| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js |  104.17.24.14 | 200 OK | 22 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP104.17.24.14:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65241) Hash1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 857152
expires: Wed, 30 Apr 2025 14:41:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=229ySrhvSCsRgCFMSCfOMd3fMjjX7flvyAHS%2FFiBm%2BHZp5NBpLn6%2B7Gx4i0c3O8%2Bwi4A1V9U8x5JpwsiPcxBuFemZPiMAcMuC52a35OLDzg8bSCpRdBnSIwXF%2BgmrOcoAru81NJJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881ab0a738fab4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP104.17.24.14:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7862) Hash96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 853880
expires: Wed, 30 Apr 2025 14:41:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a5KyaMe1hg7B3V2hiX0rTLyXXNWFQ%2FsrHgTCqJ7spmm9K4nS7cMKlnXQ%2BWf0QBRV4AfEKz3GHon8F%2FahQjvTr3w7bc9BOLpBx%2B73ojAnJkXF6IFKw6m6OGgY9ckY2btT%2FivySWiM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881ab0a7490bb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif |  142.250.74.161 | 200 OK | 362 B |
URL GET HTTP/23.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif IP142.250.74.161:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeGIF image data, version 89a, 52 x 15 Hashfd2c05a8c327ace309722b0a5fc4faf3 f446e97c43f8830be9f60644563dd846abe6b8e8 0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Fri, 10 May 2024 13:50:49 GMT
expires: Sat, 11 May 2024 13:50:49 GMT
cache-control: public, max-age=86400, no-transform
age: 3036
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js IP172.240.127.234:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31304), with no line terminators Hash3352b82620a72d70b88cab92d5720563 b9ad4a9c6909de28d7f29aa552ab85e20c738c8f 2aaed20eaa97070a41de8d7f88a6f4f02f91084805701af4bc4c9be2f03986d5
GET /d64164e145fb760de2b76872de4432d8/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2f1c7ccdb078a8b0df5be173c58c3653
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP172.240.127.234:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31361), with no line terminators Hashdbf904eac5c88a3e4751a8068d687d3a a368e86cddffbdd7f8640cc832991dbbc712c89e cda76a1c93bd1a5b5f79242f30b4d6c14002a96f319d799c27b0f28ed337b459
GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41aeb1527737f72a95dc4f04b14f72bd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e | 172.67.214.128 | 200 OK | 694 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e IP172.67.214.128:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typegzip compressed data, from Unix Hashd8ff0fe8cd554bc907131b5200b6dd3e de36cc92fa002b9a3919540ca72867b237a88949 6138d82832311621442370b80abd18510df42b78bd524dc314aaa1227260fc45
GET /get/site/js/cb1f929c7c7c523575650f47146f231e HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:26 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=9rq0b7r9fismh3v20ot0j83ssk; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fqa0N1CL4yMR9lzQv1ubVsnltQza2mDcs7ORXAIIX0MM2YS3iJ7aAJzTSrrVCeCd5dMWNeqNJWH7s5cY9c1H9wp4aJYdSnMaQugnfDTMKTzLJ70sFj%2Fe4Qec5SwmsUrsnnlIoVCs2tQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881ab0a79ce1b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats |  3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash38a5d4ae1dbd1169eaf08931c152b429 54f87a86e3cf093d75452323622198956616afb6 71887f65275a65e7f9c94f9b6d6b316c209ad3c71f2197f275274a35a1025154
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dalmasavilla8jdkczj26.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3456645e-f072-4536-be35-f9aa142df61d:3:1; expires=Mon, 08 May 2034 14:41:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashc2327248a8e71948d74994e334bea575 38276802916a77ba3d4ab8acefb9d7885221204f 9df02a825f675211a22ae0113785ef757def24bd6ffce51c32c2a1e107723d6a
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dalmasavilla8jdkczj26.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; expires=Mon, 08 May 2034 14:41:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| foreignassertive.com/watch.1038096597353.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=3456645e-f072-4536-be35-f9aa142df61d%3A3%3A1 | 192.243.61.225 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1foreignassertive.com/watch.1038096597353.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=3456645e-f072-4536-be35-f9aa142df61d%3A3%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /watch.1038096597353.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=3456645e-f072-4536-be35-f9aa142df61d%3A3%3A1 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Origin: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Credentials: true
Location: https://foreignassertive.com/watch.1038096597353.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=a7b1aad725146a9f60e7cf350e2b708de5df94bf9495223945f0a1e8112588a47b726a0963fa81a7cf1837fb9462bc846f0250130d7aecae2a012f3409c694ea3df5d03bc0209f76a163e3a9741b6e378b6143&tz=0&uuid=3456645e-f072-4536-be35-f9aa142df61d%3A3%3A1
Set-Cookie: u_pl=23149106; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGFsbWFzYXZpbGxhOGpka2N6ajI2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.HL_Oaoc_2wbML4Df3kyLm8DueMARvFABQ27frw8TOGU; expires=Fri, 10 May 2024 14:42:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4f9febffc91ccb964b08c4dcf7785e3
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unauthorizedsufficientlysensitivity.com/watch.442770737072.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 | 192.243.59.13 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1unauthorizedsufficientlysensitivity.com/watch.442770737072.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectunauthorizedsufficientlysensitivity.com Fingerprint83:8A:10:7A:01:D6:71:57:66:FF:15:E8:33:65:6A:F4:19:BD:B0:02 ValidityMon, 06 May 2024 12:52:41 GMT - Sun, 04 Aug 2024 12:52:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /watch.442770737072.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 HTTP/1.1
Host: unauthorizedsufficientlysensitivity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 10 May 2024 14:41:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Origin: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Credentials: true
Location: https://unauthorizedsufficientlysensitivity.com/watch.442770737072.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=b04fb83c9f9434a5f714ca08aaffcada2653e2b02acb363014af076fa8f6c1393a0ffc226d95821dc966e482c12aa5b99caf7d622279bf39d382b0d35f5a2508b822636a31ed24cfe13bf2fcd6a7e556b3a46eb8089dbab7a4e9f71ddff38a&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGFsbWFzYXZpbGxhOGpka2N6ajI2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.2OhDhZ2KFV8uq7oj1Aj2TDtZ8WT4GPicKr2kXOMx40Q; expires=Fri, 10 May 2024 14:42:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a2e2688931bf49abf75498c9f88ea11b
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| foreignassertive.com/watch.1038096597353.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=a7b1aad725146a9f60e7cf350e2b708de5df94bf9495223945f0a1e8112588a47b726a0963fa81a7cf1837fb9462bc846f0250130d7aecae2a012f3409c694ea3df5d03bc0209f76a163e3a9741b6e378b6143&tz=0&uuid=3456645e-f072-4536-be35-f9aa142df61d%3A3%3A1 | 192.243.61.225 | 200 OK | 2.1 kB |
URL GET HTTP/1.1foreignassertive.com/watch.1038096597353.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=a7b1aad725146a9f60e7cf350e2b708de5df94bf9495223945f0a1e8112588a47b726a0963fa81a7cf1837fb9462bc846f0250130d7aecae2a012f3409c694ea3df5d03bc0209f76a163e3a9741b6e378b6143&tz=0&uuid=3456645e-f072-4536-be35-f9aa142df61d%3A3%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectforeignassertive.com Fingerprint9A:B3:69:C5:67:69:19:46:E5:C5:C8:02:A4:05:AA:94:E8:B3:BC:21 ValidityMon, 06 May 2024 08:06:31 GMT - Sun, 04 Aug 2024 08:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (2612) Hash49bc4de4409882e97e42f6257df8a110 01430ca47529284012900fa256244fb67020a317 1ee1aa31e840b968f9348679de245b2f66cc8e86516d2e7b703178f899931f90
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /watch.1038096597353.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=a7b1aad725146a9f60e7cf350e2b708de5df94bf9495223945f0a1e8112588a47b726a0963fa81a7cf1837fb9462bc846f0250130d7aecae2a012f3409c694ea3df5d03bc0209f76a163e3a9741b6e378b6143&tz=0&uuid=3456645e-f072-4536-be35-f9aa142df61d%3A3%3A1 HTTP/1.1
Host: foreignassertive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dalmasavilla8jdkczj26.pages.dev
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149106; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGFsbWFzYXZpbGxhOGpka2N6ajI2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.HL_Oaoc_2wbML4Df3kyLm8DueMARvFABQ27frw8TOGU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Origin: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3456645e-f072-4536-be35-f9aa142df61d:3:1; expires=Fri, 17 May 2024 14:41:27 GMT; secure; SameSite=None
iprc83ee019e3d4543306f8d476d97f0ab1c=3569808; expires=Fri, 10 May 2024 18:41:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9b006018d39a2f9189b26f391d63b78c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| unauthorizedsufficientlysensitivity.com/watch.442770737072.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=b04fb83c9f9434a5f714ca08aaffcada2653e2b02acb363014af076fa8f6c1393a0ffc226d95821dc966e482c12aa5b99caf7d622279bf39d382b0d35f5a2508b822636a31ed24cfe13bf2fcd6a7e556b3a46eb8089dbab7a4e9f71ddff38a&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 | 192.243.59.13 | 200 OK | 2.1 kB |
URL GET HTTP/1.1unauthorizedsufficientlysensitivity.com/watch.442770737072.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=b04fb83c9f9434a5f714ca08aaffcada2653e2b02acb363014af076fa8f6c1393a0ffc226d95821dc966e482c12aa5b99caf7d622279bf39d382b0d35f5a2508b822636a31ed24cfe13bf2fcd6a7e556b3a46eb8089dbab7a4e9f71ddff38a&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectunauthorizedsufficientlysensitivity.com Fingerprint83:8A:10:7A:01:D6:71:57:66:FF:15:E8:33:65:6A:F4:19:BD:B0:02 ValidityMon, 06 May 2024 12:52:41 GMT - Sun, 04 Aug 2024 12:52:40 GMT
File typeJavaScript source, ASCII text, with very long lines (2627) Hash99b1a9138a22c0ee9f29718a742bddc2 09f5dcf24501e4f427da866284fee08ec1b0c102 83cedb8ad1b9fd310c6e34c7e104e6511db01515d62bf3fce08d5d38945de9fe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /watch.442770737072.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352147&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=b04fb83c9f9434a5f714ca08aaffcada2653e2b02acb363014af076fa8f6c1393a0ffc226d95821dc966e482c12aa5b99caf7d622279bf39d382b0d35f5a2508b822636a31ed24cfe13bf2fcd6a7e556b3a46eb8089dbab7a4e9f71ddff38a&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 HTTP/1.1
Host: unauthorizedsufficientlysensitivity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dalmasavilla8jdkczj26.pages.dev
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGFsbWFzYXZpbGxhOGpka2N6ajI2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.2OhDhZ2KFV8uq7oj1Aj2TDtZ8WT4GPicKr2kXOMx40Q
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 14:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Origin: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; expires=Fri, 17 May 2024 14:41:27 GMT; secure; SameSite=None
iprcc1b0a115019c63f45f766bad86fb6314=3569806; expires=Fri, 10 May 2024 18:41:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 14:41:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 199afe9a7086ec6947cc16782016f6b7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d | 172.67.214.128 | 200 OK | 16 kB |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP172.67.214.128:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeJavaScript source, ASCII text, with very long lines (44249), with CRLF line terminators Hash2844e2509d4a99df0ad56c78a6a274eb dd4c0d87d89d8603d2c8551c624d703e8eedc211 d309e871e1f176c21fe8bcf0cc15b9ce44d2368813faf4e00d2b251eda7bf83e
GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:26 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=bmest22t1nnqii265d9rsfa8sg; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L94Pvxts3G1m17ULYwsK3sJ%2BS7vNNzG1zxnDZ1GZW%2BpThU02OCtXGkmWRQv0LlbF5S6oYlKBewYgNw6sefbLqPAr0DF8DoJnHQKmF3KgMsUT9TEjaW%2BWTXItqM6Om1bAI1LWvdQq%2FJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881ab0a79ceab524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png | 45.133.44.10 | 200 OK | 106 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced Size106 kB (105910 bytes) Hasha36b92bb68d9b579458560ba9b94862a 782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6 9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:27 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Sun, 12 May 2024 14:41:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.10 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:27 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 12 May 2024 14:41:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js | 172.240.127.234 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP172.240.127.234:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31301), with no line terminators Hash70b85c4416f700b5baac96fab28a81fc ca82ff32ead334966a9a2257e0f406f354645783 f47cff391e45219a0d6926fab79501df027f34b5443d51c07bb14b8e4f78a0e9
GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 492d9fcc3860d84d854f9f0ba210b627
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| tse1.mm.bing.net/th?q= | 13.107.21.200 | 404 Not Found | 727 B |
IP13.107.21.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3 Hash5116706c119475f5ae2fc135c3358037 7e5bdf3585153e317ebef05a9b8241d311e44cb3 7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c
GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7742BE80C3084915BEF8B37A9B62B16A Ref B: OSL30EDGE0213 Ref C: 2024-05-10T14:41:27Z
date: Fri, 10 May 2024 14:41:27 GMT
X-Firefox-Spdy: h2
|
|
| suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= | 142.250.74.174 | 200 OK | 495 B |
URL GET HTTP/2suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP142.250.74.174:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hashfdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4
GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:27 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-AJRn9QWnh0aZT0TAjfBfcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| stupidityscream.com/watch.1016171292777.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 | 172.240.108.68 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1stupidityscream.com/watch.1016171292777.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectstupidityscream.com FingerprintC6:EB:05:3A:5C:7C:D6:B1:69:24:D4:14:75:BD:E4:B2:47:40:B7:AD ValidityMon, 06 May 2024 12:41:56 GMT - Sun, 04 Aug 2024 12:41:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /watch.1016171292777.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 HTTP/1.1
Host: stupidityscream.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:28 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Origin: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Credentials: true
Location: https://stupidityscream.com/watch.1016171292777.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352148&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=28f4707dadde62a96a51ab6dafa4ec0f44591ce6fdaa28c06344adc8331f3200ed5645fea858649f451662d7d162adf6360db101f80fa30e506c2df8154e7ea2c500dcb7b192efc8e3a60e05744a71843b9c8c9ac9bbdd9a9c6634093f97&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGFsbWFzYXZpbGxhOGpka2N6ajI2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.2OhDhZ2KFV8uq7oj1Aj2TDtZ8WT4GPicKr2kXOMx40Q; expires=Fri, 10 May 2024 14:42:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eaec489940fd1aa0945d06be75c8b4e1
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| stupidityscream.com/watch.1016171292777.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352148&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=28f4707dadde62a96a51ab6dafa4ec0f44591ce6fdaa28c06344adc8331f3200ed5645fea858649f451662d7d162adf6360db101f80fa30e506c2df8154e7ea2c500dcb7b192efc8e3a60e05744a71843b9c8c9ac9bbdd9a9c6634093f97&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 | 172.240.108.68 | 200 OK | 2.0 kB |
URL GET HTTP/1.1stupidityscream.com/watch.1016171292777.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352148&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=28f4707dadde62a96a51ab6dafa4ec0f44591ce6fdaa28c06344adc8331f3200ed5645fea858649f451662d7d162adf6360db101f80fa30e506c2df8154e7ea2c500dcb7b192efc8e3a60e05744a71843b9c8c9ac9bbdd9a9c6634093f97&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectstupidityscream.com FingerprintC6:EB:05:3A:5C:7C:D6:B1:69:24:D4:14:75:BD:E4:B2:47:40:B7:AD ValidityMon, 06 May 2024 12:41:56 GMT - Sun, 04 Aug 2024 12:41:55 GMT
File typeJavaScript source, ASCII text, with very long lines (2420) Hash3833837b4844bbc37b97fa4f5e0be45f d2f40b46e8a3db7c4c3129e9b959051dcdd7492a 2e02e6ca1d4f054c8798c982b85c1d04f77e8ed0e8f6de4d4e578026db79cb8a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /watch.1016171292777.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715352148&refer=https%3A%2F%2Fdalmasavilla8jdkczj26.pages.dev%2F&res=14.2071&rmtc=t&shu=28f4707dadde62a96a51ab6dafa4ec0f44591ce6fdaa28c06344adc8331f3200ed5645fea858649f451662d7d162adf6360db101f80fa30e506c2df8154e7ea2c500dcb7b192efc8e3a60e05744a71843b9c8c9ac9bbdd9a9c6634093f97&tz=0&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 HTTP/1.1
Host: stupidityscream.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dalmasavilla8jdkczj26.pages.dev
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGFsbWFzYXZpbGxhOGpka2N6ajI2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.2OhDhZ2KFV8uq7oj1Aj2TDtZ8WT4GPicKr2kXOMx40Q
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Origin: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; expires=Fri, 17 May 2024 14:41:28 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d0f8879cd53bff2ec09e4bb9c4c7783
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/96/3a/3a/963a3a83f074f5329d85d512def3e421/1707813675.png | 45.133.44.10 | 200 OK | 128 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/96/3a/3a/963a3a83f074f5329d85d512def3e421/1707813675.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size128 kB (128359 bytes) Hash4f16ce4e40909eda7bb22f5f73d06049 5975a733f4231ac9f0ae476a4be97f1b7e7ad6bb a6159f3d5a1a2ecf48e7d529a1afe6d2117621ea3cdf536bbfde8f203e1af461
GET /cti/96/3a/3a/963a3a83f074f5329d85d512def3e421/1707813675.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:28 GMT
content-type: image/png
content-length: 128359
server: nginx/1.21.6
last-modified: Tue, 13 Feb 2024 08:41:24 GMT
etag: "65cb2b34-1f567"
expires: Sun, 12 May 2024 14:41:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| captivityhandleicicle.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 | 172.240.108.68 | 200 OK | 6.1 kB |
URL GET HTTP/1.1captivityhandleicicle.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
Hash8f0a9b689e01bacaffc968399e1b45d7 c9ac3251139a326f477702a658a9a335d813a140 8c10476212ca904114dac523abe306f77fc344f4f3fe7f5050c8e2e805686dfd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4%3A2%3A1 HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:28 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Origin: https://dalmasavilla8jdkczj26.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=23149116; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; expires=Fri, 17 May 2024 14:41:28 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 11 May 2024 14:41:28 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d8262f30161f70355dd48eaaf0a42382
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| unseenreport.com/pxf.gif?uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 | 192.243.59.20 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 14:41:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5af0788c9e0c6bf7d59a7a462ce02a68
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| captivityhandleicicle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSunuQmCMoehHVhDh5WMJPunu6emV1xMcZIMG7iZkVvUt1VPSmnuqup6p6e5GJwQfY4%2BAs63yQbXBfZvQouMlnwEBB2POVgLv6DFfYsMw6OvkO99%2Br7Cr763vv2qLgkLgp6sf6JOhBS0lW%2FYdevf%2BE4N%2BtbIi0G9UE7%2BDLwbtZ1%2F0YnaNhv1z%2FiUU%2BturZj247t1DeE5rEarE5BiOxRx2l07IbnNhzfw0D%2FvzeFBUMtsP4leR2CTZafWVcgojHS5PE6N71cZe98mBSS5kqjz04%2FS3upKlMkizLWFuL0dM6GMs83nkKlJzO5UP1%2FiaGYEOvXpwjT07lIhP3jmc5QgqcI2Sso%2B2NwOYagY0TqHgR7ToCI4fY20uTBbaVLuv8PSqfohCy%2F%2FAuinJDlP64gTX5ck2JQ31WyyIVKDQZxBTEYQ3THyIoz5Ac1iPIMUf4NBPuNrL7cQpocbxupINjFW9SLqNehfMX122zFsx1%2Fhba4t0Jjbvs08pkTezODhBhDxGNIPgQ1NRTGQiEsFLGFIrOQsIt65DhOy2YRtdudKGqyFg8DZju0FTvUsYM2imj6hyHybIhIDhHpQ2T6ED0xhC5%2BgdmrYNgSTD4h1qdfo88qlJygNAQlJSgFQZkTlP3qhEnjmuoBk6YInXl257lZjVTePaInKu%2FylIDqITSrjrJL8trURIveeBc9flFvBk3f9YJOSF07jtuUcd9rdfyO3WLMd7gPIyoIUwM1Fg7EhNzYrZCJCXnz2guE9AxGniESS6DFNdCyAt2rcJA%2BTKnoKdmIVAKmKmT5MvJ960hekquzIW5uPwGPzm%2F92ZwFIl0h0xW%2BEs8IuvL%2B6I4qyfEdVRryZDvLRSIO6HTAuznN%2BdLDj%2Fl%2BqTTbXDfD79%2BPpsC0fHSXm3yLpkykXUN%2BWBOMcb2hdMTJz5vmcx7uFGZvrdBpkW3tfLCxmWSaGyNUOgad7uoLjUhMyKtX78529%2FpPOxB6DF1USIpzMg8INUaUHcJkC%2F1GEWi54ISZhbKoRtoNF5dSEEi%2B6GlYwfynDxf1SNPpayqqI3MfXV0Dze8hTSr0dYW%2BrEDlEKZYGuWZPr%2F1%2B1xGKGujUOracSi1%2FG5m8%2FR4DCMu6q1m06ZBx3daLcpboee248BhlLpe4AYBbSI3k%2Fg9942%2FAQAA%2F%2F8BAAD%2F%2F8N1SVuVBAAA | 172.240.108.68 | 200 OK | 7 B |
URL GET HTTP/1.1captivityhandleicicle.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSunuQmCMoehHVhDh5WMJPunu6emV1xMcZIMG7iZkVvUt1VPSmnuqup6p6e5GJwQfY4%2BAs63yQbXBfZvQouMlnwEBB2POVgLv6DFfYsMw6OvkO99%2Br7Cr763vv2qLgkLgp6sf6JOhBS0lW%2FYdevf%2BE4N%2BtbIi0G9UE7%2BDLwbtZ1%2F0YnaNhv1z%2FiUU%2BturZj247t1DeE5rEarE5BiOxRx2l07IbnNhzfw0D%2FvzeFBUMtsP4leR2CTZafWVcgojHS5PE6N71cZe98mBSS5kqjz04%2FS3upKlMkizLWFuL0dM6GMs83nkKlJzO5UP1%2FiaGYEOvXpwjT07lIhP3jmc5QgqcI2Sso%2B2NwOYagY0TqHgR7ToCI4fY20uTBbaVLuv8PSqfohCy%2F%2FAuinJDlP64gTX5ck2JQ31WyyIVKDQZxBTEYQ3THyIoz5Ac1iPIMUf4NBPuNrL7cQpocbxupINjFW9SLqNehfMX122zFsx1%2Fhba4t0Jjbvs08pkTezODhBhDxGNIPgQ1NRTGQiEsFLGFIrOQsIt65DhOy2YRtdudKGqyFg8DZju0FTvUsYM2imj6hyHybIhIDhHpQ2T6ED0xhC5%2BgdmrYNgSTD4h1qdfo88qlJygNAQlJSgFQZkTlP3qhEnjmuoBk6YInXl257lZjVTePaInKu%2FylIDqITSrjrJL8trURIveeBc9flFvBk3f9YJOSF07jtuUcd9rdfyO3WLMd7gPIyoIUwM1Fg7EhNzYrZCJCXnz2guE9AxGniESS6DFNdCyAt2rcJA%2BTKnoKdmIVAKmKmT5MvJ960hekquzIW5uPwGPzm%2F92ZwFIl0h0xW%2BEs8IuvL%2B6I4qyfEdVRryZDvLRSIO6HTAuznN%2BdLDj%2Fl%2BqTTbXDfD79%2BPpsC0fHSXm3yLpkykXUN%2BWBOMcb2hdMTJz5vmcx7uFGZvrdBpkW3tfLCxmWSaGyNUOgad7uoLjUhMyKtX78529%2FpPOxB6DF1USIpzMg8INUaUHcJkC%2F1GEWi54ISZhbKoRtoNF5dSEEi%2B6GlYwfynDxf1SNPpayqqI3MfXV0Dze8hTSr0dYW%2BrEDlEKZYGuWZPr%2F1%2B1xGKGujUOracSi1%2FG5m8%2FR4DCMu6q1m06ZBx3daLcpboee248BhlLpe4AYBbSI3k%2Fg9942%2FAQAA%2F%2F8BAAD%2F%2F8N1SVuVBAAA IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSunuQmCMoehHVhDh5WMJPunu6emV1xMcZIMG7iZkVvUt1VPSmnuqup6p6e5GJwQfY4%2BAs63yQbXBfZvQouMlnwEBB2POVgLv6DFfYsMw6OvkO99%2Br7Cr763vv2qLgkLgp6sf6JOhBS0lW%2FYdevf%2BE4N%2BtbIi0G9UE7%2BDLwbtZ1%2F0YnaNhv1z%2FiUU%2BturZj247t1DeE5rEarE5BiOxRx2l07IbnNhzfw0D%2FvzeFBUMtsP4leR2CTZafWVcgojHS5PE6N71cZe98mBSS5kqjz04%2FS3upKlMkizLWFuL0dM6GMs83nkKlJzO5UP1%2FiaGYEOvXpwjT07lIhP3jmc5QgqcI2Sso%2B2NwOYagY0TqHgR7ToCI4fY20uTBbaVLuv8PSqfohCy%2F%2FAuinJDlP64gTX5ck2JQ31WyyIVKDQZxBTEYQ3THyIoz5Ac1iPIMUf4NBPuNrL7cQpocbxupINjFW9SLqNehfMX122zFsx1%2Fhba4t0Jjbvs08pkTezODhBhDxGNIPgQ1NRTGQiEsFLGFIrOQsIt65DhOy2YRtdudKGqyFg8DZju0FTvUsYM2imj6hyHybIhIDhHpQ2T6ED0xhC5%2BgdmrYNgSTD4h1qdfo88qlJygNAQlJSgFQZkTlP3qhEnjmuoBk6YInXl257lZjVTePaInKu%2FylIDqITSrjrJL8trURIveeBc9flFvBk3f9YJOSF07jtuUcd9rdfyO3WLMd7gPIyoIUwM1Fg7EhNzYrZCJCXnz2guE9AxGniESS6DFNdCyAt2rcJA%2BTKnoKdmIVAKmKmT5MvJ960hekquzIW5uPwGPzm%2F92ZwFIl0h0xW%2BEs8IuvL%2B6I4qyfEdVRryZDvLRSIO6HTAuznN%2BdLDj%2Fl%2BqTTbXDfD79%2BPpsC0fHSXm3yLpkykXUN%2BWBOMcb2hdMTJz5vmcx7uFGZvrdBpkW3tfLCxmWSaGyNUOgad7uoLjUhMyKtX78529%2FpPOxB6DF1USIpzMg8INUaUHcJkC%2F1GEWi54ISZhbKoRtoNF5dSEEi%2B6GlYwfynDxf1SNPpayqqI3MfXV0Dze8hTSr0dYW%2BrEDlEKZYGuWZPr%2F1%2B1xGKGujUOracSi1%2FG5m8%2FR4DCMu6q1m06ZBx3daLcpboee248BhlLpe4AYBbSI3k%2Fg9942%2FAQAA%2F%2F8BAAD%2F%2F8N1SVuVBAAA HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 85dbc323d903710cdf1c1e6810251311
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| shayscholz.blogspot.com/favicon.ico | 216.58.207.193 | | 412 B |
URL GET shayscholz.blogspot.com/favicon.ico IP216.58.207.193:0
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeMS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel Hash59a0c7b6e4848ccdabcea0636efda02b 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
content-security-policy-report-only: default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://draft.blogger.com/cspreport
report-to: {"group":"blogspot","max_age":2592000,"endpoints":[{"url":"https://draft.blogger.com/cspreport"}]}
content-type: image/x-icon
expires: Fri, 10 May 2024 14:41:28 GMT
date: Fri, 10 May 2024 14:41:28 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=104 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=104 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=104 HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png |  188.114.96.1 | 200 OK | 591 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP188.114.96.1:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:29 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 858225
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dIHxlenVdyZfMM%2Biw9C2ghQsbDWmUNWh7quJ0Y1XopHJlbVMz1JkyYgunRnfEfUlZ1DZIV84yD8cvoWlJQX3aMCxV4WANtPHwOL0jcrsqAuePTuM48BAyZcz%2FLpo8jCxE5xlpvcQ%2BbRN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881ab0bc4f36b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.10 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:29 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sun, 12 May 2024 14:41:29 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash5cca726950e0c66f634b48e166f782fc e6948d2eedc12638467b3e360a63013b1e2885ce 5f739683fe5561387b44da292f720e38ce0ee668fbc06144794ed2f1362984ae
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 14:41:29 GMT
date: Fri, 10 May 2024 14:41:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=352 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=352 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=352 HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.4 | 200 OK | 440 B |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.4:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com Fingerprint08:55:F0:C8:EA:24:54:0D:3C:B9:2C:95:3E:DC:BF:FB:A8:76:BA:BC ValidityThu, 09 May 2024 03:01:15 GMT - Wed, 07 Aug 2024 03:01:14 GMT
File typeHTML document, ASCII text Hashf6990569c7ffeac1f4a3f6d9eee5da44 e7d5e37acf89a8faee252c36fc2c9d6615501d76 cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:28 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 10 May 2024 15:41:28 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=316 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=316 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=316 HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.99:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 10:46:32 GMT
expires: Wed, 07 May 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 273297
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| captivityhandleicicle.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSunuQmCMoehHVhDh5WMJPume75sSsuxhgJxk3crOhNqquqJ%2BVUdzVV3dOTXAwuyB4H%2F4LON8kG10V2r4KLTBY8BIQdTzmYi%2F%2FBCnuWGQdH36Hee%2FV9BV997317lF%2BSOnJ6sf6JPpBK0dWg5lavf%2BF5N6tbMskH1UG7%2BWXTv1k1%2FRudZs19u%2FqRYD29Wnc91%2FVcr7ohjYj0YHUKQqaPOl6t49b8es0LfAzM%2F3ubO7DUAe9fktch%2BWT5mXMFko2RxI%2FXhe1lOn3nwzhXNNMGfX76WdJLdJEgXpSRcRAlp3M2tH2%2B8RQ6OZnJhe7%2FSwzlhDi%2FPkWYnM5FIuwfz3SGCiJByF9B0R9DqDEkHYPpe5D8OQEYx%2B1tJPGD29oUdP8flE7RCVl%2B%2BRdkMSHLf1xBEv%2B4puSguqtVnkmdWAyiEnIwhuyOkeZnyA4qkMUZWPYNJP%2BNrL7cQhIfb1ulIfnFW9Rn1O9QsVIP2nzFd71ghbaEv0Ij4QaUBdyL%2FJlBUo4hozGUGILaCnLrIJcO8shBnjqI%2BUWVeZ7XcjmjbrvDWIO3RNjkrkdbkUc9t9lGzqZ%2FGCJLh2BqCGYOkZpD9OQQJv8Fdq%2BE5Uuw2YQ4n36NPi9RCILCEhSUoJAERUZQ9MsTrmzdlg%2B4snnozXN9nhvlSGfdI3qis65ICKgZwvDyKL0kr01NdOiNd9ETF9VGsxHU%2FWYnpHU3itqUi8BvdYKO2%2BI88EQAK0tIWwG1Dg7khNzYLZHKCXnz2guE9AxWnYHJJdD8GmhRgu6VOEgeJlT2tKoxHYPrEmm2jGzfOVKX5OpsiJvbTyDY%2Ba0%2FG7MAMyVSU%2BIr%2BYygq%2B6P7uiCHN%2FRhSVPttNMxvKATge8m9FMLD38WOwX2vDNdTv8%2Fn02Bablo7vCZls04TLpWvLDmuRcmA1tmCA%2Fb9rPRbiT27213CR5urXzwcZmnBphrdTJGHS6qy8MmJyQV6%2Fene3u9Z92IM0YJi8R5%2BdkHpB6DJYewqYL%2FVYTGLXghKmDIi9Hph4uLpUkUGLR07CE%2FU8fLuqRodPXVJZH9j66pgKa3UMSl%2BibEn1VgqohbL40ylJzfuv3uYxQVUahMpXjUBn13czm6fEYVl5UGy5vhSISrVD4gR8JxsMgCF0WsbDB222GzE6i9%2Bpv%2FA0AAP%2F%2FAQAA%2F%2F9DoZyzlQQAAA%3D%3D | 172.240.108.68 | 200 OK | 7 B |
URL GET HTTP/1.1captivityhandleicicle.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSunuQmCMoehHVhDh5WMJPume75sSsuxhgJxk3crOhNqquqJ%2BVUdzVV3dOTXAwuyB4H%2F4LON8kG10V2r4KLTBY8BIQdTzmYi%2F%2FBCnuWGQdH36Hee%2FV9BV997317lF%2BSOnJ6sf6JPpBK0dWg5lavf%2BF5N6tbMskH1UG7%2BWXTv1k1%2FRudZs19u%2FqRYD29Wnc91%2FVcr7ohjYj0YHUKQqaPOl6t49b8es0LfAzM%2F3ubO7DUAe9fktch%2BWT5mXMFko2RxI%2FXhe1lOn3nwzhXNNMGfX76WdJLdJEgXpSRcRAlp3M2tH2%2B8RQ6OZnJhe7%2FSwzlhDi%2FPkWYnM5FIuwfz3SGCiJByF9B0R9DqDEkHYPpe5D8OQEYx%2B1tJPGD29oUdP8flE7RCVl%2B%2BRdkMSHLf1xBEv%2B4puSguqtVnkmdWAyiEnIwhuyOkeZnyA4qkMUZWPYNJP%2BNrL7cQhIfb1ulIfnFW9Rn1O9QsVIP2nzFd71ghbaEv0Ij4QaUBdyL%2FJlBUo4hozGUGILaCnLrIJcO8shBnjqI%2BUWVeZ7XcjmjbrvDWIO3RNjkrkdbkUc9t9lGzqZ%2FGCJLh2BqCGYOkZpD9OQQJv8Fdq%2BE5Uuw2YQ4n36NPi9RCILCEhSUoJAERUZQ9MsTrmzdlg%2B4snnozXN9nhvlSGfdI3qis65ICKgZwvDyKL0kr01NdOiNd9ETF9VGsxHU%2FWYnpHU3itqUi8BvdYKO2%2BI88EQAK0tIWwG1Dg7khNzYLZHKCXnz2guE9AxWnYHJJdD8GmhRgu6VOEgeJlT2tKoxHYPrEmm2jGzfOVKX5OpsiJvbTyDY%2Ba0%2FG7MAMyVSU%2BIr%2BYygq%2B6P7uiCHN%2FRhSVPttNMxvKATge8m9FMLD38WOwX2vDNdTv8%2Fn02Bablo7vCZls04TLpWvLDmuRcmA1tmCA%2Fb9rPRbiT27213CR5urXzwcZmnBphrdTJGHS6qy8MmJyQV6%2Fene3u9Z92IM0YJi8R5%2BdkHpB6DJYewqYL%2FVYTGLXghKmDIi9Hph4uLpUkUGLR07CE%2FU8fLuqRodPXVJZH9j66pgKa3UMSl%2BibEn1VgqohbL40ylJzfuv3uYxQVUahMpXjUBn13czm6fEYVl5UGy5vhSISrVD4gR8JxsMgCF0WsbDB222GzE6i9%2Bpv%2FA0AAP%2F%2FAQAA%2F%2F9DoZyzlQQAAA%3D%3D IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSunuQmCMoehHVhDh5WMJPume75sSsuxhgJxk3crOhNqquqJ%2BVUdzVV3dOTXAwuyB4H%2F4LON8kG10V2r4KLTBY8BIQdTzmYi%2F%2FBCnuWGQdH36Hee%2FV9BV997317lF%2BSOnJ6sf6JPpBK0dWg5lavf%2BF5N6tbMskH1UG7%2BWXTv1k1%2FRudZs19u%2FqRYD29Wnc91%2FVcr7ohjYj0YHUKQqaPOl6t49b8es0LfAzM%2F3ubO7DUAe9fktch%2BWT5mXMFko2RxI%2FXhe1lOn3nwzhXNNMGfX76WdJLdJEgXpSRcRAlp3M2tH2%2B8RQ6OZnJhe7%2FSwzlhDi%2FPkWYnM5FIuwfz3SGCiJByF9B0R9DqDEkHYPpe5D8OQEYx%2B1tJPGD29oUdP8flE7RCVl%2B%2BRdkMSHLf1xBEv%2B4puSguqtVnkmdWAyiEnIwhuyOkeZnyA4qkMUZWPYNJP%2BNrL7cQhIfb1ulIfnFW9Rn1O9QsVIP2nzFd71ghbaEv0Ij4QaUBdyL%2FJlBUo4hozGUGILaCnLrIJcO8shBnjqI%2BUWVeZ7XcjmjbrvDWIO3RNjkrkdbkUc9t9lGzqZ%2FGCJLh2BqCGYOkZpD9OQQJv8Fdq%2BE5Uuw2YQ4n36NPi9RCILCEhSUoJAERUZQ9MsTrmzdlg%2B4snnozXN9nhvlSGfdI3qis65ICKgZwvDyKL0kr01NdOiNd9ETF9VGsxHU%2FWYnpHU3itqUi8BvdYKO2%2BI88EQAK0tIWwG1Dg7khNzYLZHKCXnz2guE9AxWnYHJJdD8GmhRgu6VOEgeJlT2tKoxHYPrEmm2jGzfOVKX5OpsiJvbTyDY%2Ba0%2FG7MAMyVSU%2BIr%2BYygq%2B6P7uiCHN%2FRhSVPttNMxvKATge8m9FMLD38WOwX2vDNdTv8%2Fn02Bablo7vCZls04TLpWvLDmuRcmA1tmCA%2Fb9rPRbiT27213CR5urXzwcZmnBphrdTJGHS6qy8MmJyQV6%2Fene3u9Z92IM0YJi8R5%2BdkHpB6DJYewqYL%2FVYTGLXghKmDIi9Hph4uLpUkUGLR07CE%2FU8fLuqRodPXVJZH9j66pgKa3UMSl%2BibEn1VgqohbL40ylJzfuv3uYxQVUahMpXjUBn13czm6fEYVl5UGy5vhSISrVD4gR8JxsMgCF0WsbDB222GzE6i9%2Bpv%2FA0AAP%2F%2FAQAA%2F%2F9DoZyzlQQAAA%3D%3D HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:29 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1392a1034aeb9b91b9847be6225e918e
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| captivityhandleicicle.com/pixel/sbs?c=1 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1captivityhandleicicle.com/pixel/sbs?c=1 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.99 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.99:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:08:19 GMT
expires: Sat, 10 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
age: 30791
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.96.1 | 200 OK | 36 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.96.1:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:27 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ccbfda35ac5b1fbd793d531f824a9568
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 14:41:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6B5IgQLmY1RJvIlP9OLomwF%2BfSCi8tFnhsLHB2OIhXZB3k%2BuiMfkwBdWetx%2FL%2BdCtAY%2F76xJZeaa2w7zvYqoW%2BPCBDeKid1v9hkkVcEPRs4g16ey4bOs3o4nY9ZZ7x2Gl1pYq3t%2BKO%2B1oV%2BkSl5zsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881ab0b47f660b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js | 192.243.59.13 | 200 OK | 44 kB |
URL GET HTTP/1.1pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjecthighcpmgate.com FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT
File typeJavaScript source, ASCII text, with very long lines (44102), with no line terminators Hashc76fcfac28af051df22f5fb4e4453ec6 a46619c044a764953af04bf05f7e7c616dd98cc5 e4c8f37c29509c3be494193815ef431e94cee7c6b033bfe16ea8430601869f53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /36/35/24/36352469ba20ff8ade54795907dd51e5.js HTTP/1.1
Host: pl23249615.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 14:41:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5411d7fee8a15366c2dc6cd8ea22979c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| dalmasavilla8jdkczj26.pages.dev/ | 188.114.96.1 | 200 OK | 17 kB |
URL User Request GET HTTP/2dalmasavilla8jdkczj26.pages.dev/ IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectdalmasavilla8jdkczj26.pages.dev Fingerprint6F:24:A7:7D:F4:3A:15:01:79:93:9F:2C:07:35:A8:2D:8B:0B:EF:65 ValidityThu, 09 May 2024 20:18:51 GMT - Wed, 07 Aug 2024 20:18:50 GMT
File typeHTML document, ASCII text, with very long lines (7816) Hash4b89d052824b8a2f3a0f5d5ff514a579 251c1c7ad5121550d76fa01cc804d3e87dba9e3f 4effada641e91c4de131e1df69a7b1e67b1bd43c015ccb91d26b996f657526db
GET / HTTP/1.1
Host: dalmasavilla8jdkczj26.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:25 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"1ee2fba7e9d7016299dcc38b12d2518c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWreRfIJSoNPV9blQrDN%2FBf5Q33iy3%2FEjWuQM0drENWpiqIAk2e6TMcD5NjjPBWo44muxHfI0Q9zp9ltRBCofShgftebWOGS1HW85P4krQlshDAKkB27dwJlhruc%2FnQdnq2NzpE9AQKxuH7%2FkkPnyO7M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881ab0a46f8d5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f | 172.67.214.128 | 200 OK | 293 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f IP172.67.214.128:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with very long lines (324), with no line terminators Hash041ede74df53d2be75e709663d64255b 3572555eaf9afcff4ee5eac40161e83a74a62b8c 86312cb5b23a46990fed66e2e09eada2db2352face7d563580cbca6fd864c916
GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:26 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=g7qoaj4cqs5rtgsinrkca8n4po; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHxyfJYgKSwRj0NuEnyHt8Qs6Wf4FOyI2qyPIyp8I%2B1p711qh6MJnp0QqF769GTb9kmUQOWn2nK05XSW4kqjIwrrRS0BHJNhU8XnC6GgUdJ6Ex4lQdgPOBzMJG7C8MN3mjvjWJ9H1Ss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881ab0a79cf1b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 188.114.96.1 | 200 OK | 84 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP188.114.96.1:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:29 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 854093
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qfsLJb9fVcJo00wkzksSgH7tLdEwOzYa0V4CZcK%2FNvuktzsg9DFbfHo3STqspfnH8awXk6NMe9KzNEEDfRSeNfV43zf8WjXFkINIrdpPQinwzNfZU9ORr2d0VLu433R11GYMf4ceOQ4x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881ab0bc5f42b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=360 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1captivityhandleicicle.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=360 IP172.240.108.68:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerLet's Encrypt Subjectcaptivityhandleicicle.com Fingerprint03:7E:2E:B2:58:E8:9E:B9:20:A6:35:45:93:6E:A7:28:4F:7E:D5:C7 ValidityMon, 06 May 2024 12:56:33 GMT - Sun, 04 Aug 2024 12:56:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=360 HTTP/1.1
Host: captivityhandleicicle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=a4ca49ae-258d-4015-a7e4-afe05ac5d1f4:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 14:41:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 188.114.96.1 | 200 OK | 962 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP188.114.96.1:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (1015), with no line terminators Hash88523e22d10f0cbad31aa1d8276764fa 9238cd9499e01abdbeb33e68c550d26cfb6eaba5 d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:29 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N48M93LamDY6QlKUNUtngAxCr7KaHvAvLHWu7wqCv5vSlSEWyEDIB1WeQaRbpjP1Xo2tdRc04VpLXnNFdqx7MpWswGidu6Q7fj%2FaITzMGHzEc8aiseNyusT8pAKU5IuUOiP2D10IQ1OA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881ab0bcdfd9b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 188.114.96.1 | 200 OK | 79 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP188.114.96.1:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash3d4123dbfb33d27a5cfdfcfa91df6783 e7d0eeeec54b848f0bc3da8685fa3bc88429d660 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:29 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FkbPdXCGndDsPRGOr0JhYVjdFOEvbituN%2FNZYhOg%2FDzxP3aR5H25T7za4Y2VpJCvIRSwY5oO3D2C3F3hyvnSuOKqgxdU64eH0Q2UlGPltXCjfEWGdpL5uMxUAh93vQborBT9NzZjoxRm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881ab0bbfebcb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a | 172.67.214.128 | 200 OK | 139 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a IP172.67.214.128:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeHTML document, ASCII text, with no line terminators Hashe15c88b36628c81a52bcb9444eee08ba b77a6fbbc1d1b1b9f0c581f68daa1293873714b8 906d9c79e02071efeb0f05b18df87d7765a990d08563f21f17f9c0da4ae08931
GET /get/site/js/d0b1e71bd1922518d7cf826d604fe57a HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:26 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=t7esdeb0p389p32qqvl1c8aq7c; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lc%2FsJYjBcHjHxafJEJ5GmiCcpMzZgCGIccDFQGQ20wYH%2F54Fqg%2FWJ9RZObRfHgerlTsIv7o%2F16ObjgETfHsSXfrlTAV7eBc0P0xnVuZMVkri%2B2oxSMkhRDAU4dmBmcQcto%2FqHqUp0J0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881ab0a79cdcb524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 188.114.96.1 | 200 OK | 3.4 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP188.114.96.1:443
Requested byhttps://dalmasavilla8jdkczj26.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (3537), with no line terminators Hashb8a277e051f047a41d3229377460f0c9 596b934114e1b6e3cee15ef19925c7f2ff5607e7 9cf981fe6d59b72cb9d12e4bc958983bac07f16b8f1b40bb1c6ced0bf2d6b2d0
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dalmasavilla8jdkczj26.pages.dev/
Origin: https://dalmasavilla8jdkczj26.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 14:41:29 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OHfNA8lWgvV0E3SbuesySa86%2FPgJZ2EQx%2B3%2BJGke2Me%2FICRhrRuvZ7DNThes5of9VIs74jCXFpo%2ByJofrG0ZyzjzLvbbmhKJIzRgt9mHwK5J9zZaoK%2BRvc64QCX%2FYl91kwHb2OEEZiDY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881ab0bbfec1b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|