| go.lnkpth.com/rd.html?go=https://queitho.com/client?camp=s39&aff_id=10&aff_sub=33991&source=11634&aff_sub2=trafficback&click_id=32_33991_11011_e79903dd866c2270c7f111bad5eb262c | 172.255.248.119 | 200 OK | 255 B |
URL User Request GET HTTP/1.1go.lnkpth.com/rd.html?go=https://queitho.com/client?camp=s39&aff_id=10&aff_sub=33991&source=11634&aff_sub2=trafficback&click_id=32_33991_11011_e79903dd866c2270c7f111bad5eb262c IP172.255.248.119:443
CertificateIssuerLet's Encrypt Subjecttrack.cpamatica.com Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4 ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File typeHTML document, ASCII text Hashd032811d8a01caff2a5ce141a657ca0e 7cfb5ac640b5496f18939ee73dc89cccf77125cc e2efe220662dd9a54582aa6ab3f6d9fcaf0341710d0b01aa051fc09258ff9e6e
GET /rd.html?go=https://queitho.com/client?camp=s39&aff_id=10&aff_sub=33991&source=11634&aff_sub2=trafficback&click_id=32_33991_11011_e79903dd866c2270c7f111bad5eb262c HTTP/1.1
Host: go.lnkpth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 12:35:15 GMT
Content-Type: text/html
Last-Modified: Fri, 13 Aug 2021 14:56:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61168831-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip
|
|
| go.lnkpth.com/favicon.ico | 172.255.248.119 | | 106 B |
URL go.lnkpth.com/favicon.ico IP172.255.248.119:0
CertificateIssuerLet's Encrypt Subjecttrack.cpamatica.com Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4 ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: go.lnkpth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.lnkpth.com/rd.html?go=https://queitho.com/client?camp=s39&aff_id=10&aff_sub=33991&source=11634&aff_sub2=trafficback&click_id=32_33991_11011_e79903dd866c2270c7f111bad5eb262c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 26 Apr 2024 12:35:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| oacenom.com/ckset | 188.114.97.1 | | 117 B |
IP188.114.97.1:0
Hasha86fde8c53a997e5f2bc9e7ec9c83ef5 74447fabe128b17a2908654948279eaf88557c61 7b189027718ed2246bf859249ea1f5d2b173439468fa995cea172d9c7cb399dc
POST /ckset HTTP/1.1
Host: oacenom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 201 Created
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: application/json; charset=utf-8
content-length: 117
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: mastidencook=d2e2a0c6-fdce-4f2b-8cb0-57707f1fd384_8bcdfe29f542104a700390cfc23ac723; Domain=oacenom.com; Path=/; Expires=Wed, 25 Apr 2029 12:35:16 GMT; Secure; SameSite=None
etag: W/"75-dER/q+EosXopCGVJSCeer4hVfGE"
access-control-allow-origin: https://queitho.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTeZYl5413mUJuDuKlb%2BTGzloB0GmlQPXEIEeQ%2BgJilfszOl%2Fsq9pximsTwxZT8JPO43rqqdgHFW0%2BQh%2BoC4oEGdUC9DijIyhF6bl3ETXPK6AxkC%2F85H3nZguYNAGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9aaf5856c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| queitho.com/visit?aff_id=1&ttype=direct&camp=s39&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<= | 104.21.79.101 | | 599 B |
URL queitho.com/visit?aff_id=1&ttype=direct&camp=s39&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<= IP104.21.79.101:0
Hash22c14edc31b29550666e862cb4f4bf22 f58958dad4f3260a97e6ef98521656bb42db5c63 55a7070ee85e06743a563ebbf5c298c236d0f3e7fb903e2e36cc3a1050d1f658
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /visit?aff_id=1&ttype=direct&camp=s39&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 289
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: application/json; charset=utf-8
content-length: 599
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Sun, 26 May 2024 12:35:16 GMT
userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2; Domain=queitho.com; Path=/; Expires=Wed, 25 Apr 2029 12:35:16 GMT; Secure; SameSite=None
cache-control: no-store, no-store, no-cache
etag: W/"257-9YlY2tTzJgqX5u+YUhZWu0LbXGM"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C4%2BMQX7w74fo6A5r1nkCOXoL6SaCMjWPPn2fj95%2F6R9CsxBsXNWAf5LkPQsXe1YUgyBT46sRngTDlwCmC7jvvVX7ztl8tVTU96BuYirZ%2BbodZaCSWrh5y%2FFF98mCiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9b4ae356c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/fl?aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=&sid=s39&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<= | 104.21.79.101 | | 327 B |
URL queitho.com/fl?aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=&sid=s39&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<= IP104.21.79.101:0
Hash5281ea32377737bb1201a566d6e1ae22 40ecba5b1ef5f0c3295d4c72a9abc2cbecbe4551 371a6049b82b2f747359d9678f6877227d6f2f674ad3f3297b6bb1359203eae8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fl?aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=&sid=s39&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 295
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: application/json; charset=utf-8
content-length: 327
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Sun, 26 May 2024 12:35:16 GMT
cache-control: no-store, no-store, no-cache
etag: W/"147-QOy6Wx718MMpXUxyqavCy+y+RVE"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i482U0EC%2BO%2FDyqT9%2BaD4TSFJsuuunWLTwE4Ke4pAKFx5Br3uMTh3GhMWEy5jH4j45b%2B%2BSy3ATDNugqwc8weR%2BB9rIZ4rA70TldOnibd2b1G8Jo5ZhXUMuujeSrpkWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9b9b6c56c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js | 142.250.74.170 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js IP142.250.74.170:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File typeJavaScript source, ASCII text, with very long lines (32014) Hash05e51b1db558320f1939f9789ccf5c8f c72c1735b4d903d90dd51225ebefb8c74ebbc51f 702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30211
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 05:50:16 GMT
expires: Sat, 26 Apr 2025 05:50:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 24300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| queitho.com/lands/js/question-gatherer.js | 104.21.79.101 | 200 OK | 3.5 kB |
URL GET HTTP/3queitho.com/lands/js/question-gatherer.js IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File typeAlgol 68 source, ASCII text Hash5ea9a7ac92731aa9ebd30c2ed69812fa e06ccd2e5432549fac6e1db8f8df4df876f07519 ea8d5cbc0ee1dc93d5de252869c4badb8ba829542783502b382afc560940fcf3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/js/question-gatherer.js HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: application/javascript
last-modified: Mon, 04 Mar 2024 14:22:26 GMT
vary: Accept-Encoding
etag: W/"65e5d922-77e"
expires: Sun, 26 May 2024 12:35:16 GMT
cache-control: max-age=2592000, no-store, no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LxiuR0g9rEnYj4fvGuUMwKIh8XdRf%2FMA17BoWYuyDTNbOgOS11%2FwFPNfjdzYPM0x3FOgE98ENXuRhD62i%2FMWFx8Uums%2Fi2AfJudEtjbxxcZK7NASumBgfW20jfABeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9c8ccf56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 | 142.250.74.131 | 200 OK | 24 kB |
URL GET HTTP/2fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 IP142.250.74.131:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33 ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23580, version 1.0 Hashe1b3b5908c9cf23dfb2b9c52b9a023ab fcd4136085f2a03481d9958cc6793a5ed98e714c 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:08:31 GMT
expires: Sat, 26 Apr 2025 06:08:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
age: 23205
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Lato&subset=latin-ext | 142.250.74.106 | 200 OK | 463 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Lato&subset=latin-ext IP142.250.74.106:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File typegzip compressed data, max compression Size463 kB (462697 bytes) Hashf7270e07394e374978354852f8f4c633 ff35a3d541e8141fb5603fdfe1d096dc9d9d3638 5d1a5cd2bed6df5b4230b3517d7197a69fe94eb6d27679ed8f679bcc251aa5e1
GET /css?family=Lato&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 12:35:16 GMT
date: Fri, 26 Apr 2024 12:35:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| queitho.com/lands/js/track-logic.js | 104.21.79.101 | 200 OK | 1.7 kB |
URL GET HTTP/3queitho.com/lands/js/track-logic.js IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
Hash4136a9c344d8034ad0a478d78a5b5a36 e8244d2fde418e7aac603d80ea7d3cf51c972817 172f0d53b1d300fae5098b9c4636858e514e59d6c67b12eba1abb459d77d1c9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/js/track-logic.js HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: application/javascript
