Report - haysex.net/tag/yua-mikami/

Report Overview

Submitted URL
haysex.net/tag/yua-mikami/
IP
104.26.13.55
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-27 15:02:47
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	21 kB	142.250.74.174
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.2 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	44 kB	142.250.74.168
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.42.148.177
limurol.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	2.0 kB	62.122.171.6
haysex.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.7 kB	830 kB	104.26.12.55
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
aqkkoalfpz.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	22 kB	62.122.171.6
widgets.amung.us	12623	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	402 B	172.67.8.141
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.36.77.32
vlxyz.tv	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	125 kB	172.67.214.145
gqubkbuinx.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.6 kB	183 kB	62.122.171.6
whos.amung.us	12687	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	312 B	172.67.8.141
images.dmca.com	11903	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	870 B	5.2 kB	151.139.128.10
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.3
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	1.9 kB	104.18.20.226
lcfooiqhro.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	812 B	1.8 kB	62.122.171.6
cdn.pncloudfl.com	13313	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	50 kB	172.67.25.161
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	43 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	limurol.com	Sinkholed
2022-11-27	medium	limurol.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed
2022-11-27	medium	aqkkoalfpz.com	Sinkholed
2022-11-27	medium	gqubkbuinx.com	Sinkholed

JavaScript (26)

	URL	Size	First Seen	Last Seen
	gqubkbuinx.com/get/1916428?zoneid=1916428&jp=_clru9tae41bx3jzaa2t0ef&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=109416373154869	3.4 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/get/1916428?zoneid=1916428&jp=_clru9tae41bx3jzaa2t0ef&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=109416373154869 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 77f801ee5f69fa9b785771c52dc5f571 eed771b58e333a174895e5ce8ba66fdee5e3dfb2 9275b5bc7671e6b023b388dc973f4ca8a62e39213e12dc384247776214b50139 Loading...

	haysex.net/themes/js/jquery.js	84 kB	2023-03-07	2024-02-20
Pretty URL haysex.net/themes/js/jquery.js IP 104.26.13.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:00:55 Last Seen2024-02-20 11:51:27 Times Seen62 Hash 0678ab134e640784c202a8b8506100e4 61547147f6584d0e894b03f703dc7b19d5ada7f9 ad6b757ef07f8dc85e0a779d7ab60370cc68dfa1c834a753a389adf80c661170 Loading...

	haysex.net/themes/js/main.js	5.1 kB	2023-03-11	2023-03-11
Pretty URL haysex.net/themes/js/main.js IP 104.26.13.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 9c63c1e4065faa61fd718383b978bd31 5a40cc35d8b5f709cc9d4be0423b359065398c44 2eb922d327e3c802ff3938b9486b6b1a7ddab50573d6d0dfb4d1ee18b098f4ce Loading...

	haysex.net/themes/js/media.js	4.1 kB	2023-03-11	2023-03-11
Pretty URL haysex.net/themes/js/media.js IP 104.26.13.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 87a07d27dc300c7e590746725571f5cf c5822581ab6da6fd30a9adcfcaf777f6ca871b29 06eefcc6d7a659951065226f32306bf236ed029296fd608e5fab7d8e08cbe5dc Loading...

	images.dmca.com/Badges/DMCABadgeHelper.min.js	465 B	2023-03-07	2024-04-21
Pretty URL images.dmca.com/Badges/DMCABadgeHelper.min.js IP 151.139.128.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:48 Last Seen2024-04-21 23:33:39 Times Seen3912 Hash bac6fb686027b93b6565e1b1e5e8e213 e585bdd95488444f0ce2888d8281dbdaf73ca2ea e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0 Loading...

	gqubkbuinx.com/get/1916427?zoneid=1916427&jp=_clgortd6w9kg5n3m0iuovb&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6301865860741736	3.4 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/get/1916427?zoneid=1916427&jp=_clgortd6w9kg5n3m0iuovb&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6301865860741736 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash a76ff5cebd32e58b79ee81e3a14e5914 07e8cb8ad06e4f3c4760956553f7e52e953ed5cb e2eccd5661a776b1d79e4362ef5d7e810d7978c00efcec2f832c5f256bbcd5c9 Loading...

	gqubkbuinx.com/get/1916521?zoneid=1916521&jp=_clwgb1d6dn92tktegcubms&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553665674475725	3.4 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/get/1916521?zoneid=1916521&jp=_clwgb1d6dn92tktegcubms&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553665674475725 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 768b79c04bdfa0cf7629444860d13683 1c32b4f6089d189715b7526ca109552fba9559ea 5687afee3fc751124879d6a5e2bd8b568ddf7d70e03b050432b684daad06ad23 Loading...

	aqkkoalfpz.com/aas/r45d/vki/1946839/78a70d45.js	69 kB	2023-03-11	2023-03-11
Pretty URL aqkkoalfpz.com/aas/r45d/vki/1946839/78a70d45.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash b9cc88cb098db643e4d80f4296887271 317cdffa85940178d8a251964b719e0aeba1e711 37f98a007254a13215cca9bade6d152ebececa291760b95b5be8de5bb36fc109 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-24 18:41:20 Times Seen1526 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	gqubkbuinx.com/lv/esnk/1916427/code.js	109 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/lv/esnk/1916427/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 4bf1c5ace135c579854be2e507620535 4ab87347d0301a956820b8e56a68f1af140f4489 cb4ebcb516eec181ad1b8652e44a2768b1f6fd7269d0aa5d7566bae50bab2ecc Loading...

	gqubkbuinx.com/lv/esnk/1916523/code.js	109 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/lv/esnk/1916523/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 4db02b3b8c57f6836956fd9b792a15c7 7fa4e46a68a247212ca0e5b52acfcb8517f31b38 290f219c3bc941454d8af7dd661825360a5e356c1061c466453f30b082cc1a4d Loading...

	gqubkbuinx.com/lv/esnk/1916428/code.js	109 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/lv/esnk/1916428/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash ac33675db5d88cf8bcf272f8385d9fdf 9a7c796286540897b0bd626bce3eb627cd4b2927 736cf27dde171f75715d4c75e9c3d333850ea89da89bde21baacfe3e07eb783f Loading...

	haysex.net/tag/yua-mikami/	154 B	2023-03-11	2023-03-14
Pretty URL haysex.net/tag/yua-mikami/ IP 104.26.12.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-14 19:10:22 Times Seen1 Hash fb558e56879d0179c0bacdf3c5d76545 409268187ee4795bf62bd8511fec5a7ea3846234 9ec6bf1f7cb7053e99645123c3e622a0d174c26d4446791802f21b97569bb575 Loading...

	www.googletagmanager.com/gtag/js?id=UA-232907648-1	112 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=UA-232907648-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash bec419c6d864aba505390378ad5c658d 9cdf5d9eac1e4db64e91ad4d5f00c6c21affbee9 1f5949b42d2dd8704c8c58213fe66e8e76bee08fcc566f4ec98aed2479f4cb8c Loading...

	gqubkbuinx.com/get/1916524?zoneid=1916524&jp=_clzjblvrqo4swxvryy8huf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1516791256702618	3.4 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/get/1916524?zoneid=1916524&jp=_clzjblvrqo4swxvryy8huf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1516791256702618 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash e9fc1a01054556d93b324ec987120947 baf4c6b29f673317866b3663e02dae01932713ad 5f12d6de13809056b104a640abc8bd5eaf286ba4cb2e237df2be2550729e02c8 Loading...

	lcfooiqhro.com/t/9/fret/meow4/1916402/392bbae2.js	69 kB	2023-03-11	2023-03-11
Pretty URL lcfooiqhro.com/t/9/fret/meow4/1916402/392bbae2.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash e8143268e75fd11c077755f961405f47 c2b6d5e4caeaacc4df0ae3e246dfbb17167fac6a a00c108c05a49ee5fe9b46e4536e9325a9131d7b8324e7c0dd8c2b228934c16e Loading...

	gqubkbuinx.com/lv/esnk/1916521/code.js	109 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/lv/esnk/1916521/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash ce2296b866a42e391a393a71cb58eb1c 65352e9fa4248274915e3700c0488f3c95fcb5ca 6588d4b5c2968c73efb67d280af696715368612e9e2cfae766055ffcd2882020 Loading...

	gqubkbuinx.com/get/1916523?zoneid=1916523&jp=_clx3tnjnj8k26t35hgt2kg&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235316279999564	3.4 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/get/1916523?zoneid=1916523&jp=_clx3tnjnj8k26t35hgt2kg&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235316279999564 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 69d89857c787c0cb3bf15289d445ffe4 e6f1f6351b05ae6aaa3fe7fca9ea4f8b5387b55f 2e41e499205a66a68b0a6cd9d438ae1781f2b0c5f006a80258d4537c457bf28d Loading...

	aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clup7gsjv7t33z42q55a52&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=109416373152822	37 B	2023-03-07	2024-04-24
Pretty URL aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clup7gsjv7t33z42q55a52&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=109416373152822 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-24 06:30:39 Times Seen2323 Hash 26c0446473cdbedd7eb18169ae75e0fd c2a8a31848b22f49c044d0e8f2b4a48e856e08b8 c94588c2c490281057748a6bc21191dae810fb22ce8cc638b5e3fc7d390eb165 Loading...

	limurol.com/ssp/req/1916402/?pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=ySZyta1ak71dFkz5QYhEK5RPkPUTjyb0z5XSRxbaYayX8wdPeUxy2ic1ZjcER2CZTWnaK9TbxAyd6BWg0gpUWsGXz_AniwhOiLJa7SXQ-x6i3hT6okczs1P8ZoQPZ_vdIgqovVtgeqnzRNwTTj-SNJB8lBoNG3WTQjVZ2eV5imr0x-Gg2ZMoDd1st_C-gQVEAelCU35Xf77qn-mFNztpkCEtpxNx4FA8pNq5RhcguDPFj_ZTjizIP7czD8a8NKQtCmTK6KqDRiXZtI01mCQ7BatHBXI_gnnirnHutmbhRzlpGvF12IjzKituXvjoOXuTBHpWr-7aQSdnEtPhh5Pmuq-qxHOITZGXak6qDBCzpzolWG7K_blilROCrTrZKs6X0djx0WKR32Oh7zaYSZrgIeIKKtj4cXHwZjX0P86QuMpsyZXv_wpctDbT-HSW3xUfDjI1W0RO88gWFKDVB1QUFKeHtam0JqaGfyTc6PrQc4zKQxK1OeahlcEz3T2qysAOIb4m0IeccJec57cCXsoN76el41kY7iZ6NznDsgNQ89VgroZgETPzV6rpiKWuuLQNUQz1GKV4A3D8qXCY1IwYnQPF&cb=_cl1r4e67wmyonx8jwuvyff&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24	7 B	2023-03-07	2024-04-17
Pretty URL limurol.com/ssp/req/1916402/?pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=ySZyta1ak71dFkz5QYhEK5RPkPUTjyb0z5XSRxbaYayX8wdPeUxy2ic1ZjcER2CZTWnaK9TbxAyd6BWg0gpUWsGXz_AniwhOiLJa7SXQ-x6i3hT6okczs1P8ZoQPZ_vdIgqovVtgeqnzRNwTTj-SNJB8lBoNG3WTQjVZ2eV5imr0x-Gg2ZMoDd1st_C-gQVEAelCU35Xf77qn-mFNztpkCEtpxNx4FA8pNq5RhcguDPFj_ZTjizIP7czD8a8NKQtCmTK6KqDRiXZtI01mCQ7BatHBXI_gnnirnHutmbhRzlpGvF12IjzKituXvjoOXuTBHpWr-7aQSdnEtPhh5Pmuq-qxHOITZGXak6qDBCzpzolWG7K_blilROCrTrZKs6X0djx0WKR32Oh7zaYSZrgIeIKKtj4cXHwZjX0P86QuMpsyZXv_wpctDbT-HSW3xUfDjI1W0RO88gWFKDVB1QUFKeHtam0JqaGfyTc6PrQc4zKQxK1OeahlcEz3T2qysAOIb4m0IeccJec57cCXsoN76el41kY7iZ6NznDsgNQ89VgroZgETPzV6rpiKWuuLQNUQz1GKV4A3D8qXCY1IwYnQPF&cb=_cl1r4e67wmyonx8jwuvyff&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-17 16:44:22 Times Seen16320 Hash a97eb6fbe6f13b601d5d48c0eba8baae 736efb938caf3d0edec406932ada889f1a4f2268 a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821 Loading...

	haysex.net/tag/yua-mikami/	44 B	2023-03-11	2023-03-14
Pretty URL haysex.net/tag/yua-mikami/ IP 104.26.12.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-14 19:10:22 Times Seen1 Hash 8d8ce87b682b167aee0d0d8e50befd9a a6d160788cab5b5a32357f7d97147d38a44e94c9 d6539e95072adda940b91fa26311f34db3bfc754d3f4b794a60fd111be0f9ee0 Loading...

	haysex.net/tag/yua-mikami/	316 B	2023-03-11	2023-03-11
Pretty URL haysex.net/tag/yua-mikami/ IP 104.26.12.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:53 Last Seen2023-03-11 21:23:53 Times Seen1 Hash 9ac282518bcd224b6781f431379ba20b 8bcb010da9608bd6da6708624539b6b79c0ff224 4d9a653827f3de47b2cd98d5b20b041c6b48eefd42cc596218ad9a2b9c8fc36b Loading...

	haysex.net/themes/js/jquery.lazyload.min.js	3.4 kB	2023-03-07	2024-04-25
Pretty URL haysex.net/themes/js/jquery.lazyload.min.js IP 104.26.13.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:48 Last Seen2024-04-25 01:43:39 Times Seen4075 Hash 112c8d1b40b3e62e883c743e9d71e0bf 338318e930487b2791a7bcf53ad4601630cc41e2 ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e Loading...

	haysex.net/tag/yua-mikami/	506 B	2023-03-07	2023-03-14
Pretty URL haysex.net/tag/yua-mikami/ IP 104.26.12.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:00:55 Last Seen2023-03-14 19:10:22 Times Seen1 Hash 41e6c35733d72189520f94d49d4ec741 8e9059f468e6612433c9be107b0e2b8e6d675da2 41a99e644d8c25e457fc4ad82fe6cf1e42c4d2eaa8191ebda56731ad7b1ffe58 Loading...

	gqubkbuinx.com/lv/esnk/1916524/code.js	109 kB	2023-03-11	2023-03-11
Pretty URL gqubkbuinx.com/lv/esnk/1916524/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:54 Last Seen2023-03-11 21:23:54 Times Seen1 Hash e00e41e5d1e2868497b9c5099645ecad 9bc6d2e184f30927616bb63bffc2a585cc525db6 92b512050a9e25b5977fb6d9ad5c76db4016b013d6481470d052aab4aac2ec9f Loading...

	lcfooiqhro.com/get/1916402?zoneid=1916402&jp=_clmir9b7m2ht15ubn1mris&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8835140651138217	3.4 kB	2023-03-11	2023-03-11
Pretty URL lcfooiqhro.com/get/1916402?zoneid=1916402&jp=_clmir9b7m2ht15ubn1mris&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8835140651138217 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:23:54 Last Seen2023-03-11 21:23:54 Times Seen1 Hash 2fda64210f4ae1326a99937d4b8bdb0b af2db76c84d7e08345c0ef95218af99bd6692317 0b91032cb3750ffdcd173487adad15f1c80619514c2bacc449619cab06464229 Loading...

HTTP Transactions (82)

URL IP Response Size

haysex.net/tag/yua-mikami/

104.26.12.55

301 Moved Permanently

0 B

URL HTTP/1.1
haysex.net/tag/yua-mikami/
IP
104.26.12.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tag/yua-mikami/ HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Nov 2022 15:02:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 27 Nov 2022 16:02:36 GMT
Location: https://haysex.net/tag/yua-mikami/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fykks7M7ju%2F1zLBEKv379YybOQ1EQnf0Rqyjg9jJ48P0%2F6HYmtBygcSwS0WhtP93xml7gSlIfEdD3Lw1332w0rAJPxOy6hHDTEySlvhp6X331ziXb%2BvaiRs416I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770bbeec091bb518-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5922
Expires: Sun, 27 Nov 2022 16:41:18 GMT
Date: Sun, 27 Nov 2022 15:02:36 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5661
Cache-Control: max-age=162178
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:02:36 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 12:05:34 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5796
Expires: Sun, 27 Nov 2022 16:39:12 GMT
Date: Sun, 27 Nov 2022 15:02:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 14:17:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2696
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 2NBzSIrGx++dsWiybQ4tD7eSgWcU8u4I2AMZNPX7pyH2pbA1YbYTX6Pk/LPJjStm25YZx7ULA30k2FGoOB744w==
x-amz-request-id: 3NTD38BW8Z6CMPAD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 14:44:40 GMT
age: 1076
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
271f5a01c9f62152ef9bf3e4809f4ed9
93490ce35e69ec7f9bf1a3959dd8a31b4df471f1
70e1ee186cceb288ff9b0f176017c1f0697af7d6c122a7329fc483fad808a2b8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:02:36 GMT
Etag: "63819248-118"
Server: ECS (amb/6B8E)
Content-Length: 279

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

haysex.net/themes/img/haysex.png

104.26.13.55

200 OK

1.6 kB

URL HTTP/2
haysex.net/themes/img/haysex.png
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 172 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1587 bytes)
Hash
857d21bf64ce819943aa60ee4c50aa15
63330632600b22f5ee4f076ecbb16750c15f0c7f
a069937382d0183a3a61c7815eb0c740e48403fd7624dfbacb4b77d5cb511a91

HTTP Headers

GET /themes/img/haysex.png HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: image/png
content-length: 1587
last-modified: Thu, 25 Aug 2022 02:11:37 GMT
etag: "6306da59-633"
expires: Tue, 27 Dec 2022 12:33:17 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 6127
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3tY7k7XqufKRGZsE690ANcY270AcyAS%2B4qAHLeM88uXX0yU2Zm7nqqfITwUEInP0nsHywDl9t3MHKbTpZaP2CTVTK8QpzAo1QNHmzznfDaOwehvI1kkmlwhtdw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef0fa9c0b3d-OSL
X-Firefox-Spdy: h2

haysex.net/themes/img/cwin.gif

104.26.13.55

200 OK

604 kB

URL HTTP/2
haysex.net/themes/img/cwin.gif
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 320 x 100\012- data
Size
604 kB (604283 bytes)
Hash
d5ad026791c50ca370333ecf9d1041c3
ec2420827000ff2d95e77c38652f01a51a069976
b4bfb33c808ad61deaca6dc118b5197b0701d1aa9ce276bab87dc1d508fe2f9c

HTTP Headers

GET /themes/img/cwin.gif HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: image/gif
content-length: 604283
last-modified: Sat, 19 Nov 2022 10:02:14 GMT
etag: "6378a9a6-9387b"
expires: Tue, 27 Dec 2022 12:33:17 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 6127
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MEyVzdPMVzOBwgYKskqwmZ03PRJcuuHF5zF6NjUVsNOQV6sK43a07W11DOshoWum%2F%2B15UAYD5GnFavB0zDtfJXjktjhOwEPkKjLiHqPqS867kJhLIx1VptY%2FJk4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef0fa9f0b3d-OSL
X-Firefox-Spdy: h2

haysex.net/tag/yua-mikami/

104.26.13.55

200 OK

29 kB

URL HTTP/2
haysex.net/tag/yua-mikami/
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (593), with CRLF, LF line terminators
Size
29 kB (29178 bytes)
Hash
24f49f144b7b00d2ddfcfe3a990f15e2
e9eb4fdded6192a3a065240cb653b18e95570bca
f0c9defaff22b02f999d019b628448e57ac63994cf4a4f39e2684ccb72bed82a

HTTP Headers

GET /tag/yua-mikami/ HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: max-age=3600, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Sun, 27 Nov 2022 14:34:30 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g0gwhtFpGDrqHBsQfyEZxKCWcFsea5daspGAMbT57Q2nNMePwNCHuJamGPTkSu4OZy9BAPQISVChpXy95RrBpRtEQn4eMN1civZqEMmWEUNwKs1dGk%2Bagl18yuA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bbeeea8470b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

images.dmca.com/Badges/DMCABadgeHelper.min.js

151.139.128.10

200 OK

395 B

URL HTTP/2
images.dmca.com/Badges/DMCABadgeHelper.min.js
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text
Size
395 B (395 bytes)
Hash
365ad8f83802168e7326b29df6a22f4a
a096aa3c7e46525c7b7c54cb6b7987f01559b688
dafd787e6bf2c7ed10cb6c14f36ada4e5e9b7c15ffe7393cd6000acb946ebf13

HTTP Headers

GET /Badges/DMCABadgeHelper.min.js HTTP/1.1
Host: images.dmca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-encoding: gzip
content-length: 395
content-type: application/javascript
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
accept-ranges: bytes
server: Microsoft-IIS/10.0
cache-control: public,max-age=31536000
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1669561357.cds216.sk1.hn,1669561357.cds225.sk1.c
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2

images.dmca.com/Badges/dmca-badge-w150-5x1-01.png?ID=//www.dmca.com/Protection/Status.aspx?id=40db18d1-f196-44b0-b3c8-20d1ae39c490

151.139.128.10

200 OK

3.8 kB

URL HTTP/2
images.dmca.com/Badges/dmca-badge-w150-5x1-01.png?ID=//www.dmca.com/Protection/Status.aspx?id=40db18d1-f196-44b0-b3c8-20d1ae39c490
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 150 x 30, 8-bit/color RGBA, interlaced\012- data
Size
3.8 kB (3848 bytes)
Hash
b06874a91d0f39acc37c5892e2c64c32
df0570811b5e98f3f835dee6e3cc5032667b7ce7
02d93a8256b46c43f8b3ddc42506daebb78ca5965f0306d06d5a4c452f838bfe

HTTP Headers

GET /Badges/dmca-badge-w150-5x1-01.png?ID=//www.dmca.com/Protection/Status.aspx?id=40db18d1-f196-44b0-b3c8-20d1ae39c490 HTTP/1.1
Host: images.dmca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-length: 3848
content-type: image/png
last-modified: Mon, 25 Jul 2016 19:39:16 GMT
accept-ranges: bytes
server: Microsoft-IIS/10.0
cache-control: public,max-age=31536000
etag: "85b2ab3aace6d11:0"
x-powered-by: ASP.NET
x-hw: 1669561357.cds216.sk1.hn,1669561357.cds071.sk1.c
link: <https://www.dmca.com/Badges/dmca-badge-w150-5x1-01.png>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:02:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-232907648-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-232907648-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43680 bytes)
Hash
832546dad41ff096864ed5355293634d
a20fe5ae2a06564a2ea626c07f4a4f6f11eaa1b5
9703f0a4ab845e48ddd63d67cec2e04fee46ccd7c638adc21dcd1838a8ae183c

HTTP Headers

GET /gtag/js?id=UA-232907648-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 15:02:37 GMT
expires: Sun, 27 Nov 2022 15:02:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6456
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:02:37 GMT
Last-Modified: Sun, 27 Nov 2022 13:15:02 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 14:11:12 GMT
cache-control: public,max-age=3600
age: 3085
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:02:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
8132b8bc321e7bd9fa37d50575d8eb0a
58eba07acfe8704f5157c0786f9a2a7acadac8b8
c09cc5ec1ebcbbdf93b4e0550d4542fcc8daab9589a8b593b21f53f9a05d3b45

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 15:02:37 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "CBB530448C5FF1674A5CA4779F6B055F2F8DCFC9"
Expires: Mon, 28 Nov 2022 01:00:00 GMT
Last-Modified: Sun, 27 Nov 2022 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3346
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770bbef29869b500-OSL

lcfooiqhro.com/solid.gif?z=1916402&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
lcfooiqhro.com/solid.gif?z=1916402&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /solid.gif?z=1916402&abvar=0 HTTP/1.1
Host: lcfooiqhro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://haysex.net
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

haysex.net/themes/css/font/fontello.woff?5310081

104.26.13.55

200 OK

3.9 kB

URL HTTP/2
haysex.net/themes/css/font/fontello.woff?5310081
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 3904, version 1.0\012- data
Size
3.9 kB (3904 bytes)
Hash
dd4a12d2dff87ef6833d4c6d648d84ea
b06cef19dccced80513fb8fdad487fb688660b5d
4e1f988958d6ddbfe27f19d70c7f15ab02a9190a0b9957e9d918d6d6ae352b7a

HTTP Headers

GET /themes/css/font/fontello.woff?5310081 HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://haysex.net/themes/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: font/woff
content-length: 3904
last-modified: Wed, 30 Mar 2022 09:45:24 GMT
etag: "624426b4-f40"
expires: Tue, 27 Dec 2022 14:33:22 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yZB8yBTr4EK8QiGNVEzaV51u1ycnKTj2rljWgawv3k9RFfZyNCZnY4JEli9n7clOHH5bm0SiJxmKiQ0wrrM5aeBYljRelwdJy82sO2kJF7mMcJ%2FxPdw4oEf4NHE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef2ac380b3d-OSL
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.42.148.177

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.148.177:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NNhF96ETsSdBVXliSrSaPQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ki/0xy7MwSaU2WPX2LLLijdWVo4=

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
8828b1f43d13ff97308e160951412cbb
a002077c6eb9acab9ba94057e68ce721c22cdc31
3a9dcb38b6099e00fa535da4652830dc47ee37e88552c8ba3260e4f81e83ddd1

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3A9DCB38B6099E00FA535DA4652830DC47EE37E88552C8BA3260E4F81E83DDD1"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21512
Expires: Sun, 27 Nov 2022 21:01:09 GMT
Date: Sun, 27 Nov 2022 15:02:37 GMT
Connection: keep-alive

vlxyz.tv/themes/img/600x400.jpeg

172.67.214.145

200 OK

124 kB

URL HTTP/2
vlxyz.tv/themes/img/600x400.jpeg
IP
172.67.214.145:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, progressive, precision 8, 600x400, components 3\012- data
Size
124 kB (123955 bytes)
Hash
95d56f9b364db716ae0132bf8b732743
2c043a423b887c5019ec1db51f381cc676314343
3a0e5259ab3abd926ef21405dcaaea08126a2322a6bbd3add4c8f6ccd088175b

HTTP Headers

GET /themes/img/600x400.jpeg HTTP/1.1
Host: vlxyz.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 123955
last-modified: Sat, 26 Nov 2022 12:00:46 GMT
etag: "6381ffee-1e433"
expires: Mon, 26 Dec 2022 12:30:17 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 95540
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hkXwZGq%2BK%2F4f%2FWwyvwnkFoNAhSNllapzUAxBkFu2EchraCU7aRjx7m1B4mha8Lz2J91XpK4aGIMhODBtpYI6SemokcBX5UxCT5C9ZppKMa0GDOaN1m07Enuaog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef53b7a0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

haysex.net/upload/images/phang-em-y-ta-xinh-dep-dit-bu-hang-qua-ngon.jpg

104.26.13.55

200 OK

24 kB

URL HTTP/2
haysex.net/upload/images/phang-em-y-ta-xinh-dep-dit-bu-hang-qua-ngon.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 500x350, components 3\012- data
Size
24 kB (23514 bytes)
Hash
6dd0ae65c39d93848cf725a16029982c
814487db8a26cb12372397bc04d8b52ad4344e90
c3757b773bc63dd52aef01b8a0741cc6ce52ffca4d707c35101428b25b844502

HTTP Headers

GET /upload/images/phang-em-y-ta-xinh-dep-dit-bu-hang-qua-ngon.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 23514
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "636601b9-5bda"
expires: Tue, 27 Dec 2022 14:33:32 GMT
last-modified: Sat, 05 Nov 2022 06:24:57 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHJ68pFmlsWLyxC9YqlZfPNKN7AbEh6%2B%2FVxh25CsSqg%2FisfumUSz%2BuSuIqaSCltx%2FZa4ssgmHAV%2FcXanw5QfpoNhQlzvFKxqqYDb2I6XAmcLvehKpRtoSSqKz68%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef46dfd0b3d-OSL
X-Firefox-Spdy: h2

gqubkbuinx.com/lv/esnk/1916523/code.js

62.122.171.6

200 OK

70 kB

URL HTTP/2
gqubkbuinx.com/lv/esnk/1916523/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
70 kB (70471 bytes)
Hash
4bb9b6542a6292ff0f1f391283b1b02b
dce8580ba417f70bf32b209c757f417483ba9ec3
dc536399e7eecdd41037cd1ba4c4d7831f9c046035cdef54f09d997960229eff

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1916523/code.js HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

haysex.net/upload/images/su-tro-lai-cua-em-idol-quoc-dan-dam-dang.jpg

104.26.13.55

200 OK

20 kB

URL HTTP/2
haysex.net/upload/images/su-tro-lai-cua-em-idol-quoc-dan-dam-dang.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 500x350, components 3\012- data
Size
20 kB (20283 bytes)
Hash
0611ee4fb919b272890ebb4c751bc8c7
f1168dd7b7fe0ac8ba40577061ee62f915d74b5b
57216be18a27061abc7eb231b4fa6c4a859a9e2140b161e4edb8f9fb1019a600

HTTP Headers

GET /upload/images/su-tro-lai-cua-em-idol-quoc-dan-dam-dang.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 20283
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "62edc7e5-4f3b"
expires: Tue, 27 Dec 2022 14:34:17 GMT
last-modified: Sat, 06 Aug 2022 01:46:13 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzElI4%2BVBZHNTsT4%2BoBqyGKNWmVqkeMbM4bCLpEuMJeday%2Box7%2B6eEXm5fpVgv23ulx5THDyxvN%2FMqo8DXlCbbF9NSaWE2ZurvZh5TmqLR0mcaI34MJwl6rs348%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef46e090b3d-OSL
X-Firefox-Spdy: h2

haysex.net/upload/images/sung-suong-voi-em-gai-van-phong-xinh-dep.jpg

104.26.13.55

200 OK

18 kB

URL HTTP/2
haysex.net/upload/images/sung-suong-voi-em-gai-van-phong-xinh-dep.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 370x222, components 3\012- data
Size
18 kB (17555 bytes)
Hash
efc17d33238b8aeece74e3f5a0fd4fce
f9003cdcf6b173321f16c5cd6e76abf2eadb190f
aa94d4784fb499ef4d8685e8a126e2f53f0662b9c5b5875f844d5e69cf195662

HTTP Headers

GET /upload/images/sung-suong-voi-em-gai-van-phong-xinh-dep.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 17555
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "609df29a-4493"
expires: Tue, 27 Dec 2022 14:34:12 GMT
last-modified: Fri, 14 May 2021 03:46:34 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZRcyzw4%2FE%2F%2Fbshst7pDA%2FNqFNFgoYMw8UYe16%2FuH88ksyXbB5jVhqCq3Lhd%2BRPyUzgwQ8quZkqzm71NAqfjdr86%2BLv9NDLBcwIugqhVW1ZcsY8qYDDGbI4cKuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4be550b3d-OSL
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
8828b1f43d13ff97308e160951412cbb
a002077c6eb9acab9ba94057e68ce721c22cdc31
3a9dcb38b6099e00fa535da4652830dc47ee37e88552c8ba3260e4f81e83ddd1

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3A9DCB38B6099E00FA535DA4652830DC47EE37E88552C8BA3260E4F81E83DDD1"
Last-Modified: Sat, 26 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21512
Expires: Sun, 27 Nov 2022 21:01:09 GMT
Date: Sun, 27 Nov 2022 15:02:37 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
0e08b50c301ae4bd33ea9b49a8ee2130
5f6d793f48aaa2943da2baf2543b020fc9e43e1f
81debbb360930a8b32ffe8669107c4271af78bea60f878832a0bb3c2f61f65bc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 708
Cache-Control: max-age=115417
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:02:37 GMT
Etag: "63829922-117"
Expires: Mon, 28 Nov 2022 23:06:14 GMT
Last-Modified: Sat, 26 Nov 2022 22:54:26 GMT
Server: ECS (amb/6BB2)
X-Cache: HIT
Content-Length: 279

gqubkbuinx.com/lv/esnk/1916524/code.js

62.122.171.6

200 OK

69 kB

URL HTTP/2
gqubkbuinx.com/lv/esnk/1916524/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
69 kB (69190 bytes)
Hash
fcb64cef0b2b5b97a0bbf2b8f4830b81
2b5c3cff7e51625e51d8a024da438e5d6d3c31f1
5f3819f1e610121ee371d68b9fff8fcb3dffb9c8413aa33912f35cc39355b559

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1916524/code.js HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

haysex.net/upload/images/dit-gai-xinh-trong-tiem-cafe-mo-cuc-suong.jpg

104.26.13.55

200 OK

15 kB

URL HTTP/2
haysex.net/upload/images/dit-gai-xinh-trong-tiem-cafe-mo-cuc-suong.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 370x222, components 3\012- data
Size
15 kB (14722 bytes)
Hash
e81fb52a5d9dd8ea88f2924844f4470b
9e1b1149403d141e08d8cc83f122602d11ad9469
089618f955e89ba4889c52db98308cee2e866f0b0bf0e6ab2741c5f3d53d55dc

HTTP Headers

GET /upload/images/dit-gai-xinh-trong-tiem-cafe-mo-cuc-suong.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 14722
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "607f81d0-3982"
expires: Tue, 27 Dec 2022 14:34:38 GMT
last-modified: Wed, 21 Apr 2021 01:37:20 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3l6xEp6BsV2KevT6mAJfT8aBg60PtVsBvraj9jgsZhb3oRd6LD4h%2BkpPwRM%2FPYTVR8hSQnVovGQOOK87XVonMGTfn2TlTPPe1C2xn20kZ3qI%2F1WTjTolt3mRb6s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4ce660b3d-OSL
X-Firefox-Spdy: h2

haysex.net/upload/images/bo-chong-nung-cac-liem-lon-con-dau-vu-to.jpg

104.26.13.55

200 OK

16 kB

URL HTTP/2
haysex.net/upload/images/bo-chong-nung-cac-liem-lon-con-dau-vu-to.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 370x222, components 3\012- data
Size
16 kB (15993 bytes)
Hash
c92ba441ae3951edadb8b31e63fa3019
85ca57a7bfb851ee273efe2be2f19f2be0fc8811
205ce9a3609b9adb31bb17a2f29b329ffb20dda17d7e6b03382d8e1dd389ea7c

HTTP Headers

GET /upload/images/bo-chong-nung-cac-liem-lon-con-dau-vu-to.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 15993
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "617665e6-3e79"
expires: Tue, 27 Dec 2022 14:33:45 GMT
last-modified: Mon, 25 Oct 2021 08:08:06 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f5MkO2mpXATScj097LGhuQX7yQ%2B2KwVjlyihxy2pLJMo53DD7rREacD0bUYvJ1LPjkTKO4N1Zuq1Os3Fu8RJ2gvAlX8XI5k61Uzq1JcGOatHgcXRKVpZRTHxjIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4be540b3d-OSL
X-Firefox-Spdy: h2

haysex.net/upload/images/nu-giao-vien-xinh-dep-ga-chich-hoc-sinh.jpg

104.26.13.55

200 OK

12 kB

URL HTTP/2
haysex.net/upload/images/nu-giao-vien-xinh-dep-ga-chich-hoc-sinh.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 370x222, components 3\012- data
Size
12 kB (12090 bytes)
Hash
a8e7ce0b06b4dcd62dd554f8be14964d
56641a383f34f02fb644b28afb21a0d246a23b9d
177e061b7189e374ca35dfe140c294dd47d52212aca203f5bdd055da4571a783

HTTP Headers

GET /upload/images/nu-giao-vien-xinh-dep-ga-chich-hoc-sinh.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 12090
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "61b6f08c-2f3a"
expires: Tue, 27 Dec 2022 14:33:49 GMT
last-modified: Mon, 13 Dec 2021 07:04:44 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XONviLfmcBnCCBaJyTqKTVBn%2Fs8CTAZahRhUzJX86ZEFFCF4pSf4Bwjlt%2Bx0kXNtXHAr5eYuz%2BOsuaOBjMb%2BvlIvAE2KaDk0q0Wqag0WDpJRNpA%2BK3gfNWeafhA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4be520b3d-OSL
X-Firefox-Spdy: h2

haysex.net/upload/images/dit-em-hot-girl-nhat-ban-cuc-dam-dang.jpg

104.26.13.55

200 OK

16 kB

URL HTTP/2
haysex.net/upload/images/dit-em-hot-girl-nhat-ban-cuc-dam-dang.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 370x222, components 3\012- data
Size
16 kB (16306 bytes)
Hash
aafe8f20a16c95e5dedfc82aea41081b
22ac5bd5b3ff9bf272244f5af47185b39ed68301
9f87111be03b85778acfc1eaf993c19d3c2c72d739adaa4e8e284a6785d722fe

HTTP Headers

GET /upload/images/dit-em-hot-girl-nhat-ban-cuc-dam-dang.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 16306
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "607d16ae-3fb2"
expires: Tue, 27 Dec 2022 14:33:51 GMT
last-modified: Mon, 19 Apr 2021 05:35:42 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iN3eTAH7uwQRdDPuzlSPQGBK6szqHY%2BgQYjMZhhydozxaR7m9a0yckqQM793Lgj4Eg3OAVEcnibMmEWvib4gyposKIx1gMLnWRjFi66w9JVvXZaib22CRt5v3iM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4ce6a0b3d-OSL
X-Firefox-Spdy: h2

haysex.net/upload/images/phang-em-nhan-vien-massage-vu-to-dam-dang.jpg

104.26.13.55

200 OK

28 kB

URL HTTP/2
haysex.net/upload/images/phang-em-nhan-vien-massage-vu-to-dam-dang.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 500x350, components 3\012- data
Size
28 kB (27733 bytes)
Hash
45d559e9f366260e593deb5fb8e96e1d
2ac6732935d60314b378ac4fe8965692c0682d99
af85c737ccdc02e3eb857a54a6555b9fcb6d09c33b7bf18a4e5cbd848fed5569

HTTP Headers

GET /upload/images/phang-em-nhan-vien-massage-vu-to-dam-dang.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 27733
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "62b58f33-6c55"
expires: Tue, 27 Dec 2022 14:34:20 GMT
last-modified: Fri, 24 Jun 2022 10:17:23 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VK0w6%2B48tVXUMrJ42v41kgf1ix6RJfjAVOMAcfiLCcYWYwSu8W%2FcLJ1i2S8QNu6M%2FSdDlsSQIgQCxCZHy542yW0rwtXiqgXFlCb2giU976bvpcp3HcQkW8mxbro%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4be4f0b3d-OSL
X-Firefox-Spdy: h2

haysex.net/upload/images/dit-co-giao-day-boi-dam-dang-cuc-xinh.jpg

104.26.13.55

200 OK

13 kB

URL HTTP/2
haysex.net/upload/images/dit-co-giao-day-boi-dam-dang-cuc-xinh.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 370x222, components 3\012- data
Size
13 kB (12824 bytes)
Hash
a68157983a6de555f69f61950a32f2fe
2c84edbd794d756bbeae0add52fa08721f9ab606
b8032932df26972623eae134f15655db643f4d9e6527adade98cbd9cd9726506

HTTP Headers

GET /upload/images/dit-co-giao-day-boi-dam-dang-cuc-xinh.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 12824
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "607f80f0-3218"
expires: Tue, 27 Dec 2022 14:33:50 GMT
last-modified: Wed, 21 Apr 2021 01:33:36 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JYV7zcneD5vojTMY4SUks8KCjZilT3Rz49KHEmMBuZ12jddOKggS%2FT1vT3Ec9tIHjuHBHPz0FveaFlPK4P6BgrjSOE9umXS3AqbRtJSZwxdfhpyZFR9cRvG%2F1C0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4ce670b3d-OSL
X-Firefox-Spdy: h2

haysex.net/upload/images/chuyen-di-cong-tac-thu-vi-cung-em-nhan-vien-moi.jpg

104.26.13.55

200 OK

14 kB

URL HTTP/2
haysex.net/upload/images/chuyen-di-cong-tac-thu-vi-cung-em-nhan-vien-moi.jpg
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 370x222, components 3\012- data
Size
14 kB (13682 bytes)
Hash
b2760bfdb06ac07c50aa14176d6f299b
b742caaf206c80f5568209488cb0aab0242f36ff
a7c095355181bb13a96c4e28da7f4a14d91286664ed02be1e0fe76a61f434fd9

HTTP Headers

GET /upload/images/chuyen-di-cong-tac-thu-vi-cung-em-nhan-vien-moi.jpg HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/jpeg
content-length: 13682
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: h2pri
etag: "607d186e-3572"
expires: Tue, 27 Dec 2022 14:34:12 GMT
last-modified: Mon, 19 Apr 2021 05:43:10 GMT
pragma: public
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpgyBJmg4tcmIIS0XUSYGT12Xa%2FXPak6X39UqzmlD1ZmK9jsEpi86IdmZtXWK43%2BLHWLAcTJQTkWCwG3cROjO48ntAt36VqsbL2zCLpAm9XdFGMlh2QDoM%2F0ZrI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef4ce690b3d-OSL
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/79d/3ad/ced/79d3adced890532708e7a03e3c974db63f46f429.jpg

172.67.25.161

200 OK

48 kB

URL HTTP/2
cdn.pncloudfl.com/pn/79d/3ad/ced/79d3adced890532708e7a03e3c974db63f46f429.jpg
IP
172.67.25.161:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
48 kB (48526 bytes)
Hash
cd85192d004853eb8e5ec81525678d4b
507e1c1ad6889b32886b725a5fc26d3c7c4de55d
a3a99c2defc7d31c91e0020dc8e5e212c96f0a82b919957f0dc8c106b5c56322

HTTP Headers

GET /pn/79d/3ad/ced/79d3adced890532708e7a03e3c974db63f46f429.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/webp
content-length: 48526
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=86844
content-disposition: inline; filename="79d3adced890532708e7a03e3c974db63f46f429.webp"
etag: 58d749ca552a0919d9b6046c44b0d374
expires: Mon, 28 Nov 2022 16:00:33 GMT
last-modified: Thu, 24 Nov 2022 15:43:12 GMT
vary: Accept
x-openstack-request-id: txb6bc5c45417847c9adf4d-00637f9514
x-proxy-cache: HIT
x-timestamp: 1669304591.73692
x-trans-id: txb6bc5c45417847c9adf4d-00637f9514
cf-cache-status: HIT
age: 82924
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 770bbef60c04b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
0e08b50c301ae4bd33ea9b49a8ee2130
5f6d793f48aaa2943da2baf2543b020fc9e43e1f
81debbb360930a8b32ffe8669107c4271af78bea60f878832a0bb3c2f61f65bc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 708
Cache-Control: max-age=115417
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:02:37 GMT
Etag: "63829922-117"
Expires: Mon, 28 Nov 2022 23:06:14 GMT
Last-Modified: Sat, 26 Nov 2022 22:54:26 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279

aqkkoalfpz.com/solid.gif?z=1946839&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
aqkkoalfpz.com/solid.gif?z=1946839&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1946839&abvar=0 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://haysex.net
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

aqkkoalfpz.com/solid.gif?z=1946839&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
aqkkoalfpz.com/solid.gif?z=1946839&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1946839&abvar=0 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://haysex.net
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

gqubkbuinx.com/get/1916524?zoneid=1916524&jp=_clzjblvrqo4swxvryy8huf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1516791256702618

62.122.171.6

200 OK

2.7 kB

URL HTTP/2
gqubkbuinx.com/get/1916524?zoneid=1916524&jp=_clzjblvrqo4swxvryy8huf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1516791256702618
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
2.7 kB (2723 bytes)
Hash
1072c5163dc9c339c83b9834b0525f8d
9a63434c60a69ef95c509ceec5e3def63f2457dd
d282982828f06044c353cc051bd45d3093370389d043dc3e21a950fb76256724

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1916524?zoneid=1916524&jp=_clzjblvrqo4swxvryy8huf&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1516791256702618 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Cookie: UID=2211271002a122b3ab175147ff874f71920e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

aqkkoalfpz.com/solid.gif?z=1946839&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
aqkkoalfpz.com/solid.gif?z=1946839&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1946839&abvar=0 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://haysex.net
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

aqkkoalfpz.com/solid.gif?z=1946839&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
aqkkoalfpz.com/solid.gif?z=1946839&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1946839&abvar=0 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://haysex.net
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

gqubkbuinx.com/chicken.gif?z=1916523&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=fCU6CgjwsMeHRJOBitdOty6DxqtW9j_SJIqkM7uyqdUpffk8d-CxdiMWvRI5pQ-ZGL-JYGTKmiBNPcpWo4-gHCBLH2qx6ugxCPETRZy7_8m2-6XpK08TBEXPJx6AXy2Ye62Er8lR3Gt5tJPBU0Dszrbm1N5kRNYE2atY-SAAiw5Jd9CnuzijBpz9Ya50QuN9nIM-2AnxhLw9HrlyqDc5fZGDpSNe57e_C72OujUSdu9UjBfXRtJ1JVsGhG8TkDsBbolQSKVe7V9vvzyztsiVrL2Rl4v8S5hJDnPaAHynrmiifJB8oQoMAs64ni9Rnz6o_zQ6PgV6Lz-GsVIad-Xwv306pLJDnmUHdK4IRAjMVy8JUq4mzfSnrnGCIOZubmFmUoIcN95qI3jOcvozT3KtR5HhJDqMxpz8jUKzvrffRvwcFXTQK-9Pbz3y6ETNv6mnHAcO3oK6CMwrdJ5NQeEQreuSFaGs9mj5QCeXQQy8hiw5eCgOHRx1df5eMml77dj87mwywlo07XpwzJgN4ZVMaX-l1cO57W_4mhkK1UARjWWLfXxrx3qjy9mxRb6S46YoG0lvLFALCUpiHD4RxR24rmWgmqKFuNE12M-H4bJOJ4DspkCx4YmYc1F3CNUqFRiTjFhO5f_n-BT1R77XAONgJMT9sjELcBCeRBxwvAeTA_KoNqASWlb0TEPHAadsC0jBWtXrcGpOLB1Y7D0H4hhMj8NqTP_Spy_hSXITGXxFz3SwR2Wm8ZB-9VB07X9CNDlZYKxkpNIyD2gM&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
gqubkbuinx.com/chicken.gif?z=1916523&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=fCU6CgjwsMeHRJOBitdOty6DxqtW9j_SJIqkM7uyqdUpffk8d-CxdiMWvRI5pQ-ZGL-JYGTKmiBNPcpWo4-gHCBLH2qx6ugxCPETRZy7_8m2-6XpK08TBEXPJx6AXy2Ye62Er8lR3Gt5tJPBU0Dszrbm1N5kRNYE2atY-SAAiw5Jd9CnuzijBpz9Ya50QuN9nIM-2AnxhLw9HrlyqDc5fZGDpSNe57e_C72OujUSdu9UjBfXRtJ1JVsGhG8TkDsBbolQSKVe7V9vvzyztsiVrL2Rl4v8S5hJDnPaAHynrmiifJB8oQoMAs64ni9Rnz6o_zQ6PgV6Lz-GsVIad-Xwv306pLJDnmUHdK4IRAjMVy8JUq4mzfSnrnGCIOZubmFmUoIcN95qI3jOcvozT3KtR5HhJDqMxpz8jUKzvrffRvwcFXTQK-9Pbz3y6ETNv6mnHAcO3oK6CMwrdJ5NQeEQreuSFaGs9mj5QCeXQQy8hiw5eCgOHRx1df5eMml77dj87mwywlo07XpwzJgN4ZVMaX-l1cO57W_4mhkK1UARjWWLfXxrx3qjy9mxRb6S46YoG0lvLFALCUpiHD4RxR24rmWgmqKFuNE12M-H4bJOJ4DspkCx4YmYc1F3CNUqFRiTjFhO5f_n-BT1R77XAONgJMT9sjELcBCeRBxwvAeTA_KoNqASWlb0TEPHAadsC0jBWtXrcGpOLB1Y7D0H4hhMj8NqTP_Spy_hSXITGXxFz3SwR2Wm8ZB-9VB07X9CNDlZYKxkpNIyD2gM&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1916523&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=fCU6CgjwsMeHRJOBitdOty6DxqtW9j_SJIqkM7uyqdUpffk8d-CxdiMWvRI5pQ-ZGL-JYGTKmiBNPcpWo4-gHCBLH2qx6ugxCPETRZy7_8m2-6XpK08TBEXPJx6AXy2Ye62Er8lR3Gt5tJPBU0Dszrbm1N5kRNYE2atY-SAAiw5Jd9CnuzijBpz9Ya50QuN9nIM-2AnxhLw9HrlyqDc5fZGDpSNe57e_C72OujUSdu9UjBfXRtJ1JVsGhG8TkDsBbolQSKVe7V9vvzyztsiVrL2Rl4v8S5hJDnPaAHynrmiifJB8oQoMAs64ni9Rnz6o_zQ6PgV6Lz-GsVIad-Xwv306pLJDnmUHdK4IRAjMVy8JUq4mzfSnrnGCIOZubmFmUoIcN95qI3jOcvozT3KtR5HhJDqMxpz8jUKzvrffRvwcFXTQK-9Pbz3y6ETNv6mnHAcO3oK6CMwrdJ5NQeEQreuSFaGs9mj5QCeXQQy8hiw5eCgOHRx1df5eMml77dj87mwywlo07XpwzJgN4ZVMaX-l1cO57W_4mhkK1UARjWWLfXxrx3qjy9mxRb6S46YoG0lvLFALCUpiHD4RxR24rmWgmqKFuNE12M-H4bJOJ4DspkCx4YmYc1F3CNUqFRiTjFhO5f_n-BT1R77XAONgJMT9sjELcBCeRBxwvAeTA_KoNqASWlb0TEPHAadsC0jBWtXrcGpOLB1Y7D0H4hhMj8NqTP_Spy_hSXITGXxFz3SwR2Wm8ZB-9VB07X9CNDlZYKxkpNIyD2gM&abvar=0&os=0 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2211271002a122b3ab175147ff874f71920e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMWJQAAAAAAAAAB; Path=/; Expires=Tue, 27 Dec 2022 15:02:37 GMT; Secure; SameSite=None
OACIBLOCK=ACMWJQAAAABjgu7Q; Path=/; Expires=Tue, 27 Dec 2022 15:02:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Mon, 28 Nov 2022 15:02:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

gqubkbuinx.com/chicken.gif?z=1916524&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=8j1iXIvire2t-ZtodBsKtmuxg1qNrCVnO-jlC_cfXiyywvloI6zmsLIzW54BkUtmOcnL8AzF8t5BmxwY6B2mDH8KLjs2-oi6nw0Wpx4BlvCUkRCLqgCQesV6ep4BG9tbHSXXmSbVzvjIhU93-cogmH6WhJpkuilqEAu3sUcOnocpK5GEv68vmxbXMx0nG3094TeCYrVB3nsL6Fpi8zwwD2vIdMt20paIKpjyTFJwcb8Ekd3tJxw0v7YbGhN0MYD1BPy7xAbXqtp6QAPxAU9gqdcXpw2ERkGgeXSwmQCrDnwVW-EbMKKOrIXsV3x8feGMm5T4kul8E65oYDPzGqU_jj5qulOYetdNDuV89vZ-vAgNop5HG30cQiW0aOBTYoe7A3YwqTFEPJ7JUTF_S0lfOaxZbvF9YEy1FOEYcpvhpBa_r_FkYr7yEzWjbNrUmkEh5uFEN90cUVAFHJrAuQu9CNO7tqXkN6R6Hv3s7l467dFGplgIja9Lt2ptA6fs6GC8CnQIhx_PxIQtlyWGC_7TMEuy424j2TwZJ_icPX2I11M08_ZM49Ho9AtoSZVVKM0xTrJOPg-tzB9deHDZiWnTh1ehzx1pQPSLW_a8FNygyFY0v7CKNTT3YHQRzjW9L-C_IOI9BaVJMKgcAoSXWCN9AjfvPvBvvWaoVtu8l9BxYT9pg1MMyxzmZAmOicnQlfLGR31c9o2jsf9G4tRx0P5t6oH_YfDvwz176L6whIA_NNLs7nTjFSjRFUYl3mEB91MWq72JUWDlgNCh&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
gqubkbuinx.com/chicken.gif?z=1916524&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=8j1iXIvire2t-ZtodBsKtmuxg1qNrCVnO-jlC_cfXiyywvloI6zmsLIzW54BkUtmOcnL8AzF8t5BmxwY6B2mDH8KLjs2-oi6nw0Wpx4BlvCUkRCLqgCQesV6ep4BG9tbHSXXmSbVzvjIhU93-cogmH6WhJpkuilqEAu3sUcOnocpK5GEv68vmxbXMx0nG3094TeCYrVB3nsL6Fpi8zwwD2vIdMt20paIKpjyTFJwcb8Ekd3tJxw0v7YbGhN0MYD1BPy7xAbXqtp6QAPxAU9gqdcXpw2ERkGgeXSwmQCrDnwVW-EbMKKOrIXsV3x8feGMm5T4kul8E65oYDPzGqU_jj5qulOYetdNDuV89vZ-vAgNop5HG30cQiW0aOBTYoe7A3YwqTFEPJ7JUTF_S0lfOaxZbvF9YEy1FOEYcpvhpBa_r_FkYr7yEzWjbNrUmkEh5uFEN90cUVAFHJrAuQu9CNO7tqXkN6R6Hv3s7l467dFGplgIja9Lt2ptA6fs6GC8CnQIhx_PxIQtlyWGC_7TMEuy424j2TwZJ_icPX2I11M08_ZM49Ho9AtoSZVVKM0xTrJOPg-tzB9deHDZiWnTh1ehzx1pQPSLW_a8FNygyFY0v7CKNTT3YHQRzjW9L-C_IOI9BaVJMKgcAoSXWCN9AjfvPvBvvWaoVtu8l9BxYT9pg1MMyxzmZAmOicnQlfLGR31c9o2jsf9G4tRx0P5t6oH_YfDvwz176L6whIA_NNLs7nTjFSjRFUYl3mEB91MWq72JUWDlgNCh&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1916524&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=8j1iXIvire2t-ZtodBsKtmuxg1qNrCVnO-jlC_cfXiyywvloI6zmsLIzW54BkUtmOcnL8AzF8t5BmxwY6B2mDH8KLjs2-oi6nw0Wpx4BlvCUkRCLqgCQesV6ep4BG9tbHSXXmSbVzvjIhU93-cogmH6WhJpkuilqEAu3sUcOnocpK5GEv68vmxbXMx0nG3094TeCYrVB3nsL6Fpi8zwwD2vIdMt20paIKpjyTFJwcb8Ekd3tJxw0v7YbGhN0MYD1BPy7xAbXqtp6QAPxAU9gqdcXpw2ERkGgeXSwmQCrDnwVW-EbMKKOrIXsV3x8feGMm5T4kul8E65oYDPzGqU_jj5qulOYetdNDuV89vZ-vAgNop5HG30cQiW0aOBTYoe7A3YwqTFEPJ7JUTF_S0lfOaxZbvF9YEy1FOEYcpvhpBa_r_FkYr7yEzWjbNrUmkEh5uFEN90cUVAFHJrAuQu9CNO7tqXkN6R6Hv3s7l467dFGplgIja9Lt2ptA6fs6GC8CnQIhx_PxIQtlyWGC_7TMEuy424j2TwZJ_icPX2I11M08_ZM49Ho9AtoSZVVKM0xTrJOPg-tzB9deHDZiWnTh1ehzx1pQPSLW_a8FNygyFY0v7CKNTT3YHQRzjW9L-C_IOI9BaVJMKgcAoSXWCN9AjfvPvBvvWaoVtu8l9BxYT9pg1MMyxzmZAmOicnQlfLGR31c9o2jsf9G4tRx0P5t6oH_YfDvwz176L6whIA_NNLs7nTjFSjRFUYl3mEB91MWq72JUWDlgNCh&abvar=0&os=0 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2211271002a122b3ab175147ff874f71920e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMWJQAAAAAAAAAB; Path=/; Expires=Tue, 27 Dec 2022 15:02:37 GMT; Secure; SameSite=None
OACIBLOCK=ACMWJQAAAABjgu7Q; Path=/; Expires=Tue, 27 Dec 2022 15:02:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Mon, 28 Nov 2022 15:02:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

gqubkbuinx.com/chicken.gif?z=1916521&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=mrHE1x_tlflQ6JWJAEcAJaom48SivHlvrJ-r7ChNw0rOCnHoF429ZU0TcCTj0GuUQ8SSnm1B8qPP7xVmA93TaPGWEktCyg6b-oPK6AftwpL5bQmvKmfYemiNbewSsZe9LgaBVwEHF1fr99S7GrYdhQIHExGokit6UlM1Xdldo5x_PZdU83977MgqN9H7mm5n893zo6n0334is2dkBNM6DVfucLJ5Zc9vm2w3qxcxagBqUzQcywNvqPrbclj3B88ylLbFUSNHMT_mgUrG7FT232RO0DheneqoaiIY3d20ac9LJ_-VyOukcVIKdChBWubPdF7Pn4PGVUBL0GaMgEAgHTIAPiMGDrRh-HhLX7QWsHLhuNoK_BRgnx_wDoK7Kd-rdeLe0bSKe2sKYQolaNM5o7klIeXp_M_ph2rlnzD5hqtfTFoGTmHqmJQGCto1V8Ye_-s5i6Na3sBw2p16D13Q4PhYfAla5qtkr4LXLuxiHeiqO8jc-bbsm-3NkBnbNN9xziZLS5dnVrHz8PwF-plS6qt0EC8UKt-xb_XdUySNJPkc3_eHCivXhzqsHCFuAXLyDPqVi_tUYSbMRblykoxqtmX8HJetjXfRqCc9DqW78T7WC_54u_YmncMK4hS7lAPdxSCG1-DFyESgc1Ts0V-zZA-9de7ETT5hnn-IP6qaygN3YPDKxP2biBRBR9uHNZPBiO4wusvcn1EJeg58M6c-t3uyb6YToUFhemqj61Mwhef4ZKvSeGQYUWldKCCjtVfXYMzh8pjH_Sky&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
gqubkbuinx.com/chicken.gif?z=1916521&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=mrHE1x_tlflQ6JWJAEcAJaom48SivHlvrJ-r7ChNw0rOCnHoF429ZU0TcCTj0GuUQ8SSnm1B8qPP7xVmA93TaPGWEktCyg6b-oPK6AftwpL5bQmvKmfYemiNbewSsZe9LgaBVwEHF1fr99S7GrYdhQIHExGokit6UlM1Xdldo5x_PZdU83977MgqN9H7mm5n893zo6n0334is2dkBNM6DVfucLJ5Zc9vm2w3qxcxagBqUzQcywNvqPrbclj3B88ylLbFUSNHMT_mgUrG7FT232RO0DheneqoaiIY3d20ac9LJ_-VyOukcVIKdChBWubPdF7Pn4PGVUBL0GaMgEAgHTIAPiMGDrRh-HhLX7QWsHLhuNoK_BRgnx_wDoK7Kd-rdeLe0bSKe2sKYQolaNM5o7klIeXp_M_ph2rlnzD5hqtfTFoGTmHqmJQGCto1V8Ye_-s5i6Na3sBw2p16D13Q4PhYfAla5qtkr4LXLuxiHeiqO8jc-bbsm-3NkBnbNN9xziZLS5dnVrHz8PwF-plS6qt0EC8UKt-xb_XdUySNJPkc3_eHCivXhzqsHCFuAXLyDPqVi_tUYSbMRblykoxqtmX8HJetjXfRqCc9DqW78T7WC_54u_YmncMK4hS7lAPdxSCG1-DFyESgc1Ts0V-zZA-9de7ETT5hnn-IP6qaygN3YPDKxP2biBRBR9uHNZPBiO4wusvcn1EJeg58M6c-t3uyb6YToUFhemqj61Mwhef4ZKvSeGQYUWldKCCjtVfXYMzh8pjH_Sky&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1916521&pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=mrHE1x_tlflQ6JWJAEcAJaom48SivHlvrJ-r7ChNw0rOCnHoF429ZU0TcCTj0GuUQ8SSnm1B8qPP7xVmA93TaPGWEktCyg6b-oPK6AftwpL5bQmvKmfYemiNbewSsZe9LgaBVwEHF1fr99S7GrYdhQIHExGokit6UlM1Xdldo5x_PZdU83977MgqN9H7mm5n893zo6n0334is2dkBNM6DVfucLJ5Zc9vm2w3qxcxagBqUzQcywNvqPrbclj3B88ylLbFUSNHMT_mgUrG7FT232RO0DheneqoaiIY3d20ac9LJ_-VyOukcVIKdChBWubPdF7Pn4PGVUBL0GaMgEAgHTIAPiMGDrRh-HhLX7QWsHLhuNoK_BRgnx_wDoK7Kd-rdeLe0bSKe2sKYQolaNM5o7klIeXp_M_ph2rlnzD5hqtfTFoGTmHqmJQGCto1V8Ye_-s5i6Na3sBw2p16D13Q4PhYfAla5qtkr4LXLuxiHeiqO8jc-bbsm-3NkBnbNN9xziZLS5dnVrHz8PwF-plS6qt0EC8UKt-xb_XdUySNJPkc3_eHCivXhzqsHCFuAXLyDPqVi_tUYSbMRblykoxqtmX8HJetjXfRqCc9DqW78T7WC_54u_YmncMK4hS7lAPdxSCG1-DFyESgc1Ts0V-zZA-9de7ETT5hnn-IP6qaygN3YPDKxP2biBRBR9uHNZPBiO4wusvcn1EJeg58M6c-t3uyb6YToUFhemqj61Mwhef4ZKvSeGQYUWldKCCjtVfXYMzh8pjH_Sky&abvar=0&os=0 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2211271002a122b3ab175147ff874f71920e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACMWJQAAAAAAAAAB; Path=/; Expires=Tue, 27 Dec 2022 15:02:37 GMT; Secure; SameSite=None
OACIBLOCK=ACMWJQAAAABjgu7Q; Path=/; Expires=Tue, 27 Dec 2022 15:02:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Mon, 28 Nov 2022 15:02:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_cl5q6as4bfiymzv9319lj4&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4331541023813789

62.122.171.6

200 OK

100 B

URL HTTP/2
aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_cl5q6as4bfiymzv9319lj4&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4331541023813789
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
100 B (100 bytes)
Hash
1edf4e18257b5a6b03aa2f6bbba37e0c
44182c9aaacc2561e3f32a8edcebbe4bcdfa1191
4a2e9f57b51da7ea3174200d627fe72b486e13672b957fe33e0800a24f1f4069

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1946839?zoneid=1946839&jp=_cl5q6as4bfiymzv9319lj4&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4331541023813789 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22112710028173b612680544f98774ff9161; Path=/; Expires=Mon, 27 Nov 2023 15:02:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clfn2du3njdamoalhvjktn&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8272190697734712

62.122.171.6

200 OK

100 B

URL HTTP/2
aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clfn2du3njdamoalhvjktn&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8272190697734712
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
100 B (100 bytes)
Hash
1edf4e18257b5a6b03aa2f6bbba37e0c
44182c9aaacc2561e3f32a8edcebbe4bcdfa1191
4a2e9f57b51da7ea3174200d627fe72b486e13672b957fe33e0800a24f1f4069

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1946839?zoneid=1946839&jp=_clfn2du3njdamoalhvjktn&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8272190697734712 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=221127100225e2dad0d2c6454b8727e409b4; Path=/; Expires=Mon, 27 Nov 2023 15:02:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

gqubkbuinx.com/get/1916428?zoneid=1916428&jp=_clru9tae41bx3jzaa2t0ef&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=109416373154869

62.122.171.6

200 OK

28 kB

URL HTTP/2
gqubkbuinx.com/get/1916428?zoneid=1916428&jp=_clru9tae41bx3jzaa2t0ef&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=109416373154869
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
28 kB (27855 bytes)
Hash
2bc10b9902903eefccafc960d2b6cb74
5908c97cdb41a91710721d5f4f6905a83a21a8ef
960bdac0b8dd738701d495ea2727f6465cf5277a5328412ef29118811d7ae187

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1916428?zoneid=1916428&jp=_clru9tae41bx3jzaa2t0ef&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=109416373154869 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Cookie: UID=2211271002a122b3ab175147ff874f71920e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

limurol.com/ssp/req/1916402/?pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=ySZyta1ak71dFkz5QYhEK5RPkPUTjyb0z5XSRxbaYayX8wdPeUxy2ic1ZjcER2CZTWnaK9TbxAyd6BWg0gpUWsGXz_AniwhOiLJa7SXQ-x6i3hT6okczs1P8ZoQPZ_vdIgqovVtgeqnzRNwTTj-SNJB8lBoNG3WTQjVZ2eV5imr0x-Gg2ZMoDd1st_C-gQVEAelCU35Xf77qn-mFNztpkCEtpxNx4FA8pNq5RhcguDPFj_ZTjizIP7czD8a8NKQtCmTK6KqDRiXZtI01mCQ7BatHBXI_gnnirnHutmbhRzlpGvF12IjzKituXvjoOXuTBHpWr-7aQSdnEtPhh5Pmuq-qxHOITZGXak6qDBCzpzolWG7K_blilROCrTrZKs6X0djx0WKR32Oh7zaYSZrgIeIKKtj4cXHwZjX0P86QuMpsyZXv_wpctDbT-HSW3xUfDjI1W0RO88gWFKDVB1QUFKeHtam0JqaGfyTc6PrQc4zKQxK1OeahlcEz3T2qysAOIb4m0IeccJec57cCXsoN76el41kY7iZ6NznDsgNQ89VgroZgETPzV6rpiKWuuLQNUQz1GKV4A3D8qXCY1IwYnQPF&cb=_cl1r4e67wmyonx8jwuvyff&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1916402/?pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=ySZyta1ak71dFkz5QYhEK5RPkPUTjyb0z5XSRxbaYayX8wdPeUxy2ic1ZjcER2CZTWnaK9TbxAyd6BWg0gpUWsGXz_AniwhOiLJa7SXQ-x6i3hT6okczs1P8ZoQPZ_vdIgqovVtgeqnzRNwTTj-SNJB8lBoNG3WTQjVZ2eV5imr0x-Gg2ZMoDd1st_C-gQVEAelCU35Xf77qn-mFNztpkCEtpxNx4FA8pNq5RhcguDPFj_ZTjizIP7czD8a8NKQtCmTK6KqDRiXZtI01mCQ7BatHBXI_gnnirnHutmbhRzlpGvF12IjzKituXvjoOXuTBHpWr-7aQSdnEtPhh5Pmuq-qxHOITZGXak6qDBCzpzolWG7K_blilROCrTrZKs6X0djx0WKR32Oh7zaYSZrgIeIKKtj4cXHwZjX0P86QuMpsyZXv_wpctDbT-HSW3xUfDjI1W0RO88gWFKDVB1QUFKeHtam0JqaGfyTc6PrQc4zKQxK1OeahlcEz3T2qysAOIb4m0IeccJec57cCXsoN76el41kY7iZ6NznDsgNQ89VgroZgETPzV6rpiKWuuLQNUQz1GKV4A3D8qXCY1IwYnQPF&cb=_cl1r4e67wmyonx8jwuvyff&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1916402/?pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=ySZyta1ak71dFkz5QYhEK5RPkPUTjyb0z5XSRxbaYayX8wdPeUxy2ic1ZjcER2CZTWnaK9TbxAyd6BWg0gpUWsGXz_AniwhOiLJa7SXQ-x6i3hT6okczs1P8ZoQPZ_vdIgqovVtgeqnzRNwTTj-SNJB8lBoNG3WTQjVZ2eV5imr0x-Gg2ZMoDd1st_C-gQVEAelCU35Xf77qn-mFNztpkCEtpxNx4FA8pNq5RhcguDPFj_ZTjizIP7czD8a8NKQtCmTK6KqDRiXZtI01mCQ7BatHBXI_gnnirnHutmbhRzlpGvF12IjzKituXvjoOXuTBHpWr-7aQSdnEtPhh5Pmuq-qxHOITZGXak6qDBCzpzolWG7K_blilROCrTrZKs6X0djx0WKR32Oh7zaYSZrgIeIKKtj4cXHwZjX0P86QuMpsyZXv_wpctDbT-HSW3xUfDjI1W0RO88gWFKDVB1QUFKeHtam0JqaGfyTc6PrQc4zKQxK1OeahlcEz3T2qysAOIb4m0IeccJec57cCXsoN76el41kY7iZ6NznDsgNQ89VgroZgETPzV6rpiKWuuLQNUQz1GKV4A3D8qXCY1IwYnQPF&cb=_cl1r4e67wmyonx8jwuvyff&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:38 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2211271002d5c290e86a6640f7b22af288e9; Path=/; Expires=Mon, 27 Nov 2023 15:02:38 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1916402/?pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=ySZyta1ak71dFkz5QYhEK5RPkPUTjyb0z5XSRxbaYayX8wdPeUxy2ic1ZjcER2CZTWnaK9TbxAyd6BWg0gpUWsGXz_AniwhOiLJa7SXQ-x6i3hT6okczs1P8ZoQPZ_vdIgqovVtgeqnzRNwTTj-SNJB8lBoNG3WTQjVZ2eV5imr0x-Gg2ZMoDd1st_C-gQVEAelCU35Xf77qn-mFNztpkCEtpxNx4FA8pNq5RhcguDPFj_ZTjizIP7czD8a8NKQtCmTK6KqDRiXZtI01mCQ7BatHBXI_gnnirnHutmbhRzlpGvF12IjzKituXvjoOXuTBHpWr-7aQSdnEtPhh5Pmuq-qxHOITZGXak6qDBCzpzolWG7K_blilROCrTrZKs6X0djx0WKR32Oh7zaYSZrgIeIKKtj4cXHwZjX0P86QuMpsyZXv_wpctDbT-HSW3xUfDjI1W0RO88gWFKDVB1QUFKeHtam0JqaGfyTc6PrQc4zKQxK1OeahlcEz3T2qysAOIb4m0IeccJec57cCXsoN76el41kY7iZ6NznDsgNQ89VgroZgETPzV6rpiKWuuLQNUQz1GKV4A3D8qXCY1IwYnQPF&cb=_cl1r4e67wmyonx8jwuvyff&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1916402/?pb=cd58fc165634ea6ee019be0f43e04f5d1669568557&psp=ySZyta1ak71dFkz5QYhEK5RPkPUTjyb0z5XSRxbaYayX8wdPeUxy2ic1ZjcER2CZTWnaK9TbxAyd6BWg0gpUWsGXz_AniwhOiLJa7SXQ-x6i3hT6okczs1P8ZoQPZ_vdIgqovVtgeqnzRNwTTj-SNJB8lBoNG3WTQjVZ2eV5imr0x-Gg2ZMoDd1st_C-gQVEAelCU35Xf77qn-mFNztpkCEtpxNx4FA8pNq5RhcguDPFj_ZTjizIP7czD8a8NKQtCmTK6KqDRiXZtI01mCQ7BatHBXI_gnnirnHutmbhRzlpGvF12IjzKituXvjoOXuTBHpWr-7aQSdnEtPhh5Pmuq-qxHOITZGXak6qDBCzpzolWG7K_blilROCrTrZKs6X0djx0WKR32Oh7zaYSZrgIeIKKtj4cXHwZjX0P86QuMpsyZXv_wpctDbT-HSW3xUfDjI1W0RO88gWFKDVB1QUFKeHtam0JqaGfyTc6PrQc4zKQxK1OeahlcEz3T2qysAOIb4m0IeccJec57cCXsoN76el41kY7iZ6NznDsgNQ89VgroZgETPzV6rpiKWuuLQNUQz1GKV4A3D8qXCY1IwYnQPF&cb=_cl1r4e67wmyonx8jwuvyff&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:38 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=221127100221460d0662bf4c129b21a7170b; Path=/; Expires=Mon, 27 Nov 2023 15:02:38 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 27 Nov 2022 14:41:08 GMT
expires: Sun, 27 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 1290
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clt0rjvu7z9hxf2uwttfi&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050066047072446

62.122.171.6

200 OK

529 B

URL HTTP/2
aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clt0rjvu7z9hxf2uwttfi&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050066047072446
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
529 B (529 bytes)
Hash
7a740e8fa8a4dda04d191a1f6c6f373e
439eaac0af63d806bd51c169ef0cc62231269443
cc029147a59e89e006a03dc17a879790f98f83ab8d74adc5af714f75e4378e9d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1946839?zoneid=1946839&jp=_clt0rjvu7z9hxf2uwttfi&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=4050066047072446 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2211271002c9048d9e830e4bc8825769ba78; Path=/; Expires=Mon, 27 Nov 2023 15:02:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2892
Expires: Sun, 27 Nov 2022 15:50:51 GMT
Date: Sun, 27 Nov 2022 15:02:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2892
Expires: Sun, 27 Nov 2022 15:50:51 GMT
Date: Sun, 27 Nov 2022 15:02:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2892
Expires: Sun, 27 Nov 2022 15:50:51 GMT
Date: Sun, 27 Nov 2022 15:02:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2892
Expires: Sun, 27 Nov 2022 15:50:51 GMT
Date: Sun, 27 Nov 2022 15:02:39 GMT
Connection: keep-alive

aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_cl23hb1vqs4p9clnhkwoer&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=3768591070394420

62.122.171.6

200 OK

13 kB

URL HTTP/2
aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_cl23hb1vqs4p9clnhkwoer&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=3768591070394420
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
13 kB (13106 bytes)
Hash
eeb548ff71ff4b31db6579615117d28d
125fcfb5745e9ed546cbeba7716657508262fdc0
78210e905dc11e691715ba5ece73a6c396c49a417bfdb2f171bfa4e0ed632d7b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1946839?zoneid=1946839&jp=_cl23hb1vqs4p9clnhkwoer&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=3768591070394420 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22112710020c2dc28c7ed44b279e445e6bb5; Path=/; Expires=Mon, 27 Nov 2023 15:02:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 61862
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10199 bytes)
Hash
2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 61858
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8387 bytes)
Hash
4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: e4ce369f-7654-4c1a-94c2-70c913eb1a01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFL0tEcqIAMFXHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec01d-37bd969f4cdfe220096b8c1f;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:51:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: __2hrJIdzCKzhuJ_YfbSSfz-WwyIqnPugk7P6SuYSjn6b2wwm0otCw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:58:18 GMT
age: 65061
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6883 bytes)
Hash
f7f16c0f8a8e710210ce77c0e4c1c2a2
590c34be54c9889eec4ff7993e070fda836f711f
4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6883
x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cL1ySF0tIAMFY4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GT3Futv4Ztnl2Og2TQFk5311m92Mv_jfvkIZYJXpjJMdkxSB6MI06g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 06:42:16 GMT
age: 30023
etag: "590c34be54c9889eec4ff7993e070fda836f711f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7380 bytes)
Hash
76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 61951
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

haysex.net/themes/css/style.css

104.26.13.55

200 OK

0 B

URL HTTP/2
haysex.net/themes/css/style.css
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /themes/css/style.css HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: text/css
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=34196
etag: W/"63762d65-8594"
expires: Tue, 27 Dec 2022 12:33:17 GMT
last-modified: Thu, 17 Nov 2022 12:47:33 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 6127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSE7ihE1yCCTutOxrBsAychqS7xHkuyJ2vIPa0QHyELoQ4h3AAfqGkBIBvnT3mUet8gBLNJ9bWMiNBynHLtYiGd9BZz343Vi8S4%2FD%2BofcoFqVUmfEktGhvN6Oz0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bbef0fa940b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

haysex.net/themes/js/jquery.lazyload.min.js

104.26.13.55

200 OK

0 B

URL HTTP/2
haysex.net/themes/js/jquery.lazyload.min.js
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /themes/js/jquery.lazyload.min.js HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: application/javascript
last-modified: Wed, 30 Mar 2022 10:10:28 GMT
vary: Accept-Encoding
etag: W/"62442c94-d35"
expires: Tue, 27 Dec 2022 12:33:17 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 6127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfaBSi5DP2XyplA097zqzFrQ4Lm0U2UGmJM%2BOA2U1n9E8zAQUUgfuIyuvoN9iSBv0j%2BYwAk48A87dYdSg%2F00EtrkIEIPK4noM%2BSn86PBJAQFJmj%2B%2BxGg%2B8z7Ldc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bbef10ab20b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

haysex.net/themes/css/font-awesome/all.min.css

104.26.13.55

200 OK

0 B

URL HTTP/2
haysex.net/themes/css/font-awesome/all.min.css
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /themes/css/font-awesome/all.min.css HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: text/css
last-modified: Fri, 24 Jun 2022 09:17:52 GMT
vary: Accept-Encoding
etag: W/"62b58140-2a63a"
expires: Tue, 27 Dec 2022 12:33:17 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 6127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwWb0Qxm%2FMvWLavZjZXhiE1phX%2FoVlMUVNraUKFL7ocCXjvcQNNU7nDSvfb4EFIpvlnFQ5I1ukHHK6y83rccS3VVgHPgZxfZdlw%2B6b7mfExa0zjBXvJtYwVMPbI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bbef0fa960b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

haysex.net/themes/js/main.js

104.26.13.55

200 OK

0 B

URL HTTP/2
haysex.net/themes/js/main.js
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /themes/js/main.js HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=5146
etag: W/"6376341c-141a"
expires: Tue, 27 Dec 2022 12:33:17 GMT
last-modified: Thu, 17 Nov 2022 13:16:12 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 6126
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=my4%2Bd4YftMcVqk7NailMf256TZRy4Eo2DcOIc7wPD0rKeKtdPCMZrRHtM6eHPp2mWPcHd6LDGvA%2BX0hCqsXHeNjfRQd8BKfOU59CkxWMiXoCqO%2Foro5cjbRYJV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bbef13ace0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

widgets.amung.us/draw/?w=small&n=19700&c=ffc20e000000&p=left

172.67.8.141

200 OK

0 B

URL HTTP/2
widgets.amung.us/draw/?w=small&n=19700&c=ffc20e000000&p=left
IP
172.67.8.141:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /draw/?w=small&n=19700&c=ffc20e000000&p=left HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://haysex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:38 GMT
content-type: image/png
content-disposition: filename=wau-widget.png
expires: Fri, 04 Nov 2022 21:52:39 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 2048999
last-modified: Thu, 03 Nov 2022 21:52:39 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbefb0b9eb503-OSL
X-Firefox-Spdy: h2

haysex.net/themes/js/media.js

104.26.13.55

200 OK

0 B

URL HTTP/2
haysex.net/themes/js/media.js
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /themes/js/media.js HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=5009
etag: W/"6382123c-1391"
expires: Tue, 27 Dec 2022 12:33:17 GMT
last-modified: Sat, 26 Nov 2022 13:18:52 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 6127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GV4T7ADAb%2B7SSbLdtzc2z3F1N3kFjK0ub5%2F5Ua%2BOy%2B0WZu5ExI%2FAzqLXQC6%2F1Kl4o1fiiXJ30czOvvesG2Hu7TSYxbwRQV34LjkCe08zaH8SmTMCP%2BFUJHAVkTc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bbef0fa990b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

gqubkbuinx.com/lv/esnk/1916428/code.js

62.122.171.6

200 OK

0 B

URL HTTP/2
gqubkbuinx.com/lv/esnk/1916428/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1916428/code.js HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

gqubkbuinx.com/get/1916427?zoneid=1916427&jp=_clgortd6w9kg5n3m0iuovb&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6301865860741736

62.122.171.6

200 OK

0 B

URL HTTP/2
gqubkbuinx.com/get/1916427?zoneid=1916427&jp=_clgortd6w9kg5n3m0iuovb&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6301865860741736
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1916427?zoneid=1916427&jp=_clgortd6w9kg5n3m0iuovb&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6301865860741736 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2211271002a122b3ab175147ff874f71920e; Path=/; Expires=Mon, 27 Nov 2023 15:02:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

lcfooiqhro.com/t/9/fret/meow4/1916402/392bbae2.js

62.122.171.6

200 OK

0 B

URL HTTP/2
lcfooiqhro.com/t/9/fret/meow4/1916402/392bbae2.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t/9/fret/meow4/1916402/392bbae2.js HTTP/1.1
Host: lcfooiqhro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-10f52"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

haysex.net/themes/js/jquery.js

104.26.13.55

200 OK

0 B

URL HTTP/2
haysex.net/themes/js/jquery.js
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /themes/js/jquery.js HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:36 GMT
content-type: application/javascript
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
cf-bgj: minify
cf-polished: origSize=84261
etag: W/"5a51f106-14925"
expires: Tue, 27 Dec 2022 12:33:17 GMT
last-modified: Sun, 07 Jan 2018 10:05:58 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 6127
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LLT%2FlUpFD%2BIIMRG0z8a7c34%2F0NteHwO0g58ZUhlWSZNPAyAfT1%2FWDda4Wj1vHls3TS8FmxA4YDLYaFKvV6tASrK80at9mHNnDQ9p4iYeU589d5DTeCBsLZql8PM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770bbef0fa970b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

gqubkbuinx.com/lv/esnk/1916427/code.js

62.122.171.6

200 OK

0 B

URL HTTP/2
gqubkbuinx.com/lv/esnk/1916427/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1916427/code.js HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

gqubkbuinx.com/lv/esnk/1916521/code.js

62.122.171.6

200 OK

0 B

URL HTTP/2
gqubkbuinx.com/lv/esnk/1916521/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1916521/code.js HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

gqubkbuinx.com/get/1916521?zoneid=1916521&jp=_clwgb1d6dn92tktegcubms&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553665674475725

62.122.171.6

200 OK

0 B

URL HTTP/2
gqubkbuinx.com/get/1916521?zoneid=1916521&jp=_clwgb1d6dn92tktegcubms&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553665674475725
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1916521?zoneid=1916521&jp=_clwgb1d6dn92tktegcubms&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553665674475725 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Cookie: UID=2211271002a122b3ab175147ff874f71920e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clup7gsjv7t33z42q55a52&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=109416373152822

62.122.171.6

200 OK

0 B

URL HTTP/2
aqkkoalfpz.com/get/1946839?zoneid=1946839&jp=_clup7gsjv7t33z42q55a52&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=109416373152822
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1946839?zoneid=1946839&jp=_clup7gsjv7t33z42q55a52&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=109416373152822 HTTP/1.1
Host: aqkkoalfpz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=221127100213860eae3c204d10b2250ad760; Path=/; Expires=Mon, 27 Nov 2023 15:02:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

whos.amung.us/swidget/haysexnet

172.67.8.141

307 Temporary Redirect

0 B

URL HTTP/2
whos.amung.us/swidget/haysexnet
IP
172.67.8.141:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /swidget/haysexnet HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 307 Temporary Redirect
date: Sun, 27 Nov 2022 15:02:38 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/draw/?w=small&n=19700&c=ffc20e000000&p=left
cache-control: max-age=295
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 770bbef95995b503-OSL
X-Firefox-Spdy: h2

haysex.net/themes/img/favicon.ico

104.26.13.55

200 OK

0 B

URL HTTP/2
haysex.net/themes/img/favicon.ico
IP
104.26.13.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /themes/img/favicon.ico HTTP/1.1
Host: haysex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/tag/yua-mikami/
Cookie: open_popup=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:02:38 GMT
content-type: image/x-icon
last-modified: Fri, 24 Jun 2022 08:52:33 GMT
etag: W/"62b57b51-18cb8"
expires: Tue, 27 Dec 2022 12:33:19 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 6123
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sVXP4Lg%2FaEh8qTWqqCiUbjN%2FSuvqrBY8E3h0ODpDCoYtb9RypSufeGjdzoplPB32e8mhHHgrxzlf%2F7uSB56czPiua8k3USduDSknUzWlYDAJ76l8x%2BWFmoMbnvM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770bbef8d9e20b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2

gqubkbuinx.com/get/1916523?zoneid=1916523&jp=_clx3tnjnj8k26t35hgt2kg&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235316279999564

62.122.171.6

200 OK

0 B

URL HTTP/2
gqubkbuinx.com/get/1916523?zoneid=1916523&jp=_clx3tnjnj8k26t35hgt2kg&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235316279999564
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1916523?zoneid=1916523&jp=_clx3tnjnj8k26t35hgt2kg&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=1235316279999564 HTTP/1.1
Host: gqubkbuinx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haysex.net/
Cookie: UID=2211271002a122b3ab175147ff874f71920e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:02:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations