Report - www.allflagstafflodging.com/tosite.php?url=https://vk.cc/cow0Zw?9025&pageid=22907

Report Overview

Visited public
2023-12-07 09:27:30
Tags
Submit Tags
URL
www.allflagstafflodging.com/tosite.php?url=https://vk.cc/cow0Zw?9025&pageid=22907
Finishing URL
honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
IP / ASN
50.16.80.81
#14618 AMAZON-AES
Title
Knull damer nær deg i natt

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp2.globalsign.com	1544	1999-04-19	2012-05-23 20:10:04	2023-12-06 05:15:08	1.1 kB	5.8 kB	104.18.20.226
vk.cc	170928	1997-10-13	2012-06-21 00:54:25	2023-12-05 05:17:19	582 B	834 B	87.240.132.67
vkontakte.ru	72994	2006-09-30	2012-05-21 17:01:22	2023-12-06 05:45:03	576 B	863 B	87.240.132.72
vk.com	2243	1997-06-24	2012-05-21 17:01:19	2023-12-06 05:10:51	1.3 kB	1.9 kB	87.240.137.164
away.vk.com	92855	1997-06-24	2017-04-11 13:32:47	2023-12-07 00:26:13	1.4 kB	6.4 kB	87.240.137.164
honeygirlhere.life	unknown	2023-02-14	2023-02-14 15:42:04	2023-12-02 09:37:28	5.6 kB	476 kB	185.155.184.85
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-07 07:16:25	584 B	122 kB	142.250.74.42
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-07 07:59:33	1.1 kB	48 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-07 09:27:19	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-07 09:27:19	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-07 09:27:21	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:21	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:23	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-12-07 09:27:24	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed
2023-12-07	medium	honeygirlhere.life	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	honeygirlhere.life/media/exit-new/exit1.js	ScriptElement	3.5 kB	2023-03-07	2025-03-17
Pretty URL honeygirlhere.life/media/exit-new/exit1.js IP 185.155.184.85 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-03-17 09:57 Times Seen12781 Hash 625e5e2950612f771e246beb33c9ea61 e4fc251c6c000496c285f8dc3fa097040b031681 618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46 Loading...

	honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1	ScriptElement	665 B	2024-08-20	2024-08-20
Pretty URL honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1 IP 185.155.184.85 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:29 Last Seen2024-08-20 16:29 Times Seen1 Hash 4eb01341bd62c588addd404ad6d1bc0c 642b118cfb24cc5016626d944cb59dbd6b0a47c8 3166bb4d6e90ae9dd6cfb06ee5932905bfbf8151bed0eedddb03cb7d593b79d7 Loading...

	honeygirlhere.life/cookie/js.cookie.js	ScriptElement	4.3 kB	2023-03-07	2025-06-24
Pretty URL honeygirlhere.life/cookie/js.cookie.js IP 185.155.184.85 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-24 09:15 Times Seen5903 Hash a7e9883924072f15259de6888d5ef515 7f4f6e5938e68f55aef81e0cd0145f008cd28382 985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c Loading...

	honeygirlhere.life/util/utils.js	ScriptElement	7.5 kB	2023-03-07	2024-08-21
Pretty URL honeygirlhere.life/util/utils.js IP 185.155.184.85 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 09:44 Times Seen8808 Hash 01816d15ca03032751161a746e2fb7c3 dcc72ea5fa1356490ba473288159df9786b4a3c3 8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea Loading...

	honeygirlhere.life/media/dating/toon2/js/jquery-2.2.4.min.js	ScriptElement	86 kB	2023-03-07	2025-06-30
Pretty URL honeygirlhere.life/media/dating/toon2/js/jquery-2.2.4.min.js IP 185.155.184.85 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-30 19:05 Times Seen184981 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1	ScriptElement	0 B	0001-01-01	2025-06-30
Pretty URL honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1 IP 185.155.184.85 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-30 19:51 Times Seen5217848 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	honeygirlhere.life/media/bb.js	ScriptElement	639 B	2023-03-07	2025-03-17
Pretty URL honeygirlhere.life/media/bb.js IP 185.155.184.85 ASN #6898 SERVER.swiss Sagl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-03-17 09:57 Times Seen12939 Hash 0d553e4bac91c74bfee2dbabba61e99e 5af71e2377c9c012a7826a695f2724901941b19b 1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68 Loading...

HTTP Transactions (23)

URL IP Response Size

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

1.5 kB

URL
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
39b154c5a9507f1ea85340b76a0b4fc5
14852fb73d9019499a295a9695baab5bce6ac70e
d310f272d37e65994f3f55f6e43e26b08fad349141516fb2b016e9a9d90b15c4

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 09:27:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 11 Dec 2023 07:54:26 GMT
ETag: "14852fb73d9019499a295a9695baab5bce6ac70e"
Last-Modified: Thu, 07 Dec 2023 07:54:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1574
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 831bbb47ac320b06-OSL

vk.cc/cow0Zw?9025&utm_source=AllTrips&utm_campaign=AllTrips-AllFlagstaffLodging.com&utm_medium=referral&utm_content=

87.240.132.67

20 B

URL
vk.cc/cow0Zw?9025&utm_source=AllTrips&utm_campaign=AllTrips-AllFlagstaffLodging.com&utm_medium=referral&utm_content=
IP
87.240.132.67:0
ASN
#47541 VKontakte Ltd

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /cow0Zw?9025&utm_source=AllTrips&utm_campaign=AllTrips-AllFlagstaffLodging.com&utm_medium=referral&utm_content= HTTP/1.1
Host: vk.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: kittenx
date: Thu, 07 Dec 2023 09:27:13 GMT
content-type: text/html; charset=windows-1251
content-length: 20
location: https://vkontakte.ru/away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1
x-powered-by: KPHP/7.4.115241
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vkontakte.ru; secure; HttpOnly
remixstlid=9083075250997394993_QzIqvj6E7rVDdvCjLwsz7bO2ORML4oZ0VuaL4MKLmcT; expires=Fri, 06 Dec 2024 09:27:13 GMT; path=/; domain=.vkontakte.ru; secure
cache-control: no-store
content-encoding: gzip
x-frontend: front220007
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=31536000; includeSubdomains;
x-trace-id: PHJk4Z29QoMzD9F_XZuKBExmefQV-A
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

1.5 kB

URL
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
39b154c5a9507f1ea85340b76a0b4fc5
14852fb73d9019499a295a9695baab5bce6ac70e
d310f272d37e65994f3f55f6e43e26b08fad349141516fb2b016e9a9d90b15c4

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 09:27:14 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 11 Dec 2023 07:54:26 GMT
ETag: "14852fb73d9019499a295a9695baab5bce6ac70e"
Last-Modified: Thu, 07 Dec 2023 07:54:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1575
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 831bbb492dbd0b06-OSL

vkontakte.ru/away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1

87.240.132.72

0 B

URL
vkontakte.ru/away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1
IP
87.240.132.72:0
ASN
#47541 VKontakte Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1 HTTP/1.1
Host: vkontakte.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: kittenx
date: Thu, 07 Dec 2023 09:27:14 GMT
content-type: text/html; charset=windows-1251
content-length: 0
location: https://vk.com/login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNvdzBadyZ0bz1odHRwcyUzQSUyRiUyRmhvbmV5Z2lybGhlcmUubGlmZSUyRiUzRnUlM0RkMHRwYWVxJTI2byUzRHZuYWs4cTklMjZtJTNEMQ--
x-powered-by: KPHP/7.4.115241
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vkontakte.ru; secure; HttpOnly
remixstlid=9073505101789484963_FV8emvdHn1QqhqdoxFa8nfZTHfxSAIZtEqhVdnww3Ps; expires=Fri, 06 Dec 2024 09:27:14 GMT; path=/; domain=.vkontakte.ru; secure
cache-control: no-store
x-frontend: front220204
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: mWVNoCFexK33O7FS0PhSGd0voaxQaA
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

1.5 kB

URL
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
39b154c5a9507f1ea85340b76a0b4fc5
14852fb73d9019499a295a9695baab5bce6ac70e
d310f272d37e65994f3f55f6e43e26b08fad349141516fb2b016e9a9d90b15c4

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Dec 2023 09:27:14 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Mon, 11 Dec 2023 07:54:26 GMT
ETag: "14852fb73d9019499a295a9695baab5bce6ac70e"
Last-Modified: Thu, 07 Dec 2023 07:54:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1575
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 831bbb4a7f510b06-OSL

vk.com/login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNvdzBadyZ0bz1odHRwcyUzQSUyRiUyRmhvbmV5Z2lybGhlcmUubGlmZSUyRiUzRnUlM0RkMHRwYWVxJTI2byUzRHZuYWs4cTklMjZtJTNEMQ--

87.240.137.164

20 B

URL
vk.com/login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNvdzBadyZ0bz1odHRwcyUzQSUyRiUyRmhvbmV5Z2lybGhlcmUubGlmZSUyRiUzRnUlM0RkMHRwYWVxJTI2byUzRHZuYWs4cTklMjZtJTNEMQ--
IP
87.240.137.164:0
ASN
#47541 VKontakte Ltd

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNvdzBadyZ0bz1odHRwcyUzQSUyRiUyRmhvbmV5Z2lybGhlcmUubGlmZSUyRiUzRnUlM0RkMHRwYWVxJTI2byUzRHZuYWs4cTklMjZtJTNEMQ-- HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: kittenx
date: Thu, 07 Dec 2023 09:27:14 GMT
content-type: text/html; charset=windows-1251
content-length: 20
x-powered-by: KPHP/7.4.115241
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixlang=3; expires=Wed, 04 Dec 2024 05:04:26 GMT; path=/; domain=.vk.com
remixstlid=9072660676859561479_XX12d5NL40nFIbMLw4fCdtAu1IIBcUqbroHhpWzhHFT; expires=Fri, 06 Dec 2024 09:27:14 GMT; path=/; domain=.vk.com; secure
remixvkcom=1; path=/; domain=.vk.com; secure
cache-control: no-store
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-robots-tag: noindex
location: /away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1
content-encoding: gzip
x-frontend: front512004
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: 0V6vaiSZMUPFTivzA4y1g8fRI-l8ng
X-Firefox-Spdy: h2

vk.com/away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1

87.240.137.164

20 B

URL
vk.com/away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1
IP
87.240.137.164:0
ASN
#47541 VKontakte Ltd

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /away.php?cc_key=cow0Zw&to=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1 HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: remixlang=3; remixstlid=9072660676859561479_XX12d5NL40nFIbMLw4fCdtAu1IIBcUqbroHhpWzhHFT; remixvkcom=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: kittenx
date: Thu, 07 Dec 2023 09:27:14 GMT
content-type: text/html; charset=windows-1251
content-length: 20
location: https://away.vk.com/away.php?rh=8af7c713-dff4-4c18-80c3-ae103f5c5322
x-powered-by: KPHP/7.4.115241
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixsec_redir=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1; path=/; domain=.vk.com
remixua=-1%7C-1%7C320%7C295475610; expires=Wed, 04 Dec 2024 03:14:43 GMT; path=/; domain=.vk.com; secure
cache-control: no-store
x-frame-options: DENY
content-encoding: gzip
x-frontend: front512004
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: kkAzUeB3vehWubgdWRPkao8rgudgCA
X-Firefox-Spdy: h2

away.vk.com/away.php?rh=8af7c713-dff4-4c18-80c3-ae103f5c5322

87.240.137.164

293 B

URL
away.vk.com/away.php?rh=8af7c713-dff4-4c18-80c3-ae103f5c5322
IP
87.240.137.164:0
ASN
#47541 VKontakte Ltd

File type
HTML document, ASCII text, with very long lines (524), with no line terminators
Size
293 B (293 bytes)
Hash
6cdb8f8731365749be3cc8451e494178
65f085d1c48f0fc879e310a6070a47c8c8e44e0c
0dd9bc5d4680e87786dd79571a00920a303154ec31d85c1a5eb3d897287d7c6c

HTTP Headers

GET /away.php?rh=8af7c713-dff4-4c18-80c3-ae103f5c5322 HTTP/1.1
Host: away.vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: remixlang=3; remixstlid=9072660676859561479_XX12d5NL40nFIbMLw4fCdtAu1IIBcUqbroHhpWzhHFT; remixvkcom=1; remixsec_redir=https%3A%2F%2Fhoneygirlhere.life%2F%3Fu%3Dd0tpaeq%26o%3Dvnak8q9%26m%3D1; remixua=-1%7C-1%7C320%7C295475610
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: kittenx
date: Thu, 07 Dec 2023 09:27:14 GMT
content-type: text/html; charset=windows-1251
content-length: 293
x-powered-by: KPHP/7.4.115241
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.vk.com
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=away.vk.com
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/
cache-control: no-store
x-frame-options: DENY
content-encoding: gzip
x-frontend: front512004
access-control-expose-headers: X-Frontend
x-trace-id: g1ey2mcJL_kw9CYxrN0jj1zhP68KdA
X-Firefox-Spdy: h2

away.vk.com/favicon.ico

87.240.137.164

4.9 kB

URL
away.vk.com/favicon.ico
IP
87.240.137.164:0
ASN
#47541 VKontakte Ltd

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
4.9 kB (4944 bytes)
Hash
d41fa4f682279a0c77159080255b3b9e
7cdf65f129f33ddf76146c9fc0bb30bb80d25065
25dfe61842345c39cb13beeee5b921cfe1c16b5f774067416728f8046c56f925

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: away.vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://away.vk.com/
DNT: 1
Connection: keep-alive
Cookie: remixlang=3; remixstlid=9072660676859561479_XX12d5NL40nFIbMLw4fCdtAu1IIBcUqbroHhpWzhHFT; remixvkcom=1; remixua=-1%7C-1%7C320%7C295475610
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: kittenx
date: Thu, 07 Dec 2023 09:27:15 GMT
content-type: image/x-icon
content-length: 4944
last-modified: Tue, 05 Apr 2022 13:13:01 GMT
etag: "624c405d-1350"
expires: Thu, 14 Dec 2023 09:27:15 GMT
cache-control: max-age=604800
x-frontend: front512004
access-control-expose-headers: X-Frontend
x-trace-id: dD2mJ34Zgv-lVa-gX7sPc9Uxs2U5DQ
accept-ranges: bytes
X-Firefox-Spdy: h2

GET honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1

185.155.184.85

200 OK

7.2 kB

URL User Request GET HTTP/1.1
honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF line terminators
Size
7.2 kB (7215 bytes)
Hash
2387dc25a0699d4ebc234282a2f1f6d4
77187134939816757032633fdb55ac61238a17a2
c9d8b03c342a53fe7a5e76b569f39422adea59f247f2f2a34fbc9bbef6fc2c01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=d0tpaeq&o=vnak8q9&m=1 HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://away.vk.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:15 GMT
Content-Type: text/html
Content-Length: 7215
Connection: keep-alive
set-cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc; path=/
cache-control: private, no-transform

GET honeygirlhere.life/media/dating/toon2/css/style.css

185.155.184.85

200 OK

8.6 kB

URL GET HTTP/1.1
honeygirlhere.life/media/dating/toon2/css/style.css
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
ASCII text, with CRLF line terminators
Size
8.6 kB (8608 bytes)
Hash
549edaff59c582a6a3ca91f95c60ea71
a9edcba7d667efcfd812bcd413ccbdcb2b67cc88
b28722475035fc8fdc751034c2df8f49d66eb25cf28cf031c4e7357414a131da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/dating/toon2/css/style.css HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:16 GMT
Content-Type: text/css
Content-Length: 8608
Connection: keep-alive
ETag: "549edaff59c582a6a3ca91f95c60ea71"
Last-Modified: Tue, 21 Nov 2023 12:30:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 179E826A2DEBD0F7
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223378#43689163/gid:0/gname:root/mode:33279/mtime:1655387458#962597414/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:58.962597414Z
Expires: Fri, 06 Dec 2024 09:27:16 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET honeygirlhere.life/util/utils.js

185.155.184.85

200 OK

7.5 kB

URL GET HTTP/1.1
honeygirlhere.life/util/utils.js
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
7.5 kB (7512 bytes)
Hash
01816d15ca03032751161a746e2fb7c3
dcc72ea5fa1356490ba473288159df9786b4a3c3
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /util/utils.js HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:16 GMT
Content-Type: application/javascript
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Mon, 20 Feb 2023 09:36:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 179E81F46FAA5C90
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676885559#334512232/gid:0/gname:root/mode:33188/mtime:1659085489#684136000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-07-29T09:04:49.684136Z
Expires: Fri, 06 Dec 2024 09:27:16 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET honeygirlhere.life/cookie/js.cookie.js

185.155.184.85

200 OK

4.3 kB

URL GET HTTP/1.1
honeygirlhere.life/cookie/js.cookie.js
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
ASCII text, with very long lines (1709), with CRLF line terminators
Size
4.3 kB (4264 bytes)
Hash
a7e9883924072f15259de6888d5ef515
7f4f6e5938e68f55aef81e0cd0145f008cd28382
985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cookie/js.cookie.js HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:16 GMT
Content-Type: application/javascript
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 179E81FB866A42B1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Dec 2024 09:27:16 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET honeygirlhere.life/media/exit-new/exit1.js

185.155.184.85

200 OK

3.5 kB

URL GET HTTP/1.1
honeygirlhere.life/media/exit-new/exit1.js
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
3.5 kB (3473 bytes)
Hash
625e5e2950612f771e246beb33c9ea61
e4fc251c6c000496c285f8dc3fa097040b031681
618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/exit-new/exit1.js HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:16 GMT
Content-Type: application/javascript
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Mon, 20 Feb 2023 09:32:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 179E81F67D93F15E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843279#623580037/gid:0/gname:root/mode:33279/mtime:1655385544#182688000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:19:04.182688Z
Expires: Fri, 06 Dec 2024 09:27:16 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET honeygirlhere.life/media/bb.js

185.155.184.85

200 OK

639 B

URL GET HTTP/1.1
honeygirlhere.life/media/bb.js
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
ASCII text, with very long lines (639), with no line terminators
Size
639 B (639 bytes)
Hash
0d553e4bac91c74bfee2dbabba61e99e
5af71e2377c9c012a7826a695f2724901941b19b
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/bb.js HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:16 GMT
Content-Type: application/javascript
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Mon, 20 Feb 2023 09:29:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 179E8212FA5C70DF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676832256#258761277/gid:0/gname:root/mode:33188/mtime:1659030913#852764000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-07-28T17:55:13.852764Z
Expires: Fri, 06 Dec 2024 09:27:16 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET honeygirlhere.life/media/dating/toon2/css/animate.min.css

185.155.184.85

200 OK

53 kB

URL GET HTTP/1.1
honeygirlhere.life/media/dating/toon2/css/animate.min.css
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
ASCII text, with very long lines (52592)
Size
53 kB (52789 bytes)
Hash
178b651958ceff556cbc5f355e08bbf1
97afa151569f046b2e01f27c1871646e9cd87caf
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/dating/toon2/css/animate.min.css HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:15 GMT
Content-Type: text/css
Content-Length: 52789
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "178b651958ceff556cbc5f355e08bbf1"
Last-Modified: Mon, 20 Feb 2023 09:32:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 179E826A4D80A1F1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843394#511755078/gid:0/gname:root/mode:33279/mtime:1655387458#958597404/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:58.958597404Z
Expires: Fri, 06 Dec 2024 09:27:15 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET honeygirlhere.life/media/dating/toon2/js/jquery-2.2.4.min.js

185.155.184.85

200 OK

86 kB

URL GET HTTP/1.1
honeygirlhere.life/media/dating/toon2/js/jquery-2.2.4.min.js
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/dating/toon2/js/jquery-2.2.4.min.js HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:16 GMT
Content-Type: text/javascript
Content-Length: 85578
Connection: keep-alive
ETag: "2f6b11a7e914718e0290410e85366fe9"
Last-Modified: Tue, 21 Nov 2023 12:30:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 179E826A83497E05
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223378#91689271/gid:0/gname:root/mode:33279/mtime:1655387458#954597395/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:58.954597395Z
Expires: Fri, 06 Dec 2024 09:27:16 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET honeygirlhere.life/media/dating/toon2/images/123.jpg

185.155.184.85

200 OK

179 kB

URL GET HTTP/1.1
honeygirlhere.life/media/dating/toon2/images/123.jpg
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1069, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=620], progressive, precision 8, 620x1032, components 3\012- data
Size
179 kB (179176 bytes)
Hash
a2d245e1c43c61ca34bea001510dd6d9
7a7e0dbf8bb132958fecd093e6741ffe49d060b5
f6113b1f6bdd279404fd53c920f6ba411b66a897db4c67e16d2129af22370a57

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/dating/toon2/images/123.jpg HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:17 GMT
Content-Type: image/jpeg
Content-Length: 179176
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a2d245e1c43c61ca34bea001510dd6d9"
Last-Modified: Mon, 20 Feb 2023 09:32:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 179E826AA0DC1E98
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843394#511755078/gid:0/gname:root/mode:33279/mtime:1655387458#958597404/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:58.958597404Z
Expires: Fri, 06 Dec 2024 09:27:17 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

GET fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext

142.250.74.42

200 OK

121 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
121 kB (121195 bytes)
Hash
ad7924e0cc120092b0c43b5e12aeac38
8bd5249c43d871835a6f1dd99177cc69552bd6b7
6d185aa9573c3c8c4429c547d32fe167538134bf384ba2c61a654ba6cbaef356

HTTP Headers

GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 07 Dec 2023 09:27:16 GMT
date: Thu, 07 Dec 2023 09:27:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

142.250.74.163

200 OK

23 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://honeygirlhere.life
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 21:36:52 GMT
expires: Wed, 04 Dec 2024 21:36:52 GMT
cache-control: public, max-age=31536000
age: 129025
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET honeygirlhere.life/favicon.ico

185.155.184.85

204 No Content

0 B

URL GET HTTP/1.1
honeygirlhere.life/favicon.ico
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Thu, 07 Dec 2023 09:27:17 GMT
Connection: keep-alive
Cache-Control: no-transform

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.163

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://honeygirlhere.life
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:05:30 GMT
expires: Fri, 06 Dec 2024 05:05:30 GMT
cache-control: public, max-age=31536000
age: 15707
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET honeygirlhere.life/media/dating/toon2/images/bg.jpg

185.155.184.85

200 OK

120 kB

URL GET HTTP/1.1
honeygirlhere.life/media/dating/toon2/images/bg.jpg
IP
185.155.184.85:443
ASN
#6898 SERVER.swiss Sagl

Requested by
https://honeygirlhere.life/?u=d0tpaeq&o=vnak8q9&m=1
Certificate
IssuerLet's Encrypt
Subjecthoneygirlhere.life
Fingerprint2C:64:EC:91:02:CD:BC:D5:8D:67:1F:5B:5D:0E:C3:A5:80:88:AD:DA
ValidityTue, 10 Oct 2023 15:15:11 GMT - Mon, 08 Jan 2024 15:15:10 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=660, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1279], progressive, precision 8, 1279x660, components 3\012- data
Size
120 kB (119754 bytes)
Hash
842a5629f17ec8342230aa12ea32291a
0f2390a3eda1a71d676f1cd1866956fef8e77090
1c7361fcec43aecb4c517914dde9ecbf1fe1aaa0969411a7a383391236f335f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/dating/toon2/images/bg.jpg HTTP/1.1
Host: honeygirlhere.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://honeygirlhere.life/media/dating/toon2/css/style.css
Cookie: sid=t9~1umqpozspavvwnt1t0e5t4yc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Dec 2023 09:27:17 GMT
Content-Type: image/jpeg
Content-Length: 119754
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "842a5629f17ec8342230aa12ea32291a"
Last-Modified: Mon, 20 Feb 2023 09:32:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 179E826AE7CC6972
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843394#515755084/gid:0/gname:root/mode:33279/mtime:1655387458#958597404/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:58.958597404Z
Expires: Fri, 06 Dec 2024 09:27:17 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN