r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4a5e9bc8b7891ac5f4552c29bcbaedb0
39735081eeb64eae477c61c1147daeb68fb37b22
c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5624
Expires: Fri, 16 Dec 2022 02:14:51 GMT
Date: Fri, 16 Dec 2022 00:41:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 381442da2a14cb93770f4c8f6e19d35b
31c48467751e2450a63004c57eea0c7872023eaf
61b0985f47033bd7020ab3b8cdcbc6c17be6ab9b6feba69e006088b78e21c0f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61B0985F47033BD7020AB3B8CDCBC6C17BE6AB9B6FEBA69E006088B78E21C0F0"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9819
Expires: Fri, 16 Dec 2022 03:24:46 GMT
Date: Fri, 16 Dec 2022 00:41:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5b38399fcc8246505e5e6b0f62803a5a
bb374f8d97b2bd798873d74c6bbab20ad6843e96
406ab3af8adf2b151c052a06c0379fd8d83d3362e90c17ac2e5481b6b9a7441f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "406AB3AF8ADF2B151C052A06C0379FD8D83D3362E90C17AC2E5481B6B9A7441F"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7478
Expires: Fri, 16 Dec 2022 02:45:45 GMT
Date: Fri, 16 Dec 2022 00:41:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 16 Dec 2022 00:33:57 GMT
content-type: application/json
age: 430
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OEXu+Bz/jt1+VE8EdHNKg1YvrfqXVjvSCoWku1YpeND875KnUTDZQBW2bbYY83z0EhiraUIcuq4=
x-amz-request-id: VYY0GEF70KZBJ567
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 15 Dec 2022 23:51:06 GMT
age: 3001
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Dec 2022 00:41:07 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
click.haypace.shop/umokiii/tstlbc1152alwufpbim/UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
104.21.56.169200 OK 579 B URL HTTP/1.1 click.haypace.shop/umokiii/tstlbc1152alwufpbim/UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
IP 104.21.56.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (316)
Hash eede7afc192d5e2b2f409e9aed2fe33d
1e8fe03122cb3cbede291325fa4703ce21de59bc
d72f63d86cf9f8d68705c8641a080a72ce11b445ba58c807a1d209b321416c47
Analyzer Verdict Alert quad9 Sinkholed
GET /umokiii/tstlbc1152alwufpbim/UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44 HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YTvS3rHP9%2BhSeV7xLHeaF85l8ldttcJ%2FynICsNLF5kthXOszXduB3wnzPVnGsxEb%2BEuYoeWpDMwGEWdvM5vPffaXC9ocvfMfohwciebWtp0JtjbMISURUrWDFCakIBQhZJi2%2F%2BE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77a35f1b7e01b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d8ee7b5ed9f1ce2717492af01f420e1f
1e1cfe7134e0d88f1398c5e8b54c2632a7d3459b
1b0f0eff510a5eee48139d1f2a02a4f98109541998da638034bc04b05ef72d32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-22484186-3
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 02c21e63046601790c6d9c6efc6c8e8d
52db453be854e7a93985e6d22bc8d7bed4f3ae5a
0317b58d4597ddffd55d37a8d711d8d65e2df53d8a942200f279244aa8348180
GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://click.haypace.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Dec 2022 00:41:07 GMT
expires: Fri, 16 Dec 2022 00:41:07 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43654
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b9f0adeb27a19629aeff6f34de67f3ad
3876d1b871d7da6d18de23c2edb301eb30728066
c5744a90c8f66629aa2331465a32afe0d430b36d16fd98bc821e370f1b24463c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2893
Cache-Control: max-age=119646
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:07 GMT
Etag: "639ae3b4-1d7"
Expires: Sat, 17 Dec 2022 09:55:13 GMT
Last-Modified: Thu, 15 Dec 2022 09:07:00 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d8ee7b5ed9f1ce2717492af01f420e1f
1e1cfe7134e0d88f1398c5e8b54c2632a7d3459b
1b0f0eff510a5eee48139d1f2a02a4f98109541998da638034bc04b05ef72d32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
click.haypace.shop/jquery-1.11.0.min.js
104.21.56.169200 OK 33 kB URL HTTP/1.1 click.haypace.shop/jquery-1.11.0.min.js
IP 104.21.56.169:0
File type ASCII text, with very long lines (32341)
Hash 95fe3f4dd117c33f6015e1c3d6df1d0d
d5b8856932d1ea63f51824de0bb50670d2e960bc
e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16
Analyzer Verdict Alert quad9 Sinkholed
GET /jquery-1.11.0.min.js HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/umokiii/tstlbc1152alwufpbim/UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:56:20 GMT
ETag: W/"6388f8d4-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbaYz4BurYCaYFGjTaXMTRduVFtGsXK4DyfrEEMfUlu%2FUjzk71f01sICZAC81CmA9B4WMWXKUzmokjRI123Yo2OX32HskssN5mly25n%2FRW1PSWHB6OJP%2BRZeRXy2gIsOfoFnD1Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f1eff1cb52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 16 Dec 2022 00:08:00 GMT
age: 1987
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.82.221.194101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.82.221.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ixg1GDEtJItWTvhougAs3A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WXFou28JvR+R3+tbDc5RaE4v69Q=
ocsp.pki.goog/s/gts1p5/1qk2RfrtpX4
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/1qk2RfrtpX4
IP 142.250.74.131:0
Hash 7aa6b30d9990614911d95008d8dc7486
a62ca883d331adb65a60e39364766af86146106f
26e27732a08eac054c7c1d711ff3d12dc4d7e9ab67177409e2f3f6f0e38da04b
POST /s/gts1p5/1qk2RfrtpX4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
104.21.56.169200 OK 3.7 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
IP 104.21.56.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (487), with CRLF line terminators
Hash 639c98eae077b019857460cc4c773156
e10121850b07621a4a4db6640a34e1088c87290a
63111a7b55f1e4f6ad59dbfb44a17db1079da76a137e84652eabbaada94cfe03
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44 HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itFcnu4f6XrjPaF2jfKuRkgi1kXFYRezQS8QNb6QdIV8IEGvF%2FnEXEvUlQxRASVnGcrBUIPKB1Sl1AhXHGlgUCd7vjSaj2H9%2FbnDvIfpD%2BWDSI23DUp9V5JJ9f2%2BNrOcTkCtHX8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77a35f2458b6b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
click.haypace.shop/offer.php?id=1&sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
104.21.56.169200 OK 808 B URL HTTP/2 click.haypace.shop/offer.php?id=1&sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
IP 104.21.56.169:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (331)
Hash 0ab0b3b4edac0dbddc0f3a22e43672ea
cf974e97148822e88727e610ae434693c9617686
c84ed84dc7ce8339e6e0a22ab574c75851c7d3fbc0efd4c9749cb5308bf449bb
Analyzer Verdict Alert quad9 Sinkholed
GET /offer.php?id=1&sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44 HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://click.haypace.shop/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Dec 2022 00:41:08 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vqIAsPxSnw71GOvkaqKI2gePSXD39TpXL7RFQyw3RSHLvY3N%2FZzVakvo5cTC6i8M2%2BsWiNryrG1oNZsvjZdGs2qddlQM2kq2bPyNC37TaZ%2BUZ8LthmyUrMSAVgpoOpfZ8yBChbU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77a35f230eec0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7ded1896628f431acd2e4a3d10ea3142
ad603e2b43da4629ede29f9f193ae5df09f3cbb8
dd4d3d2048b29affb30ddbbcf8112131cecdb15b0030a612c1d99cce54ab0132
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
142.250.74.74200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32341)
Hash 856f85cc1b07156fa844b44a10c236c2
7cef457c0e1cd0c20f4e699564ea8997f0332021
c61aa9ce7b32f93630abac1a4b27382f9333e0ff69477c9d9099070ae0742b01
GET /ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://click.haypace.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33576
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 19:35:05 GMT
expires: Fri, 15 Dec 2023 19:35:05 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 18363
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7ded1896628f431acd2e4a3d10ea3142
ad603e2b43da4629ede29f9f193ae5df09f3cbb8
dd4d3d2048b29affb30ddbbcf8112131cecdb15b0030a612c1d99cce54ab0132
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
click.haypace.shop/clicks/javaburn_files/obtp.js
104.21.56.169200 OK 5.3 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/obtp.js
IP 104.21.56.169:0
File type ASCII text, with very long lines (16620), with no line terminators
Hash 3f4bb23a709b2ccf65a1fe9b8d388d8b
180bbe0a6979774d47b458b1f9af4507eab6d9e1
eb7afab099cf11028bd481d32b199b5e9b1ff34997eaed4578ff260ee382e0fa
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/obtp.js HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: W/"6388f82d-40ec"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QO6hEFn6bzrFYhBaHOb%2B42EEE5gBZCpMEEaXib0wzpMmH7W3BE34qvaFuSJg2rvqn3cN9HAASyEoMAg1Z1y19R%2BvNvvsnNM4kx1aCu2okMpCwUoGMrSG0hIlKEmuj%2Bh5D3MGTho%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f259add0b4d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
click.haypace.shop/clicks/javaburn_files/style-right2.css
104.21.56.169200 OK 2.0 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/style-right2.css
IP 104.21.56.169:0
File type ASCII text, with very long lines (411)
Hash 9822a3a50c41f5645cb7f97826297b83
b7a4fae3135b3f1ec0eb576250810fdaeb2d2194
bb65ced10e647964335e6ed77d9e3a5e67aa851d26d65b0be0eace35cf8a3410
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/style-right2.css HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: W/"6388f82d-19c8"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rxBFcrBGuNiUmakjbs0hKgQCTPEmMsxf%2BeFcopixM%2BCv543Jx9wIuC0dPPPTRWmV%2B%2F7DBNYv8fmdqheXjtRadgxUxP19D2LE0BBvgaUKRK%2FIQ6n3p6O0goJxFnEkuj2nZMOoMYo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f258919b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
click.haypace.shop/clicks/javaburn_files/widgets.css
104.21.56.169200 OK 311 B URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/widgets.css
IP 104.21.56.169:0
File type assembler source, ASCII text
Hash b9f41ad07e5b6a0fbc9f6d6165c0e9c7
8d0c39912e888d390474fa02b2441ed421ce637a
4e8761a484fc3457c7e2e03db8c158a6c1da77097a9987a028f37610745de634
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/widgets.css HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: W/"6388f82d-2c8"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byIBvm1URBAtARv4EJZxl4Nzc07PC2xFl4akb2fVlJoE6RMlr%2FNJqksVmHRuAp9mbtdNKkPtZgkNN71TDGAgPN5kKsZ8GOYXv3evio1zZNHYAueorErapovzMRyZfe9f7WvPFQg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f259cc7b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
click.haypace.shop/clicks/javaburn_files/font-awesome.min.css
104.21.56.169200 OK 6.9 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/font-awesome.min.css
IP 104.21.56.169:0
File type ASCII text, with very long lines (30837)
Hash d6c8c1428db744943001ade348510e65
83e16acc875a5e3559526ac3c3f31c471dc77d4c
13de46b403869629f28eb7e5c1403f714372b09b5eb8ecbe3a5955ba94debf16
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/font-awesome.min.css HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: W/"6388f82d-7918"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HF0PEKJPRney2ayWcnR01iSOg%2BGbQjyDAUtfy2yYowO%2B7qBRp3ryVUcTEE2c0dlhpUAqy7j%2FNkYZn6u%2Bl91aqY1ENBHknSlpUzcJLgFqTOUftfoms7WRz4maW9wCfLD5HRmikc0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f259b2eb4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
click.haypace.shop/clicks/javaburn_files/gummies2-org.jpg
104.21.56.169200 OK 13 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/gummies2-org.jpg
IP 104.21.56.169:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x200, components 3\012- data
Hash 1a867c5c078c09825f6d0026401e9ecb
65d0fc5c0f4ef30a55849b01528d41e1764c6c58
69979a3da880e330937d34fd15d16b37b45dab67dd14e9f040bf88e089296320
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/gummies2-org.jpg HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: image/jpeg
Content-Length: 12587
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: "6388f82d-312b"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Plq5KVjBooxuA8b6%2BPGz10uFfrm6FVSeiGgaaZaGObyIfujc00vVqU%2BUp8lI3pkeBVwlIBsd9igMoKzP5P2d11203fx%2BBEed4OLkriyrDdaqUAf0LfHEDLnl0WqFmiowz82eMu4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f285ea0b4f9-OSL
alt-svc: h2=":443"; ma=60
click.haypace.shop/clicks/javaburn_files/tinnitus2-org.jpg
104.21.56.169200 OK 20 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/tinnitus2-org.jpg
IP 104.21.56.169:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x196, components 3\012- data
Hash 11bc88ad669405776ab1397338d6a13f
363d6408e5af897e834c3f3b4b3571f63738f17f
a6cb32ebe4a371774a29fbbc45b15ac5a930f29330f7e6864b33980b8f5c5fce
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/tinnitus2-org.jpg HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: image/jpeg
Content-Length: 20143
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: "6388f82d-4eaf"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NrSDV4xJxJJLpIemZha%2FezB%2BaLTVVP4%2BRgMyZ60EZCsYz6JwYYX7vhG6T18Nt8P3lxEJkWcoHVUMsZKOUqYKPt6NMxm3I1GoocBO3U6XP7Lf0M8EJsbzZRSlY5UjhHSwRxuH6Xw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f285bb90b4d-OSL
alt-svc: h2=":443"; ma=60
click.haypace.shop/clicks/javaburn_files/mainimg.jpg
104.21.56.169200 OK 198 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/mainimg.jpg
IP 104.21.56.169:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 916x664, components 3\012- data
Size 198 kB (197596 bytes)
Hash 58931340428938043bca2eda90a40c72
f11d221b4feda923ff417fe111b5f11dace4604c
c56bbd026c376b0dd7bd82c2424008a64fd1efaf665c61462d80ce6e070cb22c
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/mainimg.jpg HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: image/jpeg
Content-Length: 197596
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: "6388f82d-303dc"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Omx5U%2FSJBcx2Ju6401oJl%2BDijSria2I4UjXtlgTIrOOa6T5cuv60zeYgH8ATo8Jq8r7EMirdv5NB1pYhT3XTKb4eYQhXL%2FQDP%2B054XYPmvt9Slfz%2BseTRwZjVd25bogb0GGpjTM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f285993b523-OSL
alt-svc: h2=":443"; ma=60
click.haypace.shop/clicks/javaburn_files/teeth3-org.jpg
104.21.56.169200 OK 64 kB URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/teeth3-org.jpg
IP 104.21.56.169:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x401, components 3\012- data
Hash c48b6d09c9bf5c4bd0b1ffcfebdbacc8
d9b8f1a351e8d5d75985cb2a006dd2b8e58479c0
c592dae1c4138dff97e79fc76b94eeaf0dbf5e9ec436be5aaa45ed727e63eecb
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/teeth3-org.jpg HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: image/jpeg
Content-Length: 64400
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: "6388f82d-fb90"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ldJSX8gPQnMg5t51qEzAiJuBSeHP3Zqq3vjzszT71zLZTxyYshBB%2FJ7DEB%2B84JDLz0U5fuI%2BhWi78PE6N3b7TPP%2FWQ88uRqItQ%2B6F20OC9ZKBwcWUQmxbbVRfzfmWl%2FfiY4GPIQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f285a00b52d-OSL
alt-svc: h2=":443"; ma=60
amplify.outbrain.com/cp/obtp.js
23.38.201.81200 OK 5.3 kB URL HTTP/1.1 amplify.outbrain.com/cp/obtp.js
IP 23.38.201.81:0
File type ASCII text, with very long lines (16574), with no line terminators
Hash 5cdda5ed80a4ee13f700ae502f7cd4ec
0e6aa932abf3c56561a686aa3e8d069aaa3ca228
d54fc3e1792330cc768902f861f0a79ecffbfd23b8db14f354e8fcefd1c831c1
GET /cp/obtp.js HTTP/1.1
Host: amplify.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "fe80c55f1e1387116ff9765261ed192c:1669645506.686439"
Last-Modified: Mon, 28 Nov 2022 14:22:05 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Fri, 16 Dec 2022 01:01:09 GMT
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Length: 5269
Connection: keep-alive
click.haypace.shop/clicks/javaburn_files/blank.htm
104.21.56.169200 OK 548 B URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/blank.htm
IP 104.21.56.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1254), with CRLF line terminators
Hash cd64b4aeec0a8560c0d6527312e2c806
3b84cb918c9cf6a06d81b2aee07f5fec52ec6878
7dc0902142b34ea216d209ad68f58687c2190ebb974b2f540f61cc64b2b22ef4
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/blank.htm HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FqfOfXzKOg2WOb71IZDu2wplxCpgq16icTEm3lS55JvnG924xlc2A4SW9dVmp%2BGY9Om7xo6DIn8rVHwI9Z22t38KbqhFmqMElIojJtKOFYqmaH73gqI7b8pnw18vCkZozc%2BRgFY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77a35f288d3db4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e30904bd9b57028f7ba1cc8e04ff08fd
9acb88374abef6387243ce8c5cf1149d73879ac1
be1ece2af7858ffc84e916d4554a805760c13a2eab346ac5a09a232b79116225
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://click.haypace.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 16 Dec 2022 00:41:08 GMT
expires: Fri, 16 Dec 2022 02:41:08 GMT
cache-control: public, max-age=7200
age: 1
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10088
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 00:41:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10088
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 00:41:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10088
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 00:41:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10088
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 00:41:09 GMT
Connection: keep-alive
click.haypace.shop/favicon.ico
104.21.56.169200 OK 69 B URL HTTP/1.1 click.haypace.shop/favicon.ico
IP 104.21.56.169:0
File type MS Windows icon resource - 1 icon, 16x16\012- data
Hash f12fb6edbda074603f749a028770f49a
419983c6073469bac7fb8535a847b8f78c2040ce
8aec3412c7c37feacec2dc9d7b2f3560a2e0af0af573085665a57e1d09ab397d
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn.php?sid=1000994&h=UALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js/99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:52:31 GMT
ETag: W/"6388f7ef-57e"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BHxFyyg23NgvARD6lF8W%2F3oY4YUqPaqu8YGKtPl1s7TOw3vxtnbVU4agArFNbG2X1eOmo7J9MTH148e9hvqA2gFACPP%2BPm6kUtqd4RgA9LQI0sFEYrAJiHSRKKiojalsNlunABw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f2a4a87b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e30904bd9b57028f7ba1cc8e04ff08fd
9acb88374abef6387243ce8c5cf1149d73879ac1
be1ece2af7858ffc84e916d4554a805760c13a2eab346ac5a09a232b79116225
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=1608642643&t=pageview&_s=1&dl=http%3A%2F%2Fclick.haypace.shop%2Fclicks%2Fjavaburn.php%3Fsid%3D1000994%26h%3DUALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js%2F99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2127455949&gjid=1965098832&cid=818131634.1671151267&tid=UA-22484186-3&_gid=1526707005.1671151267&_r=1>m=2oubu0&z=579305372
142.250.74.110200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1608642643&t=pageview&_s=1&dl=http%3A%2F%2Fclick.haypace.shop%2Fclicks%2Fjavaburn.php%3Fsid%3D1000994%26h%3DUALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js%2F99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2127455949&gjid=1965098832&cid=818131634.1671151267&tid=UA-22484186-3&_gid=1526707005.1671151267&_r=1>m=2oubu0&z=579305372
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j98&a=1608642643&t=pageview&_s=1&dl=http%3A%2F%2Fclick.haypace.shop%2Fclicks%2Fjavaburn.php%3Fsid%3D1000994%26h%3DUALmyMMHMPE38w_oIyka-BjWhcxi1oM4nbMu3Lmx5Js%2F99xhN2_ODwsDu-yxVZU6Lw2uXYO19HZuRsIhTjoCOPfWqIETvG2j_DNTWpKUAdBg2TSdXVUt1wp7YpULGF3GM4nbGFQY9LFNQIL-NicQjsCqHqJPORgwyhoxa2qbExiZHpHEbxbKAy8OmYYjbiPJthppkiXrhm6nIffI01C3b44&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=2127455949&gjid=1965098832&cid=818131634.1671151267&tid=UA-22484186-3&_gid=1526707005.1671151267&_r=1>m=2oubu0&z=579305372 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://click.haypace.shop
Connection: keep-alive
Referer: http://click.haypace.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://click.haypace.shop
date: Fri, 16 Dec 2022 00:41:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3d8e92b-b195-43c0-8e2f-62a017239151.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3d8e92b-b195-43c0-8e2f-62a017239151.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45931af14497dd73408c02ccc0b581c3
53ada59827f09895eb8394c6b40af52dd45c2232
f05aa573d327a6290b7517ffd4e2d9bdecbf636df162c2ce06619da956903524
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3d8e92b-b195-43c0-8e2f-62a017239151.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8858
x-amzn-requestid: a9d48630-b01d-4a1a-b70a-b60359b0f66f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQJG_yIAMF7cA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-16dd0ea1486fc41c64588e91;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YVnv0n7djPTXmnYDOq7Z1vLh5RtjErQ7N6N0v_J-NMLi8L_lBLq26Q==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:08:36 GMT
age: 9153
etag: "53ada59827f09895eb8394c6b40af52dd45c2232"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad9b3731-4e58-4b83-86cf-7f2ecd6c4eb1.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad9b3731-4e58-4b83-86cf-7f2ecd6c4eb1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cab96eaa42941683dff4d1b6b093c007
ba5269c77dd0422ab275c9a3529fb2e1a1af6bc3
4fe48e9a35a50b7ae88f4b4de67aa82c4acbbe43aab655921f7bacb5524789f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad9b3731-4e58-4b83-86cf-7f2ecd6c4eb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10132
x-amzn-requestid: 9484ad87-61cb-40e5-9823-930ec9925e02
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dH-dXEfTIAMFZQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63997788-5dea61195ba653a87915845d;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 07:13:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VImsv72dpcwiDXWm67XU-rpUEuO5CMDwFs00DA9C6l-sKX5e2ChsQA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 07:22:49 GMT
age: 62300
etag: "ba5269c77dd0422ab275c9a3529fb2e1a1af6bc3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05e3e1b7b913ea0135618df17b15cf3d
af81d8f513ce5e57331b23e7293c24b788d14814
c18f41a6b4367ad833d41ff6686cc8987e5b34961db4ac689834b4c013946ad7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3482
x-amzn-requestid: 01bd8674-7772-4df9-a9ab-f4769a77a856
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQKEMOoAMFZ-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-4fa03c782e961da07a7ea339;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Sv1EeSM14vdLO1E8Wf15-fnD10VTpy6HPr4WSn9YVag1Xv_DqyA0Hg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:17:30 GMT
age: 8619
etag: "af81d8f513ce5e57331b23e7293c24b788d14814"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1439b219bc14c22c96fdba089d03dc40
bfe8173cae5e2c8fa781f11661dc0893fc159eb3
a5aad1c8c3464232f0bb74c8115ea0cb0d2ac6f43c5418feb967803ea8286ff3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7896
x-amzn-requestid: cf094f2f-ce6b-4626-8168-36944d557cb7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dHbA4FexoAMFe-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63993ed2-60e1d5f53f3d2ad01060a8d4;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 03:11:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -kTuPdLsUF-u0v8LtFceqfBaz-qg4EkVRKZIIc-IMApNo9F2Q9YdFw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 03:54:41 GMT
age: 74788
etag: "bfe8173cae5e2c8fa781f11661dc0893fc159eb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30739a2896ba00103578a7cd3589767c
b8da5c239832fc19c22722c23412adac1ef200ec
b406a1135ac6a56d3b7e3ba1f9adeb1a69d56e7a070f30e1dd20fea4ebedf3a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5424
x-amzn-requestid: e579538e-8990-425d-a635-ede55d60ed50
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNSvBETaoAMFyKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b97f9-3560628d3673feb33f4b958e;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:56:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CjP6MuggD8GZZTJUICeoKXHsb5qopw53uqsKfb6drH5nHj4gL1CptQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:15:00 GMT
age: 8769
etag: "b8da5c239832fc19c22722c23412adac1ef200ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d9d95001bfc942895a41fb4bbd50c56
67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9
042c3809a802ef44ff6de8a270194cdf69cc3ba9d8f5192110dda7829d2d52d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5710
x-amzn-requestid: 9e587daa-7632-4765-a8c5-6cea13058bac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQJEp6IAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-63c04fa4691c32f914301a3d;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VKiSckNu6PytSQ7EIpATluVcfUOgFKEGId4nCg2sGcbl6Bqbt2-wRg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:50:30 GMT
age: 10239
etag: "67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
click.haypace.shop/clicks/javaburn_files/blank_data/inject.css
104.21.56.169200 OK 928 B URL HTTP/1.1 click.haypace.shop/clicks/javaburn_files/blank_data/inject.css
IP 104.21.56.169:0
File type ASCII text, with CRLF line terminators
Hash e1c22e631b7cce42e3ef13cd9bb02ff5
6c6c2b15c56e776d9eac10babf3a6c4a2bd964ae
93950a736308fe62073a44a76b8ec05b9a651062f6ecee4782059d0718aab6dc
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/javaburn_files/blank_data/inject.css HTTP/1.1
Host: click.haypace.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/clicks/javaburn_files/blank.htm
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 18:53:33 GMT
ETag: W/"6388f82d-f28"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2BQF5I6NqaJl%2BFytsxCp7VBLUs6NW4i0hCbG8Ulnu%2BkK8NYGsq8aKw3M9x%2Ba%2B607r%2B9z83dPFUunxUoo11E%2BjoiqfLvZ1q4K3xZ%2BjL438bhiFTaC08SmtFt1%2BK5oTNgABlp78VY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77a35f2a7c8a0b4d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
tr.outbrain.com/cachedClickId?marketerId=00d814f45dc31fb500bb38af0d3f643a5f
64.202.112.159200 OK 56 B URL HTTP/1.1 tr.outbrain.com/cachedClickId?marketerId=00d814f45dc31fb500bb38af0d3f643a5f
IP 64.202.112.159:0
File type ASCII text, with no line terminators
Hash 77fbe8ab311fa20557d95906363035ed
5806df80f09a37e070d5f37c49f19797c2763fd0
4fa9f4ca5bfa56b9f8467324e3654f4a717dcd40b70c05b538092d8a101b0599
GET /cachedClickId?marketerId=00d814f45dc31fb500bb38af0d3f643a5f HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: application/javascript
Content-Length: 56
X-TraceId: 89687913470e5ada05a91b8a96a028c8
content-encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 76342e17f518d383455bb527dcd69aaf
7deb5f63197259b85d651f28cccf6ed7b876cc47
a8d3ef749bee471bf92905f15fabc171be88cc03cb97e9f7566e70efcd82864d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&gjid=1965098832&_gid=1526707005.1671151267&_u=YEBAAUAAAAAAACAAI~&z=493974289
209.85.233.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&gjid=1965098832&_gid=1526707005.1671151267&_u=YEBAAUAAAAAAACAAI~&z=493974289
IP 209.85.233.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&gjid=1965098832&_gid=1526707005.1671151267&_u=YEBAAUAAAAAAACAAI~&z=493974289 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://click.haypace.shop
Connection: keep-alive
Referer: http://click.haypace.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://click.haypace.shop
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 16 Dec 2022 00:41:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.outbrain.com/cachedClickId?marketerId=00d814f45dc31fb500bb38af0d3f643a5f
64.202.112.159200 OK 56 B URL HTTP/1.1 tr.outbrain.com/cachedClickId?marketerId=00d814f45dc31fb500bb38af0d3f643a5f
IP 64.202.112.159:0
File type ASCII text, with no line terminators
Hash 77fbe8ab311fa20557d95906363035ed
5806df80f09a37e070d5f37c49f19797c2763fd0
4fa9f4ca5bfa56b9f8467324e3654f4a717dcd40b70c05b538092d8a101b0599
GET /cachedClickId?marketerId=00d814f45dc31fb500bb38af0d3f643a5f HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://click.haypace.shop/
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 00:41:09 GMT
Content-Type: application/javascript
Content-Length: 56
X-TraceId: 8de5b6b751d3c08a95291a9d13f07c92
content-encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 76342e17f518d383455bb527dcd69aaf
7deb5f63197259b85d651f28cccf6ed7b876cc47
a8d3ef749bee471bf92905f15fabc171be88cc03cb97e9f7566e70efcd82864d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 06612a702dd3686207e6a4031f79d34e
3a1be9901f9c9271b91a2b00ee7e6abc49086ba5
154da1479719d54b088120f2435ab08c2a44743abe2c2e67ae78db9537ecef40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash abadd7d5a404a7814a3d13e7698d0821
6f3dbf5dfcc020dabad7ecfe832fe31d32a046c7
9d56ae6698401d555d5d99c088261a58a3287b8f3ef691e899f10f9e87c5a520
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&_u=YEBAAUAAAAAAACAAI~&z=1083050141
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&_u=YEBAAUAAAAAAACAAI~&z=1083050141
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&_u=YEBAAUAAAAAAACAAI~&z=1083050141 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://click.haypace.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 00:41:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&_u=YEBAAUAAAAAAACAAI~&z=1083050141
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&_u=YEBAAUAAAAAAACAAI~&z=1083050141
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-22484186-3&cid=818131634.1671151267&jid=2127455949&_u=YEBAAUAAAAAAACAAI~&z=1083050141 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://click.haypace.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 16 Dec 2022 00:41:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 06612a702dd3686207e6a4031f79d34e
3a1be9901f9c9271b91a2b00ee7e6abc49086ba5
154da1479719d54b088120f2435ab08c2a44743abe2c2e67ae78db9537ecef40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 215b076267525eee2fadb8d889e5f351
28d0a048b68627916191262fee89a8db4b1614b2
44da07142c9aad7201a7ccb38b4bf03c82f1a66b730a953c0306fe09e3025ad5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 00:41:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN