Report - hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0

Report Overview

Visited public
2025-03-05 04:06:08
Tags
URL
hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Finishing URL
hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
IP / ASN
104.18.37.211
#13335 CLOUDFLARENET
Title
What Do Casual Connections Mean to You?

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-02-26	437 B	832 B	104.18.41.22
cdntechone.com	64371	2021-12-24	2021-12-24	2025-03-03	1.1 kB	52 kB	104.21.36.146
rimsaureshi.com	unknown	2025-01-21	2025-01-22	2025-02-27	487 B	62 kB	104.21.89.127
datatechonert.com	46154	2021-12-24	2021-12-24	2025-03-02	552 B	483 B	185.49.145.45
hafoopsuny.com	unknown	2025-01-11	2025-01-22	2025-02-22	12 kB	575 kB	172.64.150.45
agruptauli.com	unknown	2024-11-01	2024-11-05	2025-03-03	5.6 kB	7.9 kB	172.64.150.45

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	rimsaureshi.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed
2025-03-04	medium	agruptauli.com	Sinkholed
2025-03-05	medium	hafoopsuny.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (31)

	URL	From	Size	First Seen	Last Seen
	hafoopsuny.com/_next/static/chunks/84329d8b6a449937-f30929906fc5e4c7.js	ScriptElement	42 kB	2025-03-04	2025-03-05
Pretty URL hafoopsuny.com/_next/static/chunks/84329d8b6a449937-f30929906fc5e4c7.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 15:55 Last Seen2025-03-05 05:35 Times Seen28 Hash 794e69e4a6c4785214f60b1059d3587b 124d9d3e990c61c842975ce5ab00794add170256 04449b1e086888c1e9545d5ba3edc05544aa361a8e9870d14dbc6ae0b88008ae Loading...

	hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_ssgManifest.js	ScriptElement	120 B	2025-02-20	2025-03-21
Pretty URL hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_ssgManifest.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-21 10:38 Times Seen373 Hash 21fac1d81e3fdf589c173a5f8adf9d0b a2346a3c90e2ded4beb39348c0d1b3de91a7cc11 0c943a0528c041e4def40a008af8a6866bd0cb79b320df736b066ba9e6d737ae Loading...

	hafoopsuny.com/_next/static/chunks/f141f7458f59f103.7b1724452fb2a85f.js	ScriptElement	3.4 kB	2025-02-20	2025-03-21
Pretty URL hafoopsuny.com/_next/static/chunks/f141f7458f59f103.7b1724452fb2a85f.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-21 10:38 Times Seen369 Hash 4f5091b2bda4c8d2ac84097380cef564 11b08cb0b763e2878abb97994b7ee9e484643a0d 8f5d1c3f5990e6900998a6c0225b14b7d9e17686eed2f39574e749a39626bd72 Loading...

	hafoopsuny.com/_next/static/chunks/bf7348b0f0f41677.c33e54f82eec272e.js	ScriptElement	30 kB	2025-02-20	2025-03-17
Pretty URL hafoopsuny.com/_next/static/chunks/bf7348b0f0f41677.c33e54f82eec272e.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-17 04:22 Times Seen282 Hash e355310f27c8059ff791634ff21732be 52686ba1870e0eae23aadc029bdb631b6262662f ecef836065811aca160b94c51f6fbe46e7a49944e7a3f919ed44dfdbecadcc29 Loading...

	hafoopsuny.com/_next/static/chunks/1c02c3e681ea9f6d-ebf163de3da5e125.js	ScriptElement	27 kB	2025-02-20	2025-03-21
Pretty URL hafoopsuny.com/_next/static/chunks/1c02c3e681ea9f6d-ebf163de3da5e125.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-21 10:38 Times Seen372 Hash 13e53dcb0fdd948fbae71fc9917d49fb 4675d37e2bf9648c797ae16186ac79d657152030 267cc8e20007a5dbeaf155c721cdbe4a2d49b003719fc9fc4b73cc738a54a5f3 Loading...

	hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	Eval	17 B	2024-12-03	2025-06-24
Pretty URL hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2024-12-03 18:23 Last Seen2025-06-24 04:24 Times Seen2629 Hash 6c2875f1a9aa4e7aea000433b300f345 19ada7d0dfde6c8f5e91f79429fedb4c7c2c07e8 faff5a60a2c4aa315bd6d15ef5da1b81098a7b034d3a76acb8fcfffdce74153f Loading...

	hafoopsuny.com/_next/static/chunks/03e2b47bcba3c890.b726b27e9fc71bcd.js	ScriptElement	6.2 kB	2025-02-20	2025-03-21
Pretty URL hafoopsuny.com/_next/static/chunks/03e2b47bcba3c890.b726b27e9fc71bcd.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-21 10:38 Times Seen371 Hash 2ce0201a114c5f446b23ffe21f80ffd8 e630c1fe3e41ca60f878e27fb0d8afd2b959a36f 039d6adf169d30e3693d618230074cfbbe4b96f9d559ba5a3004f7d537755603 Loading...

	hafoopsuny.com/_next/static/chunks/4b25bf28a4dc73ea.f48cf00213dc850d.js	ScriptElement	36 kB	2025-03-01	2025-03-05
Pretty URL hafoopsuny.com/_next/static/chunks/4b25bf28a4dc73ea.f48cf00213dc850d.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-01 08:00 Last Seen2025-03-05 04:06 Times Seen7 Hash 2b9be21cbb06027f9f4365d8dfd79d61 1f613dc26970461e9662083deb1ca35c4152762b 105fb4d9b97bd364d03216765a618eeb9e73d65ed66e719f63e9fc042b00e0d4 Loading...

	hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_buildManifest.js	ScriptElement	945 B	2025-03-04	2025-03-06
Pretty URL hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_buildManifest.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 15:55 Last Seen2025-03-06 10:51 Times Seen37 Hash d1b51d034fdb106712d6d3af9faf12b8 cdbc74d17821c0f7ccbebe8cace2786e7630adf6 b85c1f3761015a90433ba2ca0bbfc66f866ca0186e4a7844da9f1e3216c2c111 Loading...

	hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	Eval	17 B	2024-12-03	2025-06-24
Pretty URL hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2024-12-03 18:23 Last Seen2025-06-24 04:24 Times Seen2629 Hash 6c2875f1a9aa4e7aea000433b300f345 19ada7d0dfde6c8f5e91f79429fedb4c7c2c07e8 faff5a60a2c4aa315bd6d15ef5da1b81098a7b034d3a76acb8fcfffdce74153f Loading...

	hafoopsuny.com/_next/static/chunks/5da3fb9048efae5c.19b68270aaf43bf1.js	ScriptElement	482 B	2024-12-20	2025-03-05
Pretty URL hafoopsuny.com/_next/static/chunks/5da3fb9048efae5c.19b68270aaf43bf1.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-20 17:33 Last Seen2025-03-05 04:06 Times Seen21 Hash bb900c9ed051ff5da9be54fe6df9cb34 b80aafdf1f1f2e1b67b410e9e60b0088d67d38b1 6693cf4d80ee4d9377423bafec6df335781b495f4068dc14e92b9e7ffcb56833 Loading...

	cdntechone.com/stattag.js	ScriptElement	16 kB	2024-07-11	2025-06-22
Pretty URL cdntechone.com/stattag.js IP 104.21.36.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-11 14:08 Last Seen2025-06-22 16:38 Times Seen5784 Hash 80d7433dbc2b7708f2fa4e6a9943a116 350c6e2bb1cbd07de260856f918f4ececcd96894 54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251 Loading...

	cdntechone.com/stattag.js	ScriptElement	16 kB	2024-07-11	2025-06-22
Pretty URL cdntechone.com/stattag.js IP 104.21.36.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-11 14:08 Last Seen2025-06-22 16:38 Times Seen5784 Hash 80d7433dbc2b7708f2fa4e6a9943a116 350c6e2bb1cbd07de260856f918f4ececcd96894 54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251 Loading...

	hafoopsuny.com/_next/static/chunks/e1178574a1ad221d.7389e70158c8b007.js	ScriptElement	14 kB	2025-02-20	2025-03-13
Pretty URL hafoopsuny.com/_next/static/chunks/e1178574a1ad221d.7389e70158c8b007.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-13 02:54 Times Seen265 Hash 85ecf414640781ef1b7a0a7c54991237 c49804383f6b18ffb6c0ad122a357bf608a26c5d be4184ae0d17a36a10d52baf63124decae4424840aa9d0714896b4958cde3962 Loading...

	hafoopsuny.com/_next/static/chunks/45eea05f350ab42a-e763d31468777ca4.js	ScriptElement	56 kB	2025-03-04	2025-03-06
Pretty URL hafoopsuny.com/_next/static/chunks/45eea05f350ab42a-e763d31468777ca4.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 15:55 Last Seen2025-03-06 10:51 Times Seen61 Hash 9e6b73be0a733ff1dc7836bc9e61098f 2a5a341243ec9c85faee141b2e84889bbcd7d799 39251de2f089f6fb53d77c0f13ef2db278dcddb1c1478133633b154a0ebbc6ec Loading...

	cdntechone.com/stattag.js	ScriptElement	16 kB	2024-07-11	2025-06-22
Pretty URL cdntechone.com/stattag.js IP 104.21.36.146 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-11 14:08 Last Seen2025-06-22 16:38 Times Seen5784 Hash 80d7433dbc2b7708f2fa4e6a9943a116 350c6e2bb1cbd07de260856f918f4ececcd96894 54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251 Loading...

	hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	ScriptElement	131 B	2025-02-04	2025-06-14
Pretty URL hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-04 20:32 Last Seen2025-06-14 15:03 Times Seen788 Hash 8eaf07abe3c21226f02d290822487fba ab41eb342544b53981d2ebac29075e7b672496d3 4c6cd23ba644b93505865a7e136b13f104a512551eacd2b354447955bc17d423 Loading...

	hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	ScriptElement	1.2 kB	2025-03-05	2025-03-05
Pretty URL hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-05 04:06 Last Seen2025-03-05 04:06 Times Seen1 Hash b2333ff074af2ec7d7db5b57772638e3 da79138dbda66a93824d01afb5f422479c65f163 a119a38356677fbc0c377f0a63bae116b0f66820a18b5601bb6f005df8b16234 Loading...

	hafoopsuny.com/_next/static/chunks/3cacc58ea516fe6f.4d666b3ce7dcd66f.js	ScriptElement	30 kB	2025-02-20	2025-03-21
Pretty URL hafoopsuny.com/_next/static/chunks/3cacc58ea516fe6f.4d666b3ce7dcd66f.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-21 10:38 Times Seen373 Hash f6ad5b7a5dfc198984b0f2f9dd8aa9a0 0c3bb432b998f3638fe41081b19ef96b953f88b6 ce950b2111c9e70202bb55f16d2995155499ad9a6c842fa5946367536f130216 Loading...

	hafoopsuny.com/_next/static/chunks/14c47e79f23aa9ea.6b77cd6b48a17abf.js	ScriptElement	11 kB	2025-03-04	2025-03-05
Pretty URL hafoopsuny.com/_next/static/chunks/14c47e79f23aa9ea.6b77cd6b48a17abf.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 15:55 Last Seen2025-03-05 04:06 Times Seen3 Hash 97f85cc687db99daf8ba2ef896be6953 8dc6147403999fe1c8209f60208b03e076cee413 7052cb5a3cca6c4df8b8e0b8652ab8963793fa7fbc5984808c82abdc97692308 Loading...

	hafoopsuny.com/_next/static/chunks/9695121bd9a7fe25-946071a7570e0cdb.js	ScriptElement	109 kB	2025-02-20	2025-03-21
Pretty URL hafoopsuny.com/_next/static/chunks/9695121bd9a7fe25-946071a7570e0cdb.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-21 10:38 Times Seen372 Hash f0cf941f62457cf06c31736327d88bdf cbfd6e1399241d17a3283d96abae10600ea71e32 ee6528aa1d16ef12fe13a5cbb75dc65d5bb0e1e3315c40aa04c9b6ceba7b9b9a Loading...

	hafoopsuny.com/_next/static/chunks/e349ffdbb65d6c93-660e5b7e2e3b7996.js	ScriptElement	11 kB	2025-02-20	2025-03-17
Pretty URL hafoopsuny.com/_next/static/chunks/e349ffdbb65d6c93-660e5b7e2e3b7996.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-17 04:22 Times Seen317 Hash a74e00413e639345f10d6d747a26073c 2ccea9e922104c2196ab706f445065fc5ad80dc1 4a0379bb0dad363ff14fff27cb471060748fe29f7f4986c5cfa64de51926f23b Loading...

	hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	ScriptElement	46 kB	2025-02-26	2025-03-06
Pretty URL hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-26 14:29 Last Seen2025-03-06 09:19 Times Seen500 Hash 0f8225a5ef3eb8007c8d38ecfb10bcd4 555a8d9a9ef0b18c231093994e9e2222c150333c 9abc73166d06037dab9ba6bbb952ceb992f31f169862568463483e521ebd60f4 Loading...

	hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	ScriptElement	1.8 kB	2025-02-20	2025-04-10
Pretty URL hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-20 15:41 Last Seen2025-04-10 10:22 Times Seen637 Hash 3ed7f79f81f02b855ac2dfe8fab8a13b ef44cfd07d4a762a165c5df2d5678d820d3109cc 70e868dca9dafa6943ff0bfc36cc7169bec6d604bb33117097a1592fba333495 Loading...

	hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	ScriptElement	45 kB	2025-03-03	2025-03-06
Pretty URL hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-03 11:47 Last Seen2025-03-06 10:58 Times Seen92 Hash 43ed50d698b9378008f15943074d76ce 37feac9550d478f0228bf0554542646873c0c19a bd7c8c4244bd5e6a4d5538f97bc0edc5a036c986ae905e4b2a59b6753b071737 Loading...

	hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	Eval	17 B	2024-12-03	2025-06-24
Pretty URL hafoopsuny.com/casual-sl/1335?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 0.0.0.0 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2024-12-03 18:23 Last Seen2025-06-24 04:24 Times Seen2629 Hash 6c2875f1a9aa4e7aea000433b300f345 19ada7d0dfde6c8f5e91f79429fedb4c7c2c07e8 faff5a60a2c4aa315bd6d15ef5da1b81098a7b034d3a76acb8fcfffdce74153f Loading...

	hafoopsuny.com/_next/static/chunks/06ff87a69ffa8402.20ef2bdcef5c98e3.js	ScriptElement	15 kB	2025-02-20	2025-03-11
Pretty URL hafoopsuny.com/_next/static/chunks/06ff87a69ffa8402.20ef2bdcef5c98e3.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-20 15:41 Last Seen2025-03-11 12:36 Times Seen258 Hash 8ab0e58efe2e61e2bd0818de3d5ed3d3 685aa9674d9573fc8b5ab3c74b89d4e47ab89692 cf75a79d575d9ae176e79b5c507a0c045817b93567fc279060fc47b77d1056fd Loading...

	hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0	ScriptElement	4.6 kB	2025-02-20	2025-04-01
Pretty URL hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-20 15:41 Last Seen2025-04-01 07:51 Times Seen481 Hash 42f8a48b0474a3c7dbeed1c690b259ba 2428ba89028a083affe5327b8e0f38fb5496b6a7 3741120df634d1c2eac5ae0fcb956e085b3c02543cf8c79783e6719760217175 Loading...

	hafoopsuny.com/r5g/23456/fb5/ffff5/mw.min.js?sw=/sw-check-permissions/universal.js&var=8544034&ymid=921001976618037248&click_id=921001976618037248&rhd=1&var_3=9195375_%7Brequest_ab%7D&btz=UTC&bto=0&z=8527457&cdn=1&domain=agruptauli.com&wua=1	ScriptElement	5.5 kB	2025-02-26	2025-03-06
Pretty URL hafoopsuny.com/r5g/23456/fb5/ffff5/mw.min.js?sw=/sw-check-permissions/universal.js&var=8544034&ymid=921001976618037248&click_id=921001976618037248&rhd=1&var_3=9195375_%7Brequest_ab%7D&btz=UTC&bto=0&z=8527457&cdn=1&domain=agruptauli.com&wua=1 IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-26 14:29 Last Seen2025-03-06 09:19 Times Seen361 Hash 71a95fdeca3e58f29459eac0418b3cab ea046effdfc50cc318960d5dbdfb1b94f67124d5 ef230eff5986bfbed19a74aa79f88b6ea39b2c59b7654528e19ef8e2ac028a51 Loading...

	hafoopsuny.com/_next/static/chunks/d17d359e109e2741.ad39469e871cbde0.js	ScriptElement	6.7 kB	2025-01-13	2025-04-15
Pretty URL hafoopsuny.com/_next/static/chunks/d17d359e109e2741.ad39469e871cbde0.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-13 21:56 Last Seen2025-04-15 10:41 Times Seen57 Hash 10b4a658193849dba1f6b29c09485871 f4077be77b1e42b328f7e598febcfdd977aac243 999dd30eb52402f793bac7e1e77b45901167450e5ec726a26a9ff6f543398add Loading...

	hafoopsuny.com/_next/static/chunks/3fe852b5eeb07489-e22e58e9d94615b4.js	ScriptElement	29 kB	2025-03-04	2025-03-10
Pretty URL hafoopsuny.com/_next/static/chunks/3fe852b5eeb07489-e22e58e9d94615b4.js IP 172.64.150.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-04 15:55 Last Seen2025-03-10 12:43 Times Seen79 Hash 2922694a6238acca2715c437fb4fc9b6 bc07008b3b35d76a250f96f66f2c2f9121dec22c 3b2daee54fd10abfe66761e2f4b87ac3b9d615298680084d9c3c072d1f9d99cd Loading...

HTTP Transactions (44)

URL IP Response Size

GET hafoopsuny.com/_next/static/chunks/45eea05f350ab42a-e763d31468777ca4.js

172.64.150.45

200 OK

56 kB

URL GET
hafoopsuny.com/_next/static/chunks/45eea05f350ab42a-e763d31468777ca4.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (55453), with no line terminators
Size
56 kB (55453 bytes)
Hash
9e6b73be0a733ff1dc7836bc9e61098f
2a5a341243ec9c85faee141b2e84889bbcd7d799
39251de2f089f6fb53d77c0f13ef2db278dcddb1c1478133633b154a0ebbc6ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/45eea05f350ab42a-e763d31468777ca4.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:49 GMT
vary: Accept-Encoding
etag: W/"67c71871-d89d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb33b32b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST agruptauli.com/event

172.64.150.45

200 OK

81 B

URL POST
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
cc5f9482212edb222148e7301572fa23
5c11df467b68ac145545ffaea48c66a6ad77a9d5
017042b1edb962bf279b45c2600ee76e831a6978effe94be182595cdd7c7fcbb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 3378
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b6bcbbce8db51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST agruptauli.com/event

172.64.150.45

200 OK

81 B

URL POST
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
f56bf62cd6c9d442df0e74f9832c2fb9
14c85f11a05b4ed8877f686b1e137ef2a6df4cf4
bfe4bd14d1f45ac12f8323d29f1573e34c3ef667a018705b25ae1ea554da2e85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 549
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b6bcbcaedfb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/e349ffdbb65d6c93-660e5b7e2e3b7996.js

172.64.150.45

200 OK

11 kB

URL GET
hafoopsuny.com/_next/static/chunks/e349ffdbb65d6c93-660e5b7e2e3b7996.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (10696), with no line terminators
Size
11 kB (10696 bytes)
Hash
a74e00413e639345f10d6d747a26073c
2ccea9e922104c2196ab706f445065fc5ad80dc1
4a0379bb0dad363ff14fff27cb471060748fe29f7f4986c5cfa64de51926f23b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/e349ffdbb65d6c93-660e5b7e2e3b7996.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:13:00 GMT
vary: Accept-Encoding
etag: W/"67c7187c-29c8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb33b31b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/bf7348b0f0f41677.c33e54f82eec272e.js

172.64.150.45

200 OK

30 kB

URL GET
hafoopsuny.com/_next/static/chunks/bf7348b0f0f41677.c33e54f82eec272e.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (30026), with no line terminators
Size
30 kB (30026 bytes)
Hash
e355310f27c8059ff791634ff21732be
52686ba1870e0eae23aadc029bdb631b6262662f
ecef836065811aca160b94c51f6fbe46e7a49944e7a3f919ed44dfdbecadcc29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/bf7348b0f0f41677.c33e54f82eec272e.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:57 GMT
vary: Accept-Encoding
etag: W/"67c71879-754a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb2aaf3b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/9695121bd9a7fe25-946071a7570e0cdb.js

172.64.150.45

200 OK

109 kB

URL GET
hafoopsuny.com/_next/static/chunks/9695121bd9a7fe25-946071a7570e0cdb.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (109045 bytes)
Hash
f0cf941f62457cf06c31736327d88bdf
cbfd6e1399241d17a3283d96abae10600ea71e32
ee6528aa1d16ef12fe13a5cbb75dc65d5bb0e1e3315c40aa04c9b6ceba7b9b9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9695121bd9a7fe25-946071a7570e0cdb.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:54 GMT
vary: Accept-Encoding
etag: W/"67c71876-1a9f5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb31b23b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/r5g/23456/fb5/ffff5/mw.min.js?sw=/sw-check-permissions/universal.js&var=8544034&ymid=921001976618037248&click_id=921001976618037248&rhd=1&var_3=9195375_%7Brequest_ab%7D&btz=UTC&bto=0&z=8527457&cdn=1&domain=agruptauli.com&wua=1

172.64.150.45

200 OK

5.5 kB

URL GET
hafoopsuny.com/r5g/23456/fb5/ffff5/mw.min.js?sw=/sw-check-permissions/universal.js&var=8544034&ymid=921001976618037248&click_id=921001976618037248&rhd=1&var_3=9195375_%7Brequest_ab%7D&btz=UTC&bto=0&z=8527457&cdn=1&domain=agruptauli.com&wua=1
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (5459), with no line terminators
Size
5.5 kB (5459 bytes)
Hash
71a95fdeca3e58f29459eac0418b3cab
ea046effdfc50cc318960d5dbdfb1b94f67124d5
ef230eff5986bfbed19a74aa79f88b6ea39b2c59b7654528e19ef8e2ac028a51

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /r5g/23456/fb5/ffff5/mw.min.js?sw=/sw-check-permissions/universal.js&var=8544034&ymid=921001976618037248&click_id=921001976618037248&rhd=1&var_3=9195375_%7Brequest_ab%7D&btz=UTC&bto=0&z=8527457&cdn=1&domain=agruptauli.com&wua=1 HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 11:33:20 GMT
vary: Accept-Encoding
etag: W/"67c6e500-1553"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
cf-cache-status: MISS
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb47bbab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/e1178574a1ad221d.7389e70158c8b007.js

172.64.150.45

200 OK

14 kB

URL GET
hafoopsuny.com/_next/static/chunks/e1178574a1ad221d.7389e70158c8b007.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (13995), with no line terminators
Size
14 kB (13995 bytes)
Hash
85ecf414640781ef1b7a0a7c54991237
c49804383f6b18ffb6c0ad122a357bf608a26c5d
be4184ae0d17a36a10d52baf63124decae4424840aa9d0714896b4958cde3962

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/e1178574a1ad221d.7389e70158c8b007.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:59 GMT
vary: Accept-Encoding
etag: W/"67c7187b-36ab"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb2aaefb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET my.rtmark.net/gid.js?userId=700sm5wy2x5bo2tzwtwwd647l6ud

104.18.41.22

200 OK

61 B

URL GET
my.rtmark.net/gid.js?userId=700sm5wy2x5bo2tzwtwwd647l6ud
IP
104.18.41.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
61 B (61 bytes)
Hash
053af7fc4d1f7a0e96e485b950be3eeb
ebec28129c25b9da1ad3b192f2cfada25dd4ec9c
c49f40b3b5c9b2f1731dfb90712f342903e7a49173b4d1eb298bbcb528c57bf9

HTTP Headers

GET /gid.js?userId=700sm5wy2x5bo2tzwtwwd647l6ud HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=700sm5wy2x5bo2tzwtwwd647l6ud; expires=Thu, 05 Mar 2026 04:05:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcb6bbcd56c4-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET hafoopsuny.com/_next/static/chunks/5da3fb9048efae5c.19b68270aaf43bf1.js

172.64.150.45

200 OK

482 B

URL GET
hafoopsuny.com/_next/static/chunks/5da3fb9048efae5c.19b68270aaf43bf1.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (500), with no line terminators
Size
482 B (482 bytes)
Hash
15a2c3cbc8d5175d8e53e6e8325828f0
8da722c89a40be131a3362b3060a3a3d8cebfdcd
60ec360b1ff0d37ddb4e5cd0f26d656862eaa6869e365fb0754a9f4c8504572e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5da3fb9048efae5c.19b68270aaf43bf1.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:10:57 GMT
vary: Accept-Encoding
etag: W/"67c71801-1e2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb64c59b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdntechone.com/stattag.js

104.21.36.146

200 OK

16 kB

URL GET
cdntechone.com/stattag.js
IP
104.21.36.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectcdntechone.com
FingerprintDC:31:A0:CC:76:0E:5C:E3:45:17:43:52:62:B5:29:18:F1:70:D7:FE
ValidityTue, 11 Feb 2025 05:59:25 GMT - Mon, 12 May 2025 06:58:07 GMT

File type
JavaScript source, ASCII text, with very long lines (15840)
Size
16 kB (16490 bytes)
Hash
80d7433dbc2b7708f2fa4e6a9943a116
350c6e2bb1cbd07de260856f918f4ececcd96894
54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
server: cloudflare
last-modified: Thu, 11 Jul 2024 10:23:50 GMT
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4665
etag: W/"668fb2b6-406a"
content-encoding: br
cf-ray: 91b6bcb6fdc956ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET rimsaureshi.com/video/insta-date/girl_insta-19.mp4

104.21.89.127

206 Partial Content

61 kB

URL GET
rimsaureshi.com/video/insta-date/girl_insta-19.mp4
IP
104.21.89.127:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectrimsaureshi.com
Fingerprint48:64:77:36:6B:69:9F:E7:B2:25:46:EC:8E:F3:CC:42:E9:23:80:0E
ValidityTue, 21 Jan 2025 17:54:31 GMT - Mon, 21 Apr 2025 18:52:21 GMT

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size
61 kB (60814 bytes)
Hash
0d5c18aba5065f650600c91f2f2b77b0
10d72b7d2e6a056b0e229644acf9fdd9da0de9f5
fc6b55833e7f24ce58da1bfdbe41dbe8190ee19bde86b87165dcf0771fae22ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /video/insta-date/girl_insta-19.mp4 HTTP/1.1
Host: rimsaureshi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: video/mp4
content-length: 60814
last-modified: Tue, 04 Mar 2025 15:12:36 GMT
vary: Accept-Encoding
etag: "67c71864-ed8e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
content-range: bytes 0-60813/60814
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SizVqkLmiGKSqH6axp4Yw1K256ArKswRs6x47K3uZUexj7W9tRzEJxooKZce0suXH4k%2BE5UZK1FC078RayKclBfH8lshGft1kPpurF4fQVoztn8VIFb68RKTURE3FSU7vhE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91b6bcb8bd9a56be-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6396&min_rtt=466&rtt_var=11823&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3285&recv_bytes=1250&delivery_rate=5265454&cwnd=252&unsent_bytes=0&cid=632e6e26e3c5577a&ts=106&x=0"
X-Firefox-Spdy: h2

OPTIONS agruptauli.com/event

172.64.150.45

200 OK

0 B

URL OPTIONS
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb6f27b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

OPTIONS agruptauli.com/event

172.64.150.45

200 OK

0 B

URL OPTIONS
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb6f24b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST agruptauli.com/event

172.64.150.45

200 OK

0 B

URL POST
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 518
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb5c64568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET hafoopsuny.com/_next/static/chunks/3cacc58ea516fe6f.4d666b3ce7dcd66f.js

172.64.150.45

200 OK

30 kB

URL GET
hafoopsuny.com/_next/static/chunks/3cacc58ea516fe6f.4d666b3ce7dcd66f.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (29982), with no line terminators
Size
30 kB (29982 bytes)
Hash
f6ad5b7a5dfc198984b0f2f9dd8aa9a0
0c3bb432b998f3638fe41081b19ef96b953f88b6
ce950b2111c9e70202bb55f16d2995155499ad9a6c842fa5946367536f130216

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3cacc58ea516fe6f.4d666b3ce7dcd66f.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:48 GMT
vary: Accept-Encoding
etag: W/"67c71870-751e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb29aeab4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST agruptauli.com/event

172.64.150.45

200 OK

81 B

URL POST
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
bb8037d2e0a9541301fd048e6f7b71da
f4c443f5348cfac3b5e313f6186b38c935c5c695
f8522fbb2545460379c316dba45929a4a0b58d93a3ad620f599b31fcf1358d8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 555
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b6bcbd0f0eb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST agruptauli.com/event

172.64.150.45

200 OK

81 B

URL POST
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
81 B (81 bytes)
Hash
6856121026c4299090fac1c720c3fc77
855b5e503f0c6a81cb26f615c857495979891778
ac718cf62b4a9bb4498af27155abcea53c9e8fcb465e6f468556bbb18fd813d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 551
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb8c7b568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET hafoopsuny.com/_next/static/chunks/4b25bf28a4dc73ea.f48cf00213dc850d.js

172.64.150.45

200 OK

36 kB

URL GET
hafoopsuny.com/_next/static/chunks/4b25bf28a4dc73ea.f48cf00213dc850d.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (35583), with no line terminators
Size
36 kB (35583 bytes)
Hash
2b9be21cbb06027f9f4365d8dfd79d61
1f613dc26970461e9662083deb1ca35c4152762b
105fb4d9b97bd364d03216765a618eeb9e73d65ed66e719f63e9fc042b00e0d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/4b25bf28a4dc73ea.f48cf00213dc850d.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:50 GMT
vary: Accept-Encoding
etag: W/"67c71872-8aff"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb2eb0eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/1c02c3e681ea9f6d-ebf163de3da5e125.js

172.64.150.45

200 OK

27 kB

URL GET
hafoopsuny.com/_next/static/chunks/1c02c3e681ea9f6d-ebf163de3da5e125.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (26652), with no line terminators
Size
27 kB (26652 bytes)
Hash
13e53dcb0fdd948fbae71fc9917d49fb
4675d37e2bf9648c797ae16186ac79d657152030
267cc8e20007a5dbeaf155c721cdbe4a2d49b003719fc9fc4b73cc738a54a5f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1c02c3e681ea9f6d-ebf163de3da5e125.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:46 GMT
vary: Accept-Encoding
etag: W/"67c7186e-681c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb31b22b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/r5g/23456/fb5/ffff5/micro.tag.min.js?cdn=true&domain=agruptauli.com&var=8544034&ymid=921001976618037248&var_3=9195375_%7Brequest_ab%7D&zoneId=8527457&sw=%2Fsw-check-permissions%2Funiversal.js&wua=1

172.64.150.45

200 OK

46 kB

URL GET
hafoopsuny.com/r5g/23456/fb5/ffff5/micro.tag.min.js?cdn=true&domain=agruptauli.com&var=8544034&ymid=921001976618037248&var_3=9195375_%7Brequest_ab%7D&zoneId=8527457&sw=%2Fsw-check-permissions%2Funiversal.js&wua=1
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (46502), with no line terminators
Size
46 kB (46502 bytes)
Hash
0f8225a5ef3eb8007c8d38ecfb10bcd4
555a8d9a9ef0b18c231093994e9e2222c150333c
9abc73166d06037dab9ba6bbb952ceb992f31f169862568463483e521ebd60f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /r5g/23456/fb5/ffff5/micro.tag.min.js?cdn=true&domain=agruptauli.com&var=8544034&ymid=921001976618037248&var_3=9195375_%7Brequest_ab%7D&zoneId=8527457&sw=%2Fsw-check-permissions%2Funiversal.js&wua=1 HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 11:33:20 GMT
vary: Accept-Encoding
etag: W/"67c6e500-b5a6"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
cf-cache-status: MISS
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b6bcb52bf5b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/sw-check-permissions/universal.js?var=8544034&var_3=9195375_%7Brequest_ab%7D&ymid=921001976618037248&zoneId=8527457&tg=1

172.64.150.45

200 OK

1.2 kB

URL GET
hafoopsuny.com/sw-check-permissions/universal.js?var=8544034&var_3=9195375_%7Brequest_ab%7D&ymid=921001976618037248&zoneId=8527457&tg=1
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
ASCII text, with very long lines (1194), with no line terminators
Size
1.2 kB (1172 bytes)
Hash
1ebe5996321bd979d17c67f96d2a7cb7
67d8601f8dbc0aed55273222d54c3cf43c48c8e9
7a8a55b64174336827b0953bdf62c46bc13efff5fb72620728556bbc4a886f45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions/universal.js?var=8544034&var_3=9195375_%7Brequest_ab%7D&ymid=921001976618037248&zoneId=8527457&tg=1 HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:44 GMT
vary: Accept-Encoding
etag: W/"67c7186c-494"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b6bcba3e64b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdntechone.com/stattag.js

104.21.36.146

200 OK

16 kB

URL GET
cdntechone.com/stattag.js
IP
104.21.36.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectcdntechone.com
FingerprintDC:31:A0:CC:76:0E:5C:E3:45:17:43:52:62:B5:29:18:F1:70:D7:FE
ValidityTue, 11 Feb 2025 05:59:25 GMT - Mon, 12 May 2025 06:58:07 GMT

File type
JavaScript source, ASCII text, with very long lines (15840)
Size
16 kB (16490 bytes)
Hash
80d7433dbc2b7708f2fa4e6a9943a116
350c6e2bb1cbd07de260856f918f4ececcd96894
54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: application/javascript
last-modified: Thu, 11 Jul 2024 10:23:50 GMT
etag: W/"668fb2b6-406a"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4666
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3bh0Gr2yX26DeUqm4MwK5HOtcSm5IMvJBm8PLd6ybe1c8F3mqIdhT2Xmh%2BxZ4kTzlV%2FjEMicpQVHPWusGIlNy8aKP%2BjSh3XERAbiD6g0cI%2FqXWhsxm%2FZURDw7FXWOUQuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b6bcbdad9f568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4849&min_rtt=2924&rtt_var=2471&sent=14&recv=8&lost=0&retrans=0&sent_bytes=4179&recv_bytes=1145&delivery_rate=201423&cwnd=12000&unsent_bytes=0&cid=0df06d6501d1f6b4&ts=1042&x=1", cfExtPri, cfHdrFlush;dur=0

GET hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0

172.64.150.45

200 OK

73 kB

URL User Request GET
hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type

Size
73 kB (72553 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0 HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:47 GMT
content-type: text/html
cf-ray: 91b6bcad1f22569c-OSL
cf-cache-status: HIT
cache-control: public, max-age=3600
expires: Wed, 05 Mar 2025 05:05:47 GMT
last-modified: Tue, 04 Mar 2025 15:11:15 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET hafoopsuny.com/_next/static/chunks/03e2b47bcba3c890.b726b27e9fc71bcd.js

172.64.150.45

200 OK

6.2 kB

URL GET
hafoopsuny.com/_next/static/chunks/03e2b47bcba3c890.b726b27e9fc71bcd.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (6273), with no line terminators
Size
6.2 kB (6179 bytes)
Hash
183547e910e9d9ed863cf18a814336aa
3832a716f5b6abd51ad86de2ff6a196d9d6d76e2
b61c4c90bda46986828adfc72579122541a3dd73d10249a5bd10f36a2771418e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/03e2b47bcba3c890.b726b27e9fc71bcd.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:44 GMT
vary: Accept-Encoding
etag: W/"67c7186c-1823"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb62c53b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/media/video-poster-design-19.536c92eb.webp

172.64.150.45

200 OK

8.8 kB

URL GET
hafoopsuny.com/_next/static/media/video-poster-design-19.536c92eb.webp
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.8 kB (8774 bytes)
Hash
9133d220ccfebd53e13fb347b094adfa
0ef5653e5146e6b6966059712ba8f347ea244e16
ef0414733693774c0a1531af3e97a621741279128d94b00c2a6e069423611023

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/media/video-poster-design-19.536c92eb.webp HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: image/webp
content-length: 8774
last-modified: Tue, 04 Mar 2025 15:10:57 GMT
vary: Accept-Encoding
etag: "67c71801-2246"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 91b6bcb86d79b4fa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

OPTIONS agruptauli.com/event

172.64.150.45

200 OK

0 B

URL OPTIONS
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb1f02b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ee9bea63-d8ad-43df-9609-62d2176749f6

185.49.145.45

200 OK

12 B

URL POST
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ee9bea63-d8ad-43df-9609-62d2176749f6
IP
185.49.145.45:443
ASN
#35415 Webzilla B.V.

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
FingerprintED:87:7A:7D:70:58:7C:01:53:C0:A9:07:3B:14:A3:60:48:86:04:72
ValidityWed, 11 Dec 2024 00:00:00 GMT - Tue, 23 Dec 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ee9bea63-d8ad-43df-9609-62d2176749f6 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1574
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Wed, 05 Mar 2025 04:05:50 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://hafoopsuny.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

GET hafoopsuny.com/_next/static/chunks/14c47e79f23aa9ea.6b77cd6b48a17abf.js

172.64.150.45

200 OK

11 kB

URL GET
hafoopsuny.com/_next/static/chunks/14c47e79f23aa9ea.6b77cd6b48a17abf.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type

Size
11 kB (10942 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/14c47e79f23aa9ea.6b77cd6b48a17abf.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:45 GMT
vary: Accept-Encoding
etag: W/"67c7186d-2abe"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb2db02b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_buildManifest.js

172.64.150.45

200 OK

945 B

URL GET
hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_buildManifest.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
ASCII text, with very long lines (1003), with no line terminators
Size
945 B (945 bytes)
Hash
43747ab3a0c78a54a66ff6ea259b2aea
70a38873a75de525e9671cd618bd9f9e0fed14be
0a4ff62e7f07c9496fae1716af2dc8c0b4eff231edc3233a120073a19fdb96e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/4MjfMDasMt6w6tlsHHPoA/_buildManifest.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:10:57 GMT
vary: Accept-Encoding
etag: W/"67c71801-3b1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb33b33b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/06ff87a69ffa8402.20ef2bdcef5c98e3.js

172.64.150.45

200 OK

15 kB

URL GET
hafoopsuny.com/_next/static/chunks/06ff87a69ffa8402.20ef2bdcef5c98e3.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type

Size
15 kB (15282 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/06ff87a69ffa8402.20ef2bdcef5c98e3.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:45 GMT
vary: Accept-Encoding
etag: W/"67c7186d-3bb2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb62c54b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/f141f7458f59f103.7b1724452fb2a85f.js

172.64.150.45

200 OK

3.4 kB

URL GET
hafoopsuny.com/_next/static/chunks/f141f7458f59f103.7b1724452fb2a85f.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (3455), with no line terminators
Size
3.4 kB (3383 bytes)
Hash
6e546c711b4ac677652d2ccfe1044279
24dc123e33c29b0e8be2067b1047a6c7abe83a96
667d8b62d049e0a97606c7759940291358b1c2c4fd94329a12dd03dbf66acc06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/f141f7458f59f103.7b1724452fb2a85f.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:13:00 GMT
vary: Accept-Encoding
etag: W/"67c7187c-d37"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb63c55b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/d17d359e109e2741.ad39469e871cbde0.js

172.64.150.45

200 OK

6.7 kB

URL GET
hafoopsuny.com/_next/static/chunks/d17d359e109e2741.ad39469e871cbde0.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (6848), with no line terminators
Size
6.7 kB (6670 bytes)
Hash
e562edcc5cf0f0351faa44afa4d9ddb9
c10e9691aba159c12fd417e032f73a0ea2cbbbf6
b38ba3f150ed1ca3bc2c6adfde65473b3ab12a30b263851800d181528cfc2f9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/d17d359e109e2741.ad39469e871cbde0.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:10:57 GMT
vary: Accept-Encoding
etag: W/"67c71801-1a0e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb63c56b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST agruptauli.com/event

172.64.150.45

200 OK

0 B

URL POST
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 515
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb1c4d568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET hafoopsuny.com/favicon.ico

172.64.150.45

204 No Content

0 B

URL GET
hafoopsuny.com/favicon.ico
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Wed, 05 Mar 2025 04:05:49 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: MISS
expires: Wed, 05 Mar 2025 05:05:49 GMT
cache-control: public, max-age=3600
priority: u=6,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b6bcba1e51b4fa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/chunks/84329d8b6a449937-f30929906fc5e4c7.js

172.64.150.45

200 OK

42 kB

URL GET
hafoopsuny.com/_next/static/chunks/84329d8b6a449937-f30929906fc5e4c7.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (41505), with no line terminators
Size
42 kB (41505 bytes)
Hash
794e69e4a6c4785214f60b1059d3587b
124d9d3e990c61c842975ce5ab00794add170256
04449b1e086888c1e9545d5ba3edc05544aa361a8e9870d14dbc6ae0b88008ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/84329d8b6a449937-f30929906fc5e4c7.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:52 GMT
vary: Accept-Encoding
etag: W/"67c71874-a221"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb33b2fb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST hafoopsuny.com/sync-metrics

172.64.150.45

200 OK

17 B

URL POST
hafoopsuny.com/sync-metrics
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
225f751e75610b98f8b287e79370be3a
9e29d2c966fb36f3d233dfb232be6eeeee8f1341
0b19f26f50f17771f6562e4cf8c7bead37ba5aeeeec7cbfaf2576a6647401569

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: c9ef6a32fe60ea91ce0c524ba67fe336
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
server: cloudflare
cf-ray: 91b6bcb63c57b4fa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdntechone.com/stattag.js

104.21.36.146

200 OK

16 kB

URL GET
cdntechone.com/stattag.js
IP
104.21.36.146:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectcdntechone.com
FingerprintDC:31:A0:CC:76:0E:5C:E3:45:17:43:52:62:B5:29:18:F1:70:D7:FE
ValidityTue, 11 Feb 2025 05:59:25 GMT - Mon, 12 May 2025 06:58:07 GMT

File type
JavaScript source, ASCII text, with very long lines (15840)
Size
16 kB (16490 bytes)
Hash
80d7433dbc2b7708f2fa4e6a9943a116
350c6e2bb1cbd07de260856f918f4ececcd96894
54862ebdcfa23c67d6de25543e0b22014de8fd8d3d3aed09d615981bbdd76251

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: application/javascript
last-modified: Thu, 11 Jul 2024 10:23:50 GMT
etag: W/"668fb2b6-406a"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4665
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tU1zrCffWksTw1bE8Uq5SwcLNbdRKUVand3AdeRNkCbxFQTfibrj4HLOEc23iyhIpDC1HfQMIVj6nptoTZfwQqxp9FJN44JONsdyKUzgro%2Btx9imC%2BrzjOqq7JBqbqSTBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b6bcb6cda356ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=518&min_rtt=439&rtt_var=185&sent=6&recv=11&lost=0&retrans=0&sent_bytes=3284&recv_bytes=1172&delivery_rate=6995169&cwnd=253&unsent_bytes=0&cid=4c04f29aa2c2d432&ts=67&x=0"
X-Firefox-Spdy: h2

POST agruptauli.com/zone?pub=0&zone_id=8527457&is_mobile=false&domain=hafoopsuny.com&var=8544034&ymid=921001976618037248&var_3=9195375_%7Brequest_ab%7D&var_4=&dsig=&tg=1&sw=3.1.597&trace_id=0d822a48-48af-42da-be80-b9af315cfe86&action=prerequest&drf=

172.64.150.45

200 OK

0 B

URL POST
agruptauli.com/zone?pub=0&zone_id=8527457&is_mobile=false&domain=hafoopsuny.com&var=8544034&ymid=921001976618037248&var_3=9195375_%7Brequest_ab%7D&var_4=&dsig=&tg=1&sw=3.1.597&trace_id=0d822a48-48af-42da-be80-b9af315cfe86&action=prerequest&drf=
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?pub=0&zone_id=8527457&is_mobile=false&domain=hafoopsuny.com&var=8544034&ymid=921001976618037248&var_3=9195375_%7Brequest_ab%7D&var_4=&dsig=&tg=1&sw=3.1.597&trace_id=0d822a48-48af-42da-be80-b9af315cfe86&action=prerequest&drf= HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb3c59568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

OPTIONS agruptauli.com/event

172.64.150.45

200 OK

0 B

URL OPTIONS
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hafoopsuny.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:49 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://hafoopsuny.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb2f03b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET hafoopsuny.com/_next/static/chunks/3fe852b5eeb07489-e22e58e9d94615b4.js

172.64.150.45

200 OK

29 kB

URL GET
hafoopsuny.com/_next/static/chunks/3fe852b5eeb07489-e22e58e9d94615b4.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (28624), with no line terminators
Size
29 kB (28624 bytes)
Hash
2922694a6238acca2715c437fb4fc9b6
bc07008b3b35d76a250f96f66f2c2f9121dec22c
3b2daee54fd10abfe66761e2f4b87ac3b9d615298680084d9c3c072d1f9d99cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3fe852b5eeb07489-e22e58e9d94615b4.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:48 GMT
vary: Accept-Encoding
etag: W/"67c71870-6fd0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb31b20b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_ssgManifest.js

172.64.150.45

200 OK

120 B

URL GET
hafoopsuny.com/_next/static/4MjfMDasMt6w6tlsHHPoA/_ssgManifest.js
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
ASCII text, with no line terminators
Size
120 B (120 bytes)
Hash
7b10cb073fc3ca3fdaccfa110b5cc938
c4ee546a6f5be40a010c40cc5324024617e4a7a4
ce24007874bc6c23d831eb1c13fdf623e33f4a524a88ac6f3b67813942bc95b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/4MjfMDasMt6w6tlsHHPoA/_ssgManifest.js HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 15:12:44 GMT
vary: Accept-Encoding
etag: W/"67c7186c-78"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=3,i=?0
server: cloudflare
cf-ray: 91b6bcb33b34b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST agruptauli.com/event

172.64.150.45

200 OK

0 B

URL POST
agruptauli.com/event
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjectagruptauli.com
FingerprintFA:C5:36:43:DA:2B:A9:AD:93:32:48:DB:58:58:00:11:C7:1C:BB:E3
ValidityWed, 22 Jan 2025 20:56:35 GMT - Tue, 22 Apr 2025 21:56:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: agruptauli.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 517
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 05 Mar 2025 04:05:50 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b6bcbb6c6a568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET hafoopsuny.com/_next/static/css/0bc0cde260d08b97.css

172.64.150.45

200 OK

1.8 kB

URL GET
hafoopsuny.com/_next/static/css/0bc0cde260d08b97.css
IP
172.64.150.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hafoopsuny.com/casual-sl/1335/?z=8544034&var=921001976618037248&country=GE&s=921001976618037248&var_3=9195375_{request_ab}&svar=1741147500&ssk=fb7747e0d6d29e249ebdadee319aa9ad&stest=31de638ac2c4f61f3d36256e07992de0
Certificate
IssuerGoogle Trust Services
Subjecthafoopsuny.com
Fingerprint07:03:9B:31:28:80:7B:B8:15:B1:AD:6C:B6:3B:5A:44:F6:44:E2:F5
ValiditySat, 11 Jan 2025 04:12:34 GMT - Fri, 11 Apr 2025 05:12:27 GMT

File type
ASCII text, with very long lines (1843), with no line terminators
Size
1.8 kB (1843 bytes)
Hash
64b2b4fa42c7d558d735e2cd28ecf88a
03d6da6e55b1201b51689590520da495a9233d67
2fdb3ce9ccba8355040e5ba3dfb2283194acba81858943b5d88f70030dbb71ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: hafoopsuny.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 04:05:48 GMT
content-type: text/css
last-modified: Tue, 04 Mar 2025 15:10:57 GMT
vary: Accept-Encoding
etag: W/"67c71801-733"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
expires: Wed, 05 Mar 2025 05:05:48 GMT
cache-control: public, max-age=3600
priority: u=2,i=?0
server: cloudflare
cf-ray: 91b6bcb29ae4b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML