| sangarmuting.shop/s/47/7d/477d01573cdfd5377e5d8878ad4bba68.jpg |  51.89.192.129 | 200 OK | 7.4 kB |
URL GET sangarmuting.shop/s/47/7d/477d01573cdfd5377e5d8878ad4bba68.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash477d01573cdfd5377e5d8878ad4bba68 93286f19b84c4af500f313651e91296185e8550f 6ae5b3ef464c7a521b518c33b30258667eda94e3a2f9c6434beabb8949fb229a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/47/7d/477d01573cdfd5377e5d8878ad4bba68.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 7422
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-1cfe"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| segarkojiri.top/cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top |  212.117.186.4 | 200 OK | 0 B |
URL OPTIONS segarkojiri.top/cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top IP212.117.186.4:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerZeroSSL Subjectsegarkojiri.top FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7 ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dw.dextrodedenda.top/
Origin: https://dw.dextrodedenda.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:03 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dw.dextrodedenda.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| segarkojiri.top/cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top | 212.117.186.4 | 200 OK | 32 B |
URL POST segarkojiri.top/cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top IP212.117.186.4:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerZeroSSL Subjectsegarkojiri.top FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7 ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT
Hash4c78eff624707e5beaba474e4a466ba6 fa25fd1076e7e0cd48f73c93b20a2dc260bda53e 6ca74385087ccb43fd8d9022bb840beb1bc9719284ad1fb71144545d7cdf7324
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dw.dextrodedenda.top/
Content-Type: application/json
Content-Length: 10
Origin: https://dw.dextrodedenda.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:03 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dw.dextrodedenda.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=6792045b62242cc77a7eae; expires=Sun, 08 Sep 2052 11:24:11 GMT; domain=segarkojiri.top; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| sangarmuting.shop/s/3a/4d/3a4d0d6d1ab7e1673dead372169de413.jpg | 51.89.192.129 | 200 OK | 6.6 kB |
URL GET sangarmuting.shop/s/3a/4d/3a4d0d6d1ab7e1673dead372169de413.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash3a4d0d6d1ab7e1673dead372169de413 b462d008e1a6a7d74268ae6da5454c7a9e87e147 1a89f634d1cf38f2eea11240cc7323e65aac952ed1833b7b4fc80c62ae68ddad
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/3a/4d/3a4d0d6d1ab7e1673dead372169de413.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 6562
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-19a2"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| sangarmuting.shop/s/90/06/90061af72da9a462f2d4c0c742b15a7e.jpg | 51.89.192.129 | 200 OK | 4.9 kB |
URL GET sangarmuting.shop/s/90/06/90061af72da9a462f2d4c0c742b15a7e.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash90061af72da9a462f2d4c0c742b15a7e 5b799f1b475d86b6f1fee6896f7bc2fdffa3cb18 1646cb0f483614e703b0f089f87f1012c590a7d3f1708c2e8460aeb11f7e346a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/90/06/90061af72da9a462f2d4c0c742b15a7e.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 4935
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-1347"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| sangarmuting.shop/s/26/1e/261e02df16f7665ba1b78b609a7fb2d4.jpg | 51.89.192.129 | 200 OK | 13 kB |
URL GET sangarmuting.shop/s/26/1e/261e02df16f7665ba1b78b609a7fb2d4.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash261e02df16f7665ba1b78b609a7fb2d4 f3c9aac73dfdfc5798968d58b08c10b4acdd7f16 f732ce2009432bc8b6485ff3894d9ecd0d23f040420c7c776d536da514668507
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/26/1e/261e02df16f7665ba1b78b609a7fb2d4.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 13020
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-32dc"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| sangarmuting.shop/s/89/a8/89a8d71198ed9d7a09f6b2b354a1ce7e.jpg | 51.89.192.129 | 200 OK | 5.7 kB |
URL GET sangarmuting.shop/s/89/a8/89a8d71198ed9d7a09f6b2b354a1ce7e.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash89a8d71198ed9d7a09f6b2b354a1ce7e bc7bd31d31085bbc8e4450d4f3540bdfd8fa64d2 d4f1c9d6fbd2d2949b3260fd5643c498020dddaabdb5a5ffd4d4b75826c08cb7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/89/a8/89a8d71198ed9d7a09f6b2b354a1ce7e.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 5653
Last-Modified: Fri, 24 May 2024 16:48:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c1-1615"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| fonts.googleapis.com/css2?family=Roboto:wght@100..900&display=swap |  142.250.74.10 | 200 OK | 5.6 kB |
URL GET fonts.googleapis.com/css2?family=Roboto:wght@100..900&display=swap IP142.250.74.10:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint7A:29:E6:A8:BE:59:2C:AE:82:2D:CA:8E:15:89:41:BE:EC:D2:0D:EA ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT
File typeASCII text, with very long lines (1572) Hashc394461ffd41552e9ccb3b3dd9f22d65 044d2e01ea991bb9a04a930fe593786c04edcf03 7d5ed0825e8024166e1d5be3c98e7f056ed274cc351db71da0e650a9b607e552
GET /css2?family=Roboto:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 May 2025 20:46:02 GMT
date: Fri, 09 May 2025 20:46:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| sangarmuting.shop/s/58/95/5895ca89bedbe51efb066518a11d930c.svg | 51.89.192.129 | 200 OK | 407 B |
URL GET sangarmuting.shop/s/58/95/5895ca89bedbe51efb066518a11d930c.svg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeSVG Scalable Vector Graphics image Hash5895ca89bedbe51efb066518a11d930c 69b2bff044b717c9106b2fc77926ebb8a869da3b fe0f623177600a9988066bab3460aa64af8f38f90a377f1d878021711b1bd533
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/58/95/5895ca89bedbe51efb066518a11d930c.svg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/svg+xml
Content-Length: 407
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-197"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| mixiblefarmout.top/favicon.ico |  172.255.99.92 | 200 OK | 1.4 kB |
URL GET mixiblefarmout.top/favicon.ico IP172.255.99.92:443
Requested byhttps://mixiblefarmout.top/iTTLplbWkDpFFiiFAVfWCntquO/83540/?md=eyJ0dmMiOjAsImEiOjk0MCwicyI6IjEyODB4MTAyNCIsImIiOiIxMjgweDEwMjQiLCJyIjoiaHR0cHM6Ly9kdy5kZXh0cm9kZWRlbmRhLnRvcC9sL0RNUF9waWN0dXJlX2NhcHRjaGE%2FYz04Qzk5QjU0MC0yRDE2LTExRjAtQjY1Qy0xNzhBQUZGODc5MDcmcz0zNjgyMCIsInEiOiJodHRwczovL2R3LmRleHRyb2RlZGVuZGEudG9wL2l5SHI1VmpBUTJzc3JYdVIvODM1NDA%2FcGFyYW1fND0zNjgyMCZwYXJhbV81PThDOTlCNTQwLTJEMTYtMTFGMC1CNjVDLTE3OEFBRkY4NzkwNyIsImgiOjEzODksImwiOiJlbi1VUyIsInQiOjAsInoiOjY0MywiayI6MCwidSI6IjY3OTIwNDViNjIyNDJjYzc3YTdlYWUiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidHF1ZnhhcGUxaW5tZGp6IiwibyI6dHJ1ZSwibSI6MTc0NjgyMzU3NzgyMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=PZT66MpeiEZVrLAYXSrwBeLZswBmky_VJtQAhIh7Rxg¶m_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 CertificateIssuerZeroSSL Subjectmixiblefarmout.top Fingerprint63:03:B8:D8:88:F3:35:B5:AC:A5:72:C4:FC:E3:F7:2B:E2:95:D2:AB ValiditySat, 19 Apr 2025 00:00:00 GMT - Fri, 18 Jul 2025 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 16x16 Hash011201ab56695ce86ea2f190bce2670b bb8fad6accf293e619360935047c23f00da3c769 a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: mixiblefarmout.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mixiblefarmout.top/iTTLplbWkDpFFiiFAVfWCntquO/83540/?md=eyJ0dmMiOjAsImEiOjk0MCwicyI6IjEyODB4MTAyNCIsImIiOiIxMjgweDEwMjQiLCJyIjoiaHR0cHM6Ly9kdy5kZXh0cm9kZWRlbmRhLnRvcC9sL0RNUF9waWN0dXJlX2NhcHRjaGE%2FYz04Qzk5QjU0MC0yRDE2LTExRjAtQjY1Qy0xNzhBQUZGODc5MDcmcz0zNjgyMCIsInEiOiJodHRwczovL2R3LmRleHRyb2RlZGVuZGEudG9wL2l5SHI1VmpBUTJzc3JYdVIvODM1NDA%2FcGFyYW1fND0zNjgyMCZwYXJhbV81PThDOTlCNTQwLTJEMTYtMTFGMC1CNjVDLTE3OEFBRkY4NzkwNyIsImgiOjEzODksImwiOiJlbi1VUyIsInQiOjAsInoiOjY0MywiayI6MCwidSI6IjY3OTIwNDViNjIyNDJjYzc3YTdlYWUiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidHF1ZnhhcGUxaW5tZGp6IiwibyI6dHJ1ZSwibSI6MTc0NjgyMzU3NzgyMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=PZT66MpeiEZVrLAYXSrwBeLZswBmky_VJtQAhIh7Rxg¶m_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:18 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 07 May 2025 16:55:33 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "681b9085-57e"
Expires: Sat, 10 May 2025 20:46:18 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
|
|
| sangarmuting.shop/s/ca/bb/cabb2f341ace2809094884a062c53768.jpg | 51.89.192.129 | 200 OK | 6.4 kB |
URL GET sangarmuting.shop/s/ca/bb/cabb2f341ace2809094884a062c53768.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hashcabb2f341ace2809094884a062c53768 1c9f03dbbb7988e7c7afad98d8363779adf76ef9 a8e9a141c57f45df2cd7edfcffebeeca19b8df6774bcce2bb261d4e7b3872366
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/ca/bb/cabb2f341ace2809094884a062c53768.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 6406
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-1906"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| sangarmuting.shop/s/59/d4/59d4c0ec31782dcccbb29b1abf962950.svg | 51.89.192.129 | 200 OK | 344 B |
URL GET sangarmuting.shop/s/59/d4/59d4c0ec31782dcccbb29b1abf962950.svg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeSVG Scalable Vector Graphics image Hash59d4c0ec31782dcccbb29b1abf962950 72e984fc6494657824ab2c19d7ba7e640e285e48 262b47bc3ef4b4d0e15994ad4c8e0d7403a1c75f877ac05c0c82c80510c4e41c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/59/d4/59d4c0ec31782dcccbb29b1abf962950.svg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/svg+xml
Content-Length: 344
Last-Modified: Fri, 24 May 2024 16:48:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c1-158"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| dw.dextrodedenda.top/iyHr5VjAQ2ssrXuR/83540?param_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 | 23.109.170.209 | 200 OK | 12 kB |
URL User Request GET dw.dextrodedenda.top/iyHr5VjAQ2ssrXuR/83540?param_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 IP23.109.170.209:443
CertificateIssuerZeroSSL Subjectdw.dextrodedenda.top FingerprintB9:32:1D:D1:09:33:89:59:35:7C:99:13:44:E5:4B:D3:25:EC:08:73 ValidityWed, 07 May 2025 00:00:00 GMT - Tue, 05 Aug 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (11829) Hash7f6b48b3abd0a9266194e05c4e6b45c9 6b7a18ee7dd12e76cd097f10bcea87f66b46415d 50b18cecec15b1e34d9337c6f7f99c5a17a68be1aa8dddd44327a85ef681ce90
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /iyHr5VjAQ2ssrXuR/83540?param_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 HTTP/1.1
Host: dw.dextrodedenda.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| segarkojiri.top/cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top | 212.117.186.4 | 200 OK | 0 B |
URL OPTIONS segarkojiri.top/cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top IP212.117.186.4:443
Requested byhttps://dw.dextrodedenda.top/iyHr5VjAQ2ssrXuR/83540?param_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 CertificateIssuerZeroSSL Subjectsegarkojiri.top FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7 ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /cuid/?f=https%3A%2F%2Fdw.dextrodedenda.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dw.dextrodedenda.top/
Origin: https://dw.dextrodedenda.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:17 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dw.dextrodedenda.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 | 23.109.170.209 | 200 OK | 8.3 kB |
URL User Request GET dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 IP23.109.170.209:443
CertificateIssuerZeroSSL Subjectdw.dextrodedenda.top FingerprintB9:32:1D:D1:09:33:89:59:35:7C:99:13:44:E5:4B:D3:25:EC:08:73 ValidityWed, 07 May 2025 00:00:00 GMT - Tue, 05 Aug 2025 23:59:59 GMT
File typeHTML document, ASCII text Hash67030733e8ef3d89516c66e1c6d4655f c3ef0ee76844feb7c440a0722d48eea612e0d9b0 f05bea0bb2600a70fc5713cadd6e2dfe3d291a6f2d42086ec37bd2f2ccc0900e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 HTTP/1.1
Host: dw.dextrodedenda.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Cache-Control: max-age=600
Last-modified: Tue, 28 Nov 2023 15:30:10 GMT
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Sat, 10-May-2025 20:46:02 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 10-May-2025 20:46:02 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| sangarmuting.shop/s/5e/88/5e8828cf86f46f5125a50a823de60e61.jpg | 51.89.192.129 | 200 OK | 6.5 kB |
URL GET sangarmuting.shop/s/5e/88/5e8828cf86f46f5125a50a823de60e61.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash5e8828cf86f46f5125a50a823de60e61 8c941c97376cb027d3a61477fb1c22604fdcca69 ceb36dd6eb9954ca6f88b1982bc2d8889867ef77ef834ebca862eef42ceeddf6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/5e/88/5e8828cf86f46f5125a50a823de60e61.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 6545
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-1991"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| sangarmuting.shop/s/3b/b8/3bb81bc51796d44da9dbc0cc2a2f644c.jpg | 51.89.192.129 | 200 OK | 5.2 kB |
URL GET sangarmuting.shop/s/3b/b8/3bb81bc51796d44da9dbc0cc2a2f644c.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash3bb81bc51796d44da9dbc0cc2a2f644c d6a105b61e7b1c248a9140366c357efe8829529d e973306d7894ffe01a0c487ed4e9f000e2a06b996108ee6ceab408737cae966b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/3b/b8/3bb81bc51796d44da9dbc0cc2a2f644c.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 5245
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-147d"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| sangarmuting.shop/s/4c/5d/4c5da0f93a985516313a14f4a4e69580.jpg | 51.89.192.129 | 200 OK | 5.6 kB |
URL GET sangarmuting.shop/s/4c/5d/4c5da0f93a985516313a14f4a4e69580.jpg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3 Hash4c5da0f93a985516313a14f4a4e69580 811fbc821ac6f63a8c9a1b0aaae715a56c705d59 fbd7f0fcd2c9837b3902c1198b7651f2785985aee4208c8e6d98401e471324ae
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/4c/5d/4c5da0f93a985516313a14f4a4e69580.jpg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/jpeg
Content-Length: 5624
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-15f8"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| mixiblefarmout.top/iTTLplbWkDpFFiiFAVfWCntquO/83540/?md=eyJ0dmMiOjAsImEiOjk0MCwicyI6IjEyODB4MTAyNCIsImIiOiIxMjgweDEwMjQiLCJyIjoiaHR0cHM6Ly9kdy5kZXh0cm9kZWRlbmRhLnRvcC9sL0RNUF9waWN0dXJlX2NhcHRjaGE%2FYz04Qzk5QjU0MC0yRDE2LTExRjAtQjY1Qy0xNzhBQUZGODc5MDcmcz0zNjgyMCIsInEiOiJodHRwczovL2R3LmRleHRyb2RlZGVuZGEudG9wL2l5SHI1VmpBUTJzc3JYdVIvODM1NDA%2FcGFyYW1fND0zNjgyMCZwYXJhbV81PThDOTlCNTQwLTJEMTYtMTFGMC1CNjVDLTE3OEFBRkY4NzkwNyIsImgiOjEzODksImwiOiJlbi1VUyIsInQiOjAsInoiOjY0MywiayI6MCwidSI6IjY3OTIwNDViNjIyNDJjYzc3YTdlYWUiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidHF1ZnhhcGUxaW5tZGp6IiwibyI6dHJ1ZSwibSI6MTc0NjgyMzU3NzgyMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=PZT66MpeiEZVrLAYXSrwBeLZswBmky_VJtQAhIh7Rxg¶m_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 | 172.255.99.92 | 200 OK | 52 B |
URL User Request GET mixiblefarmout.top/iTTLplbWkDpFFiiFAVfWCntquO/83540/?md=eyJ0dmMiOjAsImEiOjk0MCwicyI6IjEyODB4MTAyNCIsImIiOiIxMjgweDEwMjQiLCJyIjoiaHR0cHM6Ly9kdy5kZXh0cm9kZWRlbmRhLnRvcC9sL0RNUF9waWN0dXJlX2NhcHRjaGE%2FYz04Qzk5QjU0MC0yRDE2LTExRjAtQjY1Qy0xNzhBQUZGODc5MDcmcz0zNjgyMCIsInEiOiJodHRwczovL2R3LmRleHRyb2RlZGVuZGEudG9wL2l5SHI1VmpBUTJzc3JYdVIvODM1NDA%2FcGFyYW1fND0zNjgyMCZwYXJhbV81PThDOTlCNTQwLTJEMTYtMTFGMC1CNjVDLTE3OEFBRkY4NzkwNyIsImgiOjEzODksImwiOiJlbi1VUyIsInQiOjAsInoiOjY0MywiayI6MCwidSI6IjY3OTIwNDViNjIyNDJjYzc3YTdlYWUiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidHF1ZnhhcGUxaW5tZGp6IiwibyI6dHJ1ZSwibSI6MTc0NjgyMzU3NzgyMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=PZT66MpeiEZVrLAYXSrwBeLZswBmky_VJtQAhIh7Rxg¶m_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 IP172.255.99.92:443
CertificateIssuerZeroSSL Subjectmixiblefarmout.top Fingerprint63:03:B8:D8:88:F3:35:B5:AC:A5:72:C4:FC:E3:F7:2B:E2:95:D2:AB ValiditySat, 19 Apr 2025 00:00:00 GMT - Fri, 18 Jul 2025 23:59:59 GMT
File typeHTML document, ASCII text, with no line terminators Hash86733bb66fb84b851592d733e51f0cbd 42eaf19a5ca195667a9212b0ea3557eee76954a8 927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /iTTLplbWkDpFFiiFAVfWCntquO/83540/?md=eyJ0dmMiOjAsImEiOjk0MCwicyI6IjEyODB4MTAyNCIsImIiOiIxMjgweDEwMjQiLCJyIjoiaHR0cHM6Ly9kdy5kZXh0cm9kZWRlbmRhLnRvcC9sL0RNUF9waWN0dXJlX2NhcHRjaGE%2FYz04Qzk5QjU0MC0yRDE2LTExRjAtQjY1Qy0xNzhBQUZGODc5MDcmcz0zNjgyMCIsInEiOiJodHRwczovL2R3LmRleHRyb2RlZGVuZGEudG9wL2l5SHI1VmpBUTJzc3JYdVIvODM1NDA%2FcGFyYW1fND0zNjgyMCZwYXJhbV81PThDOTlCNTQwLTJEMTYtMTFGMC1CNjVDLTE3OEFBRkY4NzkwNyIsImgiOjEzODksImwiOiJlbi1VUyIsInQiOjAsInoiOjY0MywiayI6MCwidSI6IjY3OTIwNDViNjIyNDJjYzc3YTdlYWUiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidHF1ZnhhcGUxaW5tZGp6IiwibyI6dHJ1ZSwibSI6MTc0NjgyMzU3NzgyMiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=PZT66MpeiEZVrLAYXSrwBeLZswBmky_VJtQAhIh7Rxg¶m_4=36820¶m_5=8C99B540-2D16-11F0-B65C-178AAFF87907 HTTP/1.1
Host: mixiblefarmout.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Sat, 10-May-2025 20:46:18 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 10-May-2025 20:46:18 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| sangarmuting.shop/s/05/37/0537e1791dc0e149d08894b6588a1457.svg | 51.89.192.129 | 200 OK | 335 B |
URL GET sangarmuting.shop/s/05/37/0537e1791dc0e149d08894b6588a1457.svg IP51.89.192.129:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerLet's Encrypt Subjectsangarmuting.shop FingerprintB6:CA:50:B1:3C:10:79:19:82:D8:2B:B4:B3:00:59:C3:22:84:21:66 ValidityWed, 09 Apr 2025 03:08:33 GMT - Tue, 08 Jul 2025 03:08:32 GMT
File typeSVG Scalable Vector Graphics image Hash0537e1791dc0e149d08894b6588a1457 0d60bfa54a65162c92c8ff05b57dc85f15d3e815 26099e0735f857fd5618b5557b4d7d37303d0e580e9d7eeda84b56d683d4cdb0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /s/05/37/0537e1791dc0e149d08894b6588a1457.svg HTTP/1.1
Host: sangarmuting.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: image/svg+xml
Content-Length: 335
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-14f"
Expires: Mon, 19 May 2025 20:46:02 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes
|
|
| dw.dextrodedenda.top/prsur | 23.109.170.209 | 200 OK | 6.4 kB |
URL GET dw.dextrodedenda.top/prsur IP23.109.170.209:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerZeroSSL Subjectdw.dextrodedenda.top FingerprintB9:32:1D:D1:09:33:89:59:35:7C:99:13:44:E5:4B:D3:25:EC:08:73 ValidityWed, 07 May 2025 00:00:00 GMT - Tue, 05 Aug 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6378), with no line terminators Hash31678e347e177548d51ac3b778bcdb1e 1f01f89ffbc4a788cd6fb96dec4386f8035e49b0 d421ab567e7fa928647d1e9eee63a8d1f8cb27327ae5f53a378e5800563a8399
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /prsur HTTP/1.1
Host: dw.dextrodedenda.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:02 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dw.dextrodedenda.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Cache-Control: public
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 | 142.250.74.35 | 200 OK | 40 kB |
URL GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 IP142.250.74.35:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 40128, version 1.0 Hash9a01b69183a9604ab3a439e388b30501 8ed1d59003d0dbe6360481017b44665153665fbe 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dw.dextrodedenda.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 10:03:46 GMT
expires: Fri, 08 May 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 124937
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| dw.dextrodedenda.top/favicon.ico | 23.109.170.209 | 200 OK | 1.4 kB |
URL GET dw.dextrodedenda.top/favicon.ico IP23.109.170.209:443
Requested byhttps://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820 CertificateIssuerZeroSSL Subjectdw.dextrodedenda.top FingerprintB9:32:1D:D1:09:33:89:59:35:7C:99:13:44:E5:4B:D3:25:EC:08:73 ValidityWed, 07 May 2025 00:00:00 GMT - Tue, 05 Aug 2025 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 16x16 Hash011201ab56695ce86ea2f190bce2670b bb8fad6accf293e619360935047c23f00da3c769 a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: dw.dextrodedenda.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dw.dextrodedenda.top/l/DMP_picture_captcha?c=8C99B540-2D16-11F0-B65C-178AAFF87907&s=36820
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 May 2025 20:46:03 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 07 May 2025 16:55:22 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "681b907a-57e"
Expires: Sat, 10 May 2025 20:46:03 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
|
|