Report - fredericweigleek96k804b.pages.dev/

Report Overview

Submitted URL
fredericweigleek96k804b.pages.dev/
IP
172.66.47.89
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 09:13:43
Access
public
Website Title
fredericweigleek96k804b.pages.dev/
Final URL
fredericweigleek96k804b.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
3.bp.blogspot.com	11048	2000-07-31	2012-05-21	2024-05-08	499 B	895 B	142.250.74.161
plumbsplash.com	unknown	2024-05-06	2024-05-07	2024-05-08	2.4 kB	5.8 kB	172.240.108.84
pl23249615.highcpmgate.com	unknown	unknown	No data	No data	463 B	17 kB	192.243.61.225
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-09	430 B	87 kB	188.114.96.1
suggestqueries.google.com	1239	1997-09-15	2012-06-27	2024-05-08	477 B	824 B	142.250.74.14
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-09	752 B	423 B	192.243.59.12
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-09	524 B	826 B	45.133.44.4
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-09	2.4 kB	45 kB	188.114.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	1.1 kB	33 kB	216.58.207.227
meetingrailroad.com	unknown	2024-05-06	2024-05-08	2024-05-08	2.4 kB	5.5 kB	192.243.59.13
shayscholz.blogspot.com	unknown	2000-07-31	2024-03-16	2024-03-16	448 B	894 B	216.58.207.193
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-09	338 B	942 B	54.230.218.11
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-05-09	1.4 kB	57 kB	172.240.127.234
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-09	1.0 kB	756 B	18.185.9.67
demolishforbidhonorable.com	unknown	2024-05-06	2024-05-07	2024-05-07	2.4 kB	5.6 kB	192.243.59.20
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-09	1.8 kB	354 kB	45.133.44.9
tse1.mm.bing.net	7917	1997-09-03	2014-03-13	2024-05-08	435 B	1.6 kB	204.79.197.200
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	1.0 kB	28 kB	104.17.25.14
ads.bisniskini.biz.id	unknown	2023-09-30	2024-02-24	2024-04-18	1.8 kB	16 kB	172.67.214.128
wansafeguard.com	unknown	2024-05-06	2024-05-07	2024-05-10	7.6 kB	12 kB	172.240.127.234
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	416 B	1.8 kB	216.58.207.234
fredericweigleek96k804b.pages.dev	unknown	unknown	No data	No data	490 B	18 kB	172.66.47.89

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	plumbsplash.com	Sinkholed
2024-05-10	medium	demolishforbidhonorable.com	Sinkholed
2024-05-10	medium	highcpmgate.com	Sinkholed
2024-05-10	medium	plumbsplash.com	Sinkholed
2024-05-10	medium	demolishforbidhonorable.com	Sinkholed
2024-05-10	medium	meetingrailroad.com	Sinkholed
2024-05-10	medium	meetingrailroad.com	Sinkholed
2024-05-10	medium	unseenreport.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed
2024-05-10	medium	wansafeguard.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	fredericweigleek96k804b.pages.dev/	407 B	2024-03-16	2024-05-20
Pretty URL fredericweigleek96k804b.pages.dev/ IP 172.66.47.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-20 16:42:58 Times Seen170 Hash 033f01caf6d0f553ffc421cc2772f928 67876067762ac6818db46c43a14ed10d9c046a0c 873ff640f3ae1bde848bbd3a7156f7991cf3a34e1236471b8f83ab7608ccb51b Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js	72 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:59 Last Seen2024-05-20 16:42:59 Times Seen4785 Hash 1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512 Loading...

	fredericweigleek96k804b.pages.dev/	3 B	2023-03-07	2024-05-20
Pretty URL fredericweigleek96k804b.pages.dev/ IP 172.66.47.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:09:38 Last Seen2024-05-20 16:42:59 Times Seen769 Hash d2a16faace6f59c009a1dc045e086658 1335c7f603963b6f76f45a8045f12cce142f1175 009966d20c582967816f9721a10b558b07333c88849bff11176b5140e746191e Loading...

	pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js	44 kB	2024-05-10	2024-05-10
Pretty URL pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:52 Last Seen2024-05-10 20:39:54 Times Seen4 Hash 96f52b423e273714e6be7bce0b5de06c 8a1eb53aaf8b02ae2206ed1b50b059cdca5d40e0 2206605da6777300a9f72abe1aae2a5a608f5e072b7de3a2f69fda73cb9947f5 Loading...

	unknown	145 B	2024-05-08	2024-05-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-17 11:37:02 Times Seen36 Hash 756e754e6cfb16dffe59b72c712d5cb1 36c5ec2f5fcd87c6f704acadb258c1bc7bfaa981 3f10cd126b12dc8d1f6c9da89832d77dbce1b0a1a38b14490e578386d323fce1 Loading...

	fredericweigleek96k804b.pages.dev/	2.7 kB	2024-03-16	2024-05-20
Pretty URL fredericweigleek96k804b.pages.dev/ IP 172.66.47.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-20 16:42:59 Times Seen114 Hash 372cd0e8ad89ee27fefebce4470d5a08 e70fccac5381673af0c002f5172fde78f8f71de0 393c63070292b13107be81d5ce120b72e6a002a2ac0183c1c28ab6159fb6cf74 Loading...

	fredericweigleek96k804b.pages.dev/	658 B	2024-03-16	2024-05-20
Pretty URL fredericweigleek96k804b.pages.dev/ IP 172.66.47.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-20 16:42:59 Times Seen340 Hash 9d3d818ca9f81a71b4da9fa707cafb6a 5d49232709a360c05ec5721f7e1e3b2d7a899ee0 bf346b7f785a552ee4c436e06f3c5388b4229f91ee5eda32e75a6c234e66ca52 Loading...

	ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a	139 B	2024-05-08	2024-05-10
Pretty URL ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a IP 172.67.214.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-10 23:37:41 Times Seen23 Hash 613e75c06a28ec97154a5377fee5a84a 0e90f96404fd96309ec40fe6b1403c5565cdfaa7 288a35e42dbea205601d112e4e6e1017487060c55c5dd6249fc654b4660210ce Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:52 Last Seen2024-05-10 11:13:52 Times Seen1 Hash 718044449d39612849808482420e01f3 4e6f5cf459cd090c06782f5d8a2d644d5fb83b9c bd9c3b42c3a08963a99f279eb8adafb2e31db567fa87c2ee7b20b9499b5c5855 Loading...

	www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js	31 kB	2024-05-10	2024-05-16
Pretty URL www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:52 Last Seen2024-05-16 13:34:03 Times Seen8 Hash 8464f12faf2b2ed8b1b144a688600ba2 a9836890e289aa625bb76687cd8ceb512d6bc99e 620783c4130ace85aacc619a665ee76a497ed9f0f2555117f7b2a0c52fcd7cbe Loading...

	www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js	31 kB	2024-05-10	2024-05-17
Pretty URL www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:52 Last Seen2024-05-17 11:37:03 Times Seen4 Hash b7093a569b3476cf3592c220f39840a0 09ab581ab624c4f68b21615602cfcfc9b46d0014 f2b8ecd58c02cd2cbc5857ca858355a6cd64873f42ed4d70e84865a07ca4eba7 Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:52 Last Seen2024-05-10 11:13:52 Times Seen1 Hash 9217c409a2ee49d63d826f05f857a6af 8a29440cb2c84ebca4e5bab410227a5080baef77 bf7e15615a6262e61596e1059e629a8da5c9ddb23e0f09e902766a72cddcc5ee Loading...

	unknown	3.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:52 Last Seen2024-05-10 11:13:52 Times Seen1 Hash c57eb8a43d1dd4b6e47dd26eb0b86ea5 35ca7ae9bb87ffb83d51701fc84c354d213b3f4e 4c6eace8b1cf0c9c98ffc25b3be31b2b2074b5ad6ccfcbbab9e7568f428b787f Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js	84 kB	2023-03-07	2024-05-20
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-20 23:22:52 Times Seen16314 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=	20 B	2023-05-14	2024-05-20
Pretty URL suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP 142.250.74.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-14 08:59:35 Last Seen2024-05-20 16:42:59 Times Seen310 Hash fdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4 Loading...

	ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e	299 B	2024-05-08	2024-05-10
Pretty URL ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e IP 172.67.214.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-10 23:37:41 Times Seen23 Hash 252b107927cd0781f0972fac6f9f4f8f ce31eb7d65808aa4fae8620ffabf7c40cc077b77 8d6a0836a8d3ca9e64038e97232c4c8e1442635523e33c3d07f7e204ce125ee2 Loading...

	www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js	31 kB	2024-05-10	2024-05-10
Pretty URL www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:52 Last Seen2024-05-10 11:13:53 Times Seen2 Hash 77f906b6f871519d7bb97e2a322721a4 0bea6401ee4fd0fa0f789ac6de073e6f83f78295 27a751387c8823e4519e36236c6d6c943ca758cf8d49da8c23884e5453eae5fc Loading...

	unknown	196 B	2024-05-08	2024-05-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-17 11:37:02 Times Seen36 Hash 2820c46d651db71f89ec9f00ac04d32e a6c7504ac655c161b9fb83c829ebfa37d5031fc3 da99c8d35690e3fe343067fbac633b2c44e569c00c3c9af26c3c6d28a5c9c15f Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js	7.9 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:12 Last Seen2024-05-20 16:42:59 Times Seen1471 Hash 96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98 Loading...

	unknown	1.3 kB	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 11:13:53 Last Seen2024-05-10 22:45:31 Times Seen8 Hash 0fcc1349bc9546f8457765cda9f9c955 738da6345aa192a003b08a061e5490bbe8bc402a 9bf735470ac8aab307758ff04d1e32b8cc08a48c2260b15491cc005f234cd3bb Loading...

	ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d	293 B	2024-05-08	2024-05-11
Pretty URL ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP 172.67.214.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-11 23:33:22 Times Seen58 Hash 53d76623d9d99464e544bae28620f09f 15762f2bde793d241f10807442f825e8b732b501 0aae87e7770c472eaf96f99fc7c6d0c6fb29815cba1734f672af54d5f24e3400 Loading...

	unknown	145 B	2024-05-08	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 11:40:16 Last Seen2024-05-10 23:37:41 Times Seen15 Hash e5c2aed274edb5f09c20a4eaec9746f4 a8e6554af58e57f36a9ab3e45a9bb05453b5b451 cce27b5446155bfb961626ef41108241e627cf2bc203f3f94d14ebc35abe50f1 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	fredericweigleek96k804b.pages.dev/	1.6 kB	2024-03-16	2024-05-20
Pretty URL fredericweigleek96k804b.pages.dev/ IP 172.66.47.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-20 16:42:59 Times Seen114 Hash 2d8da26e690c8f38327ea27b6b3de976 5f3690feb3394fe91eb9a5c5516feb125d74b79c 25cc80ecbfcdad55f15bb883126a93c5e986544b5b925121e7b73cc6008ffc18 Loading...

	fredericweigleek96k804b.pages.dev/	424 B	2024-03-16	2024-05-20
Pretty URL fredericweigleek96k804b.pages.dev/ IP 172.66.47.89 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-20 16:42:59 Times Seen114 Hash 931ef0af690b9f574a888dd47f5fe6a6 98971ca06dba745aa4f8b6d735b6f628d9668e98 747ca94860b1741ad0a224703fb741208b72c16a173a7a79d411cb69ea886712 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4471090aecf2a1935b416f485db5f56b	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 11:13:53 Last Seen2024-05-10 11:13:53 Times Seen1 Hash 4471090aecf2a1935b416f485db5f56b 671ea677839dfd9cca4c4f7a1f6827e4336aabe0 9bca783aea115613d2db06e6485ce3558a9ecdea8d24a296f6b0c001282ec6d0 Loading...

	#2 Eval - 8ac07e72d83f8003deeee72c1cbf3338	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 11:13:53 Last Seen2024-05-10 11:13:53 Times Seen1 Hash 8ac07e72d83f8003deeee72c1cbf3338 223e0e91b0df13af4df54766d61943cb44df7af1 1152cbe2d24fb257eb78373e732ab2a4d952f793ee4d543d14fc9ccc64cc4383 Loading...

	#3 Eval - 57bf9ed540e40e63b6565bc2c3944642	2.1 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 11:13:53 Last Seen2024-05-10 11:13:53 Times Seen1 Hash 57bf9ed540e40e63b6565bc2c3944642 bacfb2c5ce9c5fd54d97ccd96458b04cb3c5a26a 710caec110345fadf517292110b4d35e2a9eaffa30c2f85c5aabd2f4c6b8b85c Loading...

		Size	First Seen	Last Seen
	#1 Write - 2407a02b81aa4bfbc3891763e7e1090c	117 B	2024-05-08	2024-05-10
Pretty Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-10 23:37:41 Times Seen15 Hash 2407a02b81aa4bfbc3891763e7e1090c c2d7989c91fa6e549bedeb7beea016e8e88151ec 00382cfc4630efb222363f71f3437c8b34605294acdd80f0d8da1b9248c69e55 Loading...

	#2 Write - 72801973ba0b6a94445d572830275a58	117 B	2024-05-08	2024-05-17
Pretty Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-17 11:37:03 Times Seen37 Hash 72801973ba0b6a94445d572830275a58 d7aab80ec076bdb3a342b30ac7ad62b1daceeece 560e2547fefb37a19196d2a23610fa137597ec4ed9e4a4fac764462152d855b6 Loading...

	#3 Write - 3c433dc9740caa2ae15e4de2be1978d2	120 B	2024-05-08	2024-05-10
Pretty Observations First Seen2024-05-08 11:40:17 Last Seen2024-05-10 23:37:41 Times Seen15 Hash 3c433dc9740caa2ae15e4de2be1978d2 a67cb46fdeef1c2f73f4ac380a0624eeebbe0f0a bcb41d6150f7b7d533b58bf52f7bb341d1828566e370ecd4dbc8cb65963db489 Loading...

	#4 Write - 811a7da70e54c8c50a76774257dad93a	138 B	2024-03-16	2024-05-20
Pretty Observations First Seen2024-03-16 20:44:50 Last Seen2024-05-20 16:42:59 Times Seen211 Hash 811a7da70e54c8c50a76774257dad93a cece740ca0320764b2f43cb2df97d1c54ea55974 2b51ee1a7ee63d01e92e50a183e8c8473a4d2549c28010ff65a1e086903ecf1d Loading...

HTTP Transactions (47)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js

104.17.25.14

200 OK

22 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65241)
Size
22 kB (22329 bytes)
Hash
1276065911521c5c22037a31365d179d
d1c6704e94efe2d465fc161b6381e127d35acd81
bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:18 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 837465
expires: Wed, 30 Apr 2025 09:13:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2Bc4ICbnFcENJWfuy1%2FBJUxomWT96wfgtP4tJ56eMIomNTxcSDXQpCgqqOh%2FEiuomNyOpjqbUZvDHdaPmQBlH9%2B6hZcqI4vFqLJQiQ1ycprYqQs3zV5QZOmfW9%2FoodFel3d0%2FJ6%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8818cffff90e5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js

104.17.25.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
96201abb62283557a9d7b97b4cab14ab
a72f33d920d0ab863df4cb60edf44ec140304cdb
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

HTTP Headers

GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:18 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 834193
expires: Wed, 30 Apr 2025 09:13:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8rLiglS4Qu0xUnomfvlAIar3Qdym7q9VTUiyC1Kg69893uX2WDkJ9%2BOyttWgvin2gc8uY1C4kB8u0rGnpCNFO7Y1FenB7tTGfhUA9RRuHmgXLHzvS6Kt8j6WAHLpDTK7oZAzvZfI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8818d00019545699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif

142.250.74.161

200 OK

362 B

URL GET HTTP/2
3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
GIF image data, version 89a, 52 x 15
Size
362 B (362 bytes)
Hash
fd2c05a8c327ace309722b0a5fc4faf3
f446e97c43f8830be9f60644563dd846abe6b8e8
0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4

HTTP Headers

GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Fri, 10 May 2024 05:50:41 GMT
expires: Sat, 11 May 2024 05:50:41 GMT
cache-control: public, max-age=86400, no-transform
age: 12157
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a

172.67.214.128

200 OK

12 kB

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a
IP
172.67.214.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
JavaScript source, ASCII text, with very long lines (31464), with no line terminators
Size
12 kB (11993 bytes)
Hash
93a1fc02f406470560f6b2349da52899
1bbb058d9fc0efced18ebf485eb9be67964ac239
bf8a18e4767043df2c3d060ef6b090c8ce9785af9eaf92e7fae1135d48393e09

HTTP Headers

GET /get/site/js/d0b1e71bd1922518d7cf826d604fe57a HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:18 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=aa406ksf219uu5kluqqvql32a9; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2BXxe6fNCxj4TFsk1re94D1dW%2Bk7xRIgaUc6sWrATRd1%2BOiVuclUeblUTMo1p7PlIK%2FQ5JmULtO15LK92soJX9kiiTS%2FQU5a%2Bl3NyutJS1BfmyAAXEUCiPVcT6MlMFzaBRHP2GvKvnQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8818d0003bd60b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c1ae368dfcd18c3fe0a38f18783ecfe1
591b78d8c937af6063def58fa5d376d07e7d005e
58ceb2cb03a41de3ae12171e7359276ed8fcbc1881b071c2783b782667cf124b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 09:13:19 GMT
Last-Modified: Fri, 10 May 2024 07:33:36 GMT
Server: ECAcc (ska/F7A2)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uKlnBpt7Vcw3UhB2lSvI4-IzrGXTNmEvWnpo3apGJS38e3v_hRdW_A==
Age: 5983

www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js

172.240.127.234

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31289), with no line terminators
Size
12 kB (11840 bytes)
Hash
b7093a569b3476cf3592c220f39840a0
09ab581ab624c4f68b21615602cfcfc9b46d0014
f2b8ecd58c02cd2cbc5857ca858355a6cd64873f42ed4d70e84865a07ca4eba7

HTTP Headers

GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ea4fde22c3aa52d6bcdb1848f633d86e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b8982a042801ede7c9ca8610c2e2c7fa
28a232da6795766eeb645a745d6c76ed35e2ebed
93ca902acd62fe75ee42fa95b1369dc355c62ea638d6b577f5723c8c970465dd

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://fredericweigleek96k804b.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; expires=Mon, 08 May 2034 09:13:19 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b8982a042801ede7c9ca8610c2e2c7fa
28a232da6795766eeb645a745d6c76ed35e2ebed
93ca902acd62fe75ee42fa95b1369dc355c62ea638d6b577f5723c8c970465dd

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Cookie: uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://fredericweigleek96k804b.pages.dev
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

plumbsplash.com/watch.1569985917092.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1

172.240.108.84

307 Temporary Redirect

0 B

URL GET HTTP/1.1
plumbsplash.com/watch.1569985917092.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectplumbsplash.com
Fingerprint31:57:FD:75:0E:38:BD:2B:6D:D0:09:A1:00:6E:3C:68:D7:74:43:AF
ValidityMon, 06 May 2024 12:46:30 GMT - Sun, 04 Aug 2024 12:46:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1569985917092.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1 HTTP/1.1
Host: plumbsplash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Origin: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Credentials: true
Location: https://plumbsplash.com/watch.1569985917092.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=f3031a94e75dab71fb961e913c75cace44b8969962d095061941bfbc235a8df058dfd2e48c1436daec55f7d968789998648f92d99a479df496d0400852e0edc8f9786517c06b91cc32f6eeb3b97369609f5fe4a8143796bd80e002adbc1a95&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZnJlZGVyaWN3ZWlnbGVlazk2azgwNGIucGFnZXMuZGV2LyIsImFyIjpbXX19.jRNxNXoJHQPGA5YXCcxO59Jm7Ipd9DL2eXywLYUAVtk; expires=Fri, 10 May 2024 09:14:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ff1a846bb60a4a843c2e037c3b6fee6
Strict-Transport-Security: max-age=0; includeSubdomains

demolishforbidhonorable.com/watch.1553448958813.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET HTTP/1.1
demolishforbidhonorable.com/watch.1553448958813.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectdemolishforbidhonorable.com
Fingerprint10:F1:F8:18:53:E4:10:D7:B9:8F:B1:BC:81:D2:DA:5F:5D:AB:D8:9F
ValidityMon, 06 May 2024 08:09:35 GMT - Sun, 04 Aug 2024 08:09:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1553448958813.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1 HTTP/1.1
Host: demolishforbidhonorable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 10 May 2024 09:13:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Origin: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Credentials: true
Location: https://demolishforbidhonorable.com/watch.1553448958813.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=26d078a037aed6ee1b12f0b83c623955a6d581ea63bcd466dd6b33449703b12879d2313e1e16ec06358b15d74f6e90debebba8e2c84346fe6d0742ba3ddea5a25964043f5a4b7fe073efedafaa7fcfa4a6d00bd89c037ea76b57018c28586f&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
Set-Cookie: u_pl=23149106; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZnJlZGVyaWN3ZWlnbGVlazk2azgwNGIucGFnZXMuZGV2LyIsImFyIjpbXX19.9wULWM_klG7UT1OLEiho9s6IUQHB_1CLwjeHUMhV8a0; expires=Fri, 10 May 2024 09:14:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 599ff612d356d6cc70006e4ede16b5ac
Strict-Transport-Security: max-age=0; includeSubdomains

pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js

192.243.61.225

200 OK

16 kB

URL GET HTTP/1.1
pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecthighcpmgate.com
FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E
ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT

File type
JavaScript source, ASCII text, with very long lines (44057), with no line terminators
Size
16 kB (15817 bytes)
Hash
96f52b423e273714e6be7bce0b5de06c
8a1eb53aaf8b02ae2206ed1b50b059cdca5d40e0
2206605da6777300a9f72abe1aae2a5a608f5e072b7de3a2f69fda73cb9947f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /36/35/24/36352469ba20ff8ade54795907dd51e5.js HTTP/1.1
Host: pl23249615.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 905860fbf571015372245b133000d285
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

plumbsplash.com/watch.1569985917092.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=f3031a94e75dab71fb961e913c75cace44b8969962d095061941bfbc235a8df058dfd2e48c1436daec55f7d968789998648f92d99a479df496d0400852e0edc8f9786517c06b91cc32f6eeb3b97369609f5fe4a8143796bd80e002adbc1a95&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1

172.240.108.84

200 OK

2.1 kB

URL GET HTTP/1.1
plumbsplash.com/watch.1569985917092.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=f3031a94e75dab71fb961e913c75cace44b8969962d095061941bfbc235a8df058dfd2e48c1436daec55f7d968789998648f92d99a479df496d0400852e0edc8f9786517c06b91cc32f6eeb3b97369609f5fe4a8143796bd80e002adbc1a95&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectplumbsplash.com
Fingerprint31:57:FD:75:0E:38:BD:2B:6D:D0:09:A1:00:6E:3C:68:D7:74:43:AF
ValidityMon, 06 May 2024 12:46:30 GMT - Sun, 04 Aug 2024 12:46:29 GMT

