| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js | 104.17.24.14 | 200 OK | 22 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP104.17.24.14:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65241) Hash1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 873836
expires: Wed, 30 Apr 2025 19:19:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2FAUZgQ292a02jdKX1Vuns7P8tU2WN0dwhjjxPpME%2FguWynrRMRFDnV7Msjs5VhfXuzPGT%2BEyb%2Bw8Ta21f7%2F9Ij1A7vAXnHzu31d1NXrySQgssmaPI%2F4B%2BKeDujIpB94NYrKSjw3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c47f9bfec1c0a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP104.17.24.14:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7862) Hash96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 870564
expires: Wed, 30 Apr 2025 19:19:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2F%2BrOoSF4djvuX7Yqsbu8OzWWIzKZzfCe4HHf9%2BZjDwbyyFuK7iracnbPMSNohQigqZ7GNDIKx7gWeCp8v78zQMUAbOqGgfoF1LRyp7r5fUMbs7dT5IdO%2B3O5gzxzU%2F5eqPrRS9D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c47f9d8141c0a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif | 142.250.74.161 | 200 OK | 362 B |
URL GET HTTP/23.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif IP142.250.74.161:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeGIF image data, version 89a, 52 x 15 Hashfd2c05a8c327ace309722b0a5fc4faf3 f446e97c43f8830be9f60644563dd846abe6b8e8 0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Fri, 10 May 2024 17:51:06 GMT
expires: Sat, 11 May 2024 17:51:06 GMT
cache-control: public, max-age=86400, no-transform
age: 5303
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| earliesthuntingtransgress.com/a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js | 192.243.59.13 | 200 OK | 12 kB |
URL GET HTTP/1.1earliesthuntingtransgress.com/a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectearliesthuntingtransgress.com FingerprintD0:5D:19:40:99:6D:C9:CA:70:32:DF:29:86:64:CA:15:DC:7C:35:E7 ValiditySat, 04 May 2024 06:38:47 GMT - Fri, 02 Aug 2024 06:38:46 GMT
File typeJavaScript source, ASCII text, with very long lines (31323), with no line terminators Hash1a7cc7c6ac6936bcc9d3a72ca650ec55 168c615de879298d8e3f002478d183b32a94cf7d da0729a99dd1c9fbcdd3752d6b121fc5096dbc89cab2fd8e02fca61c5fd70b03
GET /a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js HTTP/1.1
Host: earliesthuntingtransgress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:19:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3a2f82b1f28705c07adc2073e801e76
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| earliesthuntingtransgress.com/c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js | 192.243.59.13 | 200 OK | 12 kB |
URL GET HTTP/1.1earliesthuntingtransgress.com/c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectearliesthuntingtransgress.com FingerprintD0:5D:19:40:99:6D:C9:CA:70:32:DF:29:86:64:CA:15:DC:7C:35:E7 ValiditySat, 04 May 2024 06:38:47 GMT - Fri, 02 Aug 2024 06:38:46 GMT
File typeJavaScript source, ASCII text, with very long lines (31314), with no line terminators Hash7563a6ce24e7fcfb26a5403e929b0401 aa1e11675a5bad999a82362a5428975fa1d5730e 48eb2dfe68a85b8bba0a78e2964eafc819bdb22592f7913248b9d3fa0f9a4cdd
GET /c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js HTTP/1.1
Host: earliesthuntingtransgress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:19:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 403c4867172f38442e508c880cfcbeaa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hashf7a3aabaedd5c95463e85c2d7682d410 715b2bd7dd959bb3423d71b22c43302b7a18a3a5 55ab8ca84eb2c090ff2a4eb9ebc48ce053c3f38261d66bded94f03719a384335
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 19:19:31 GMT
Last-Modified: Fri, 10 May 2024 17:30:45 GMT
Server: ECAcc (ska/F6A0)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wtPfE7nWnTxi2Ih1FrJIBkzM8sW4FP_2y-5W6HZUuZAwt86YLa0qEQ==
Age: 6526
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash623990b1f2b31c7b605363233baadf97 85d672ca54b2c384eb3765d18f935a7a111392d5 633fe31e1a0240b0842f07a75435e4bbb8813457d0368daf29eaa0205e9d1861
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ninfastoccovks0.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=db7f27b0-b5ca-4940-92de-7dbb318d4733:1:1; expires=Mon, 08 May 2034 19:19:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashaf76e90c1176a7d1fe1855ec55f65875 d9fdc4c422830d3fc24f0523a7d14ad89a0bcea0 2f0feede1ea7cd2aea6455395a8de5c73831ab8c20be722a9bda309e39998464
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ninfastoccovks0.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2:3:1; expires=Mon, 08 May 2034 19:19:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| tse1.mm.bing.net/th?q= | 204.79.197.200 | 404 Not Found | 727 B |
IP204.79.197.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3 Hash5116706c119475f5ae2fc135c3358037 7e5bdf3585153e317ebef05a9b8241d311e44cb3 7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c
GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0A382EF0E53041C78F8216A9DB83A9EF Ref B: OSL30EDGE0414 Ref C: 2024-05-10T19:19:31Z
date: Fri, 10 May 2024 19:19:30 GMT
X-Firefox-Spdy: h2
|
|
| sprangsugar.com/watch.1401928687212.js?key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 | 172.240.253.132 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1sprangsugar.com/watch.1401928687212.js?key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 IP172.240.253.132:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectsprangsugar.com FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1 ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1401928687212.js?key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Location: https://sprangsugar.com/watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1
Set-Cookie: u_pl=17410480; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MCwiayI6ImM4MGU4Y2Q3ZTdjNmY1OGExNGE4ZDcyOWY4Y2RhZDgwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InpqMWF5eHp0OW4iLCJjcGtzIjp7IjI4IjoiZDVmMzc4MWY4NmRiMmY1OGVjMTEwYmZmNjgyNDY5NzcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.gBCOqB2u1Ar62_rjUaF3gPYn1DuiAUS0bykwiCQDG2M; expires=Fri, 10 May 2024 19:20:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3f9d03ff4efde06eefaad1c01c9a6409
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| pawbothcompany.com/watch.1146448144974.js?key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 | 172.240.108.68 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1pawbothcompany.com/watch.1146448144974.js?key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 IP172.240.108.68:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectpawbothcompany.com FingerprintAB:CB:31:D2:AD:19:30:E9:2F:99:10:E1:CD:C9:CC:BD:38:B6:82:EB ValidityMon, 06 May 2024 12:43:27 GMT - Sun, 04 Aug 2024 12:43:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1146448144974.js?key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 HTTP/1.1
Host: pawbothcompany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Location: https://pawbothcompany.com/watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1
Set-Cookie: u_pl=17410482; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MiwiayI6ImE3YWRmOWQ1MmI2ZWY4MzZjMmE2M2JjNzBiYjUxYTU5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrZGJxaDgybW4iLCJjcGtzIjp7IjI5IjoiNzMzYjI1NjE4ZWYxNDBlZmIzODk5MzlkMjc3YTYyZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.QwW5KdsinmEDT5R6IvNeaFWaFWxJAIvfqddq_u0h5Lw; expires=Fri, 10 May 2024 19:20:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 33a49d29eeb6bbe2da75195ce8bc9912
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| split.jaketkulit.web.id/get/site/js/1d6def2e9b082f24c59c908dc9eba138 | 104.21.86.250 | 200 OK | 7.9 kB |
URL GET HTTP/2split.jaketkulit.web.id/get/site/js/1d6def2e9b082f24c59c908dc9eba138 IP104.21.86.250:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectjaketkulit.web.id Fingerprint80:8B:F9:62:27:FA:23:A8:54:26:C7:57:90:E0:EE:1C:F0:8C:9F:F5 ValidityMon, 01 Apr 2024 01:48:02 GMT - Sun, 30 Jun 2024 01:48:01 GMT
File typegzip compressed data, from Unix Hashec06cab6d26942b8bae8f311affd983d bc84eb69a352abdefb878a9446a79d17c383daac bac20b0379281f7716721825f7f205fd3ae157fff698486a221e8646e84f70fb
GET /get/site/js/1d6def2e9b082f24c59c908dc9eba138 HTTP/1.1
Host: split.jaketkulit.web.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=q4chgig9gjmbm4bam3qcgq3bvk; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin:
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzEujFFdKVWIV4Tu%2FnjIorK4MGjM0GPqcZPwRLc9yFE8L9xAFsTHeF7kB%2FSKx%2BBLnUHsRJlRb8Bh2vMxA5mqTk4jdaqVpQqo9eh1x1f9ss9x0yTo4GxzlvxiwYv8b1sKvi1o9HvC0jY9aA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c47f9fca0b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| sprangsugar.com/watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 | 172.240.253.132 | 200 OK | 2.0 kB |
URL GET HTTP/1.1sprangsugar.com/watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 IP172.240.253.132:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectsprangsugar.com FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1 ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT
File typeJavaScript source, ASCII text, with very long lines (2445) Hash8cd7bce85ed986150e089819e9a67ca8 6957cffe393e4127eab82c25d7f094be6e8b4d84 c12e9691ca422738df76637f25f175a29983723bb78f95d18fe32b06acf0f51a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninfastoccovks0.pages.dev
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17410480; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MCwiayI6ImM4MGU4Y2Q3ZTdjNmY1OGExNGE4ZDcyOWY4Y2RhZDgwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InpqMWF5eHp0OW4iLCJjcGtzIjp7IjI4IjoiZDVmMzc4MWY4NmRiMmY1OGVjMTEwYmZmNjgyNDY5NzcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.gBCOqB2u1Ar62_rjUaF3gPYn1DuiAUS0bykwiCQDG2M
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2:3:1; expires=Fri, 17 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6afa571c78526a18aa0854fc1ad261a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| pawbothcompany.com/watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 | 172.240.108.68 | 200 OK | 2.0 kB |
URL GET HTTP/1.1pawbothcompany.com/watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 IP172.240.108.68:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectpawbothcompany.com FingerprintAB:CB:31:D2:AD:19:30:E9:2F:99:10:E1:CD:C9:CC:BD:38:B6:82:EB ValidityMon, 06 May 2024 12:43:27 GMT - Sun, 04 Aug 2024 12:43:26 GMT
File typeJavaScript source, ASCII text, with very long lines (2446) Hash9a5cd88c9af352b79316b84cbe1b94d6 08ef648373baed2c48cf4e59a71414676630be59 4d327752962c41aff9e9fafb4b61fd90b65589620e56d124ae2ba981859c8c12
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 HTTP/1.1
Host: pawbothcompany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninfastoccovks0.pages.dev
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17410482; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MiwiayI6ImE3YWRmOWQ1MmI2ZWY4MzZjMmE2M2JjNzBiYjUxYTU5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrZGJxaDgybW4iLCJjcGtzIjp7IjI5IjoiNzMzYjI1NjE4ZWYxNDBlZmIzODk5MzlkMjc3YTYyZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.QwW5KdsinmEDT5R6IvNeaFWaFWxJAIvfqddq_u0h5Lw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=db7f27b0-b5ca-4940-92de-7dbb318d4733:1:1; expires=Fri, 17 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1641b9795dcb9949409c13bc9bfc21ef
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/a5/d3/e6/a5d3e623885c21def64b7175f19b6460/1708072353.png | 45.133.44.9 | 200 OK | 21 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/a5/d3/e6/a5d3e623885c21def64b7175f19b6460/1708072353.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hash7f1762981a72645aa56d46f1a4f30f4c 462868d87f10eb389ab364e02537cf1351777ce6 c76c21b14374482c43ec120fabc6e30541bb00a6ff88268aa9a4bb98d385d03e
GET /cti/a5/d3/e6/a5d3e623885c21def64b7175f19b6460/1708072353.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: image/png
content-length: 20565
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:32:41 GMT
etag: "65cf1da9-5055"
expires: Sun, 12 May 2024 19:19:31 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png | 45.133.44.9 | 200 OK | 24 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced Hashc4bca8de40bb4c19865d0dce9a561571 fbb310ca5a02b526153b0aaa542e23c81d9c3365 806a9e3d152ae4ea092a6c500ac4578627b6302a3b77bf9f4884b0916bd29265
GET /cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: image/png
content-length: 24090
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:15:29 GMT
etag: "65cf19a1-5e1a"
expires: Sun, 12 May 2024 19:19:31 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| shayscholz.blogspot.com/favicon.ico | 216.58.207.225 | | 412 B |
URL GET shayscholz.blogspot.com/favicon.ico IP216.58.207.225:0
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeMS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel Hash59a0c7b6e4848ccdabcea0636efda02b 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/x-icon
expires: Fri, 10 May 2024 19:19:31 GMT
date: Fri, 10 May 2024 19:19:31 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ninfastoccovks0.pages.dev/ | 188.114.97.1 | 200 OK | 30 kB |
URL User Request GET HTTP/2ninfastoccovks0.pages.dev/ IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjectninfastoccovks0.pages.dev Fingerprint20:A3:2C:CF:BA:DA:A6:92:C3:75:F4:57:A5:F2:A3:4B:54:12:E8:42 ValidityThu, 09 May 2024 14:01:24 GMT - Wed, 07 Aug 2024 14:01:23 GMT
File typeHTML document, ASCII text, with very long lines (11253), with CRLF line terminators Hash857e05df33ad37c258443c1881998ae4 b925072babf9793cf9dc25c08ecdfa69fbdaa2e9 82a69cef7f7defa03c1ff8cfb76eec34b673751126d8be64e7a1903d8c2d20ff
GET / HTTP/1.1
Host: ninfastoccovks0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b11dfe80c284d3b8f18fc1f19ca0e95a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KVU9ExwyizpgHtl37VURx5ANdLWha3B6Qe%2BjQ2Kotc7Rk3biokGFJQ2AtVgWgQV73lcGhoQLKTmRGTp3wWINjFdLfiqRZ5l%2BlsxabVw%2FZSyb%2FJsUy%2Bvw3sKWnMkgpMBylLuimk%2FACaLgRbf2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c47f66f79b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| split.jaketkulit.web.id/get/site/js/5eece17d3538f80d2e76b7b3913aecfa | 104.21.86.250 | 200 OK | 296 B |
URL GET HTTP/2split.jaketkulit.web.id/get/site/js/5eece17d3538f80d2e76b7b3913aecfa IP104.21.86.250:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerLet's Encrypt Subjectjaketkulit.web.id Fingerprint80:8B:F9:62:27:FA:23:A8:54:26:C7:57:90:E0:EE:1C:F0:8C:9F:F5 ValidityMon, 01 Apr 2024 01:48:02 GMT - Sun, 30 Jun 2024 01:48:01 GMT
File typeASCII text, with very long lines (326), with no line terminators Hashd99594ce3560f95f517213a34b412782 ae4c5268533ce2e4adcac4be6f824911868dff5e 8b965644b7e5e8430125d98955af92b9c0b653732a23cd35d942185afe56f762
GET /get/site/js/5eece17d3538f80d2e76b7b3913aecfa HTTP/1.1
Host: split.jaketkulit.web.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=shfa9vp46548anjarml89jcv34; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin:
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SGdlShZPVAO7UtaDKQ6r3ek8mOSdSdtNUdMZmWNEwHjdD%2F%2BeOoTK%2F8CwAaaNbA7h1ONWXmY7CkEaOyFceBOuTCXtlPEN7e5c2r2u3SSAS%2BwxRCXysfFgAt8NqzhINFkR1rcpmrcyfudK%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c47f9fc9fb505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= | 142.250.74.78 | 200 OK | 20 B |
URL GET HTTP/2suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP142.250.74.78:443
Requested byhttps://ninfastoccovks0.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hasha1b72ded50d7e2b047cd0d3966b148ab 8ff9743451774724c183efa801b999ecce23821a 4d9063bb918234965c25e4a0844d20c1cb01dae120c181c92f39a33b869be23f
GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-OWXJrY36xIZTgQcJKcoeCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|