Report - clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/

Report Overview

Submitted URL
clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/
IP
172.67.141.150
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-02 14:48:04
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	77 kB	142.250.74.168
limurol.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	2.0 kB	62.122.171.6
widgets.amung.us	12623	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	2.0 kB	172.67.8.141
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	36 kB	34.120.237.76
clipquaylen.net	436743	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	876 B	1.6 kB	104.21.38.250
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	95.101.11.115
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.0 kB	93.184.220.29
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	7.0 kB	142.250.74.131
xembed.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	705 B	1.6 kB	104.21.234.15
hwpnocpctu.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.9 kB	128 kB	62.122.171.6
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
cdn77-pic.xvideos-cdn.com	12833	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	496 B	13 kB	195.181.166.11
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	781 B	562 B	216.239.34.36
nhopaepzrh.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.9 kB	62.122.171.6
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.163.49.154
cdn.pncloudfl.com	13313	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	40 kB	104.22.59.221
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	104.18.32.68
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	191 kB	104.17.25.14
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	121 kB	142.250.74.35
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	459 B	13 kB	142.250.74.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	hwpnocpctu.com	Sinkholed
2022-12-02	medium	hwpnocpctu.com	Sinkholed
2022-12-02	medium	nhopaepzrh.com	Sinkholed
2022-12-02	medium	hwpnocpctu.com	Sinkholed
2022-12-02	medium	hwpnocpctu.com	Sinkholed
2022-12-02	medium	limurol.com	Sinkholed
2022-12-02	medium	limurol.com	Sinkholed
2022-12-02	medium	hwpnocpctu.com	Sinkholed
2022-12-02	medium	hwpnocpctu.com	Sinkholed
2022-12-02	medium	hwpnocpctu.com	Sinkholed
2022-12-02	medium	nhopaepzrh.com	Sinkholed

JavaScript (21)

	URL	Size	First Seen	Last Seen
	clipquaylen.net/theme/movie/js/asyncloader.min.js	609 B	2023-03-07	2023-11-14
Pretty URL clipquaylen.net/theme/movie/js/asyncloader.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:28 Last Seen2023-11-14 18:22:23 Times Seen20 Hash 7cba6c82a4cdf84b8d4d7603f2a424f8 c823b2d6a4c999373e74f08be3e8c9356a28c009 6557d6f47a43c9190717bea07551fbf85c3ad2ed271972dbcc05d7925650542a Loading...

	hwpnocpctu.com/lv/esnk/1896006/code.js	109 kB	2023-03-08	2023-03-08
Pretty URL hwpnocpctu.com/lv/esnk/1896006/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash cd95142cd375c28bef82cb2a3a86b544 279118a4903960eedc9b45aed76d433bdea1a29f 2ece59eba07231651c9775ca362dd15a9e390b3a4d3ceedb01ab9b5d1fea10d1 Loading...

	hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_clqxk1isu2i06c3qxmahnx&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672394572034611	3.2 kB	2023-03-08	2023-03-08
Pretty URL hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_clqxk1isu2i06c3qxmahnx&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672394572034611 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash 5723e46ea988c4032febf6ddf5dd90af 252bdcbf12bc95212b0abef1d17a09693b462359 bd8711ab9b92e50b65dee49ec248ff8cfd8d1b28e115ac806a9d8b001fc6fb79 Loading...

	nhopaepzrh.com/aas/r45d/vki/1895996/2e517aaa.js	69 kB	2023-03-08	2023-03-08
Pretty URL nhopaepzrh.com/aas/r45d/vki/1895996/2e517aaa.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash 88ad31d2160687df86d50c420f93344c d51e3bad364cd4cb21ef542468c1a3adedd2ec9b 6d61103bd6e6d95b104ed6035697aa1ef8c896dd595c05e03875d8203548dc17 Loading...

	clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/	106 B	2023-03-08	2023-03-13
Pretty URL clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/ IP 104.21.38.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-13 18:26:14 Times Seen1 Hash 0fb7752e327a783f668b4d0ff2c0eec2 09fe175f648a57b3deeb54a84701c2305ff5a0ea 104a4f9b282d128575eeabcd65f3bc43ea2102e33a1d62c7f0fdfb433e32a9b8 Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js	63 kB	2023-03-07	2024-04-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-04-23 08:12:20 Times Seen1778 Hash f20fa8b102f205141295cdefd6ffe449 0c4e8445f6f0c9611dc1c13dc6f085eb4bcaca0b d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88 Loading...

	clipquaylen.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-04-24
Pretty URL clipquaylen.net/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-24 23:32:58 Times Seen43069 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_cl9h1k3kwpmcs6cd7o1gql&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553693919939212	3.2 kB	2023-03-08	2023-03-08
Pretty URL hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_cl9h1k3kwpmcs6cd7o1gql&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553693919939212 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash 0095e1cbc90cf055b955926a29293eae 0121b55dd97c77ccdf8dee30a64416ec3f39c4f4 8f1bd15bfcf92491b686c86427cbca7544f708b2038924d1e66dd6ff2c00e43b Loading...

	limurol.com/ssp/req/1895996/?pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=ISeMcI1kiEm5BrzYgo4WNcYjelZ3eLhMZNdYOG25HxoFlO1DgFiUc3M3s8i7skvHKnwyJpIaQ36EIN0S8G58W0bBKZxD_QPbl-SKarbTOBFIBDhgUgNE9_IAxunJvc186XvKUvQwCAs6wW0wG6KfcjkB-Lrx-u-YMKgsUqtz7ILBbdMvpRhF5qXMkZYHtJzQ37bAuZbjXnDeUJL7tFHOrYyKSrAZq1Dt9jEbVY9rjRz434c7txmTZFKFW8rtpUQLr7wqSLIlknFZfLlhso7yEaP8GXtzrsH7S4Cf5_vqC3AymoEcM2tXWgWjfBTGla9F3DhcXXXFJnpZLMefLuK1FY9SmlFKNeuW8gPCEVh4470Jxaaq7nYcQKhXItQQv8oVEhKvZfded0xRiMGXzJcd5C-19GQN0fhsb8ov1eGWYjhdpLrskLQvO-QX2jHllvIpCwEDKMS5TNnVJDbUWUQuqNFLAocvofLVSxzjAqfD9mbtaByeSrc-e31QwWhFwtk2xXOvRn6bgZ4SixC7QQ46ddlBxEEIGIdl7NRaeKmm29IV_n3tP5eXm0n2gArlELYVcUGpFGdOTStkypSmyL0GTwsSYLsuMyo=&cb=_clvtuu8sv0p4d2bdl51bf6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24	7 B	2023-03-07	2024-04-17
Pretty URL limurol.com/ssp/req/1895996/?pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=ISeMcI1kiEm5BrzYgo4WNcYjelZ3eLhMZNdYOG25HxoFlO1DgFiUc3M3s8i7skvHKnwyJpIaQ36EIN0S8G58W0bBKZxD_QPbl-SKarbTOBFIBDhgUgNE9_IAxunJvc186XvKUvQwCAs6wW0wG6KfcjkB-Lrx-u-YMKgsUqtz7ILBbdMvpRhF5qXMkZYHtJzQ37bAuZbjXnDeUJL7tFHOrYyKSrAZq1Dt9jEbVY9rjRz434c7txmTZFKFW8rtpUQLr7wqSLIlknFZfLlhso7yEaP8GXtzrsH7S4Cf5_vqC3AymoEcM2tXWgWjfBTGla9F3DhcXXXFJnpZLMefLuK1FY9SmlFKNeuW8gPCEVh4470Jxaaq7nYcQKhXItQQv8oVEhKvZfded0xRiMGXzJcd5C-19GQN0fhsb8ov1eGWYjhdpLrskLQvO-QX2jHllvIpCwEDKMS5TNnVJDbUWUQuqNFLAocvofLVSxzjAqfD9mbtaByeSrc-e31QwWhFwtk2xXOvRn6bgZ4SixC7QQ46ddlBxEEIGIdl7NRaeKmm29IV_n3tP5eXm0n2gArlELYVcUGpFGdOTStkypSmyL0GTwsSYLsuMyo=&cb=_clvtuu8sv0p4d2bdl51bf6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-17 16:44:22 Times Seen16320 Hash a97eb6fbe6f13b601d5d48c0eba8baae 736efb938caf3d0edec406932ada889f1a4f2268 a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821 Loading...

	clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/	152 B	2023-03-08	2023-08-12
Pretty URL clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/ IP 104.21.38.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-08-12 19:42:36 Times Seen2 Hash ba75c06ce6d27729f9113357de9c2e7b 9f38bfc5b22e2305cf796115b620d55bea25f9d6 8d2c67fe46852959c83119d85badae9361bd50432800b465af6b6e61f415545b Loading...

	www.googletagmanager.com/gtag/js?id=G-DB279YWQ7K	218 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-DB279YWQ7K IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash 7bb24b950499e1fb65d99342a6b50de3 50431529e2ed71bf3894a3a676c07dfa0ac76cd6 48fed1ea8e87723c0bea66bcf1ae7df2edbf0f1d1b117e710d1ae4a1451e8951 Loading...

	clipquaylen.net/theme/movie/js/swiper-bundle.min.js	140 kB	2023-03-08	2024-02-26
Pretty URL clipquaylen.net/theme/movie/js/swiper-bundle.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2024-02-26 22:26:52 Times Seen76 Hash ecef4f94551037859b2511fd993a49ac 79f6ef198fc2d57fddc46ac93477522cc83b0fc2 484dd9acca33cedeefa7d9c7775403901e0ca4fbc9ff6c277e4eac767e02de77 Loading...

	clipquaylen.net/theme/movie/js/script.js?202205012	3.0 kB	2023-03-08	2023-03-08
Pretty URL clipquaylen.net/theme/movie/js/script.js?202205012 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash 2797b02f0f193ad81df49c12a331fdfc a77de94cb5affdf5f1321ab335ad8eb891d82c43 deae767da4301ee51ad4fbfa5379e1027075d67798974d2bc9b81c0b4696d9ce Loading...

	clipquaylen.net/theme/flix/js/lazyload.js	2.5 kB	2023-03-08	2023-08-12
Pretty URL clipquaylen.net/theme/flix/js/lazyload.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-08-12 19:42:36 Times Seen3 Hash fbf3e11ee7c5b432fbbe2f6b3e712ba1 476b3474371c8f3e7d675911c011b7abd926216f 5e0bc6ea5aedacc909a58cc398d2e3b26a507825898d18f97624fc8985af727c Loading...

	clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/	80 kB	2023-03-08	2023-03-08
Pretty URL clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/ IP 104.21.38.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash dc46fe7c74a68495ea131c43e3cdd31c 510646e76fc73f7c3f24bc9dfc7f6c2e37124087 e8642aa11d66956d50cd6045743bef9de495ac13684e1724c62df02e137c6f1f Loading...

	hwpnocpctu.com/get/1896006?zoneid=1896006&jp=_clyginquv2fnb8l7qqxc66&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4331569269275359	3.2 kB	2023-03-08	2023-03-08
Pretty URL hwpnocpctu.com/get/1896006?zoneid=1896006&jp=_clyginquv2fnb8l7qqxc66&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4331569269275359 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash 2981b19108b05e74b155ec6c1e3a9772 d54ba243242b0c469e3c28cf48441d1fa4ee1b06 8fe557d09adc779a52818542fa8721b81eb5a33798f6ab40224e6a5e59b98805 Loading...

	nhopaepzrh.com/get/1895996?zoneid=1895996&jp=_clq3kh73icb6u5tkuwj8k7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642719409037826	3.4 kB	2023-03-08	2023-03-08
Pretty URL nhopaepzrh.com/get/1895996?zoneid=1895996&jp=_clq3kh73icb6u5tkuwj8k7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642719409037826 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash 640799390928a10fee40636dd3c003d4 d280dbcadcdc7fb7d75b2f763e875efb57618ced 21aeedf5213abf3d91c62e1c03c63c5c29e21e623790249f0fe43716dd86c5d0 Loading...

	clipquaylen.net/theme/movie/js/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL clipquaylen.net/theme/movie/js/jquery-3.6.0.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-25 00:20:41 Times Seen261027 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	clipquaylen.net/theme/movie/js/popper.min.js	21 kB	2023-03-07	2024-04-24
Pretty URL clipquaylen.net/theme/movie/js/popper.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-24 19:07:01 Times Seen5951 Hash 1022eaf388cc780bcfeb6456157adb7d 313789ca0e31b654784dbba8b0f83f364f8683b4 fe28dc38bc057f6eb11180235bbe458b3295a39b674d889075d3d9a0b5071d9f Loading...

	clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/	75 B	2023-03-08	2023-08-12
Pretty URL clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/ IP 104.21.38.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-08-12 19:42:36 Times Seen2 Hash dad838381107ce304e0999c8c723dee3 05c38b287ea90e49166220396607d9f95b50d01b 27842741e1db6fdc900f858cf908bc1b5230df6e2264fabb91397bbfadf1bf2f Loading...

	hwpnocpctu.com/lv/esnk/1896005/code.js	109 kB	2023-03-08	2023-03-08
Pretty URL hwpnocpctu.com/lv/esnk/1896005/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:39:32 Last Seen2023-03-08 14:39:32 Times Seen1 Hash ec8431956a2641f0107b726b3adbc515 eca0fb2f3ce769adeac0ada3bc55ca20aa84bc9c 6703c5893c5df575a6c8ce0478dece33e94c9539a92addfca794cce4d0ef73fd Loading...

HTTP Transactions (68)

URL IP Response Size

clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/

104.21.38.250

301 Moved Permanently

0 B

URL HTTP/1.1
clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/
IP
104.21.38.250:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/ HTTP/1.1
Host: clipquaylen.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 14:45:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 02 Dec 2022 15:45:49 GMT
Location: https://clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zN5v5nVODjoGZk%2BePGQC5USjA2%2BSqufNkPaQa9NXaZl50nC%2BCB2HYjEkbx3BB4PXmifkNrcXPK96qD8qU8FWLqir0mONmVWq7v2DXalMPZ4G1lP%2FkE6AT%2Bgygy8EnAR4iYg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7734d93b3df2b4fa-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16097
Expires: Fri, 02 Dec 2022 19:14:07 GMT
Date: Fri, 02 Dec 2022 14:45:50 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5633
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:50 GMT
Etag: "6389d3f3-1d7"
Last-Modified: Fri, 02 Dec 2022 13:11:57 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14115
Expires: Fri, 02 Dec 2022 18:41:05 GMT
Date: Fri, 02 Dec 2022 14:45:50 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 14:19:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1553
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: +svQyx6lgLVW9DSDjwF9oS84d2JUPuY314zt4WgI4n71E8ZJKVOdgjnNKvWMMmRNCxwQmZHsoA8=
x-amz-request-id: MP2CZXSXN64KZHK6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 13:46:08 GMT
age: 3582
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
2bf8afee93ec3b516d0305b69d5c157e
64a19bd3dd3e05b2771853ff522c6b3732420c8f
ebf066f71e1768e5553555c5279c3452834bdce740d09f7e9b7c8a0424164cdb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=164008
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:50 GMT
Etag: "6389ed46-116"
Expires: Sun, 04 Dec 2022 12:19:18 GMT
Last-Modified: Fri, 02 Dec 2022 12:19:18 GMT
Server: nginx
Content-Length: 278