last-modified: Tue, 27 Feb 2024 15:25:30 GMT
vary: Accept-Encoding
etag: W/"65ddfeea-e6e"
expires: Sun, 26 May 2024 12:35:16 GMT
cache-control: max-age=2592000, no-store, no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAHCSdmHZq7S%2BTe%2B67t%2BSUzDhjHPZjmDWbkpncCCqhVAgk6c6ZABrp9TeI%2BsUVBgahhlmpYZAb8MxfM6P9Z4ofAOMkJWJ6%2FnNzy5Bzqa%2FZQ9tIvIpZ34K3lEsSZYlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9c8cd256c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/favicon.ico | 104.21.79.101 | 404 Not Found | 548 B |
IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File typeHTML document, ASCII text, with very long lines (574), with no line terminators Hash5b3bd9705af8e4446f589e073b64d64c e25d724de194a431213080e10392963efc18ad75 ad8ec7fd0face5bd866b2a915cd34853cf60f18229acc156dfa99f5dd5d3c775
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 12:35:17 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 58
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X4kTl0a93L%2BSEVg%2BHNgqyt6YQb168mmluDNrlEiupxr3EpQWJsNrdau%2BWXAH1c1j2OEgie65OLmaV%2BEA46sH3PQ6XI5dCf6vjtdMYbd5PRO3sWkkyP4q8ama%2BfVIrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9f58da56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/lands/adult/3/pattern.png | 104.21.79.101 | 200 OK | 2.8 kB |
URL GET HTTP/3queitho.com/lands/adult/3/pattern.png IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File typePNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced Hashf06b5903c3ed5ef39db9b98b60deba70 f2d93c7d32069d157fa3047b550ef406bea1aa05 5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/adult/3/pattern.png HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/main.css
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: image/png
content-length: 2801
last-modified: Mon, 31 Jul 2023 08:41:04 GMT
etag: "64c773a0-af1"
cache-control: no-store, no-cache
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ffKFX61Qcrg8rypYVyBTzQ2nsnySmcxmfbXBmPZG%2Bv1MVMo48Q8mXiAd79%2FMynnhirSH4K50asl33SBVxBi0EA0pnRltp8zNQXM4vPigwdYErbI%2BB%2BEN8gZlfOQatQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a69c9e1f0256c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/client?camp=s39 | 104.21.79.101 | 200 OK | 6.0 kB |
URL User Request GET HTTP/2queitho.com/client?camp=s39 IP104.21.79.101:443
CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File typeJavaScript source, ASCII text, with very long lines (6065), with no line terminators Hash5697438575a194469bf43305d27aa4b4 ebdbb7a5a363f9d8ef71043a744ce230a50e6d3b 9d17f85bc3520dcbc57e02d38c232638684686b961f780d7e6e858e4026c72b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /client?camp=s39 HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.lnkpth.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: default-src 'self' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-store, no-store, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cy1pCQwxX1ZxOqDNfQ%2FTE%2Bc5DLVgmxH1YkSKmwL8aSWc79N8B%2BrnA2%2BfKLvwUIs01oxMTEkTZPpYGdTdQz7LH%2F6xV%2BkNOcYAsInFxVJ42xon1Zv5im574vBSFVwcIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c993cebb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| queitho.com/lands/adult/3/main.css | 104.21.79.101 | 200 OK | 18 kB |
URL GET HTTP/3queitho.com/lands/adult/3/main.css IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
Hash090217f53fce66e48db7655fb08467b7 03c64abc2474165db34b82cb3286577b12ada068 aa9900b9bf020eede06bb0fdeb24986923b453bf8deaa23798ce7197c10d372b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/adult/3/main.css HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: text/css
last-modified: Mon, 31 Jul 2023 14:41:49 GMT
etag: W/"64c7c82d-4594"
cache-control: no-store, no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4N%2BJqFSOVKcg41DZrpXxpq2Gqj%2Bfzzr%2BYnFMZo1nYmD3M2x5UJfN%2Be%2BR8TxO6QjXOAmJ5hAbzNUoucUTEdj58p5omLhHb1Po65ocAWLqsY25bGT1aDNTP2f2uj34AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a69c9c8cc856c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/lands/js/default-eight.js | 104.21.79.101 | 200 OK | 108 kB |
URL GET HTTP/3queitho.com/lands/js/default-eight.js IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
Size108 kB (108487 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/js/default-eight.js HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: application/javascript
last-modified: Mon, 31 Jul 2023 14:41:49 GMT
vary: Accept-Encoding
etag: W/"64c7c82d-1a7c7"
expires: Sun, 26 May 2024 12:35:16 GMT
cache-control: max-age=2592000, no-store, no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DmNVSYfAZE6jcS%2BkXQqgAxLxvv4Vox1h8XfsBjZOHj9vfUbFug42y8Rv%2Fq3aJf%2Fym0%2Fg83ysVwwG6MVW9IT6kgv9QgK2q8TICmC7JWLQM2dmSqo63GDcKZiNk369Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9c8ccc56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/lands/adult/3/js.js | 104.21.79.101 | 200 OK | 1.7 kB |
URL GET HTTP/3queitho.com/lands/adult/3/js.js IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File typeJavaScript source, ASCII text, with very long lines (1768), with no line terminators Hashdb47254528c82495740df7ec345b3aaf 983b617c348c86b149ce496f55699c2c7c8c9a12 b220f9835a99ed282ea5032a318b13c2263ae0e056ff0fa6f504fd01c584ccbb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/adult/3/js.js HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: application/javascript
last-modified: Thu, 14 Mar 2024 09:04:25 GMT
vary: Accept-Encoding
etag: W/"65f2bd99-6a7"
cache-control: no-store, no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KPx61X%2FF0YWyREh6GxxgBfVq40N%2Fa19iG0nTrqXcBcLaaabmrLtTXFp9f3f2akWdLbHwh9XrtqJwQrzP8YuI8XE%2B9J6Y3Lh8gmfdW%2FTS17V9cEftWk8b%2F3JJRP0MQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9c8cd556c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/lands/adult/3/1.jpg | 104.21.79.101 | 200 OK | 462 kB |
URL GET HTTP/3queitho.com/lands/adult/3/1.jpg IP104.21.79.101:443
Requested byhttps://queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=660, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1040], progressive, precision 8, 1040x660, components 3 Size462 kB (462355 bytes) Hashced535243bc02164b61733a09076cd9a 9e5383fac634f621dbedbe81de12b47e7c410411 c1888b272b99043d11cdd13f23dc9311f0176222d695074b2cdb6349dd50cd4c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/adult/3/1.jpg HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://queitho.com/lands/adult/3/main.css
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: image/jpeg
content-length: 462355
last-modified: Mon, 31 Jul 2023 08:41:04 GMT
etag: "64c773a0-70e13"
cache-control: no-store, no-cache
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NriX9YsuQYRWvBXVFxwJ9DRKNU4Sk3%2FCSFZdcUa4kMcaiAGWIVK3%2B9FWZZPkm%2FCtEpq0pKIWeNUioQv3O0WotRrh6N%2FwuUyTA%2Bud6%2Fvuj%2FR4%2Fp3CSp%2BlAcAieit53g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a69c9e1efd56c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 | 104.21.79.101 | 200 OK | 7.8 kB |
URL User Request GET HTTP/3queitho.com/lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 IP104.21.79.101:443
CertificateIssuerLet's Encrypt Subjectqueitho.com FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9 ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (8251), with no line terminators Hashd757813d2f8eab4917165b58a27587b0 03c95e4572cd431b8a359aecd0cbdd87390e7341 459b546ad7fb81e7c3c28c3ef04d587dcbf24bb6030dd4c912d032407499aa10
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lands/adult/3/?seof=true&aff_id=1&ttype=direct&camp=f28&sl_cid=858f7c48-63bd-4b00-887e-61c369025b4e_6afa6bc646fbd0d7506f5a0bcca8417a&p_camp=&bstep=0&sid=s39&fnlid=335&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.lnkpth.com%2F<=0 HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=a197828a-2194-4edb-a79a-e59c9e51d30d_729a08a9c41614e43a68f761387360f2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 12:35:16 GMT
content-type: text/html
last-modified: Tue, 27 Feb 2024 15:25:30 GMT
vary: Accept-Encoding
cache-control: no-store, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q0znizLsnB6rVzrm%2FxtEfG6%2FiYO60OBB4vnl5u%2BusuS0N10NT3l7JqOkkpo6jZx%2FJFXY37r57CtbczciBBJdax04FgEPI1uAl2gqSpAu0Fi4x%2BFy1V%2BD%2FOzGSEPnHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a69c9bfbe256c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|