; prefetchAd_3381289=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 17:59:39 GMT
content-type: image/png
content-length: 1273
last-modified: Tue, 20 Jun 2023 19:15:20 GMT
etag: "6491fac8-4f9"
expires: Sat, 23 Dec 2023 05:21:12 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 477507
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWOPVBmErLv2ymUaW5bJ05t3vBzPn5ty%2F9f03EcH%2FBFO5Sw%2F35rk%2BzRKkNfavJrJUPIoLYbM4PQXM6q9j%2BhdZbOmMQ59Ff%2B%2Fi5YAGC7CoFMN0zUW9gHDVTA6WbM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d481880e51569f-OSL
alt-svc: h3=":443"; ma=86400

stfly.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.97.1

200 OK

1.2 kB

URL GET HTTP/3
stfly.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerLet's Encrypt
Subjectstfly.xyz
FingerprintEE:82:76:08:0D:7E:FE:9B:ED:86:CE:1E:8B:C1:D5:56:73:23:97:F9
ValidityThu, 05 Oct 2023 14:13:29 GMT - Wed, 03 Jan 2024 14:13:28 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: stfly.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/6bXHh
Cookie: a97dec166db543b83d884ee6929041cb=LlYzjBMKcXKUWP7TQhBlzINHSuAHWr1C7YUfhGO5uqPPyl1hzmdJ3x8fHRwb89-cIT39c3XSZDDaLFsLVNkI4w
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 28 Nov 2023 17:59:38 GMT
content-type: application/javascript
last-modified: Thu, 16 Nov 2023 21:55:48 GMT
etag: W/"65568fe4-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPJ1QWXBu8i1cjXGgeVLmwGtr7umkdaQcXtSxYh3Bqu370UPQVrwC8cg4mXgtLpFwwrFOj0BUMwDwYM2FFMKAf0dtUrAP8eAPhkjfcQHphVWIeu%2BCG%2BsF8wyr7I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d48180fc52569f-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 30 Nov 2023 17:59:38 GMT
cache-control: max-age=172800, public
content-encoding: gzip

stfly.xyz/wp-content/uploads/2023/06/logo-wp.png

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
stfly.xyz/wp-content/uploads/2023/06/logo-wp.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerLet's Encrypt
Subjectstfly.xyz
FingerprintEE:82:76:08:0D:7E:FE:9B:ED:86:CE:1E:8B:C1:D5:56:73:23:97:F9
ValidityThu, 05 Oct 2023 14:13:29 GMT - Wed, 03 Jan 2024 14:13:28 GMT

File type
PNG image data, 684 x 251, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10590 bytes)
Hash
94130f636ea5a1676c65189017652bd1
f29c40a9146876dfd0b18a8babe6de2958d970ec
20d03dbd1aefea543ffa2e04625f3466936a9b6c0b90449941490aaa7b080a6d

HTTP Headers

GET /wp-content/uploads/2023/06/logo-wp.png HTTP/1.1
Host: stfly.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/6bXHh
Cookie: a97dec166db543b83d884ee6929041cb=LlYzjBMKcXKUWP7TQhBlzINHSuAHWr1C7YUfhGO5uqPPyl1hzmdJ3x8fHRwb89-cIT39c3XSZDDaLFsLVNkI4w
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 28 Nov 2023 17:59:38 GMT
content-type: image/png
content-length: 10590
last-modified: Tue, 20 Jun 2023 19:15:21 GMT
etag: "6491fac9-295e"
expires: Sat, 23 Dec 2023 02:55:09 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 486269
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wM1rLRC9V3FnrJearDu53KsKPL%2FNkp5IbosAmHO7Sc0dk8Uma2GmrQcMRzBel%2BsUL7LaMRrmSf99yMem0eVJOyBeS05mUXzLyKBYA23TIjcUPqDclEU5DkHH6NM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d48180fc4a569f-OSL
alt-svc: h3=":443"; ma=86400

indelphoxom.com/5/3381289

139.45.197.239

200 OK

72 kB

URL GET HTTP/2
indelphoxom.com/5/3381289
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerLet's Encrypt
Subjectindelphoxom.com
Fingerprint2C:13:F7:3E:06:53:BE:61:BE:11:11:ED:47:17:81:FE:FF:14:45:28
ValidityMon, 30 Oct 2023 09:30:49 GMT - Sun, 28 Jan 2024 09:30:48 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (71842 bytes)
Hash
da85890c431c8eb467487100768a2b68
44e7a1cf2dfc48ceffc05318a46f992c2c566679
dc36a82e3dcf0ca93f38f958ac5733bb89b4c565350304d1e0b6ba1dce8e69a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/3381289 HTTP/1.1
Host: indelphoxom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 17:59:38 GMT
content-type: application/javascript
x-trace-id: 1344809f7c8243c2b40a51c73edd692d
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=ceb19de6c1494e8485d1a55777edf962; expires=Wed, 27 Nov 2024 17:59:38 GMT; path=/; secure; SameSite=None
oaidts=1701194378; expires=Wed, 27 Nov 2024 17:59:38 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

unpkg.com/just-detect-adblock@1.1.0/dist/bundle.umd.js

104.16.124.175

200 OK

2.6 kB

URL GET HTTP/2
unpkg.com/just-detect-adblock@1.1.0/dist/bundle.umd.js
IP
104.16.124.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2626), with no line terminators
Size
2.6 kB (2580 bytes)
Hash
a1d5f898e1926ddaa05309ce7402b971
0c51e4e561392e80ce68ac23eaf08bec6e49f953
c05c50665ef2ef7e5d44e924303500e3d41b2424626a9c2e226e3e4486fefc24

HTTP Headers

GET /just-detect-adblock@1.1.0/dist/bundle.umd.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 17:59:39 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"a14-6ARSzm7mCxD47dLBNNtlZu/70Os"
via: 1.1 fly.io
fly-request-id: 01HFV0PPP335C7T9PMNNN3WKQ4-arn
cf-cache-status: HIT
age: 554357
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 82d48184de5c56a2-OSL
content-encoding: br
X-Firefox-Spdy: h2

indelphoxom.com/?rb=p4hChgnEY2WfTV9IrO35FDCnsQ5ky9ZMi-5mZ7HFKTLHNV918n6vRC1AC9Jv-9lw9OPQv_n0XXyX5w6MZy_iJ5LcDl3i3cXS2-J7n4Zl_u5JZpHuyVoI59mdRG2Mm_gKD-yMe4cU3_SSmWN6Ksw9MbNYiQrk0sHU_t_ma-TFwM6v1dpNpHculpJa5ZXIprNT730ygq7toCDp8XKdmao5DwSlpUplG6tc918lbQ%3D%3D&request_ab2=0&zoneid=3381289&js_build=iclick-v1.634.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fstfly.xyz%2F6bXHh&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.634.0&bs=e483bc56-4fec-409e-a887-671ba8c2962b&userId=ceb19de6c1494e8485d1a55777edf962&m=link

139.45.197.239

200 OK

1.7 kB

URL GET HTTP/2
indelphoxom.com/?rb=p4hChgnEY2WfTV9IrO35FDCnsQ5ky9ZMi-5mZ7HFKTLHNV918n6vRC1AC9Jv-9lw9OPQv_n0XXyX5w6MZy_iJ5LcDl3i3cXS2-J7n4Zl_u5JZpHuyVoI59mdRG2Mm_gKD-yMe4cU3_SSmWN6Ksw9MbNYiQrk0sHU_t_ma-TFwM6v1dpNpHculpJa5ZXIprNT730ygq7toCDp8XKdmao5DwSlpUplG6tc918lbQ%3D%3D&request_ab2=0&zoneid=3381289&js_build=iclick-v1.634.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fstfly.xyz%2F6bXHh&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.634.0&bs=e483bc56-4fec-409e-a887-671ba8c2962b&userId=ceb19de6c1494e8485d1a55777edf962&m=link
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerLet's Encrypt
Subjectindelphoxom.com
Fingerprint2C:13:F7:3E:06:53:BE:61:BE:11:11:ED:47:17:81:FE:FF:14:45:28
ValidityMon, 30 Oct 2023 09:30:49 GMT - Sun, 28 Jan 2024 09:30:48 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1701), with no line terminators
Size
1.7 kB (1681 bytes)
Hash
f486ce93b536374457aeba2ead072736
d205b794ca065d9ebe3ce942411b9546f4186052
9a5e46e4f86fcebf585a7b7fdbdb4ffddef0843db1e7ade60ca011d1970e96fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=p4hChgnEY2WfTV9IrO35FDCnsQ5ky9ZMi-5mZ7HFKTLHNV918n6vRC1AC9Jv-9lw9OPQv_n0XXyX5w6MZy_iJ5LcDl3i3cXS2-J7n4Zl_u5JZpHuyVoI59mdRG2Mm_gKD-yMe4cU3_SSmWN6Ksw9MbNYiQrk0sHU_t_ma-TFwM6v1dpNpHculpJa5ZXIprNT730ygq7toCDp8XKdmao5DwSlpUplG6tc918lbQ%3D%3D&request_ab2=0&zoneid=3381289&js_build=iclick-v1.634.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fstfly.xyz%2F6bXHh&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.634.0&bs=e483bc56-4fec-409e-a887-671ba8c2962b&userId=ceb19de6c1494e8485d1a55777edf962&m=link HTTP/1.1
Host: indelphoxom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stfly.xyz/
Origin: https://stfly.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=ceb19de6c1494e8485d1a55777edf962; oaidts=1701194378
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 28 Nov 2023 17:59:39 GMT
content-type: application/json
x-trace-id: bf7b615e75081f28d4faaa31e3b0efc7
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://stfly.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=ceb19de6c1494e8485d1a55777edf962; expires=Wed, 27 Nov 2024 17:59:39 GMT; path=/; secure; SameSite=None
oaidts=1701194379; expires=Wed, 27 Nov 2024 17:59:39 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 05 Dec 2023 17:59:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js

104.16.124.175

302 Found

2.6 kB

URL GET HTTP/2
unpkg.com/just-detect-adblock@latest/dist/bundle.umd.js
IP
104.16.124.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
2.6 kB (2580 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /just-detect-adblock@latest/dist/bundle.umd.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stfly.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 28 Nov 2023 17:59:38 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /just-detect-adblock@1.1.0/dist/bundle.umd.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01HGBH1APAR0JAGF99N3GZ1XHK-arn
cf-cache-status: HIT
age: 361
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 82d481848dc456a2-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://stfly.xyz/6bXHh
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18664, version 1.0\012- data
Size
19 kB (18664 bytes)
Hash
8d1c44b2bf75a4e6f1bd141f9a965f4f
1e5dfdb7ca5ee8e823f9f5787f84b18fbdc38434
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709

HTTP Headers

GET /s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stfly.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18664
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 23:21:50 GMT
expires: Fri, 22 Nov 2024 23:21:50 GMT
cache-control: public, max-age=31536000
age: 412669
last-modified: Thu, 14 Sep 2023 01:36:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by