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
2bf8afee93ec3b516d0305b69d5c157e
64a19bd3dd3e05b2771853ff522c6b3732420c8f
ebf066f71e1768e5553555c5279c3452834bdce740d09f7e9b7c8a0424164cdb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=164008
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:50 GMT
Etag: "6389ed46-116"
Expires: Sun, 04 Dec 2022 12:19:18 GMT
Last-Modified: Fri, 02 Dec 2022 12:19:18 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 278

cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

104.17.25.14

200 OK

18 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65326)
Size
18 kB (17620 bytes)
Hash
846ddad0a2d87c70e1432da66bacb65a
53d4d5e17b2347dde2f2428afb80a13c9627faeb
0a3b40fa90e0bbf21177033f2f9129e06bbeba325f76e902c37e3ceaa7ce755d

HTTP Headers

GET /ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: text/css; charset=utf-8
content-length: 17620
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60f6203f-44d4"
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5613330
expires: Wed, 22 Nov 2023 14:45:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ywtQINO9%2BJ5VQYQqj8P%2B9vdu6zxNpPV6JdUk0hcNU7HQfRfrrEsfx55NpC4T2E2ldm%2BPQFcY9bwV%2BYRg%2BCUq9wXAR8ZuX%2BLGrf8e4PgtAuKjDySE9xUJPGEwUBx%2FgWEpGj4dYclz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7734d9402f090af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css

104.17.25.14

200 OK

10 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (59158)
Size
10 kB (10472 bytes)
Hash
3e4019642322c3e0f1db17e4411b7d49
4481a79c38f6ff4651621e30fc05f4b6f4e2c98c
abfa1d2f03f268a7ac776f6a9c22f53ef759a6110b3a61eb0f7dce9bd446c8d8

HTTP Headers

GET /ajax/libs/font-awesome/5.15.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: text/css; charset=utf-8
content-length: 10472
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5fff7431-e7d0"
last-modified: Wed, 13 Jan 2021 22:29:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 73745
expires: Wed, 22 Nov 2023 14:45:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3geoevtGMkUNjd2v1%2F9x3WfcsahrxG90NEXsX41%2FxA%2FhwnQzWxZeu8oSd63Cjzy6Go2vQRL2zcnfJlM5REfv7EC%2FJzmrux0H%2B77wbmNdz%2BgZjlCJDCSXvCAlMiU9O5LpRctNSeh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7734d9402f0b0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 14:11:15 GMT
cache-control: public,max-age=3600
age: 2075
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn77-pic.xvideos-cdn.com/videos/thumbs169ll/8f/a3/f0/8fa3f03838a782c6c45b218e0d51c2bf/8fa3f03838a782c6c45b218e0d51c2bf.17.jpg

195.181.166.11

200 OK

12 kB

URL HTTP/2
cdn77-pic.xvideos-cdn.com/videos/thumbs169ll/8f/a3/f0/8fa3f03838a782c6c45b218e0d51c2bf/8fa3f03838a782c6c45b218e0d51c2bf.17.jpg
IP
195.181.166.11:0
ASN
#60068 Datacamp Limited

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 85", baseline, precision 8, 352x198, components 3\012- data
Size
12 kB (12333 bytes)
Hash
7cc0c81206775217e585f2f9da81adde
60434804994cebeeb91d8178fe7a8d7043cce7bf
c5ecbb8b3578346502acb7cc1472360bf3f0adfd7283dbca622ca9912dc7871d

HTTP Headers

GET /videos/thumbs169ll/8f/a3/f0/8fa3f03838a782c6c45b218e0d51c2bf/8fa3f03838a782c6c45b218e0d51c2bf.17.jpg HTTP/1.1
Host: cdn77-pic.xvideos-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: image/jpeg
content-length: 12333
x-frame-options: sameorigin
last-modified: Sun, 05 May 2019 04:43:42 GMT
cache-control: max-age=10368000, public
access-control-allow-origin: *
x-accel-expires: @1673851693
x-77-nzt: A8O1pgpHoGv/AzNGANRmOAFv2NP/2wodAI/0Ot2W54D/kxIAAA
x-77-cache: HIT
server: CDN77-Turbo
x-77-nzt-ray: Sd165p5O2DY
x-cache-lb: HIT, HIT
x-age-lb: 1903323, 4600579
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5629
Cache-Control: max-age=158093
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:50 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:40:43 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

80 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/fa-solid-900.woff2
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 80252, version 331.-31327\012- data
Size
80 kB (80252 bytes)
Hash
9ae050d1876ac1763eb6afe4264e6d5a
72344eab2e7431eec313caa21f266cbfda7caf60
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

HTTP Headers

GET /ajax/libs/font-awesome/5.15.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 80252
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5fff7432-1397c"
last-modified: Wed, 13 Jan 2021 22:29:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1809353
expires: Wed, 22 Nov 2023 14:45:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xfeqRPK5ITIYSzo1hbwhwP3rUGHV3G%2BJhmZFE1Fu%2BsboM6JXjm2IU41YxMTpI05IAFYJOuJOTZTsNzo0FlmAb42Qrfd80yE7vx1q%2FDiLxHOq%2BGS%2Bq2yloBdqiqoDayOgcABKKZhw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7734d9428e570b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/fa-brands-400.woff2

104.17.25.14

200 OK

78 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/fa-brands-400.woff2
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 78472, version 331.-31327\012- data
Size
78 kB (78472 bytes)
Hash
0c9f225e8f69c622f681cf1ed973cc3d
9e355abda14ee62a7987b2ba7e2e887d33337e25
529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794

HTTP Headers

GET /ajax/libs/font-awesome/5.15.2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 78472
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5fff7432-13288"
last-modified: Wed, 13 Jan 2021 22:29:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 230220
expires: Wed, 22 Nov 2023 14:45:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fi3cE%2FbYQI8%2FBSTc8K2Uwahj9IVAXvRIvNnWmpetWSI88JvM7Vjqznvt3X3%2BcWNfysE44Zc6nsSFUTSfKiqEaqT51p8Ht128gCNC0z0Mal5QFd%2BTz4OYZj7sl%2BOQ29Os9iCbjq00"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7734d9428e5a0b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 155517
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 155515
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Jost:wght@400;500;600;700;800&family=Roboto:wght@300;400;500;700&display=swap

142.250.74.138

200 OK

13 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Jost:wght@400;500;600;700;800&family=Roboto:wght@300;400;500;700&display=swap
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
data
Size
13 kB (12631 bytes)
Hash
bf11c63c308e6dd5d2fa60b6f8b30ad7
d4e14a8bf25d7ac27b0d96551048663299753127
1b893875d9957a16066f105907e79533be25ccb9e21e7d2a8afb47b9c1e3459e

HTTP Headers

GET /css2?family=Jost:wght@400;500;600;700;800&family=Roboto:wght@300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 14:45:50 GMT
date: Fri, 02 Dec 2022 14:45:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

hwpnocpctu.com/lv/esnk/1896005/code.js

62.122.171.6

200 OK

49 kB

URL HTTP/2
hwpnocpctu.com/lv/esnk/1896005/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
49 kB (49216 bytes)
Hash
b27ee84e699c602c2f5490d63d0a7fc8
b3ab8c832c60dca5295bc0faa206e5ce22739b29
6352471b50b84123922a96a81487a1d2e22c267df6064707506e08ef3669576c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1896005/code.js HTTP/1.1
Host: hwpnocpctu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

142.250.74.35

200 OK

12 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 11824, version 1.0\012- data
Size
12 kB (11824 bytes)
Hash
deb26e9b1a25438118e5d39d741ae6b6
a2801defb4c8bed8e4083dfde0b2a5a9c0537020
fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 22:25:27 GMT
expires: Sun, 26 Nov 2023 22:25:27 GMT
cache-control: public, max-age=31536000
age: 490824
last-modified: Wed, 11 May 2022 19:24:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

hwpnocpctu.com/lv/esnk/1896006/code.js

62.122.171.6

200 OK

56 kB

URL HTTP/2
hwpnocpctu.com/lv/esnk/1896006/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
56 kB (55529 bytes)
Hash
c004876e3cd80c0379156c0a4a6c2216
acbbbbd197f477359d9ac4196daf0e2a8aac9563
95be5b4e3eaf3f4e967faad9236e9ba0bb7cc8d661dcecc01d6ff8971d537953

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /lv/esnk/1896006/code.js HTTP/1.1
Host: hwpnocpctu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/jost/v14/92zatBhPNqw73ord4iYl.woff2

142.250.74.35

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/jost/v14/92zatBhPNqw73ord4iYl.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 16788, version 1.0\012- data
Size
17 kB (16788 bytes)
Hash
fadc4eda91035fbda5e631f925510da1
93a7769c49524a3085be84e563651919d7686820
be91d4b4c218dd20016c65b841b46ce9e4cf8277fee2a2845ef4434012a360b5

HTTP Headers

GET /s/jost/v14/92zatBhPNqw73ord4iYl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16788
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 15:09:09 GMT
expires: Sun, 26 Nov 2023 15:09:09 GMT
cache-control: public, max-age=31536000
age: 517002
last-modified: Mon, 11 Jul 2022 20:28:51 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/jost/v14/92zatBhPNqw73oTd4g.woff2

142.250.74.35

200 OK

26 kB

URL HTTP/2
fonts.gstatic.com/s/jost/v14/92zatBhPNqw73oTd4g.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 26304, version 1.0\012- data
Size
26 kB (26304 bytes)
Hash
29404b5009a74d47f2a7923da5741fd5
c8c7a68af3f7e4f92d932203efda0c38e4d170ab
0b7e3af1cb23f3b1cc2c3418f3c31ab3bbadeaa2ba5e72f3cb818e4b44c420f4

HTTP Headers

GET /s/jost/v14/92zatBhPNqw73oTd4g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26304
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 15:03:45 GMT
expires: Sun, 26 Nov 2023 15:03:45 GMT
cache-control: public, max-age=31536000
age: 517326
last-modified: Mon, 11 Jul 2022 20:29:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 155496
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

nhopaepzrh.com/solid.gif?z=1895996&abvar=0

62.122.171.6

200 OK

43 B

URL HTTP/2
nhopaepzrh.com/solid.gif?z=1895996&abvar=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1895996&abvar=0 HTTP/1.1
Host: nhopaepzrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2

142.250.74.35

200 OK

5.5 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 5548, version 1.0\012- data
Size
5.5 kB (5548 bytes)
Hash
cdaab83619fcacd4027a77c99dd51e69
9e6eae8554f8cc2309b2dae2d9fa217e34eed6a4
4ec57f2a80b91090971b83970230ca09ab3568c5f5b224896ca9aa6180a76aa9

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5548
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 20:55:53 GMT
expires: Thu, 30 Nov 2023 20:55:53 GMT
cache-control: public, max-age=31536000
age: 150598
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2

142.250.74.35

200 OK

5.6 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 5604, version 1.0\012- data
Size
5.6 kB (5604 bytes)
Hash
7cda2cfee99d697daf8c14819d9004eb
76f4002863493c93454a9f17424942f321287cba
0948409a22b5979aa7e1ec20da9e61f12e7d403800b541ece053881bd2542b70

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:55:02 GMT
expires: Thu, 30 Nov 2023 19:55:02 GMT
cache-control: public, max-age=31536000
age: 154249
last-modified: Wed, 11 May 2022 19:24:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

35.163.49.154

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.49.154:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wKtsPTluzLOC5REYqG6N1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oAncM/BSF38z2n/yicGSc8ikki4=

www.googletagmanager.com/gtag/js?id=G-DB279YWQ7K

142.250.74.168

200 OK

76 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-DB279YWQ7K
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (20080)
Size
76 kB (76247 bytes)
Hash
72c876a74c391b11a44491d349c83363
e1109766be93ccf6707caf75a3dda01f2ee7dba0
a12b0242cefd5cb33a7fa5367f06fc152a2cce7d970a715adfb17670d183c6f9

HTTP Headers

GET /gtag/js?id=G-DB279YWQ7K HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 14:45:51 GMT
expires: Fri, 02 Dec 2022 14:45:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
fddb374041478a3281b12ca429b38a50
bc8b3264b1d4c8db5c1beca13dd91688287b483c
911bac1b8e2ed76872c8b2d3171a3b5f61c0f1bad6eb700467625fe46b73ded6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1638
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Last-Modified: Fri, 02 Dec 2022 14:18:33 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 278

cdn.pncloudfl.com/pn/684/cd3/65d/684cd365d3cd4ba256df6c15e4d8830335691a7e.jpg

104.22.59.221

200 OK

39 kB

URL HTTP/2
cdn.pncloudfl.com/pn/684/cd3/65d/684cd365d3cd4ba256df6c15e4d8830335691a7e.jpg
IP
104.22.59.221:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
39 kB (39236 bytes)
Hash
a6b0a21bfdf21b692c701fb10698ed31
9073911a22529565f47be387792b31b8eba0f662
b6e5c50bb60393ccb39042c1a874c33ac39c277a12084cc2d5d7b1ae8b0cc331

HTTP Headers

GET /pn/684/cd3/65d/684cd365d3cd4ba256df6c15e4d8830335691a7e.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: image/webp
content-length: 39236
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=71789
content-disposition: inline; filename="684cd365d3cd4ba256df6c15e4d8830335691a7e.webp"
etag: 1813fb9ea8ee3b480b405ca8a32b96a9
expires: Sat, 03 Dec 2022 22:06:45 GMT
last-modified: Mon, 24 Oct 2022 03:09:48 GMT
vary: Accept
x-openstack-request-id: txf1ae206e344646eba3b6f-006356035e
x-proxy-cache: HIT
x-timestamp: 1666580987.02652
x-trans-id: txf1ae206e344646eba3b6f-006356035e
cf-cache-status: HIT
age: 59946
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 7734d9443d761c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
fddb374041478a3281b12ca429b38a50
bc8b3264b1d4c8db5c1beca13dd91688287b483c
911bac1b8e2ed76872c8b2d3171a3b5f61c0f1bad6eb700467625fe46b73ded6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1638
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:51 GMT
Last-Modified: Fri, 02 Dec 2022 14:18:33 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 278

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
314f2745d452b813ee6230cae1fdf708
bc4ff881f716f1a51365192a55246efaa6992ca8
dddbd851169338d5ade97982886d8f93b7a52cd724efbad0435ac07f87974b3d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 14:45:51 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 17:29:18 GMT
Expires: Tue, 06 Dec 2022 17:29:17 GMT
Etag: "bc4ff881f716f1a51365192a55246efaa6992ca8"
Cache-Control: max-age=354805,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7734d9444ab9b4f1-OSL

hwpnocpctu.com/chicken.gif?z=1896006&pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=Jcc4Qz8ZRcTJhLLsWA2TwcrMZKmNaA3szEkZlKS5zbRg74K7XDq4PFnpf-7mXdyx5B_lUWk5uYS6sukRFUZGP08KUqBycD4Owgw1BEaTlSHN1UIOasGi-oWg9WGU9gELf29HKo3Wh-D-1XxYl6Qt3A5Py_PjnJnTKxUacvTe1zKsKGQTJZS44JwnV9lsaz37jKKVrCTZB5tnTMKFoS88WjY-jLMKQLSwQh-PMwsOMBq1ESOfuG7mNhP1fpxi6OXc9zBzoiAmJtqNXso1Nl0lgbniOEwu1b-qTLzlShaf6rhM8do4hEesUv2PHVNodejV8AdFEfPTUrL4mntP5syZUeo0Eg0wLQjc9o6jpFpWiC63RZujcgE0vlqmmozUOtKb1TjPfu7PTbXtpPadcPOmOh6zyoD43eGjqnUDuMnbyB0lSBNCpQIxwbJgMVm_MCL6ZEfHUPhHQcdlD-iZlSSVz4buzAEjVqDAfaxVnI_nREpj5qHJFOxGWtRELjf0A3wshwo44GufMI6rX65Y4HZNHdNO_67jYwru9Bzqwt01noKp-4uAEa5Ur7u8oUF3SPjcBohJe40xWLGAwNcu_yZ4mSeGdKMtKK8eb8BbgmP8FtvNbi6sqN8vTlMTnidQGUIdieeFK5y-xq8lRF6XUjlip-VuXBmTO2eq_RS6g9kEE7rxs3AdjZKZguSblbI7FAgtQu3QUPMjEgjLCUT5DKt-BrYKYU8KLpymMXE4vWokqdV_cSw5&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
hwpnocpctu.com/chicken.gif?z=1896006&pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=Jcc4Qz8ZRcTJhLLsWA2TwcrMZKmNaA3szEkZlKS5zbRg74K7XDq4PFnpf-7mXdyx5B_lUWk5uYS6sukRFUZGP08KUqBycD4Owgw1BEaTlSHN1UIOasGi-oWg9WGU9gELf29HKo3Wh-D-1XxYl6Qt3A5Py_PjnJnTKxUacvTe1zKsKGQTJZS44JwnV9lsaz37jKKVrCTZB5tnTMKFoS88WjY-jLMKQLSwQh-PMwsOMBq1ESOfuG7mNhP1fpxi6OXc9zBzoiAmJtqNXso1Nl0lgbniOEwu1b-qTLzlShaf6rhM8do4hEesUv2PHVNodejV8AdFEfPTUrL4mntP5syZUeo0Eg0wLQjc9o6jpFpWiC63RZujcgE0vlqmmozUOtKb1TjPfu7PTbXtpPadcPOmOh6zyoD43eGjqnUDuMnbyB0lSBNCpQIxwbJgMVm_MCL6ZEfHUPhHQcdlD-iZlSSVz4buzAEjVqDAfaxVnI_nREpj5qHJFOxGWtRELjf0A3wshwo44GufMI6rX65Y4HZNHdNO_67jYwru9Bzqwt01noKp-4uAEa5Ur7u8oUF3SPjcBohJe40xWLGAwNcu_yZ4mSeGdKMtKK8eb8BbgmP8FtvNbi6sqN8vTlMTnidQGUIdieeFK5y-xq8lRF6XUjlip-VuXBmTO2eq_RS6g9kEE7rxs3AdjZKZguSblbI7FAgtQu3QUPMjEgjLCUT5DKt-BrYKYU8KLpymMXE4vWokqdV_cSw5&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1896006&pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=Jcc4Qz8ZRcTJhLLsWA2TwcrMZKmNaA3szEkZlKS5zbRg74K7XDq4PFnpf-7mXdyx5B_lUWk5uYS6sukRFUZGP08KUqBycD4Owgw1BEaTlSHN1UIOasGi-oWg9WGU9gELf29HKo3Wh-D-1XxYl6Qt3A5Py_PjnJnTKxUacvTe1zKsKGQTJZS44JwnV9lsaz37jKKVrCTZB5tnTMKFoS88WjY-jLMKQLSwQh-PMwsOMBq1ESOfuG7mNhP1fpxi6OXc9zBzoiAmJtqNXso1Nl0lgbniOEwu1b-qTLzlShaf6rhM8do4hEesUv2PHVNodejV8AdFEfPTUrL4mntP5syZUeo0Eg0wLQjc9o6jpFpWiC63RZujcgE0vlqmmozUOtKb1TjPfu7PTbXtpPadcPOmOh6zyoD43eGjqnUDuMnbyB0lSBNCpQIxwbJgMVm_MCL6ZEfHUPhHQcdlD-iZlSSVz4buzAEjVqDAfaxVnI_nREpj5qHJFOxGWtRELjf0A3wshwo44GufMI6rX65Y4HZNHdNO_67jYwru9Bzqwt01noKp-4uAEa5Ur7u8oUF3SPjcBohJe40xWLGAwNcu_yZ4mSeGdKMtKK8eb8BbgmP8FtvNbi6sqN8vTlMTnidQGUIdieeFK5y-xq8lRF6XUjlip-VuXBmTO2eq_RS6g9kEE7rxs3AdjZKZguSblbI7FAgtQu3QUPMjEgjLCUT5DKt-BrYKYU8KLpymMXE4vWokqdV_cSw5&abvar=0&os=0 HTTP/1.1
Host: hwpnocpctu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22120209452f35de8ab3b6465f8033f49806
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIIEwAAAAAAAAAB; Path=/; Expires=Sun, 01 Jan 2023 14:45:51 GMT; Secure; SameSite=None
OACIBLOCK=ACIIEwAAAABjiYZQ; Path=/; Expires=Sun, 01 Jan 2023 14:45:51 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sat, 03 Dec 2022 14:45:51 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

