Report - ninfastoccovks0.pages.dev/

Report Overview

Submitted URL
ninfastoccovks0.pages.dev/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 19:19:54
Access
public
Website Title
ninfastoccovks0.pages.dev/
Final URL
ninfastoccovks0.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-09	882 B	45 kB	45.133.44.9
ninfastoccovks0.pages.dev	unknown	unknown	No data	No data	482 B	31 kB	188.114.97.1
suggestqueries.google.com	1239	1997-09-15	2012-06-27	2024-05-09	469 B	824 B	142.250.74.78
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-09	338 B	942 B	143.204.53.97
split.jaketkulit.web.id	unknown	unknown	No data	No data	906 B	9.9 kB	104.21.86.250
tse1.mm.bing.net	7917	1997-09-03	2014-03-13	2024-05-09	427 B	1.6 kB	204.79.197.200
shayscholz.blogspot.com	unknown	2000-07-31	2024-03-16	2024-03-16	440 B	894 B	216.58.207.225
3.bp.blogspot.com	11048	2000-07-31	2012-05-21	2024-05-08	491 B	894 B	142.250.74.161
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-09	916 B	864 B	18.185.9.67
earliesthuntingtransgress.com	unknown	unknown	No data	No data	912 B	25 kB	192.243.59.13
sprangsugar.com	unknown	2024-05-06	2024-05-07	2024-05-08	2.4 kB	5.6 kB	172.240.253.132
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	973 B	28 kB	104.17.24.14
pawbothcompany.com	unknown	2024-05-06	2024-05-07	2024-05-08	2.4 kB	5.6 kB	172.240.108.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	pawbothcompany.com	Sinkholed
2024-05-10	medium	sprangsugar.com	Sinkholed
2024-05-10	medium	pawbothcompany.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	earliesthuntingtransgress.com/c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js	31 kB	2024-05-07	2024-05-25
Pretty URL earliesthuntingtransgress.com/c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 16:59:16 Last Seen2024-05-25 12:13:05 Times Seen6 Hash 7563a6ce24e7fcfb26a5403e929b0401 aa1e11675a5bad999a82362a5428975fa1d5730e 48eb2dfe68a85b8bba0a78e2964eafc819bdb22592f7913248b9d3fa0f9a4cdd Loading...

	ninfastoccovks0.pages.dev/	342 B	2024-04-06	2024-05-27
Pretty URL ninfastoccovks0.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-06 20:40:31 Last Seen2024-05-27 20:01:06 Times Seen44 Hash 71e8f3449f8dbd39e280f39e4a45ed48 2fbc6721c97cbe4506f69a255fa57c94a08141f3 f901326fc73b950f56004fd5f8be4b143f2b72477eaf56ef663c4af87c611646 Loading...

	ninfastoccovks0.pages.dev/	3 B	2023-03-07	2024-06-03
Pretty URL ninfastoccovks0.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:09:38 Last Seen2024-06-03 17:12:46 Times Seen1057 Hash d2a16faace6f59c009a1dc045e086658 1335c7f603963b6f76f45a8045f12cce142f1175 009966d20c582967816f9721a10b558b07333c88849bff11176b5140e746191e Loading...

	unknown	145 B	2023-06-26	2024-05-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 18:14:58 Last Seen2024-05-27 20:01:06 Times Seen82 Hash d04fbc1f79aca939d03ddc995716d027 a493099b48c578fad3656a5320b21842a553e629 a8a275d2e994199ab650bed3476a8d1b8b1368bfb1d8bb8d16f91cc0990fcb28 Loading...

	split.jaketkulit.web.id/get/site/js/5eece17d3538f80d2e76b7b3913aecfa	296 B	2024-04-06	2024-05-16
Pretty URL split.jaketkulit.web.id/get/site/js/5eece17d3538f80d2e76b7b3913aecfa IP 104.21.86.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 20:40:32 Last Seen2024-05-16 11:56:20 Times Seen23 Hash 9e770a81e2dbb86de7fc425dfb96bfa0 ccb9ee9e7622c24cf9d5330853fa95df826bfdef a60e4bedaf17b1fe1e6b570c1a3bfab385aefaf1640e69b45ba8dd87e8d53aa8 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js	7.9 kB	2023-03-07	2024-06-03
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:12 Last Seen2024-06-03 17:12:46 Times Seen2037 Hash 96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98 Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:20:02 Last Seen2024-05-10 21:20:03 Times Seen1 Hash 9e0bb1ec6df5629dee0fab32cdf268ae dbfce63cf1202b0ad5d0f3ae0f365b01d6be8fa1 50b6952b99495045f689f6187ed2b9e08086a21fa5632e3b67d27cbca30e5c2d Loading...

	ninfastoccovks0.pages.dev/	2.7 kB	2024-04-06	2024-05-26
Pretty URL ninfastoccovks0.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-06 20:40:31 Last Seen2024-05-26 11:52:47 Times Seen22 Hash 7bbe6c2e6f015f13d8b3a639a864990d b37a91e57d53cf79e98413ed8146a5f8475686df e1e381b44654540dfb41147819bd43f24534fe945c2546ae3700465a498411a6 Loading...

	earliesthuntingtransgress.com/a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js	31 kB	2024-05-10	2024-05-10
Pretty URL earliesthuntingtransgress.com/a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:20:03 Last Seen2024-05-10 21:20:03 Times Seen2 Hash 1a7cc7c6ac6936bcc9d3a72ca650ec55 168c615de879298d8e3f002478d183b32a94cf7d da0729a99dd1c9fbcdd3752d6b121fc5096dbc89cab2fd8e02fca61c5fd70b03 Loading...

	ninfastoccovks0.pages.dev/	12 kB	2024-04-24	2024-05-27
Pretty URL ninfastoccovks0.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 14:01:12 Last Seen2024-05-27 20:01:06 Times Seen40 Hash c64bc91e2c1912e08878555f61c39733 24786eb97f222b8a404b64823c73d11c469d987d 8de1ff612f9ee7f9698a77027467b29472ebf03dd11de508e014d13a873e08bd Loading...

	ninfastoccovks0.pages.dev/	1.5 kB	2024-04-24	2024-05-27
Pretty URL ninfastoccovks0.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 14:01:12 Last Seen2024-05-27 20:01:06 Times Seen41 Hash 7a423c67de656bdf8fc2b994f424b423 514b75b1e1c1bf3ea114b45433dfe4577dde2b92 ad237a8847cace7050d81ddd9cca095021eb0663809d03179cb788e5f83ad15a Loading...

	suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=	20 B	2023-05-14	2024-06-03
Pretty URL suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-14 08:59:35 Last Seen2024-06-03 16:40:50 Times Seen535 Hash fdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4 Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:20:03 Last Seen2024-05-10 21:20:03 Times Seen1 Hash b8bd78088e5cc4457610493b530aead8 584f75505f7d6f8706d9f85f8ac8784498d2a604 edc7e91ecd85293555deddf521707673eb61480d0c22ede1f84a9eedbc1f1dff Loading...

	split.jaketkulit.web.id/get/site/js/1d6def2e9b082f24c59c908dc9eba138	295 B	2024-04-06	2024-05-16
Pretty URL split.jaketkulit.web.id/get/site/js/1d6def2e9b082f24c59c908dc9eba138 IP 104.21.86.250 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 20:40:31 Last Seen2024-05-16 11:56:20 Times Seen21 Hash 0dd5e9f8fe647a2b50f24d675add5c7a b8c4bce2af4269844f253dd6a9be9304e5b84372 d4bb70f263015ee6e9254446f119f1f895f735f6b0097b43a4c5592b02efd367 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js	72 kB	2023-03-07	2024-06-03
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:59 Last Seen2024-06-03 17:12:46 Times Seen5371 Hash 1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512 Loading...

	ninfastoccovks0.pages.dev/	424 B	2024-04-06	2024-05-27
Pretty URL ninfastoccovks0.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-06 20:40:32 Last Seen2024-05-27 20:01:06 Times Seen44 Hash a4604be2c6c52515e1f069a96408d2f8 00bd0393b0b2d11d750e7badf488123a31d10ff4 ff93d72f7fe97ad668386144d6a03da01f2e67ddc7d79bc9566f27bef951d92b Loading...

	unknown	145 B	2023-06-17	2024-05-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 13:19:26 Last Seen2024-05-27 20:01:06 Times Seen53 Hash f584134c28ad4083360a135684f960ea 2abb2cd26b5f7ecc7a3ffa308f4875a9b814e8b4 62cf17f83e2909cced5c2de26167917ee591aca41b055fd26d16522b731e2ae8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 3fc1063a8fb5e3371ef10677f5e7d32f	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 21:20:03 Last Seen2024-05-10 21:20:03 Times Seen1 Hash 3fc1063a8fb5e3371ef10677f5e7d32f a3162aa42b5a1da198f0b7ffbb764d43882f4f27 f4e90b5997fbec5c5527b2923058b5ab4c618065b67692e336729a316bd8cb51 Loading...

	#2 Eval - aab8d7f07feb9350bb993a7ab7606faf	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 21:20:03 Last Seen2024-05-10 21:20:03 Times Seen1 Hash aab8d7f07feb9350bb993a7ab7606faf 91bbf8a9010636e4a7af2d3434f69a788ac89b2d baf3bd455a2a126ab6e6615b578d21a254d465ea9469b1a27bbcbb5598f1e926 Loading...

		Size	First Seen	Last Seen
	#1 Write - 9ea879a9988923c69a2082950102736f	121 B	2024-04-06	2024-05-16
Pretty Observations First Seen2024-04-06 20:40:32 Last Seen2024-05-16 11:56:20 Times Seen16 Hash 9ea879a9988923c69a2082950102736f 327042c2df939713d800e51ba07d578d4eaf3eb4 e3aa672a382f7e0c574d09d42357be6092d73faa16a2b2d62f83d083d1623315 Loading...

	#2 Write - b57d8e6210beb4912dfbfb6010b83415	121 B	2024-04-06	2024-05-16
Pretty Observations First Seen2024-04-06 20:40:32 Last Seen2024-05-16 11:56:20 Times Seen16 Hash b57d8e6210beb4912dfbfb6010b83415 d1ee9b2f4e1aaaddac147fb5cf6b3e8c47ab7ca7 ae017dd71d0c6afbbdcd05ae00303ffdb02da789456bfe36e91feb561db00ab8 Loading...

	#3 Write - 811a7da70e54c8c50a76774257dad93a	138 B	2024-03-16	2024-06-03
Pretty Observations First Seen2024-03-16 20:44:50 Last Seen2024-06-03 16:40:50 Times Seen361 Hash 811a7da70e54c8c50a76774257dad93a cece740ca0320764b2f43cb2df97d1c54ea55974 2b51ee1a7ee63d01e92e50a183e8c8473a4d2549c28010ff65a1e086903ecf1d Loading...

HTTP Transactions (20)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js

104.17.24.14

200 OK

22 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65241)
Size
22 kB (22329 bytes)
Hash
1276065911521c5c22037a31365d179d
d1c6704e94efe2d465fc161b6381e127d35acd81
bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 873836
expires: Wed, 30 Apr 2025 19:19:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2FAUZgQ292a02jdKX1Vuns7P8tU2WN0dwhjjxPpME%2FguWynrRMRFDnV7Msjs5VhfXuzPGT%2BEyb%2Bw8Ta21f7%2F9Ij1A7vAXnHzu31d1NXrySQgssmaPI%2F4B%2BKeDujIpB94NYrKSjw3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c47f9bfec1c0a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js

104.17.24.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
96201abb62283557a9d7b97b4cab14ab
a72f33d920d0ab863df4cb60edf44ec140304cdb
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

HTTP Headers

GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 870564
expires: Wed, 30 Apr 2025 19:19:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2F%2BrOoSF4djvuX7Yqsbu8OzWWIzKZzfCe4HHf9%2BZjDwbyyFuK7iracnbPMSNohQigqZ7GNDIKx7gWeCp8v78zQMUAbOqGgfoF1LRyp7r5fUMbs7dT5IdO%2B3O5gzxzU%2F5eqPrRS9D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c47f9d8141c0a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif

142.250.74.161

200 OK

362 B

URL GET HTTP/2
3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
GIF image data, version 89a, 52 x 15
Size
362 B (362 bytes)
Hash
fd2c05a8c327ace309722b0a5fc4faf3
f446e97c43f8830be9f60644563dd846abe6b8e8
0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4

HTTP Headers

GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Fri, 10 May 2024 17:51:06 GMT
expires: Sat, 11 May 2024 17:51:06 GMT
cache-control: public, max-age=86400, no-transform
age: 5303
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

earliesthuntingtransgress.com/a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js

192.243.59.13

200 OK

12 kB

URL GET HTTP/1.1
earliesthuntingtransgress.com/a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectearliesthuntingtransgress.com
FingerprintD0:5D:19:40:99:6D:C9:CA:70:32:DF:29:86:64:CA:15:DC:7C:35:E7
ValiditySat, 04 May 2024 06:38:47 GMT - Fri, 02 Aug 2024 06:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (31323), with no line terminators
Size
12 kB (11860 bytes)
Hash
1a7cc7c6ac6936bcc9d3a72ca650ec55
168c615de879298d8e3f002478d183b32a94cf7d
da0729a99dd1c9fbcdd3752d6b121fc5096dbc89cab2fd8e02fca61c5fd70b03

HTTP Headers

GET /a7adf9d52b6ef836c2a63bc70bb51a59/invoke.js HTTP/1.1
Host: earliesthuntingtransgress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:19:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3a2f82b1f28705c07adc2073e801e76
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

earliesthuntingtransgress.com/c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js

192.243.59.13

200 OK

12 kB

URL GET HTTP/1.1
earliesthuntingtransgress.com/c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectearliesthuntingtransgress.com
FingerprintD0:5D:19:40:99:6D:C9:CA:70:32:DF:29:86:64:CA:15:DC:7C:35:E7
ValiditySat, 04 May 2024 06:38:47 GMT - Fri, 02 Aug 2024 06:38:46 GMT

File type
JavaScript source, ASCII text, with very long lines (31314), with no line terminators
Size
12 kB (11861 bytes)
Hash
7563a6ce24e7fcfb26a5403e929b0401
aa1e11675a5bad999a82362a5428975fa1d5730e
48eb2dfe68a85b8bba0a78e2964eafc819bdb22592f7913248b9d3fa0f9a4cdd

HTTP Headers

GET /c80e8cd7e7c6f58a14a8d729f8cdad80/invoke.js HTTP/1.1
Host: earliesthuntingtransgress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 19:19:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 403c4867172f38442e508c880cfcbeaa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f7a3aabaedd5c95463e85c2d7682d410
715b2bd7dd959bb3423d71b22c43302b7a18a3a5
55ab8ca84eb2c090ff2a4eb9ebc48ce053c3f38261d66bded94f03719a384335

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 19:19:31 GMT
Last-Modified: Fri, 10 May 2024 17:30:45 GMT
Server: ECAcc (ska/F6A0)
X-Cache: Miss from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wtPfE7nWnTxi2Ih1FrJIBkzM8sW4FP_2y-5W6HZUuZAwt86YLa0qEQ==
Age: 6526

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
623990b1f2b31c7b605363233baadf97
85d672ca54b2c384eb3765d18f935a7a111392d5
633fe31e1a0240b0842f07a75435e4bbb8813457d0368daf29eaa0205e9d1861

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ninfastoccovks0.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=db7f27b0-b5ca-4940-92de-7dbb318d4733:1:1; expires=Mon, 08 May 2034 19:19:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
af76e90c1176a7d1fe1855ec55f65875
d9fdc4c422830d3fc24f0523a7d14ad89a0bcea0
2f0feede1ea7cd2aea6455395a8de5c73831ab8c20be722a9bda309e39998464

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ninfastoccovks0.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2:3:1; expires=Mon, 08 May 2034 19:19:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=

204.79.197.200

404 Not Found

727 B

URL GET HTTP/2
tse1.mm.bing.net/th?q=
IP
204.79.197.200:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58
ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3
Size
727 B (727 bytes)
Hash
5116706c119475f5ae2fc135c3358037
7e5bdf3585153e317ebef05a9b8241d311e44cb3
7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c

HTTP Headers

GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0A382EF0E53041C78F8216A9DB83A9EF Ref B: OSL30EDGE0414 Ref C: 2024-05-10T19:19:31Z
date: Fri, 10 May 2024 19:19:30 GMT
X-Firefox-Spdy: h2

sprangsugar.com/watch.1401928687212.js?key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1

172.240.253.132

307 Temporary Redirect

0 B

URL GET HTTP/1.1
sprangsugar.com/watch.1401928687212.js?key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1401928687212.js?key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Location: https://sprangsugar.com/watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1
Set-Cookie: u_pl=17410480; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MCwiayI6ImM4MGU4Y2Q3ZTdjNmY1OGExNGE4ZDcyOWY4Y2RhZDgwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InpqMWF5eHp0OW4iLCJjcGtzIjp7IjI4IjoiZDVmMzc4MWY4NmRiMmY1OGVjMTEwYmZmNjgyNDY5NzcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.gBCOqB2u1Ar62_rjUaF3gPYn1DuiAUS0bykwiCQDG2M; expires=Fri, 10 May 2024 19:20:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3f9d03ff4efde06eefaad1c01c9a6409
Strict-Transport-Security: max-age=0; includeSubdomains

pawbothcompany.com/watch.1146448144974.js?key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1

172.240.108.68

307 Temporary Redirect

0 B

URL GET HTTP/1.1
pawbothcompany.com/watch.1146448144974.js?key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectpawbothcompany.com
FingerprintAB:CB:31:D2:AD:19:30:E9:2F:99:10:E1:CD:C9:CC:BD:38:B6:82:EB
ValidityMon, 06 May 2024 12:43:27 GMT - Sun, 04 Aug 2024 12:43:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1146448144974.js?key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 HTTP/1.1
Host: pawbothcompany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
Origin: https://ninfastoccovks0.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Location: https://pawbothcompany.com/watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1
Set-Cookie: u_pl=17410482; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MiwiayI6ImE3YWRmOWQ1MmI2ZWY4MzZjMmE2M2JjNzBiYjUxYTU5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrZGJxaDgybW4iLCJjcGtzIjp7IjI5IjoiNzMzYjI1NjE4ZWYxNDBlZmIzODk5MzlkMjc3YTYyZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.QwW5KdsinmEDT5R6IvNeaFWaFWxJAIvfqddq_u0h5Lw; expires=Fri, 10 May 2024 19:20:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 33a49d29eeb6bbe2da75195ce8bc9912
Strict-Transport-Security: max-age=0; includeSubdomains

split.jaketkulit.web.id/get/site/js/1d6def2e9b082f24c59c908dc9eba138

104.21.86.250

200 OK

7.9 kB

URL GET HTTP/2
split.jaketkulit.web.id/get/site/js/1d6def2e9b082f24c59c908dc9eba138
IP
104.21.86.250:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectjaketkulit.web.id
Fingerprint80:8B:F9:62:27:FA:23:A8:54:26:C7:57:90:E0:EE:1C:F0:8C:9F:F5
ValidityMon, 01 Apr 2024 01:48:02 GMT - Sun, 30 Jun 2024 01:48:01 GMT

File type
gzip compressed data, from Unix
Size
7.9 kB (7867 bytes)
Hash
ec06cab6d26942b8bae8f311affd983d
bc84eb69a352abdefb878a9446a79d17c383daac
bac20b0379281f7716721825f7f205fd3ae157fff698486a221e8646e84f70fb

HTTP Headers

GET /get/site/js/1d6def2e9b082f24c59c908dc9eba138 HTTP/1.1
Host: split.jaketkulit.web.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=q4chgig9gjmbm4bam3qcgq3bvk; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: 
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzEujFFdKVWIV4Tu%2FnjIorK4MGjM0GPqcZPwRLc9yFE8L9xAFsTHeF7kB%2FSKx%2BBLnUHsRJlRb8Bh2vMxA5mqTk4jdaqVpQqo9eh1x1f9ss9x0yTo4GxzlvxiwYv8b1sKvi1o9HvC0jY9aA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c47f9fca0b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sprangsugar.com/watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1

172.240.253.132

200 OK

2.0 kB

URL GET HTTP/1.1
sprangsugar.com/watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsprangsugar.com
FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1
ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT

File type
JavaScript source, ASCII text, with very long lines (2445)
Size
2.0 kB (1976 bytes)
Hash
8cd7bce85ed986150e089819e9a67ca8
6957cffe393e4127eab82c25d7f094be6e8b4d84
c12e9691ca422738df76637f25f175a29983723bb78f95d18fe32b06acf0f51a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1401928687212.js?dev=e&key=c80e8cd7e7c6f58a14a8d729f8cdad80&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=80b28b2251d78ac2e50827d8d835a6c282be48a4911e6610be945d11215a969f6ad04cf603b2f1e94d06c6d3ac1fb805ee1e93d4f798fd8c208d150bf2c88875421d9d67a5d87539826c0541743b0d3fe89e784622ceb6c31230b04fbb3e68&tz=0&uuid=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2%3A3%3A1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninfastoccovks0.pages.dev
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17410480; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MCwiayI6ImM4MGU4Y2Q3ZTdjNmY1OGExNGE4ZDcyOWY4Y2RhZDgwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InpqMWF5eHp0OW4iLCJjcGtzIjp7IjI4IjoiZDVmMzc4MWY4NmRiMmY1OGVjMTEwYmZmNjgyNDY5NzcifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.gBCOqB2u1Ar62_rjUaF3gPYn1DuiAUS0bykwiCQDG2M
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=2f62ebe5-a51b-4fb8-a52e-b71f3a8a83e2:3:1; expires=Fri, 17 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6afa571c78526a18aa0854fc1ad261a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pawbothcompany.com/watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1

172.240.108.68

200 OK

2.0 kB

URL GET HTTP/1.1
pawbothcompany.com/watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectpawbothcompany.com
FingerprintAB:CB:31:D2:AD:19:30:E9:2F:99:10:E1:CD:C9:CC:BD:38:B6:82:EB
ValidityMon, 06 May 2024 12:43:27 GMT - Sun, 04 Aug 2024 12:43:26 GMT

File type
JavaScript source, ASCII text, with very long lines (2446)
Size
2.0 kB (1985 bytes)
Hash
9a5cd88c9af352b79316b84cbe1b94d6
08ef648373baed2c48cf4e59a71414676630be59
4d327752962c41aff9e9fafb4b61fd90b65589620e56d124ae2ba981859c8c12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1146448144974.js?dev=e&key=a7adf9d52b6ef836c2a63bc70bb51a59&kw=%5B%5D&pst=1715368831&refer=https%3A%2F%2Fninfastoccovks0.pages.dev%2F&res=14.2071&rmtc=t&shu=8361db96e4cda972ce52d936f7603f92536caeb5e772c183eac234d0ebeb4a6cfccc2d69f6b3969fa08871a9fd6ac6819afb30bfbf26124f808b012426569bdf55a4ef79a3e3e21c7232a5fa679e5e1ea01b705d67e74e804f6652eee03f&tz=0&uuid=db7f27b0-b5ca-4940-92de-7dbb318d4733%3A1%3A1 HTTP/1.1
Host: pawbothcompany.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ninfastoccovks0.pages.dev
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17410482; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQxMDQ4MiwiayI6ImE3YWRmOWQ1MmI2ZWY4MzZjMmE2M2JjNzBiYjUxYTU5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA0NDczLCJwaWQiOjQ1NjY1MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJrZGJxaDgybW4iLCJjcGtzIjp7IjI5IjoiNzMzYjI1NjE4ZWYxNDBlZmIzODk5MzlkMjc3YTYyZTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbmluZmFzdG9jY292a3MwLnBhZ2VzLmRldi8iLCJhciI6W119fQ.QwW5KdsinmEDT5R6IvNeaFWaFWxJAIvfqddq_u0h5Lw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:19:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Origin: https://ninfastoccovks0.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=db7f27b0-b5ca-4940-92de-7dbb318d4733:1:1; expires=Fri, 17 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 11 May 2024 19:19:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1641b9795dcb9949409c13bc9bfc21ef
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/a5/d3/e6/a5d3e623885c21def64b7175f19b6460/1708072353.png

45.133.44.9

200 OK

21 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/a5/d3/e6/a5d3e623885c21def64b7175f19b6460/1708072353.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
21 kB (20565 bytes)
Hash
7f1762981a72645aa56d46f1a4f30f4c
462868d87f10eb389ab364e02537cf1351777ce6
c76c21b14374482c43ec120fabc6e30541bb00a6ff88268aa9a4bb98d385d03e

HTTP Headers

GET /cti/a5/d3/e6/a5d3e623885c21def64b7175f19b6460/1708072353.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: image/png
content-length: 20565
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:32:41 GMT
etag: "65cf1da9-5055"
expires: Sun, 12 May 2024 19:19:31 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png

45.133.44.9

200 OK

24 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size
24 kB (24090 bytes)
Hash
c4bca8de40bb4c19865d0dce9a561571
fbb310ca5a02b526153b0aaa542e23c81d9c3365
806a9e3d152ae4ea092a6c500ac4578627b6302a3b77bf9f4884b0916bd29265

HTTP Headers

GET /cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
content-type: image/png
content-length: 24090
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:15:29 GMT
etag: "65cf19a1-5e1a"
expires: Sun, 12 May 2024 19:19:31 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

shayscholz.blogspot.com/favicon.ico

216.58.207.225

412 B

URL GET
shayscholz.blogspot.com/favicon.ico
IP
216.58.207.225:0
ASN
#15169 GOOGLE

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
expires: Fri, 10 May 2024 19:19:31 GMT
date: Fri, 10 May 2024 19:19:31 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ninfastoccovks0.pages.dev/

188.114.97.1

200 OK

30 kB

URL User Request GET HTTP/2
ninfastoccovks0.pages.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectninfastoccovks0.pages.dev
Fingerprint20:A3:2C:CF:BA:DA:A6:92:C3:75:F4:57:A5:F2:A3:4B:54:12:E8:42
ValidityThu, 09 May 2024 14:01:24 GMT - Wed, 07 Aug 2024 14:01:23 GMT

File type
HTML document, ASCII text, with very long lines (11253), with CRLF line terminators
Size
30 kB (29886 bytes)
Hash
857e05df33ad37c258443c1881998ae4
b925072babf9793cf9dc25c08ecdfa69fbdaa2e9
82a69cef7f7defa03c1ff8cfb76eec34b673751126d8be64e7a1903d8c2d20ff

HTTP Headers

GET / HTTP/1.1
Host: ninfastoccovks0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b11dfe80c284d3b8f18fc1f19ca0e95a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KVU9ExwyizpgHtl37VURx5ANdLWha3B6Qe%2BjQ2Kotc7Rk3biokGFJQ2AtVgWgQV73lcGhoQLKTmRGTp3wWINjFdLfiqRZ5l%2BlsxabVw%2FZSyb%2FJsUy%2Bvw3sKWnMkgpMBylLuimk%2FACaLgRbf2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c47f66f79b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

split.jaketkulit.web.id/get/site/js/5eece17d3538f80d2e76b7b3913aecfa

104.21.86.250

200 OK

296 B

URL GET HTTP/2
split.jaketkulit.web.id/get/site/js/5eece17d3538f80d2e76b7b3913aecfa
IP
104.21.86.250:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectjaketkulit.web.id
Fingerprint80:8B:F9:62:27:FA:23:A8:54:26:C7:57:90:E0:EE:1C:F0:8C:9F:F5
ValidityMon, 01 Apr 2024 01:48:02 GMT - Sun, 30 Jun 2024 01:48:01 GMT

File type
ASCII text, with very long lines (326), with no line terminators
Size
296 B (296 bytes)
Hash
d99594ce3560f95f517213a34b412782
ae4c5268533ce2e4adcac4be6f824911868dff5e
8b965644b7e5e8430125d98955af92b9c0b653732a23cd35d942185afe56f762

HTTP Headers

GET /get/site/js/5eece17d3538f80d2e76b7b3913aecfa HTTP/1.1
Host: split.jaketkulit.web.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:29 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=shfa9vp46548anjarml89jcv34; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: 
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SGdlShZPVAO7UtaDKQ6r3ek8mOSdSdtNUdMZmWNEwHjdD%2F%2BeOoTK%2F8CwAaaNbA7h1ONWXmY7CkEaOyFceBOuTCXtlPEN7e5c2r2u3SSAS%2BwxRCXysfFgAt8NqzhINFkR1rcpmrcyfudK%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c47f9fc9fb505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=

142.250.74.78

200 OK

20 B

URL GET HTTP/2
suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=
IP
142.250.74.78:443
ASN
#15169 GOOGLE

Requested by
https://ninfastoccovks0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
a1b72ded50d7e2b047cd0d3966b148ab
8ff9743451774724c183efa801b999ecce23821a
4d9063bb918234965c25e4a0844d20c1cb01dae120c181c92f39a33b869be23f

HTTP Headers

GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ninfastoccovks0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:19:31 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-OWXJrY36xIZTgQcJKcoeCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by