File type
JavaScript source, ASCII text, with very long lines (2629)
Size
2.1 kB (2093 bytes)
Hash
2e93bb73d7e557f5bbf5c96ae18f018b
a4ff5ac457b1b745d22a6f5039273a7745263742
319d8e25c27fc6956c62de1fc1a091077eeee1fe2cc4d915226c31a4d6f9dee5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1569985917092.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=f3031a94e75dab71fb961e913c75cace44b8969962d095061941bfbc235a8df058dfd2e48c1436daec55f7d968789998648f92d99a479df496d0400852e0edc8f9786517c06b91cc32f6eeb3b97369609f5fe4a8143796bd80e002adbc1a95&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1 HTTP/1.1
Host: plumbsplash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fredericweigleek96k804b.pages.dev
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZnJlZGVyaWN3ZWlnbGVlazk2azgwNGIucGFnZXMuZGV2LyIsImFyIjpbXX19.jRNxNXoJHQPGA5YXCcxO59Jm7Ipd9DL2eXywLYUAVtk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Origin: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; expires=Fri, 17 May 2024 09:13:20 GMT; secure; SameSite=None
iprc9eaef83b845a2ad00135dd4d2dd727d7=3569806; expires=Fri, 10 May 2024 13:13:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 27eb0310d3cd77d18ec9b2dfd7b91ca1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

demolishforbidhonorable.com/watch.1553448958813.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=26d078a037aed6ee1b12f0b83c623955a6d581ea63bcd466dd6b33449703b12879d2313e1e16ec06358b15d74f6e90debebba8e2c84346fe6d0742ba3ddea5a25964043f5a4b7fe073efedafaa7fcfa4a6d00bd89c037ea76b57018c28586f&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1

192.243.59.20

200 OK

2.0 kB

URL GET HTTP/1.1
demolishforbidhonorable.com/watch.1553448958813.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=26d078a037aed6ee1b12f0b83c623955a6d581ea63bcd466dd6b33449703b12879d2313e1e16ec06358b15d74f6e90debebba8e2c84346fe6d0742ba3ddea5a25964043f5a4b7fe073efedafaa7fcfa4a6d00bd89c037ea76b57018c28586f&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectdemolishforbidhonorable.com
Fingerprint10:F1:F8:18:53:E4:10:D7:B9:8F:B1:BC:81:D2:DA:5F:5D:AB:D8:9F
ValidityMon, 06 May 2024 08:09:35 GMT - Sun, 04 Aug 2024 08:09:34 GMT

File type
JavaScript source, ASCII text, with very long lines (2449)
Size
2.0 kB (1983 bytes)
Hash
ad62c65223f413860e98b6e8542c5c3a
a4afbc295238a08a19e0f0e1e5ebf690ef7977ad
bed07fd377d2a80b444a8cdf2c41c04bb276af1bac98304118f20366c42c08a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1553448958813.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=26d078a037aed6ee1b12f0b83c623955a6d581ea63bcd466dd6b33449703b12879d2313e1e16ec06358b15d74f6e90debebba8e2c84346fe6d0742ba3ddea5a25964043f5a4b7fe073efedafaa7fcfa4a6d00bd89c037ea76b57018c28586f&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1 HTTP/1.1
Host: demolishforbidhonorable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fredericweigleek96k804b.pages.dev
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149106; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZnJlZGVyaWN3ZWlnbGVlazk2azgwNGIucGFnZXMuZGV2LyIsImFyIjpbXX19.9wULWM_klG7UT1OLEiho9s6IUQHB_1CLwjeHUMhV8a0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 09:13:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Origin: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; expires=Fri, 17 May 2024 09:13:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f191c199bec0255224ba37fde009421e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js

172.240.127.234

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31301), with no line terminators
Size
12 kB (11846 bytes)
Hash
8464f12faf2b2ed8b1b144a688600ba2
a9836890e289aa625bb76687cd8ceb512d6bc99e
620783c4130ace85aacc619a665ee76a497ed9f0f2555117f7b2a0c52fcd7cbe

HTTP Headers

GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2c99ac2b16e91b1eceb1eca7f813bd30
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png

45.133.44.9

200 OK

56 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced
Size
56 kB (56505 bytes)
Hash
231d615f0b920b0f0c8758342141193b
ca68f0f6e4c9124bbe61c49d789d0447076b0332
3e24999c26c1c68485e879756ea30639ccee4d7f30f1e2c0e5190818cbab8996

HTTP Headers

GET /cti/27/cf/a9/27cfa94bc21f8231e12ae94f4cebe367/1627917273.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:20 GMT
content-type: image/png
content-length: 56505
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:14:41 GMT
etag: "61080be1-dcb9"
expires: Sun, 12 May 2024 09:13:20 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.9

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:20 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 12 May 2024 09:13:20 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

tse1.mm.bing.net/th?q=

204.79.197.200

404 Not Found

727 B

URL GET HTTP/2
tse1.mm.bing.net/th?q=
IP
204.79.197.200:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58
ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3
Size
727 B (727 bytes)
Hash
5116706c119475f5ae2fc135c3358037
7e5bdf3585153e317ebef05a9b8241d311e44cb3
7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c

HTTP Headers

GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1BAD2CF0F75B49E2A37CA491BEAB0C79 Ref B: OSL30EDGE0219 Ref C: 2024-05-10T09:13:20Z
date: Fri, 10 May 2024 09:13:20 GMT
X-Firefox-Spdy: h2

meetingrailroad.com/watch.439650075596.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1

192.243.59.13

307 Temporary Redirect

0 B

URL GET HTTP/1.1
meetingrailroad.com/watch.439650075596.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmeetingrailroad.com
Fingerprint66:48:5A:DA:2B:E7:D3:AA:79:74:AF:54:74:2F:DE:61:4A:54:1C:E1
ValidityMon, 06 May 2024 08:08:51 GMT - Sun, 04 Aug 2024 08:08:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.439650075596.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1 HTTP/1.1
Host: meetingrailroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 10 May 2024 09:13:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Origin: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Credentials: true
Location: https://meetingrailroad.com/watch.439650075596.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=322408f81dcfc633b7d839b9955cd588e431a2c5f3b779febd0ec8208231efcc1d0d0aa85542c03f0bc1b098e2332c3d6ef684a0c9797699a7c625eb90a8eb95d922c1cb8b8ee61703c3d3a2afa43a377066bf&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 09:13:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZnJlZGVyaWN3ZWlnbGVlazk2azgwNGIucGFnZXMuZGV2LyIsImFyIjpbXX19.jRNxNXoJHQPGA5YXCcxO59Jm7Ipd9DL2eXywLYUAVtk; expires=Fri, 10 May 2024 09:14:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6b88ab55a53e1fea67039559ae0e568d
Strict-Transport-Security: max-age=0; includeSubdomains

meetingrailroad.com/watch.439650075596.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=322408f81dcfc633b7d839b9955cd588e431a2c5f3b779febd0ec8208231efcc1d0d0aa85542c03f0bc1b098e2332c3d6ef684a0c9797699a7c625eb90a8eb95d922c1cb8b8ee61703c3d3a2afa43a377066bf&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1

192.243.59.13

200 OK

2.0 kB

URL GET HTTP/1.1
meetingrailroad.com/watch.439650075596.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=322408f81dcfc633b7d839b9955cd588e431a2c5f3b779febd0ec8208231efcc1d0d0aa85542c03f0bc1b098e2332c3d6ef684a0c9797699a7c625eb90a8eb95d922c1cb8b8ee61703c3d3a2afa43a377066bf&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectmeetingrailroad.com
Fingerprint66:48:5A:DA:2B:E7:D3:AA:79:74:AF:54:74:2F:DE:61:4A:54:1C:E1
ValidityMon, 06 May 2024 08:08:51 GMT - Sun, 04 Aug 2024 08:08:50 GMT

File type
JavaScript source, ASCII text, with very long lines (2411)
Size
2.0 kB (1954 bytes)
Hash
00a730f685773030a8038ed71d0e8628
e880fa31cb3e427a4ee23dee7f6f6716f0e6c9ad
2f4794d4c60c4761f0f63706beb7cd35ce743d6b0948bdbd2c06fde0d391a4d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.439650075596.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715332460&refer=https%3A%2F%2Ffredericweigleek96k804b.pages.dev%2F&res=14.2071&rmtc=t&shu=322408f81dcfc633b7d839b9955cd588e431a2c5f3b779febd0ec8208231efcc1d0d0aa85542c03f0bc1b098e2332c3d6ef684a0c9797699a7c625eb90a8eb95d922c1cb8b8ee61703c3d3a2afa43a377066bf&tz=0&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1 HTTP/1.1
Host: meetingrailroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fredericweigleek96k804b.pages.dev
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZnJlZGVyaWN3ZWlnbGVlazk2azgwNGIucGFnZXMuZGV2LyIsImFyIjpbXX19.jRNxNXoJHQPGA5YXCcxO59Jm7Ipd9DL2eXywLYUAVtk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 09:13:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Origin: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; expires=Fri, 17 May 2024 09:13:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ee3e9b8f339786d3fe85e404a2806a0b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png

45.133.44.9

200 OK

136 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced
Size
136 kB (136090 bytes)
Hash
11675ef6f5c8559ec0ade47755155665
20df6be038de603b97f849e07460cd0600b34867
4d361374b3e2e4f8de896a1f1014d500ed0802bf028d2c7bbd606f9e87ba88a4

HTTP Headers

GET /cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:21 GMT
content-type: image/png
content-length: 136090
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:51:59 GMT
etag: "6108068f-2139a"
expires: Sun, 12 May 2024 09:13:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=5f216b41-b208-4043-8004-954e5a3ef661&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5f216b41-b208-4043-8004-954e5a3ef661&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5f216b41-b208-4043-8004-954e5a3ef661&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 09:13:21 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c050f7598f7f028a1dfd72611f2bfe86
Strict-Transport-Security: max-age=0; includeSubdomains

wansafeguard.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1

172.240.127.234

200 OK

7.1 kB

URL GET HTTP/1.1
wansafeguard.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type
JSON text data
Size
7.1 kB (7125 bytes)
Hash
1cb838899981b7703ff71a034402346c
94b428623682f02289b4d463056457350c84c7df
2db0a7614e119eaa7f86592d7515005bc9a900522d823178e71724c020380877

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=5f216b41-b208-4043-8004-954e5a3ef661%3A2%3A1 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:21 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Origin: https://fredericweigleek96k804b.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=23149116; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; expires=Fri, 17 May 2024 09:13:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 11 May 2024 09:13:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3217331338bbe7743183e62b6880a5a0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

wansafeguard.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1NEJS9rQtz8LCCmXT39PTMZJXFGCPBuImbFb1JdVf1pJzqrqaqe3qSi8EF2ePgL%2Bh8k2xwXWT3KrhIZ8FDQNjxlIO5iH9ghT3LjIOj71Dvvfq%2Bgq%2B%2B9745yi%2BJi5xerH%2BsDoSUdKXVsOs3Pnecm%2FUtkeTD%2BrDjf%2BF7N%2Bt6sNr1G%2FZb9Q952Fcrru3YtmM79Q2heaSGK1MQIn3UdRpdu%2BG5DaflYaj%2F35vcgqEW2OCSvA7BJkvPrKsQYYUkfrzOTT9T6dsfxLmkmdIYsNNPk36iigTxooy0hSg5nbOhzPONp1DJyUwu1OBfYiAmxPrlKYLkdC4SweB4pjOQ4AkC9gqKQQUuKwhaIVT3INhzAoQMt7eRxA9uK13Q%2FX9QOkUnZOnlXxDFhCz9fhVJ%2FMOaFMP6rpJ5JlRiMIxKiGEF0auQ5mfIDmoQxRnC7GsI9itZebmFJD7eNlJBsIs3W5Hr%2BIHnLAeu3Vn2bK%2B53LFtb7nb8niLNnnk%2B87MICEqiKiC5CNQU0NuLOTCQh5ZyFMLMbuoh47jtG0WUrvTDcMma%2FPAZ7ZD25FDHdvvIA%2BnfxghS0cI5QihPkSqD9EXI%2Bj8Z5i9EoYtwWQTYn3yFQasRMEJCkNQUIJCEBQZQTEoT5g0rikfMGnywJlnd56b5VhlvSN6orIeTwioHkGz8ii9JK9NTbTo6jvo84t602%2B2XM%2FvBtS1o6hDGW957W6ra7cZazm8BSNKCFMDNRYOxISs7pZIxYS8cf0FAnoGI88Qiiug%2BXXQogTdK3GQPEyo6CvZCFUMpkqk2RKyfetIXpJrsyFubj8BD89v%2FdGcBUJdItUlvhTPCHry%2FviOKsjxHVUY8mQ7zUQsDuh0wLsZzfiVhx%2Fx%2FUJptrluRt%2B9F06BafnoLjfZFk2YSHqGfL8mGON6Q%2BmQk582zWc82MnN3lqukzzd2nl%2FYzNONTdGqKQCne7qC41QTMir1%2B7OdvfGjzsQuoLOS8T5OZkHhKoQpocw6UK%2FUQRaLjhBaqHIy7F2g8WlFASSL3oalDD%2F6YNFPdZ0%2BpqK8sjcR0%2FXQLN7SOISA11iIEtQOYLJr4yzVJ%2Ff%2Bm0uI5C1cSB17TiQWn47s3l6PIYRF%2FV2s2lTv9ty2m3K24HndiLfYZS6nu%2F6Pm0iM5Po3T%2BdvwEAAP%2F%2FAQAA%2F%2F%2BQWzgllQQAAA%3D%3D

172.240.127.234

200 OK

7 B

URL GET HTTP/1.1
wansafeguard.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1NEJS9rQtz8LCCmXT39PTMZJXFGCPBuImbFb1JdVf1pJzqrqaqe3qSi8EF2ePgL%2Bh8k2xwXWT3KrhIZ8FDQNjxlIO5iH9ghT3LjIOj71Dvvfq%2Bgq%2B%2B9745yi%2BJi5xerH%2BsDoSUdKXVsOs3Pnecm%2FUtkeTD%2BrDjf%2BF7N%2Bt6sNr1G%2FZb9Q952Fcrru3YtmM79Q2heaSGK1MQIn3UdRpdu%2BG5DaflYaj%2F35vcgqEW2OCSvA7BJkvPrKsQYYUkfrzOTT9T6dsfxLmkmdIYsNNPk36iigTxooy0hSg5nbOhzPONp1DJyUwu1OBfYiAmxPrlKYLkdC4SweB4pjOQ4AkC9gqKQQUuKwhaIVT3INhzAoQMt7eRxA9uK13Q%2FX9QOkUnZOnlXxDFhCz9fhVJ%2FMOaFMP6rpJ5JlRiMIxKiGEF0auQ5mfIDmoQxRnC7GsI9itZebmFJD7eNlJBsIs3W5Hr%2BIHnLAeu3Vn2bK%2B53LFtb7nb8niLNnnk%2B87MICEqiKiC5CNQU0NuLOTCQh5ZyFMLMbuoh47jtG0WUrvTDcMma%2FPAZ7ZD25FDHdvvIA%2BnfxghS0cI5QihPkSqD9EXI%2Bj8Z5i9EoYtwWQTYn3yFQasRMEJCkNQUIJCEBQZQTEoT5g0rikfMGnywJlnd56b5VhlvSN6orIeTwioHkGz8ii9JK9NTbTo6jvo84t602%2B2XM%2FvBtS1o6hDGW957W6ra7cZazm8BSNKCFMDNRYOxISs7pZIxYS8cf0FAnoGI88Qiiug%2BXXQogTdK3GQPEyo6CvZCFUMpkqk2RKyfetIXpJrsyFubj8BD89v%2FdGcBUJdItUlvhTPCHry%2FviOKsjxHVUY8mQ7zUQsDuh0wLsZzfiVhx%2Fx%2FUJptrluRt%2B9F06BafnoLjfZFk2YSHqGfL8mGON6Q%2BmQk582zWc82MnN3lqukzzd2nl%2FYzNONTdGqKQCne7qC41QTMir1%2B7OdvfGjzsQuoLOS8T5OZkHhKoQpocw6UK%2FUQRaLjhBaqHIy7F2g8WlFASSL3oalDD%2F6YNFPdZ0%2BpqK8sjcR0%2FXQLN7SOISA11iIEtQOYLJr4yzVJ%2Ff%2Bm0uI5C1cSB17TiQWn47s3l6PIYRF%2FV2s2lTv9ty2m3K24HndiLfYZS6nu%2F6Pm0iM5Po3T%2BdvwEAAP%2F%2FAQAA%2F%2F%2BQWzgllQQAAA%3D%3D
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuns1NEJS9rQtz8LCCmXT39PTMZJXFGCPBuImbFb1JdVf1pJzqrqaqe3qSi8EF2ePgL%2Bh8k2xwXWT3KrhIZ8FDQNjxlIO5iH9ghT3LjIOj71Dvvfq%2Bgq%2B%2B9745yi%2BJi5xerH%2BsDoSUdKXVsOs3Pnecm%2FUtkeTD%2BrDjf%2BF7N%2Bt6sNr1G%2FZb9Q952Fcrru3YtmM79Q2heaSGK1MQIn3UdRpdu%2BG5DaflYaj%2F35vcgqEW2OCSvA7BJkvPrKsQYYUkfrzOTT9T6dsfxLmkmdIYsNNPk36iigTxooy0hSg5nbOhzPONp1DJyUwu1OBfYiAmxPrlKYLkdC4SweB4pjOQ4AkC9gqKQQUuKwhaIVT3INhzAoQMt7eRxA9uK13Q%2FX9QOkUnZOnlXxDFhCz9fhVJ%2FMOaFMP6rpJ5JlRiMIxKiGEF0auQ5mfIDmoQxRnC7GsI9itZebmFJD7eNlJBsIs3W5Hr%2BIHnLAeu3Vn2bK%2B53LFtb7nb8niLNnnk%2B87MICEqiKiC5CNQU0NuLOTCQh5ZyFMLMbuoh47jtG0WUrvTDcMma%2FPAZ7ZD25FDHdvvIA%2BnfxghS0cI5QihPkSqD9EXI%2Bj8Z5i9EoYtwWQTYn3yFQasRMEJCkNQUIJCEBQZQTEoT5g0rikfMGnywJlnd56b5VhlvSN6orIeTwioHkGz8ii9JK9NTbTo6jvo84t602%2B2XM%2FvBtS1o6hDGW957W6ra7cZazm8BSNKCFMDNRYOxISs7pZIxYS8cf0FAnoGI88Qiiug%2BXXQogTdK3GQPEyo6CvZCFUMpkqk2RKyfetIXpJrsyFubj8BD89v%2FdGcBUJdItUlvhTPCHry%2FviOKsjxHVUY8mQ7zUQsDuh0wLsZzfiVhx%2Fx%2FUJptrluRt%2B9F06BafnoLjfZFk2YSHqGfL8mGON6Q%2BmQk582zWc82MnN3lqukzzd2nl%2FYzNONTdGqKQCne7qC41QTMir1%2B7OdvfGjzsQuoLOS8T5OZkHhKoQpocw6UK%2FUQRaLjhBaqHIy7F2g8WlFASSL3oalDD%2F6YNFPdZ0%2BpqK8sjcR0%2FXQLN7SOISA11iIEtQOYLJr4yzVJ%2Ff%2Bm0uI5C1cSB17TiQWn47s3l6PIYRF%2FV2s2lTv9ty2m3K24HndiLfYZS6nu%2F6Pm0iM5Po3T%2BdvwEAAP%2F%2FAQAA%2F%2F%2BQWzgllQQAAA%3D%3D HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:21 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d961265ebc8f0c1d7fe2f9ee3351f466
Strict-Transport-Security: max-age=0; includeSubdomains

shayscholz.blogspot.com/favicon.ico

216.58.207.193

412 B

URL GET
shayscholz.blogspot.com/favicon.ico
IP
216.58.207.193:0
ASN
#15169 GOOGLE

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
expires: Fri, 10 May 2024 09:13:21 GMT
date: Fri, 10 May 2024 09:13:21 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.4

200 OK

440 B

URL GET HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint08:55:F0:C8:EA:24:54:0D:3C:B9:2C:95:3E:DC:BF:FB:A8:76:BA:BC
ValidityThu, 09 May 2024 03:01:15 GMT - Wed, 07 Aug 2024 03:01:14 GMT

File type
HTML document, ASCII text
Size
440 B (440 bytes)
Hash
f6990569c7ffeac1f4a3f6d9eee5da44
e7d5e37acf89a8faee252c36fc2c9d6615501d76
cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:21 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 10 May 2024 10:13:21 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

188.114.96.1

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:21 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 838537
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rfx0zEuMEzkr8aVru3sIUcX4wFfbKmRtrgJjf18m04ip0Y0vxsiF5yeRVseY%2FupVAsWaCE5hBd8Eu3eNd%2FHXaLCkANLfn0uYc5hajjzv3%2FPUhILapD5gUfv3QmXdnnSK5dcAjWbzBgm8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818d017cfb356a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png

45.133.44.9

200 OK

16 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
16 kB (16093 bytes)
Hash
14cf262fabfd850855c42847d14fe775
2fafa28f167f018a0fb1f261f47380c8810803c9
972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af

HTTP Headers

GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:21 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sun, 12 May 2024 09:13:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js

188.114.96.1

200 OK

31 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32025)
Size
31 kB (31083 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:21 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 834405
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BI48ATJA5%2Fltkyvk8M0RklgWgIV1RzpgUBgglS1pSFqVLMpcKWcS7hNzvL434Ac4NuEOMmmpl9PsGnJmf%2B1WAexM1A4Zt5OnvB0MnvTX6nYQeejfE0z8Lwg01Dx%2BZN8kpeTrZM2zukkA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818d017cfb956a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

216.58.207.234

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1188 bytes)
Hash
5cca726950e0c66f634b48e166f782fc
e6948d2eedc12638467b3e360a63013b1e2885ce
5f739683fe5561387b44da292f720e38ce0ee668fbc06144794ed2f1362984ae

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 09:13:21 GMT
date: Fri, 10 May 2024 09:13:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css

188.114.96.1

200 OK

4.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
4.9 kB (4858 bytes)
Hash
3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:22 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKNr5PMKGiyy3nHZlOAt2h9ychRmP1Z3g%2FAa8QPmRL2oMpy5axMIdRhd%2B79ENDXjIIQ7czdMYiUsAPP5XLi%2BqEkY8pMeOuQPycAqluIs9YATv3HylD3xtA3WH863K0uhVsw6H5d19BcN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818d0177f4a56a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=381

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=381
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=381 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=339

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=339
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=339 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wansafeguard.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxNEJTcYmAOHiK4s90z3fMjUYIxriyu2ZhE9Cb1qyflVHc1Vd3Tk70YDEiOg39B7ze7WYxBkqtgkNmAhwUh42kP7kX8ByLkLDMOjr5Dvffq%2Bwq%2B%2Bt77Zq84JU0U9OTqx2ZXaU03ooZfv%2FB5EFyqb6u0GNVH3fYX7fBS3Q4v9toN%2F636h5IPzEbTD3w%2F8IP6prIyNqONOQiVPeoFjZ7fCJuNIAoxsv%2FvXeHBUQ9ieEpehxKztWfeWSg%2BRZo8virdIDfZ2x8khaa5sRiKw0%2FTQWrKFMmqjK2HOD1csmHc882nMOnBQi7M8F8iUzPi%2FfIULD1cigQb7i90Mg2ZgolXUA6nkHoKRafg5h6UeE4ALnBtB2ny4JqxJb3zD0rn6IysvfwLqpyRtd%2FPIk1%2BuKLVqH7T6CJXJnUYxRXUaArVnyIrjpDv1qDKI%2FD8ayjxK9l4uY002d9x2kCJkzejuBm0WRiss6bfXQ%2F9sLXe9f1wvReFMqItGbfbwcIgpaZQ8RRajkFdDYXzUCgPReyhyDwk4qTOgyDo%2BIJTv9vjvCU6krWFH9BOHNDAb3dR8PkfxsizMbgeg9u7yOxdDNQYtvgZ7nYFJ9bg8hnxPvkKQ1GhlASlIygpQakIypygHFYHQrumqx4I7QoWLHNzmVvVxOT9PXpg8r5MCagdw4pqLzslr81N9OjFdzCQJ%2FVWuxU1w3aP0aYfx10qZBR2elHP7wgRBTKCUxWUq4E6D7tqRi7erJCpGXnj%2FAswegSnj8DVGdDiPGhZgd6usJs%2BTKkaGN3gJoEwFbJ8Dfkdb0%2BfknOLIW7tPIHkx5f%2FaC0C3FbIbIUv1TOCvr4%2FuWFKsn%2FDlI482clylahdOh%2FwzZzm8szDj%2BSd0lixddWNv3uPz4F5%2BeiWdPk2TYVK%2B458f0UJIe2msVySn7bcZ5JdL9ztK4VNi2z7%2BvubW0lmpXPKpFPQ%2Ba6%2BsOBqRl49d2uxuxd%2BvA5lp7BFhaQ4JsuAMlPw7C5cttLvDIHVKw7LPJRFNbFNtrrUikDLVU9ZBfefnq3qiaXz11RVe%2B4%2B%2BrYGmt9DmlQY2gpDXYHqMVxxZpJn9vjyb0sZTNcmTNvaPtNWf7uweX48hlMn9ZYvOkzGssNkGIWx5IJFEfN5zFlLdLscuZvF7%2F4Z%2FA0AAP%2F%2FAQAA%2F%2F8Qj%2B3NlQQAAA%3D%3D

172.240.127.234

200 OK

7 B

URL GET HTTP/1.1
wansafeguard.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxNEJTcYmAOHiK4s90z3fMjUYIxriyu2ZhE9Cb1qyflVHc1Vd3Tk70YDEiOg39B7ze7WYxBkqtgkNmAhwUh42kP7kX8ByLkLDMOjr5Dvffq%2Bwq%2B%2Bt77Zq84JU0U9OTqx2ZXaU03ooZfv%2FB5EFyqb6u0GNVH3fYX7fBS3Q4v9toN%2F636h5IPzEbTD3w%2F8IP6prIyNqONOQiVPeoFjZ7fCJuNIAoxsv%2FvXeHBUQ9ieEpehxKztWfeWSg%2BRZo8virdIDfZ2x8khaa5sRiKw0%2FTQWrKFMmqjK2HOD1csmHc882nMOnBQi7M8F8iUzPi%2FfIULD1cigQb7i90Mg2ZgolXUA6nkHoKRafg5h6UeE4ALnBtB2ny4JqxJb3zD0rn6IysvfwLqpyRtd%2FPIk1%2BuKLVqH7T6CJXJnUYxRXUaArVnyIrjpDv1qDKI%2FD8ayjxK9l4uY002d9x2kCJkzejuBm0WRiss6bfXQ%2F9sLXe9f1wvReFMqItGbfbwcIgpaZQ8RRajkFdDYXzUCgPReyhyDwk4qTOgyDo%2BIJTv9vjvCU6krWFH9BOHNDAb3dR8PkfxsizMbgeg9u7yOxdDNQYtvgZ7nYFJ9bg8hnxPvkKQ1GhlASlIygpQakIypygHFYHQrumqx4I7QoWLHNzmVvVxOT9PXpg8r5MCagdw4pqLzslr81N9OjFdzCQJ%2FVWuxU1w3aP0aYfx10qZBR2elHP7wgRBTKCUxWUq4E6D7tqRi7erJCpGXnj%2FAswegSnj8DVGdDiPGhZgd6usJs%2BTKkaGN3gJoEwFbJ8Dfkdb0%2BfknOLIW7tPIHkx5f%2FaC0C3FbIbIUv1TOCvr4%2FuWFKsn%2FDlI482clylahdOh%2FwzZzm8szDj%2BSd0lixddWNv3uPz4F5%2BeiWdPk2TYVK%2B458f0UJIe2msVySn7bcZ5JdL9ztK4VNi2z7%2BvubW0lmpXPKpFPQ%2Ba6%2BsOBqRl49d2uxuxd%2BvA5lp7BFhaQ4JsuAMlPw7C5cttLvDIHVKw7LPJRFNbFNtrrUikDLVU9ZBfefnq3qiaXz11RVe%2B4%2B%2BrYGmt9DmlQY2gpDXYHqMVxxZpJn9vjyb0sZTNcmTNvaPtNWf7uweX48hlMn9ZYvOkzGssNkGIWx5IJFEfN5zFlLdLscuZvF7%2F4Z%2FA0AAP%2F%2FAQAA%2F%2F8Qj%2B3NlQQAAA%3D%3D
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSunuxNEJTcYmAOHiK4s90z3fMjUYIxriyu2ZhE9Cb1qyflVHc1Vd3Tk70YDEiOg39B7ze7WYxBkqtgkNmAhwUh42kP7kX8ByLkLDMOjr5Dvffq%2Bwq%2B%2Bt77Zq84JU0U9OTqx2ZXaU03ooZfv%2FB5EFyqb6u0GNVH3fYX7fBS3Q4v9toN%2F636h5IPzEbTD3w%2F8IP6prIyNqONOQiVPeoFjZ7fCJuNIAoxsv%2FvXeHBUQ9ieEpehxKztWfeWSg%2BRZo8virdIDfZ2x8khaa5sRiKw0%2FTQWrKFMmqjK2HOD1csmHc882nMOnBQi7M8F8iUzPi%2FfIULD1cigQb7i90Mg2ZgolXUA6nkHoKRafg5h6UeE4ALnBtB2ny4JqxJb3zD0rn6IysvfwLqpyRtd%2FPIk1%2BuKLVqH7T6CJXJnUYxRXUaArVnyIrjpDv1qDKI%2FD8ayjxK9l4uY002d9x2kCJkzejuBm0WRiss6bfXQ%2F9sLXe9f1wvReFMqItGbfbwcIgpaZQ8RRajkFdDYXzUCgPReyhyDwk4qTOgyDo%2BIJTv9vjvCU6krWFH9BOHNDAb3dR8PkfxsizMbgeg9u7yOxdDNQYtvgZ7nYFJ9bg8hnxPvkKQ1GhlASlIygpQakIypygHFYHQrumqx4I7QoWLHNzmVvVxOT9PXpg8r5MCagdw4pqLzslr81N9OjFdzCQJ%2FVWuxU1w3aP0aYfx10qZBR2elHP7wgRBTKCUxWUq4E6D7tqRi7erJCpGXnj%2FAswegSnj8DVGdDiPGhZgd6usJs%2BTKkaGN3gJoEwFbJ8Dfkdb0%2BfknOLIW7tPIHkx5f%2FaC0C3FbIbIUv1TOCvr4%2FuWFKsn%2FDlI482clylahdOh%2FwzZzm8szDj%2BSd0lixddWNv3uPz4F5%2BeiWdPk2TYVK%2B458f0UJIe2msVySn7bcZ5JdL9ztK4VNi2z7%2BvubW0lmpXPKpFPQ%2Ba6%2BsOBqRl49d2uxuxd%2BvA5lp7BFhaQ4JsuAMlPw7C5cttLvDIHVKw7LPJRFNbFNtrrUikDLVU9ZBfefnq3qiaXz11RVe%2B4%2B%2BrYGmt9DmlQY2gpDXYHqMVxxZpJn9vjyb0sZTNcmTNvaPtNWf7uweX48hlMn9ZYvOkzGssNkGIWx5IJFEfN5zFlLdLscuZvF7%2F4Z%2FA0AAP%2F%2FAQAA%2F%2F8Qj%2B3NlQQAAA%3D%3D HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:22 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5313afa27d370d21ab29bed1bb2c781d
Strict-Transport-Security: max-age=0; includeSubdomains

ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d

172.67.214.128

200 OK

693 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d
IP
172.67.214.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
gzip compressed data, from Unix
Size
693 B (693 bytes)
Hash
b6ae12ccf225b5fbccc7e5c5bb8fe7b8
9e1a488ec75c6781a6180ec7ae9c259cb01db1e8
0b94d48931d2e6bec8493c0ac47c6250ecf2c3dfb67d76c8a3f9a0db075679a1

HTTP Headers

GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:18 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=52g4psf57th5remfsv0sefrdd2; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xkq5spu9t%2FNQ4RvoXbPybgrNdY6CdTeQlOC%2F3gahtE1wyUaC%2BZWO%2FiIRKvxmaQKllXaIVw3POchHlRc6%2BTes%2F%2BrJiKUnKrSH4%2FIAth6bBqRNz6u6qiCIohmH3JFHB%2BC9PkGv35chbys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8818d0004bdd0b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wansafeguard.com/pixel/sbs?c=1

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
wansafeguard.com/pixel/sbs?c=1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:55:00 GMT
expires: Fri, 09 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
age: 112702
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 517486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=364

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=364
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=364 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

downstairsnegotiatebarren.com/sfp.js

188.114.96.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:20 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e12dd54aca67965d7696f655b8d1c1ea
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 09:13:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=goEmMhrHvjUKtPoF%2FE13Yp2AaFKUw05mA9cx4jy%2FOCJBHvV30G2kLaQ6tPeG7d9G1iHGpHVb0GFeV6MCBgP7DtWtqScJNGMDL07jTOZXWObvILfjiW9Y8lBp42bp75jgpgTurncUTLpYK258sLJSSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818d00e9be41c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=

142.250.74.14

200 OK

20 B

URL GET HTTP/2
suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=
IP
142.250.74.14:443
ASN
#15169 GOOGLE

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
a1b72ded50d7e2b047cd0d3966b148ab
8ff9743451774724c183efa801b999ecce23821a
4d9063bb918234965c25e4a0844d20c1cb01dae120c181c92f39a33b869be23f

HTTP Headers

GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:20 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-iPdaQ1yetS_M9CIht2P2Dg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fredericweigleek96k804b.pages.dev/

172.66.47.89

200 OK

17 kB

URL User Request GET HTTP/2
fredericweigleek96k804b.pages.dev/
IP
172.66.47.89:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectfredericweigleek96k804b.pages.dev
Fingerprint98:ED:3B:50:9E:68:A4:F2:EB:37:DF:B0:13:8D:B6:33:75:54:FB:13
ValidityThu, 09 May 2024 20:16:44 GMT - Wed, 07 Aug 2024 20:16:43 GMT

File type
HTML document, ASCII text, with very long lines (7816)
Size
17 kB (17424 bytes)
Hash
6d0e1e56cdd05168b57649f62bdbdc6e
afa13227a1e9cdc0b8801e033492d6b0d2ffa7ad
57c16a11117ff2756fe614502648fc10e176060af4dd83d35341f0a991bf94d4

HTTP Headers

GET / HTTP/1.1
Host: fredericweigleek96k804b.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:17 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d54a59122dadecc571c5463c143427f9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZWpjdRIYCcGjhlcRG%2FrUKs8M7qmGEdrEQ6UGfWr%2FhI4FdNict1TRabOhS9Jn3TnQMBkAHxSim5JqqrHZ7NFtTaTOHNld12geiHjheE%2Fmhnh74wDVJzCuVfJdcrmewzzouKXNheQE5QDE6XiqXQ2CS8zNpqs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818cffcdcec0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css

188.114.96.1

200 OK

3.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (3537), with no line terminators
Size
3.4 kB (3355 bytes)
Hash
b8a277e051f047a41d3229377460f0c9
596b934114e1b6e3cee15ef19925c7f2ff5607e7
9cf981fe6d59b72cb9d12e4bc958983bac07f16b8f1b40bb1c6ced0bf2d6b2d0

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:22 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7eOTf%2BgTQu1tinL9Un6Qw8%2Fv6Pykxi%2FApGCORSWmR3Sadie7g8OzXgvWJ%2BHEgitHFjONExe1Lm4VAKFnbAhe13gJehyg9WBzWuVQufaa9kNQWAwHqReXiHLbJ4EQhD3MI2QOy84r2wgq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818d0178f4c56a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js

188.114.96.1

200 OK

962 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (1015), with no line terminators
Size
962 B (962 bytes)
Hash
88523e22d10f0cbad31aa1d8276764fa
9238cd9499e01abdbeb33e68c550d26cfb6eaba5
d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
Origin: https://fredericweigleek96k804b.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:22 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PE9bLNNKx1BInnWfX2Qa8A%2FY89WR3beijV1uJMWVJKVbIbtXgXmNUfB4%2Bz5IozXtOuyR%2FRI1S1oTTMlUljlNz37R6B8MQ%2BuOHiONhazZu6UUvMRZPT%2FYwtqoLLDiFlPcjrWyCo3LL54c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8818d01858be56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e

172.67.214.128

200 OK

299 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e
IP
172.67.214.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with very long lines (329), with no line terminators
Size
299 B (299 bytes)
Hash
c6403469bffdde41cd6aeb279a2cc222
0ff14983b840abea1ec0509e57031c61a86c240b
5873b776830e51e96c3599a9944bd7606394c217c9b1fdddc55b65f564ef7b38

HTTP Headers

GET /get/site/js/cb1f929c7c7c523575650f47146f231e HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:18 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=n0c7c0b3sovacm4t9gdtaj40hq; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yc3cRgRWN06qBpJvsHuK0CtzSQH%2BWMNEnzVlNdsH%2BvjEOmiO939uM9vcxSMMBWEAFEg3HAxPx4c3baaUJYBTYbTz2a%2FmDyn%2Bt5xHKWLRBk7WJySvoMaazH7K1fWsDe7bxJZXvt5yexs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8818d0003bcf0b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js

172.240.127.234

200 OK

31 kB

URL GET HTTP/1.1
www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31325), with no line terminators
Size
31 kB (31325 bytes)
Hash
77f906b6f871519d7bb97e2a322721a4
0bea6401ee4fd0fa0f789ac6de073e6f83f78295
27a751387c8823e4519e36236c6d6c943ca758cf8d49da8c23884e5453eae5fc

HTTP Headers

GET /d64164e145fb760de2b76872de4432d8/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08e795ad221dc7f0e9288217f7c9f3c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f

172.67.214.128

200 OK

293 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f
IP
172.67.214.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with very long lines (324), with no line terminators
Size
293 B (293 bytes)
Hash
041ede74df53d2be75e709663d64255b
3572555eaf9afcff4ee5eac40161e83a74a62b8c
86312cb5b23a46990fed66e2e09eada2db2352face7d563580cbca6fd864c916

HTTP Headers

GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 09:13:18 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=6fc21mmp2dhmf2r0f80e56ievu; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fwDR2SCTI9F0uAAhPHJbhat%2BjYlAI%2BxJ9XWDUgg1i7jH2Vsf%2BfKaslSsh2AbdmYVrbH9XJ1SLwP%2FWBn6NB9vu%2FtZrNA0f35eGHnb2TVTQxlA4xilj2wosAAZCVDuDZn60fBICMJfBys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8818d0004be50b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=230

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
wansafeguard.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=230
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://fredericweigleek96k804b.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectwansafeguard.com
Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D
ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=230 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fredericweigleek96k804b.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=5f216b41-b208-4043-8004-954e5a3ef661:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 09:13:21 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by