hwpnocpctu.com/chicken.gif?z=1896005&pb=54df7da6829f1c90aac5652fd8e36b2b1669999550&psp=kWxuqU0IgkLTO0VNcGHrS-7UVW89JRZsU_fnqOFEvuyEb4Sp2cmW8MNBHId78Lmjt-lAevAKJOu7dz-jiqNoh8KCHwemma4bqZ_S1YjgfbmCUn3yx7lz2AzgTuZJPZmPACr1LI75ARyNbMzEy4nb1N36PeZwgbwxzqMNeBilfYZBC8iCYncU5CmZU0z_ZkZDmlDk5yB64WXxyYEYYEYh-6SPzYYFXZ5zwcw74RumGXtD14CNToiHzZ5UUEaFWPt9CZFYNZ-yUxCXJELs2sj-W6lYRvopvuQsCC5s7FablYcsKQudW2E2XGFmyC4Ek6WDL38wiNO135htiuE8vjOiCwKHdMZPRL7rPrTHFGy8NEE52g17R--OyBqnJrCMMEsCEVMZkul54TF6aNupqpzDj6y3A631x5rt53qJedeRoV8KyiYBikkLa7CsYmoulyu_oFP6agdkeTBoyW9hUoE4pSlmUpV93cxGCfBCr32CiaNF4lW9kmpBdgP0N8s6QmDkt1ufW3X1RWshVI6dSEOKHp775QAzL9viDD0xMJao6Nr0-rRU0q-kmGHrGbbvThcbEDBjgp-05n38XdasVh7o-b_-UZzLuwcYNiaYdtowFpxy9cPuZtWsak8y3jRhwg8s-t1ONIT6N6SYGtCAmmsx54e-toCXHkCGGd-ENwjc4hd0k9_64L4HAvofKypY77oSxtggG4S6WMim1H46f0BeMUqKZxlX4wTfLs0nmNmYi_Ew3Obv&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
hwpnocpctu.com/chicken.gif?z=1896005&pb=54df7da6829f1c90aac5652fd8e36b2b1669999550&psp=kWxuqU0IgkLTO0VNcGHrS-7UVW89JRZsU_fnqOFEvuyEb4Sp2cmW8MNBHId78Lmjt-lAevAKJOu7dz-jiqNoh8KCHwemma4bqZ_S1YjgfbmCUn3yx7lz2AzgTuZJPZmPACr1LI75ARyNbMzEy4nb1N36PeZwgbwxzqMNeBilfYZBC8iCYncU5CmZU0z_ZkZDmlDk5yB64WXxyYEYYEYh-6SPzYYFXZ5zwcw74RumGXtD14CNToiHzZ5UUEaFWPt9CZFYNZ-yUxCXJELs2sj-W6lYRvopvuQsCC5s7FablYcsKQudW2E2XGFmyC4Ek6WDL38wiNO135htiuE8vjOiCwKHdMZPRL7rPrTHFGy8NEE52g17R--OyBqnJrCMMEsCEVMZkul54TF6aNupqpzDj6y3A631x5rt53qJedeRoV8KyiYBikkLa7CsYmoulyu_oFP6agdkeTBoyW9hUoE4pSlmUpV93cxGCfBCr32CiaNF4lW9kmpBdgP0N8s6QmDkt1ufW3X1RWshVI6dSEOKHp775QAzL9viDD0xMJao6Nr0-rRU0q-kmGHrGbbvThcbEDBjgp-05n38XdasVh7o-b_-UZzLuwcYNiaYdtowFpxy9cPuZtWsak8y3jRhwg8s-t1ONIT6N6SYGtCAmmsx54e-toCXHkCGGd-ENwjc4hd0k9_64L4HAvofKypY77oSxtggG4S6WMim1H46f0BeMUqKZxlX4wTfLs0nmNmYi_Ew3Obv&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /chicken.gif?z=1896005&pb=54df7da6829f1c90aac5652fd8e36b2b1669999550&psp=kWxuqU0IgkLTO0VNcGHrS-7UVW89JRZsU_fnqOFEvuyEb4Sp2cmW8MNBHId78Lmjt-lAevAKJOu7dz-jiqNoh8KCHwemma4bqZ_S1YjgfbmCUn3yx7lz2AzgTuZJPZmPACr1LI75ARyNbMzEy4nb1N36PeZwgbwxzqMNeBilfYZBC8iCYncU5CmZU0z_ZkZDmlDk5yB64WXxyYEYYEYh-6SPzYYFXZ5zwcw74RumGXtD14CNToiHzZ5UUEaFWPt9CZFYNZ-yUxCXJELs2sj-W6lYRvopvuQsCC5s7FablYcsKQudW2E2XGFmyC4Ek6WDL38wiNO135htiuE8vjOiCwKHdMZPRL7rPrTHFGy8NEE52g17R--OyBqnJrCMMEsCEVMZkul54TF6aNupqpzDj6y3A631x5rt53qJedeRoV8KyiYBikkLa7CsYmoulyu_oFP6agdkeTBoyW9hUoE4pSlmUpV93cxGCfBCr32CiaNF4lW9kmpBdgP0N8s6QmDkt1ufW3X1RWshVI6dSEOKHp775QAzL9viDD0xMJao6Nr0-rRU0q-kmGHrGbbvThcbEDBjgp-05n38XdasVh7o-b_-UZzLuwcYNiaYdtowFpxy9cPuZtWsak8y3jRhwg8s-t1ONIT6N6SYGtCAmmsx54e-toCXHkCGGd-ENwjc4hd0k9_64L4HAvofKypY77oSxtggG4S6WMim1H46f0BeMUqKZxlX4wTfLs0nmNmYi_Ew3Obv&abvar=0&os=0 HTTP/1.1
Host: hwpnocpctu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=22120209452f35de8ab3b6465f8033f49806
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIIEwAAAAAAAAAB; Path=/; Expires=Sun, 01 Jan 2023 14:45:51 GMT; Secure; SameSite=None
OACIBLOCK=ACIIEwAAAABjiYZQ; Path=/; Expires=Sun, 01 Jan 2023 14:45:51 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sat, 03 Dec 2022 14:45:51 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

limurol.com/ssp/req/1895996/?pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=ISeMcI1kiEm5BrzYgo4WNcYjelZ3eLhMZNdYOG25HxoFlO1DgFiUc3M3s8i7skvHKnwyJpIaQ36EIN0S8G58W0bBKZxD_QPbl-SKarbTOBFIBDhgUgNE9_IAxunJvc186XvKUvQwCAs6wW0wG6KfcjkB-Lrx-u-YMKgsUqtz7ILBbdMvpRhF5qXMkZYHtJzQ37bAuZbjXnDeUJL7tFHOrYyKSrAZq1Dt9jEbVY9rjRz434c7txmTZFKFW8rtpUQLr7wqSLIlknFZfLlhso7yEaP8GXtzrsH7S4Cf5_vqC3AymoEcM2tXWgWjfBTGla9F3DhcXXXFJnpZLMefLuK1FY9SmlFKNeuW8gPCEVh4470Jxaaq7nYcQKhXItQQv8oVEhKvZfded0xRiMGXzJcd5C-19GQN0fhsb8ov1eGWYjhdpLrskLQvO-QX2jHllvIpCwEDKMS5TNnVJDbUWUQuqNFLAocvofLVSxzjAqfD9mbtaByeSrc-e31QwWhFwtk2xXOvRn6bgZ4SixC7QQ46ddlBxEEIGIdl7NRaeKmm29IV_n3tP5eXm0n2gArlELYVcUGpFGdOTStkypSmyL0GTwsSYLsuMyo=&cb=_clvtuu8sv0p4d2bdl51bf6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1895996/?pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=ISeMcI1kiEm5BrzYgo4WNcYjelZ3eLhMZNdYOG25HxoFlO1DgFiUc3M3s8i7skvHKnwyJpIaQ36EIN0S8G58W0bBKZxD_QPbl-SKarbTOBFIBDhgUgNE9_IAxunJvc186XvKUvQwCAs6wW0wG6KfcjkB-Lrx-u-YMKgsUqtz7ILBbdMvpRhF5qXMkZYHtJzQ37bAuZbjXnDeUJL7tFHOrYyKSrAZq1Dt9jEbVY9rjRz434c7txmTZFKFW8rtpUQLr7wqSLIlknFZfLlhso7yEaP8GXtzrsH7S4Cf5_vqC3AymoEcM2tXWgWjfBTGla9F3DhcXXXFJnpZLMefLuK1FY9SmlFKNeuW8gPCEVh4470Jxaaq7nYcQKhXItQQv8oVEhKvZfded0xRiMGXzJcd5C-19GQN0fhsb8ov1eGWYjhdpLrskLQvO-QX2jHllvIpCwEDKMS5TNnVJDbUWUQuqNFLAocvofLVSxzjAqfD9mbtaByeSrc-e31QwWhFwtk2xXOvRn6bgZ4SixC7QQ46ddlBxEEIGIdl7NRaeKmm29IV_n3tP5eXm0n2gArlELYVcUGpFGdOTStkypSmyL0GTwsSYLsuMyo=&cb=_clvtuu8sv0p4d2bdl51bf6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1895996/?pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=ISeMcI1kiEm5BrzYgo4WNcYjelZ3eLhMZNdYOG25HxoFlO1DgFiUc3M3s8i7skvHKnwyJpIaQ36EIN0S8G58W0bBKZxD_QPbl-SKarbTOBFIBDhgUgNE9_IAxunJvc186XvKUvQwCAs6wW0wG6KfcjkB-Lrx-u-YMKgsUqtz7ILBbdMvpRhF5qXMkZYHtJzQ37bAuZbjXnDeUJL7tFHOrYyKSrAZq1Dt9jEbVY9rjRz434c7txmTZFKFW8rtpUQLr7wqSLIlknFZfLlhso7yEaP8GXtzrsH7S4Cf5_vqC3AymoEcM2tXWgWjfBTGla9F3DhcXXXFJnpZLMefLuK1FY9SmlFKNeuW8gPCEVh4470Jxaaq7nYcQKhXItQQv8oVEhKvZfded0xRiMGXzJcd5C-19GQN0fhsb8ov1eGWYjhdpLrskLQvO-QX2jHllvIpCwEDKMS5TNnVJDbUWUQuqNFLAocvofLVSxzjAqfD9mbtaByeSrc-e31QwWhFwtk2xXOvRn6bgZ4SixC7QQ46ddlBxEEIGIdl7NRaeKmm29IV_n3tP5eXm0n2gArlELYVcUGpFGdOTStkypSmyL0GTwsSYLsuMyo=&cb=_clvtuu8sv0p4d2bdl51bf6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2212020945a16b41461dba4639a660c353f0; Path=/; Expires=Sat, 02 Dec 2023 14:45:51 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1895996/?pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=ISeMcI1kiEm5BrzYgo4WNcYjelZ3eLhMZNdYOG25HxoFlO1DgFiUc3M3s8i7skvHKnwyJpIaQ36EIN0S8G58W0bBKZxD_QPbl-SKarbTOBFIBDhgUgNE9_IAxunJvc186XvKUvQwCAs6wW0wG6KfcjkB-Lrx-u-YMKgsUqtz7ILBbdMvpRhF5qXMkZYHtJzQ37bAuZbjXnDeUJL7tFHOrYyKSrAZq1Dt9jEbVY9rjRz434c7txmTZFKFW8rtpUQLr7wqSLIlknFZfLlhso7yEaP8GXtzrsH7S4Cf5_vqC3AymoEcM2tXWgWjfBTGla9F3DhcXXXFJnpZLMefLuK1FY9SmlFKNeuW8gPCEVh4470Jxaaq7nYcQKhXItQQv8oVEhKvZfded0xRiMGXzJcd5C-19GQN0fhsb8ov1eGWYjhdpLrskLQvO-QX2jHllvIpCwEDKMS5TNnVJDbUWUQuqNFLAocvofLVSxzjAqfD9mbtaByeSrc-e31QwWhFwtk2xXOvRn6bgZ4SixC7QQ46ddlBxEEIGIdl7NRaeKmm29IV_n3tP5eXm0n2gArlELYVcUGpFGdOTStkypSmyL0GTwsSYLsuMyo=&cb=_clvtuu8sv0p4d2bdl51bf6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1895996/?pb=1f0c644e383397aa4fc1a92deaf64ed81669999551&psp=ISeMcI1kiEm5BrzYgo4WNcYjelZ3eLhMZNdYOG25HxoFlO1DgFiUc3M3s8i7skvHKnwyJpIaQ36EIN0S8G58W0bBKZxD_QPbl-SKarbTOBFIBDhgUgNE9_IAxunJvc186XvKUvQwCAs6wW0wG6KfcjkB-Lrx-u-YMKgsUqtz7ILBbdMvpRhF5qXMkZYHtJzQ37bAuZbjXnDeUJL7tFHOrYyKSrAZq1Dt9jEbVY9rjRz434c7txmTZFKFW8rtpUQLr7wqSLIlknFZfLlhso7yEaP8GXtzrsH7S4Cf5_vqC3AymoEcM2tXWgWjfBTGla9F3DhcXXXFJnpZLMefLuK1FY9SmlFKNeuW8gPCEVh4470Jxaaq7nYcQKhXItQQv8oVEhKvZfded0xRiMGXzJcd5C-19GQN0fhsb8ov1eGWYjhdpLrskLQvO-QX2jHllvIpCwEDKMS5TNnVJDbUWUQuqNFLAocvofLVSxzjAqfD9mbtaByeSrc-e31QwWhFwtk2xXOvRn6bgZ4SixC7QQ46ddlBxEEIGIdl7NRaeKmm29IV_n3tP5eXm0n2gArlELYVcUGpFGdOTStkypSmyL0GTwsSYLsuMyo=&cb=_clvtuu8sv0p4d2bdl51bf6&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=221202094564525f4620dc484d92aa46cda6; Path=/; Expires=Sat, 02 Dec 2023 14:45:51 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

hwpnocpctu.com/get/1896006?zoneid=1896006&jp=_clyginquv2fnb8l7qqxc66&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4331569269275359

62.122.171.6

200 OK

1.2 kB

URL HTTP/2
hwpnocpctu.com/get/1896006?zoneid=1896006&jp=_clyginquv2fnb8l7qqxc66&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4331569269275359
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
1.2 kB (1177 bytes)
Hash
83ce7af1f2d9a899dc3859ab9d1f00ec
ab5f97cea5ae083b532c78891ecfc56432767b66
cb40ac21618eb7886619188aecd78c3174ca5134d506d8ef13f29ae788d262b9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1896006?zoneid=1896006&jp=_clyginquv2fnb8l7qqxc66&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=4331569269275359 HTTP/1.1
Host: hwpnocpctu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Cookie: UID=22120209452f35de8ab3b6465f8033f49806
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

widgets.amung.us/classic/09/970.png

172.67.8.141

200 OK

1.6 kB

URL HTTP/2
widgets.amung.us/classic/09/970.png
IP
172.67.8.141:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 81 x 29, 8-bit colormap, non-interlaced\012- data
Size
1.6 kB (1608 bytes)
Hash
9176c34eec338f86102aa4bd60d437a8
79893cebbc5447f6f989480bc83e09187719240b
dd096ebfa95f947df89705016b8858845e085efc254f13175ac9ff496d63753b

HTTP Headers

GET /classic/09/970.png HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clipquaylen.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: image/png
content-length: 1608
last-modified: Sun, 13 Jun 2010 09:03:10 GMT
etag: "4c149ece-648"
expires: Thu, 01 Dec 2022 16:30:41 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 166510
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7734d9476a41b51b-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
8fc31a47c4acf061faf23fdbd6e33564
0d133de0c3cab3a34aea5d2fdf81d42c5ca079a5
4fcc0b6286100a57e31d0174483ea457b76cadd6f1e657b9cbf9cc75b50d38cc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=141998
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:52 GMT
Etag: "6389974e-116"
Expires: Sun, 04 Dec 2022 06:12:30 GMT
Last-Modified: Fri, 02 Dec 2022 06:12:30 GMT
Server: nginx
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
8fc31a47c4acf061faf23fdbd6e33564
0d133de0c3cab3a34aea5d2fdf81d42c5ca079a5
4fcc0b6286100a57e31d0174483ea457b76cadd6f1e657b9cbf9cc75b50d38cc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=141998
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 14:45:52 GMT
Etag: "6389974e-116"
Expires: Sun, 04 Dec 2022 06:12:30 GMT
Last-Modified: Fri, 02 Dec 2022 06:12:30 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 278

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14681
Expires: Fri, 02 Dec 2022 18:50:33 GMT
Date: Fri, 02 Dec 2022 14:45:52 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14681
Expires: Fri, 02 Dec 2022 18:50:33 GMT
Date: Fri, 02 Dec 2022 14:45:52 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14681
Expires: Fri, 02 Dec 2022 18:50:33 GMT
Date: Fri, 02 Dec 2022 14:45:52 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14681
Expires: Fri, 02 Dec 2022 18:50:33 GMT
Date: Fri, 02 Dec 2022 14:45:52 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6564 bytes)
Hash
58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 61076
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 00:54:54 GMT
age: 49858
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4834 bytes)
Hash
cd8ad22c2eb1eb91c76970fa449f1bc4
0de97f3a4964038222bd751e043e413113e6db9d
668f805815aede3bc04f8564bd6aefd56029362bb0aa8a794673eb78ab2d4643

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bBj-TXtavCuORZ9qBoZeVj-GXeRljAeW-98HY7lTk5_VRSKF4_07VQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 04:22:38 GMT
age: 37394
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_clqxk1isu2i06c3qxmahnx&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672394572034611

62.122.171.6

200 OK

15 kB

URL HTTP/2
hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_clqxk1isu2i06c3qxmahnx&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672394572034611
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
15 kB (15203 bytes)
Hash
d3d1cd73402f5aadd2c4d7fb1a863cf0
f7ce6f685424533515e60602e00bdca7ba7ec02d
0dfeb2fd4e9e089341a88d09470f27f074ed07029a1fdae780d940c92c22df53

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1896005?zoneid=1896005&jp=_clqxk1isu2i06c3qxmahnx&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=672394572034611 HTTP/1.1
Host: hwpnocpctu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22120209454828c5c9458349c3b9f26e6bc7; Path=/; Expires=Sat, 02 Dec 2023 14:45:50 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8863 bytes)
Hash
156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cgj3fw3lpngosMNOK7cZUZO94T__4RTy_p7wa6rI62OOvhI5E9wMSw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:09:50 GMT
age: 5762
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jM-fTqLsmU3c_gc9Wle-lvCwXelA9Sid9axtzJQDsfOHv23yUbKsBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 23:43:28 GMT
age: 54144
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-DB279YWQ7K&gtm=2oebu0&_p=1135681937&cid=277364894.1669992350&ul=en-us&sr=1280x1024&_s=1&sid=1669992350&sct=1&seg=0&dl=https%3A%2F%2Fclipquaylen.net%2Fxem-phim%2Floan-luan-voi-chi-ho-6-X2Y8407CX%2F&dt=%5BHD1080p%5D%20Lo%E1%BA%A1n%20lu%C3%A2n%20v%E1%BB%9Bi%20ch%E1%BB%8B%20h%E1%BB%8D%206%20-%20CLIPQUAYLEN.NET&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-DB279YWQ7K&gtm=2oebu0&_p=1135681937&cid=277364894.1669992350&ul=en-us&sr=1280x1024&_s=1&sid=1669992350&sct=1&seg=0&dl=https%3A%2F%2Fclipquaylen.net%2Fxem-phim%2Floan-luan-voi-chi-ho-6-X2Y8407CX%2F&dt=%5BHD1080p%5D%20Lo%E1%BA%A1n%20lu%C3%A2n%20v%E1%BB%9Bi%20ch%E1%BB%8B%20h%E1%BB%8D%206%20-%20CLIPQUAYLEN.NET&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-DB279YWQ7K&gtm=2oebu0&_p=1135681937&cid=277364894.1669992350&ul=en-us&sr=1280x1024&_s=1&sid=1669992350&sct=1&seg=0&dl=https%3A%2F%2Fclipquaylen.net%2Fxem-phim%2Floan-luan-voi-chi-ho-6-X2Y8407CX%2F&dt=%5BHD1080p%5D%20Lo%E1%BA%A1n%20lu%C3%A2n%20v%E1%BB%9Bi%20ch%E1%BB%8B%20h%E1%BB%8D%206%20-%20CLIPQUAYLEN.NET&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clipquaylen.net
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://clipquaylen.net
date: Fri, 02 Dec 2022 14:45:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

xembed.live/jwplayer/jquery.min.js

104.21.234.15

200 OK

0 B

URL HTTP/2
xembed.live/jwplayer/jquery.min.js
IP
104.21.234.15:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /jwplayer/jquery.min.js HTTP/1.1
Host: xembed.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:54 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 14:28:47 GMT
vary: Accept-Encoding
etag: W/"61d3081f-15d9d"
expires: Thu, 29 Dec 2022 01:00:03 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 308749
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2FlCGEBysxxP%2Bx3RR3%2By8eujoJPGWRs%2BeDF3AQzbPxrOdgiVm9v0hIQ5mN23MjOAzmqh0lSXQrin%2BbiYOPwC4caWBZxSTWAhT%2BYNtIvlNR1R7OZ3%2F%2FSFjmi5GNG7PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7734d94a9a94bc82-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_cl9h1k3kwpmcs6cd7o1gql&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553693919939212

62.122.171.6

200 OK

0 B

URL HTTP/2
hwpnocpctu.com/get/1896005?zoneid=1896005&jp=_cl9h1k3kwpmcs6cd7o1gql&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553693919939212
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1896005?zoneid=1896005&jp=_cl9h1k3kwpmcs6cd7o1gql&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553693919939212 HTTP/1.1
Host: hwpnocpctu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22120209452f35de8ab3b6465f8033f49806; Path=/; Expires=Sat, 02 Dec 2023 14:45:50 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/

172.67.141.150

200 OK

0 B

URL HTTP/2
clipquaylen.net/xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/
IP
172.67.141.150:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /xem-phim/loan-luan-voi-chi-ho-6-X2Y8407CX/ HTTP/1.1
Host: clipquaylen.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=i9fsjmdarp1hrmrud3oqpfp6ee; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JLOznSKm5pqNnitFO%2F33bQt1ajlbjPdK7P6RkHzTx8iLAYbGAxbZSrb%2FfmaV2V6v4a0gDosxqqYLlB7UVMdnUU%2Fdsgv8NuA532XeWHexAEuVDXKuKOIt0xYsMyCTBtEEuaA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7734d93da9feb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

xembed.live/jwplayer/jquery.cookie.min.js

104.21.234.15

200 OK

0 B

URL HTTP/2
xembed.live/jwplayer/jquery.cookie.min.js
IP
104.21.234.15:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /jwplayer/jquery.cookie.min.js HTTP/1.1
Host: xembed.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 14:45:52 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 14:28:52 GMT
vary: Accept-Encoding
etag: W/"61d30824-514"
expires: Sat, 31 Dec 2022 12:10:08 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 95744
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cKHpX19J49QBjSxXHMqEbXwgZCjNPY3lDUymYPS60HFRwLPLyhq5tEmWKIai%2BvHHwwvjH2j7bWf5GstuiIk3q31V4llMetJ14cxKZRrCtLmjHGeo8o3j1OhuJPczw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7734d94a9a96bc82-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

nhopaepzrh.com/get/1895996?zoneid=1895996&jp=_clq3kh73icb6u5tkuwj8k7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642719409037826

62.122.171.6

200 OK

0 B

URL HTTP/2
nhopaepzrh.com/get/1895996?zoneid=1895996&jp=_clq3kh73icb6u5tkuwj8k7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642719409037826
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1895996?zoneid=1895996&jp=_clq3kh73icb6u5tkuwj8k7&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=2642719409037826 HTTP/1.1
Host: nhopaepzrh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clipquaylen.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 14:45:51 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=22120209457c6e3af56017445d941e545d42; Path=/; Expires=Sat, 02 Dec 2023 14:45:51 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations