urlscan.io logo urlscan.io
SecurityTrails logo

haydo.xyz Open in urlscan Pro
2606:4700:3033::ac43:dfc7  Public Scan

Go To Rescan Add Verdict Report
URL: https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Submission: On January 22 via manual from SA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3033::ac43:dfc7, located in United States and belongs to CLOUDFLARENET, US. The main domain is haydo.xyz.
TLS certificate: Issued by E1 on December 20th 2022. Valid for: 3 months.
This is the only time haydo.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 139.45.197.238 9002 (RETN-AS)
7 5
Apex Domain
Subdomains		 Transfer
3 haydo.xyz
haydo.xyz
11 KB
2 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 90
24 KB
1 whairtoa.com
whairtoa.com — Cisco Umbrella Rank: 184075
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
1 KB
7 4
Domain Requested by
3 haydo.xyz haydo.xyz
2 i.ytimg.com haydo.xyz
1 whairtoa.com haydo.xyz
1 fonts.googleapis.com haydo.xyz
7 4

This site contains no links.

Subject Issuer Validity Valid
*.haydo.xyz
E1		 2022-12-20 -
2023-03-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh
whairtoa.com
R3		 2022-11-18 -
2023-02-16		 3 months crt.sh

This page contains 1 frames:

Frame: https://whairtoa.com/4/4138880
Frame ID: 5F14507C07B1F1E9A9603C83658DB521
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

مناقصات الهيئة الملكية | عام / الهيئة الملكية لمحافظة العُلا تعلن ولادة "أنثى" جديدة من النمر العربي في سبيل حمايته من الانقراض وكالة الأنباء السعودية

Detected technologies

Overall confidence: 100%
Detected patterns
  • <(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

7
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

36 kB
Transfer

51 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request %D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
haydo.xyz/ 		22 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:dfc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abcc8ce631780a01fdd03dadb70ed1732c0602944b629f086d4618ba1359f12b
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
78d6ee294d385b68-FRA
content-encoding
br
content-language
ar-SA
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Sun, 22 Jan 2023 08:30:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1SAhT8R%2FQ3H8zUCF%2Fv4XBbrySTCTwO%2Fs3UI%2FOPyoh0AbUcnfb%2FPoZu3If5FEF8ui%2FB924uUUBPrhEswMcjFJQ5ppe3cTkfUk%2BpSOUdpB4ZfQ9v2HxoBeAQzIpluYOAPFbewyoHucL7o%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-cache
MISS
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Ubuntu:400,700&display=swap
Requested by
Host: haydo.xyz
URL: https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
99a7c0e6f92bf421acf0bf4de9566c77edbed7c61065fbb6460a7c140c92f81e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 22 Jan 2023 08:30:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 22 Jan 2023 08:30:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 22 Jan 2023 08:30:55 GMT
fingerprintjs2.js
haydo.xyz/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://haydo.xyz/fingerprintjs2.js
Requested by
Host: haydo.xyz
URL: https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:dfc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d09893dafdd143980ce4f9f8b64ba906ee50c8b5eda2a2e626cfad463f7ee03
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 22 Jan 2023 08:30:55 GMT
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-cache
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Io%2B1%2F%2BI3yB7CwQhv%2FjG%2FEueqUnbsUvKZRsdOxwTcrTJCqb9fRCN0SJEeynodzvQ1kHn8BD7dyqy0MF1xFbufaU4Fv%2B9a4ySUEgeIxnxCUCP2%2BN%2BNXQc1b9dL1WHl2YUrf31dGmg%2FuG4%3D"}],"group":"cf-nel","max_age":604800}
cache-control
private
cf-ray
78d6ee29ad8f5b68-FRA
hqdefault.webp
i.ytimg.com/vi_webp/1Nddwa1bMTQ/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi_webp/1Nddwa1bMTQ/hqdefault.webp
Requested by
Host: haydo.xyz
URL: https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:804::2016 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ebc6de935bb5ad2f6a4052c0c2789ec5928238dbb5b93dd8df6c78a6bcdc3eec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://haydo.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 22 Jan 2023 08:30:55 GMT
x-content-type-options
nosniff
server
sffe
etag
"1595902648"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/webp
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10622
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 22 Jan 2023 10:30:55 GMT
hqdefault.webp
i.ytimg.com/vi_webp/1ibUUWnKMB8/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi_webp/1ibUUWnKMB8/hqdefault.webp
Requested by
Host: haydo.xyz
URL: https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:804::2016 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b480b054537b655904045b1168a89d8bace43b7a518554a4fa1bb832143af01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://haydo.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 22 Jan 2023 08:30:55 GMT
x-content-type-options
nosniff
server
sffe
etag
"1634161084"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/webp
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13730
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 22 Jan 2023 10:30:55 GMT
truncated
/ 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
fingerprintjs2.js
haydo.xyz/ 		204 B
820 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://haydo.xyz/fingerprintjs2.js?21546568813256574
Requested by
Host: haydo.xyz
URL: https://haydo.xyz/fingerprintjs2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::ac43:dfc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd63f7bc872e7937d97c6fa96ac12e0268e5c07b940b5dcfd0a489b9e65ef5a6
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 22 Jan 2023 08:30:55 GMT
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFwIDiXS%2BPx38QcndwdC6J23VSIZSQBuRKcdmAjY5vzvo%2F%2BDsekp16pQSnU4te8ESm2IfdS5nZ3Liz8szLBnMmCLcZ6OOaPe5Jtazs%2FaogJ5AMFNb7hvfq%2BljwhUVDMDTPh41PMGFB0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
private
cf-ray
78d6ee29eac49a23-FRA
4138880
whairtoa.com/4/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://whairtoa.com/4/4138880
Requested by
Host: haydo.xyz
URL: https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
date
Sun, 22 Jan 2023 08:30:55 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
pragma
no-cache no-cache
server
nginx
timing-allow-origin
*

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange string| ahmqqSjRFU string| WecTClNT string| xZxsGxG string| dHZEHiXPQe string| tHIJjlDQ string| jZLfJ

1 Cookies

Domain/Path Name / Value
haydo.xyz/ Name: wucvvyua
Value: JUQ5JTg1JUQ5JTg2JUQ4JUE3JUQ5JTgyJUQ4JUI1JUQ4JUE3JUQ4JUFBJTIwJUQ4JUE3JUQ5JTg0JUQ5JTg3JUQ5JThBJUQ4JUE2JUQ4JUE5JTIwJUQ4JUE3JUQ5JTg0JUQ5JTg1JUQ5JTg0JUQ5JTgzJUQ5JThBJUQ4JUE5JTIwJTdDJTIwJUQ4JUI5JUQ4JUE3JUQ5JTg1JTIwJTJGJTIwJUQ4JUE3JUQ5JTg0JUQ5JTg3JUQ5JThBJUQ4JUE2JUQ4JUE5JTIwJUQ4JUE3JUQ5JTg0JUQ5JTg1JUQ5JTg0JUQ5JTgzJUQ5JThBJUQ4JUE5JTIwJUQ5JTg0JUQ5JTg1JUQ4JUFEJUQ4JUE3JUQ5JTgxJUQ4JUI4JUQ4JUE5JTIwJUQ4JUE3JUQ5JTg0JUQ4JUI5JUQ5JThGJUQ5JTg0JUQ4JUE3JTIwJUQ4JUFBJUQ4JUI5JUQ5JTg0JUQ5JTg2JTIwJUQ5JTg4JUQ5JTg0JUQ4JUE3JUQ4JUFGJUQ4JUE5JTIwJTIyJUQ4JUEzJUQ5JTg2JUQ4JUFCJUQ5JTg5JTIyJTIwJUQ4JUFDJUQ4JUFGJUQ5JThBJUQ4JUFGJUQ4JUE5JTIwJUQ5JTg1JUQ5JTg2JTIwJUQ4JUE3JUQ5JTg0JUQ5JTg2JUQ5JTg1JUQ4JUIxJTIwJUQ4JUE3JUQ5JTg0JUQ4JUI5JUQ4JUIxJUQ4JUE4JUQ5JThBJTIwJUQ5JTgxJUQ5JThBJTIwJUQ4JUIzJUQ4JUE4JUQ5JThBJUQ5JTg0JTIwJUQ4JUFEJUQ5JTg1JUQ4JUE3JUQ5JThBJUQ4JUFBJUQ5JTg3JTIwJUQ5JTg1JUQ5JTg2JTIwJUQ4JUE3JUQ5JTg0JUQ4JUE3JUQ5JTg2JUQ5JTgyJUQ4JUIxJUQ4JUE3JUQ4JUI2JTIwJUQ5JTg4JUQ5JTgzJUQ4JUE3JUQ5JTg0JUQ4JUE5JTIwJUQ4JUE3JUQ5JTg0JUQ4JUEzJUQ5JTg2JUQ4JUE4JUQ4JUE3JUQ4JUExJTIwJUQ4JUE3JUQ5JTg0JUQ4JUIzJUQ4JUI5JUQ5JTg4JUQ4JUFGJUQ5JThBJUQ4JUE5

1 Console Messages

Source Level URL
Text
javascript warning URL: https://haydo.xyz/%D8%A7%D9%84%D8%A3%D9%86%D8%A8%D8%A7%D8%A1.html
Message:
The resource https://fonts.googleapis.com/css?family=Ubuntu:400,700&display=swap was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block