| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP104.17.24.14:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7862) Hash96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 870363
expires: Wed, 30 Apr 2025 19:16:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZ5aX3PIv7Hf2k3fs88jFNcMjVjKDKMWHQ4uGEV2CFqbMxwh5uJ7hSeOcYGdlD8SNoC8V1%2FdHj8pfCvH5%2BsvA9WjfwI968lql1JWYwYYA6%2F%2FplJteI67rRVl49r38IJEM0Gqa3rw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c431229fd569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js | 104.17.24.14 | 200 OK | 22 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP104.17.24.14:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65241) Hash1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 873635
expires: Wed, 30 Apr 2025 19:16:08 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZELWkSzGvQxnvE%2BU%2FAmpSdv%2FHL%2BTyVHdGGGawz2vCO%2FouUjJwSboiwJdsYk0nylfBFNC9%2BXX7XJuFq%2FwmrvJfAx4PvTxQYiaiExz2VWybrwn1cZhDT4m79dOjIPaUXt3ucCoDl2%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c43123a14569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif | 142.250.74.161 | 200 OK | 362 B |
URL GET HTTP/23.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif IP142.250.74.161:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeGIF image data, version 89a, 52 x 15 Hashfd2c05a8c327ace309722b0a5fc4faf3 f446e97c43f8830be9f60644563dd846abe6b8e8 0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Fri, 10 May 2024 17:51:06 GMT
expires: Sat, 11 May 2024 17:51:06 GMT
cache-control: public, max-age=86400, no-transform
age: 5102
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e | 172.67.214.128 | 200 OK | 222 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e IP172.67.214.128:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hash252b107927cd0781f0972fac6f9f4f8f ce31eb7d65808aa4fae8620ffabf7c40cc077b77 8d6a0836a8d3ca9e64038e97232c4c8e1442635523e33c3d07f7e204ce125ee2
GET /get/site/js/cb1f929c7c7c523575650f47146f231e HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:09 GMT
content-type: application/javascript
content-length: 222
set-cookie: PHPSESSID=5q5mtn035mosicrnoj075ku15u; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvvGDJdshGZsyuBN%2FNl7%2BN8RWtW%2Ffr2hzTMNRbbQZKcrCXl6jYWYqsA5uYmN6bgjbiLXwWw7wkckZd802nSE9VxuLdBXQcR9Fb5lBjRRX%2FEL%2FBhlw7pNoTIILYG4dDZfW9aWrNKY2Y0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c4312580c1c06-OSL
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f | 172.67.214.128 | 200 OK | 218 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f IP172.67.214.128:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hash53d76623d9d99464e544bae28620f09f 15762f2bde793d241f10807442f825e8b732b501 0aae87e7770c472eaf96f99fc7c6d0c6fb29815cba1734f672af54d5f24e3400
GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:09 GMT
content-type: application/javascript
content-length: 218
set-cookie: PHPSESSID=qsak4gcjhhmlc7qoej7lj7ovtl; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QaZ%2FlNWe5m%2BFGUkawhYMFlso7qRC5Vb7V0L2pwcyiSoFPJDSikJxQ1j6BgWrdVZdkB84mn6%2BB%2FjDbllwdkJi894xTuE7XDcEy51RTK%2FmM2MKHfy5Jdyp2yScfaizRuFc%2FNcdOaequJg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c431258051c06-OSL
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d | 172.67.214.128 | 200 OK | 218 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP172.67.214.128:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hash53d76623d9d99464e544bae28620f09f 15762f2bde793d241f10807442f825e8b732b501 0aae87e7770c472eaf96f99fc7c6d0c6fb29815cba1734f672af54d5f24e3400
GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:09 GMT
content-type: application/javascript
content-length: 218
set-cookie: PHPSESSID=6ts02bmc6ccepl55nnrueic4d1; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nw4y3F65YI16mDBHqclPxmxArszY%2FmpQt23MOFxWRY%2FleYxUNIdH440sxvFgdMl9LNYTCaQUWuWys6JTnR4BYCkjTlP9JNHSvfmd3EKgiuz8ZA4Sd8gq959CoxMlyqVGx39VzSZ1HiI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c431258001c06-OSL
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a | 172.67.214.128 | 200 OK | 140 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a IP172.67.214.128:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeHTML document, ASCII text, with no line terminators Hash613e75c06a28ec97154a5377fee5a84a 0e90f96404fd96309ec40fe6b1403c5565cdfaa7 288a35e42dbea205601d112e4e6e1017487060c55c5dd6249fc654b4660210ce
GET /get/site/js/d0b1e71bd1922518d7cf826d604fe57a HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:09 GMT
content-type: application/javascript
content-length: 140
set-cookie: PHPSESSID=7nb0heiqlfcdk5udonurd07n1g; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gmr3OWaHoualfDsvDCPTjlP3QqwiUbKjbn2H3UBmgiq0NUtd%2BwogO10I9t2zRVjzz9IX4ELVMOJblEOqgxvYJ2Zm%2Fm7clPwLgQx6n0kBqrOYeus33%2F8w%2Flwyu2u9Ug%2BUtHOc0NK9cy0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c431258081c06-OSL
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js IP172.240.108.68:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31301), with no line terminators Hash4fa9a98d48d6ce5588891459b9ccba69 321ce6a3b60f9ab33766155090429015b5a0aba1 5aa2b3b6483e50d809e7d74bdf64dc35264e8605846390d161d7594ef4048cfc
GET /d64164e145fb760de2b76872de4432d8/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bfddb85a496c2c2d11b7fc21899f82a8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP172.240.108.68:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31289), with no line terminators Hash95132619277915955c9ba9705fa0a418 4faf065988e0189a7bf36c2fdcc1c0e19b6eeb37 6d00e6a616289e892c1374c6dd458284b2c92cd82217616ae6a06e2c81bb114c
GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eac570053b40e5694eaad192b495bbb5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hashf7a3aabaedd5c95463e85c2d7682d410 715b2bd7dd959bb3423d71b22c43302b7a18a3a5 55ab8ca84eb2c090ff2a4eb9ebc48ce053c3f38261d66bded94f03719a384335
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 May 2024 19:16:10 GMT
Last-Modified: Fri, 10 May 2024 18:37:46 GMT
Server: ECAcc (ska/F6CC)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8tJLhIylJHBuXipwudyCHUtBKNcLvXCHtMLTYMVzoTsbwJF5wc9RrQ==
Age: 2304
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash78e96652efe6a5cdc30c313205ee3d27 eb21c2999ce5a97fe958d5ec16cfeb7bd47b56e7 32cc66b68fd50e30b259cc357d4d105f2adeb14d8b5c008f2163218622d5d297
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://diegobreslerb3u088qrl.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c:2:1; expires=Mon, 08 May 2034 19:16:10 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashecd4886dcf4c6afa812f14f28c27e8ba da7a4bef2a3e544fe5a9ef09acdc9eed8f11d7a0 152421db90bac2eea8c2785b5f2d8bcf1b65e48b70026a4d88ad5181d19a2499
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:10 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://diegobreslerb3u088qrl.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; expires=Mon, 08 May 2034 19:16:10 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| criticizewiggle.com/watch.1473303542586.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c%3A2%3A1 | 172.240.108.68 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1criticizewiggle.com/watch.1473303542586.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c%3A2%3A1 IP172.240.108.68:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectcriticizewiggle.com FingerprintC8:8E:FD:EE:69:F8:E7:66:FB:24:08:6A:D6:14:8D:CE:FD:6C:A0:A1 ValidityMon, 29 Apr 2024 13:11:26 GMT - Sun, 28 Jul 2024 13:11:25 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1473303542586.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c%3A2%3A1 HTTP/1.1
Host: criticizewiggle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Origin: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Credentials: true
Location: https://criticizewiggle.com/watch.1473303542586.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=cda50562dd516c203bc63b22b03d86381f81f71eb3fb2d098a82c7c4b2c0248759ba829a3e89a2532c6554eb89c054dd255cb20f175e330248175f1b74d4177a98ce15f0c240a0519f34320ec8e6e5f6481ef773f591d638cceb985fa42788a947&tz=0&uuid=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c%3A2%3A1
Set-Cookie: u_pl=23149106; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGllZ29icmVzbGVyYjN1MDg4cXJsLnBhZ2VzLmRldi8iLCJhciI6W119fQ.rvkTgxGtNeJTrjhjsmGW6cUTrm44P261SqM6gmRQwyc; expires=Fri, 10 May 2024 19:17:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2ce5278afa7bc579d6a305d2667248f0
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| criticizewiggle.com/watch.1473303542586.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=cda50562dd516c203bc63b22b03d86381f81f71eb3fb2d098a82c7c4b2c0248759ba829a3e89a2532c6554eb89c054dd255cb20f175e330248175f1b74d4177a98ce15f0c240a0519f34320ec8e6e5f6481ef773f591d638cceb985fa42788a947&tz=0&uuid=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c%3A2%3A1 | 172.240.108.68 | 200 OK | 2.1 kB |
URL GET HTTP/1.1criticizewiggle.com/watch.1473303542586.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=cda50562dd516c203bc63b22b03d86381f81f71eb3fb2d098a82c7c4b2c0248759ba829a3e89a2532c6554eb89c054dd255cb20f175e330248175f1b74d4177a98ce15f0c240a0519f34320ec8e6e5f6481ef773f591d638cceb985fa42788a947&tz=0&uuid=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c%3A2%3A1 IP172.240.108.68:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectcriticizewiggle.com FingerprintC8:8E:FD:EE:69:F8:E7:66:FB:24:08:6A:D6:14:8D:CE:FD:6C:A0:A1 ValidityMon, 29 Apr 2024 13:11:26 GMT - Sun, 28 Jul 2024 13:11:25 GMT
File typeJavaScript source, ASCII text, with very long lines (2643) Hashed1b4ca94885a701546312fa72f0678e 15a45d59be1d8930c099ab1b5f71a53098aa3f1c 68586e9cc148b0fb01999ecd1572abff511349f7cf974d537cf2028415f63e28
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1473303542586.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=cda50562dd516c203bc63b22b03d86381f81f71eb3fb2d098a82c7c4b2c0248759ba829a3e89a2532c6554eb89c054dd255cb20f175e330248175f1b74d4177a98ce15f0c240a0519f34320ec8e6e5f6481ef773f591d638cceb985fa42788a947&tz=0&uuid=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c%3A2%3A1 HTTP/1.1
Host: criticizewiggle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://diegobreslerb3u088qrl.pages.dev
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149106; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGllZ29icmVzbGVyYjN1MDg4cXJsLnBhZ2VzLmRldi8iLCJhciI6W119fQ.rvkTgxGtNeJTrjhjsmGW6cUTrm44P261SqM6gmRQwyc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Origin: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d9f3fe19-b762-4e55-a3db-ff8aecb5f02c:2:1; expires=Fri, 17 May 2024 19:16:10 GMT; secure; SameSite=None
iprc7b57020904e647babd9e747860ae93e1=3569808; expires=Fri, 10 May 2024 23:16:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 95fd228442ea5780a6939819f48812f6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| sprangsugar.com/watch.1083536624867.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 | 172.240.108.84 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1sprangsugar.com/watch.1083536624867.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 IP172.240.108.84:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectsprangsugar.com FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1 ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1083536624867.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Origin: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Credentials: true
Location: https://sprangsugar.com/watch.1083536624867.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=b4e67c4ce52286ece83b9e42ffe27573ab217e5bfb68e87682fb204c1fd5cc861d2c81ea471aed03d8635e5f817ef6279004bf8c41c6dec6c77a29c16c2e365cd905eee5377e1b3504fe417fc862dc680957faa82eba843a492ea535ebc7&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGllZ29icmVzbGVyYjN1MDg4cXJsLnBhZ2VzLmRldi8iLCJhciI6W119fQ.27LZg2eBHXb6uhYiUNMT_2X9choxWyPBu5c_CqOYX44; expires=Fri, 10 May 2024 19:17:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: faf6818d278b384a3e2ad477b48e2967
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js | 172.240.253.132 | 200 OK | 16 kB |
URL GET HTTP/1.1pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js IP172.240.253.132:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjecthighcpmgate.com FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT
File typeJavaScript source, ASCII text, with very long lines (44092), with no line terminators Hasha3395d8fd2d50ebb177232b05c9da037 8f44f9ea5db6da1db72c554a800fbc1c5cf2033e 8c7910fd82936641b81a9907fcf7c1e5931e341b46654261094337f218f13362
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /36/35/24/36352469ba20ff8ade54795907dd51e5.js HTTP/1.1
Host: pl23249615.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bc52346c5a49866a49ac83d4dcd10c51
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| sprangsugar.com/watch.1083536624867.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=b4e67c4ce52286ece83b9e42ffe27573ab217e5bfb68e87682fb204c1fd5cc861d2c81ea471aed03d8635e5f817ef6279004bf8c41c6dec6c77a29c16c2e365cd905eee5377e1b3504fe417fc862dc680957faa82eba843a492ea535ebc7&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 | 172.240.108.84 | 200 OK | 2.1 kB |
URL GET HTTP/1.1sprangsugar.com/watch.1083536624867.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=b4e67c4ce52286ece83b9e42ffe27573ab217e5bfb68e87682fb204c1fd5cc861d2c81ea471aed03d8635e5f817ef6279004bf8c41c6dec6c77a29c16c2e365cd905eee5377e1b3504fe417fc862dc680957faa82eba843a492ea535ebc7&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 IP172.240.108.84:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectsprangsugar.com FingerprintA8:FF:DF:D3:ED:3D:E8:4B:33:C8:93:D3:94:CA:8E:28:5D:39:26:C1 ValidityMon, 06 May 2024 08:08:05 GMT - Sun, 04 Aug 2024 08:08:04 GMT
File typeJavaScript source, ASCII text, with very long lines (2629) Hash6b3a1198029cb307a5832aeeb0fba239 1e2f5b1d7bdc1590100c6c47451390f8a7c8a4fa 509ab51a2294421a5968e745d07c28f82d9e9f3ab814d540a4fceaf53296d499
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1083536624867.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368630&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=b4e67c4ce52286ece83b9e42ffe27573ab217e5bfb68e87682fb204c1fd5cc861d2c81ea471aed03d8635e5f817ef6279004bf8c41c6dec6c77a29c16c2e365cd905eee5377e1b3504fe417fc862dc680957faa82eba843a492ea535ebc7&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 HTTP/1.1
Host: sprangsugar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://diegobreslerb3u088qrl.pages.dev
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGllZ29icmVzbGVyYjN1MDg4cXJsLnBhZ2VzLmRldi8iLCJhciI6W119fQ.27LZg2eBHXb6uhYiUNMT_2X9choxWyPBu5c_CqOYX44
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Origin: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; expires=Fri, 17 May 2024 19:16:10 GMT; secure; SameSite=None
iprcaf4162200d47d72b240f9f26144d177b=3569806; expires=Fri, 10 May 2024 23:16:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 19:16:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e59d01ba42dacf81d63f72b0db54842e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png | 45.133.44.9 | 200 OK | 106 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced Size106 kB (105910 bytes) Hasha36b92bb68d9b579458560ba9b94862a 782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6 9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:10 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Sun, 12 May 2024 19:16:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP172.240.108.68:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31307), with no line terminators Hashc9fb478d644d9b2f346a35dc023168e1 de1561ffdc312edda04b283e17fdd701e5d11638 218b03ac5971ae6e0c3c28d2930194862853f79fc35bd5aee6c6980b10c1fadc
GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f6f7e45ed23f1be5d05277109ee6a300
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.9 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:10 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 12 May 2024 19:16:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| tse1.mm.bing.net/th?q= | 204.79.197.200 | 404 Not Found | 727 B |
IP204.79.197.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3 Hash5116706c119475f5ae2fc135c3358037 7e5bdf3585153e317ebef05a9b8241d311e44cb3 7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c
GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 34BEABDF71AB475892E6AAC5B2BC9F8A Ref B: OSL30EDGE0421 Ref C: 2024-05-10T19:16:11Z
date: Fri, 10 May 2024 19:16:10 GMT
X-Firefox-Spdy: h2
|
|
| gloomilysuffocate.com/watch.1063644628238.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 | 172.240.253.132 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1gloomilysuffocate.com/watch.1063644628238.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 IP172.240.253.132:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectgloomilysuffocate.com Fingerprint4E:51:75:6E:41:71:BE:56:1C:2E:83:BC:8F:79:51:1F:72:41:E2:54 ValidityMon, 06 May 2024 12:41:11 GMT - Sun, 04 Aug 2024 12:41:10 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1063644628238.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 HTTP/1.1
Host: gloomilysuffocate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:11 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Origin: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Credentials: true
Location: https://gloomilysuffocate.com/watch.1063644628238.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368631&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=e4cd45777a3edb751af891fc3d9b7214ed2fdfe40dd9021d2247221a9748c31fe420f364d1af3db63ca3df5be50765c0d31489be29f2b2ea10cf42e98489ac59e74e7484d7a660eb99e6d0493bb24cab31270f78341c7823591597d5e36470d3&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGllZ29icmVzbGVyYjN1MDg4cXJsLnBhZ2VzLmRldi8iLCJhciI6W119fQ.27LZg2eBHXb6uhYiUNMT_2X9choxWyPBu5c_CqOYX44; expires=Fri, 10 May 2024 19:17:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2d789b409ce28756dcaf8dbd76677d8f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| gloomilysuffocate.com/watch.1063644628238.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368631&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=e4cd45777a3edb751af891fc3d9b7214ed2fdfe40dd9021d2247221a9748c31fe420f364d1af3db63ca3df5be50765c0d31489be29f2b2ea10cf42e98489ac59e74e7484d7a660eb99e6d0493bb24cab31270f78341c7823591597d5e36470d3&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 | 172.240.253.132 | 200 OK | 2.0 kB |
URL GET HTTP/1.1gloomilysuffocate.com/watch.1063644628238.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368631&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=e4cd45777a3edb751af891fc3d9b7214ed2fdfe40dd9021d2247221a9748c31fe420f364d1af3db63ca3df5be50765c0d31489be29f2b2ea10cf42e98489ac59e74e7484d7a660eb99e6d0493bb24cab31270f78341c7823591597d5e36470d3&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 IP172.240.253.132:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectgloomilysuffocate.com Fingerprint4E:51:75:6E:41:71:BE:56:1C:2E:83:BC:8F:79:51:1F:72:41:E2:54 ValidityMon, 06 May 2024 12:41:11 GMT - Sun, 04 Aug 2024 12:41:10 GMT
File typeJavaScript source, ASCII text, with very long lines (2421) Hash7e735c0c67eb8de947cb7f191b4f27ba a863e25b9dc2924faa8dc32422d0247ca55e3973 660db551e4f0d679a22bff724be2242a85cc0683141b67d52dd645772c544f90
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1063644628238.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715368631&refer=https%3A%2F%2Fdiegobreslerb3u088qrl.pages.dev%2F&res=14.2071&rmtc=t&shu=e4cd45777a3edb751af891fc3d9b7214ed2fdfe40dd9021d2247221a9748c31fe420f364d1af3db63ca3df5be50765c0d31489be29f2b2ea10cf42e98489ac59e74e7484d7a660eb99e6d0493bb24cab31270f78341c7823591597d5e36470d3&tz=0&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 HTTP/1.1
Host: gloomilysuffocate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://diegobreslerb3u088qrl.pages.dev
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGllZ29icmVzbGVyYjN1MDg4cXJsLnBhZ2VzLmRldi8iLCJhciI6W119fQ.27LZg2eBHXb6uhYiUNMT_2X9choxWyPBu5c_CqOYX44
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Origin: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; expires=Fri, 17 May 2024 19:16:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5262bbec93042cd08b934359f76e56aa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/f0/e2/55/f0e25599a5b9fab56572e54b4c187c66/1708072429.png | 45.133.44.9 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f0/e2/55/f0e25599a5b9fab56572e54b4c187c66/1708072429.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hashd78616d73e93425ab11be94281f43ffd c6a6b06e8ff6bf0299eca2dfe3dc059dd5cbe518 71ff557c03bc4dd351434b49b9cf99876c8418af52cba76392950eb19f367851
GET /cti/f0/e2/55/f0e25599a5b9fab56572e54b4c187c66/1708072429.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:11 GMT
content-type: image/png
content-length: 16266
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:33:57 GMT
etag: "65cf1df5-3f8a"
expires: Sun, 12 May 2024 19:16:11 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| shayscholz.blogspot.com/favicon.ico | 216.58.207.225 | | 412 B |
URL GET shayscholz.blogspot.com/favicon.ico IP216.58.207.225:0
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeMS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel Hash59a0c7b6e4848ccdabcea0636efda02b 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/x-icon
expires: Fri, 10 May 2024 19:16:11 GMT
date: Fri, 10 May 2024 19:16:11 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| retortedattendnovel.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 | 192.243.61.227 | 200 OK | 8.4 kB |
URL GET HTTP/1.1retortedattendnovel.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
Hash2efa0ec3f2789d358e2cbe58535a4e08 facaef2360a44b8e255f2383c8bc02f3ffe37522 0e5179fed27e9c7560556bc983a72d3697e3bbd8a4251f11fcd812f45ef47255
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8%3A3%3A1 HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Origin: https://diegobreslerb3u088qrl.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=23149116; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; expires=Fri, 17 May 2024 19:16:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 11 May 2024 19:16:11 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bc71d11ab51981d4dcf8f6e8dff66e64
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| retortedattendnovel.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSeTXJDQgL1Vir5wKFIxNld22tvi6goJSgiNKEpghua3Zl1Bs%2FurGZ2vE44EFEJ9WjxCzafk0aUCrVXJCrkVOIQCanmlAO58A%2BK1DOysTC8w7z35vtG%2BuZ779tDe0F8WHp%2B62O1L6Ska626W7v6ueddr22KzA5qg07wRdC8XtP9a2FQd9%2BqfcjjnlrzXc91PderrQvNEzVYm4IQ%2BaPQq4duvenXvVYTA%2F3%2F3lgHhjpg%2FQvyOgSbrDxzLkHEY2Tp41vc9AqVv%2F1BaiUtlEafnXya9TJVZkgXZaIdJNnJnA1lnq8%2FhcqOZ3Kh%2Bv8SIzEhzq9PEWUnc5GI%2BkcznZEEzxCxV1D2x%2BByDEHHiNU9CPacADHD7S1k6YPbSpd07x%2BUTtEJWXn5F0Q5ISt%2FXEKW%2FnhTikFtR0lbCJUZDJIKYjCG6I6R21MU%2B0sQ5Sni4hsI9htZe7mJLD3aMlJBsPM3XT%2BhUYuHq0ncDFebcdtfDRPWWfW43w6iMGJ%2B0pkZJMQYIhlD8iGoWYY1DqxwYBMHNneQsvNa7Hle22UxdTthHDdYm0cBcz3aTjzquUEHNp7%2BYYgiHyKWQ8T6ALk%2BQE8Moe0vMLsVDFuGKSbE%2BeRr9FmFkhOUhqCkBKUgKAuCsl8dM2l8Uz1g0tjIm2d%2FnhvVSBXdQ3qsii7PCKgeQrPqML8gr01NdOi1d9Dj57VG0Gj5zSCMqO8mSYcy3mq2w1bothlrebwFIyoIswRqHOyLCbm2UyEXE%2FLGlReI6CmMPEUslkHtFdCyAt2tsJ89zKjoKVmPVQqmKuTFCoo951BekMuzIW5sPQGPz2782ZgFYl0h1xW%2BFM8IuvL%2B6I4qydEdVRryZCsvRCr26XTAOwUt%2BPLDj%2FheqTTbuGWG378XT4Fp%2BeguN8UmzZjIuob8cFMwxvW60jEnP2%2BYz3i0bc3uTaszm29uv7%2B%2BkeaaGyNUNgad7uoLjVhMyKuX78529%2BpP2xB6DG0rpPaMzANCjRHnBzD5Qr9RBFouOFHuoLTVSPvR4lIKAskXPY0qmP%2F00aIeaTp9TUV1aO6jq5dAi3vI0gp9XaEvK1A5hLHLoyLXZzd%2Bn8uI5NIoknrpKJJafjezeXo8hhHntXaj4dIgbHntNuXtqOl3ksBjlPrNwA8C2kBhJsm7%2Bqu%2FAQAA%2F%2F8BAAD%2F%2F3722BaVBAAA | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1retortedattendnovel.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSeTXJDQgL1Vir5wKFIxNld22tvi6goJSgiNKEpghua3Zl1Bs%2FurGZ2vE44EFEJ9WjxCzafk0aUCrVXJCrkVOIQCanmlAO58A%2BK1DOysTC8w7z35vtG%2BuZ779tDe0F8WHp%2B62O1L6Ska626W7v6ueddr22KzA5qg07wRdC8XtP9a2FQd9%2BqfcjjnlrzXc91PderrQvNEzVYm4IQ%2BaPQq4duvenXvVYTA%2F3%2F3lgHhjpg%2FQvyOgSbrDxzLkHEY2Tp41vc9AqVv%2F1BaiUtlEafnXya9TJVZkgXZaIdJNnJnA1lnq8%2FhcqOZ3Kh%2Bv8SIzEhzq9PEWUnc5GI%2BkcznZEEzxCxV1D2x%2BByDEHHiNU9CPacADHD7S1k6YPbSpd07x%2BUTtEJWXn5F0Q5ISt%2FXEKW%2FnhTikFtR0lbCJUZDJIKYjCG6I6R21MU%2B0sQ5Sni4hsI9htZe7mJLD3aMlJBsPM3XT%2BhUYuHq0ncDFebcdtfDRPWWfW43w6iMGJ%2B0pkZJMQYIhlD8iGoWYY1DqxwYBMHNneQsvNa7Hle22UxdTthHDdYm0cBcz3aTjzquUEHNp7%2BYYgiHyKWQ8T6ALk%2BQE8Moe0vMLsVDFuGKSbE%2BeRr9FmFkhOUhqCkBKUgKAuCsl8dM2l8Uz1g0tjIm2d%2FnhvVSBXdQ3qsii7PCKgeQrPqML8gr01NdOi1d9Dj57VG0Gj5zSCMqO8mSYcy3mq2w1bothlrebwFIyoIswRqHOyLCbm2UyEXE%2FLGlReI6CmMPEUslkHtFdCyAt2tsJ89zKjoKVmPVQqmKuTFCoo951BekMuzIW5sPQGPz2782ZgFYl0h1xW%2BFM8IuvL%2B6I4qydEdVRryZCsvRCr26XTAOwUt%2BPLDj%2FheqTTbuGWG378XT4Fp%2BeguN8UmzZjIuob8cFMwxvW60jEnP2%2BYz3i0bc3uTaszm29uv7%2B%2BkeaaGyNUNgad7uoLjVhMyKuX78529%2BpP2xB6DG0rpPaMzANCjRHnBzD5Qr9RBFouOFHuoLTVSPvR4lIKAskXPY0qmP%2F00aIeaTp9TUV1aO6jq5dAi3vI0gp9XaEvK1A5hLHLoyLXZzd%2Bn8uI5NIoknrpKJJafjezeXo8hhHntXaj4dIgbHntNuXtqOl3ksBjlPrNwA8C2kBhJsm7%2Bqu%2FAQAA%2F%2F8BAAD%2F%2F3722BaVBAAA IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQW8bRRSeTXJDQgL1Vir5wKFIxNld22tvi6goJSgiNKEpghua3Zl1Bs%2FurGZ2vE44EFEJ9WjxCzafk0aUCrVXJCrkVOIQCanmlAO58A%2BK1DOysTC8w7z35vtG%2BuZ779tDe0F8WHp%2B62O1L6Ska626W7v6ueddr22KzA5qg07wRdC8XtP9a2FQd9%2BqfcjjnlrzXc91PderrQvNEzVYm4IQ%2BaPQq4duvenXvVYTA%2F3%2F3lgHhjpg%2FQvyOgSbrDxzLkHEY2Tp41vc9AqVv%2F1BaiUtlEafnXya9TJVZkgXZaIdJNnJnA1lnq8%2FhcqOZ3Kh%2Bv8SIzEhzq9PEWUnc5GI%2BkcznZEEzxCxV1D2x%2BByDEHHiNU9CPacADHD7S1k6YPbSpd07x%2BUTtEJWXn5F0Q5ISt%2FXEKW%2FnhTikFtR0lbCJUZDJIKYjCG6I6R21MU%2B0sQ5Sni4hsI9htZe7mJLD3aMlJBsPM3XT%2BhUYuHq0ncDFebcdtfDRPWWfW43w6iMGJ%2B0pkZJMQYIhlD8iGoWYY1DqxwYBMHNneQsvNa7Hle22UxdTthHDdYm0cBcz3aTjzquUEHNp7%2BYYgiHyKWQ8T6ALk%2BQE8Moe0vMLsVDFuGKSbE%2BeRr9FmFkhOUhqCkBKUgKAuCsl8dM2l8Uz1g0tjIm2d%2FnhvVSBXdQ3qsii7PCKgeQrPqML8gr01NdOi1d9Dj57VG0Gj5zSCMqO8mSYcy3mq2w1bothlrebwFIyoIswRqHOyLCbm2UyEXE%2FLGlReI6CmMPEUslkHtFdCyAt2tsJ89zKjoKVmPVQqmKuTFCoo951BekMuzIW5sPQGPz2782ZgFYl0h1xW%2BFM8IuvL%2B6I4qydEdVRryZCsvRCr26XTAOwUt%2BPLDj%2FheqTTbuGWG378XT4Fp%2BeguN8UmzZjIuob8cFMwxvW60jEnP2%2BYz3i0bc3uTaszm29uv7%2B%2BkeaaGyNUNgad7uoLjVhMyKuX78529%2BpP2xB6DG0rpPaMzANCjRHnBzD5Qr9RBFouOFHuoLTVSPvR4lIKAskXPY0qmP%2F00aIeaTp9TUV1aO6jq5dAi3vI0gp9XaEvK1A5hLHLoyLXZzd%2Bn8uI5NIoknrpKJJafjezeXo8hhHntXaj4dIgbHntNuXtqOl3ksBjlPrNwA8C2kBhJsm7%2Bqu%2FAQAA%2F%2F8BAAD%2F%2F3722BaVBAAA HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a1caf56e0b927c3b33ef43fc197a0fbd
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 | 192.243.61.225 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a76eb97c4a746d3825611563a5b58a1f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 188.114.96.1 | 200 OK | 591 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP188.114.96.1:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:12 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 874708
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MB6dLomg36RG17mmHq0uR1wMLzVF3sqm0HQ7H7NxC1XB4G7NrF8j964zFJWBINVN33SmPIFox4%2BZEbLX1tJyjdDF4yoCgHqCa%2Fg9Y4gb63f4yB4%2FPgQ1jOwrM8%2FNbSbyzZPcUKrTeX%2BL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c43286b88569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=114 | 192.243.61.227 | 200 OK | 0 B |
URL GET HTTP/1.1retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=114 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=114 HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.9 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:12 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sun, 12 May 2024 19:16:12 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 188.114.96.1 | 200 OK | 341 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP188.114.96.1:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash0013fbb3bd9e7300fa1bc9f62501dcf0 447e4a8994979e2e158b9beff79b94e7d1b29508 4cf18df81115ddab6967dc82096077ee024223dac3c6ffc9b810bffb7780a20e
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:12 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wFtw%2Bnl9%2BPWFcrwIBt4YlkMaaAkkMJQ9Qil4Cze6NbGFdipsZhCUiBGKPhqW7KynpSY6y0sv3mJOD1HbVnJzD9RVVHu9pn9xutBM0BVVSs8JVdj5F5S3rLTfJUsdUWxELov4nWjK7lB9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c4328fc2d569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 17 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash1298b8a71ffc95bcd8c12a4edf7cded3 fa6baae683b44f80e732c480ed53da6e3bef71b0 ae4befdaeb4f3dd4bd9879a4a54b7fc89398167e571d04f7658967edcb338cb3
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 19:16:12 GMT
date: Fri, 10 May 2024 19:16:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 188.114.96.1 | 200 OK | 4.9 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP188.114.96.1:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash3d4123dbfb33d27a5cfdfcfa91df6783 e7d0eeeec54b848f0bc3da8685fa3bc88429d660 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:12 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RxMGPRkuMjx%2BKmDxEZ3GxQpSCTN46Xte5B90AvsZ4%2F7Zvl%2Fht1yCQsY797a3vKd5eXJDslUef%2FC8bas2ZcJgisvvrqsVV893s0Z%2FzQA49qABqEDzvchDGB3hpd47TyN5qRQMlKBJAJNO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c43280b0c569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.131 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.131:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:08:19 GMT
expires: Sat, 10 May 2025 06:08:19 GMT
cache-control: public, max-age=31536000
age: 47273
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| retortedattendnovel.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BL8lOEJTuamEWLiqYyXtvfrdisdZIMDaxqehO7q83uc597z7ufW%2FeJC4MFqTLwb%2Fg5ZukwVqk3QoWmRRcBISOqyzMxv%2BgQtcy4%2BDoWdxzzv2%2BC9%2F9zvn2ML8gIXJ6futjs6%2B0pmuNql%2B5%2BnkQXK9sqiQfVAbt5hfN%2BvWK7V%2FrNKv%2BW5UPJe%2BZtdAPfD%2Fwg8q6sjIyg7UpCJU%2B6gTVjl%2Bth9WgUcfA%2Fr93uQdHPYj%2BBXkdSkxWnnmXoPgYSfz4lnS9zKRvfxDnmmbGoi9OPk16iSkSxIsysh6i5GTOhnHP15%2FCJMczuTD9f4lMTYj361Ow5GQuEqx%2FNNPJNGQCJl5B0R9D6jEUHYObe1DiOQG4wO0tJPGD28YWdO8flE7RCVl5%2BRdUMSErf1xCEv94U6tBZcfoPFMmcRhEJdRgDNUdI81Pke0vQRWn4Nk3UOI3svZyE0l8tOW0gRLnb%2FphRFlDdlYjXu%2Bs1nkrXO1Eor0ayLDVZB0mwqg9M0ipMVQ0hpZDULeM3HnIlYc88pCnHmJxXuFBELR8wanf7nBeEy3JmsIPaCsKaOA328j59A9DZOkQXA%2FB7QFSe4CeGsLmv8DtlnBiGS6bEO%2BTr9EXJQpJUDiCghIUiqDICIp%2BeSy0C135QGiXs2Cew3mulSOTdQ%2Fpscm6MiGgdggrysP0grw2NdGj195BT55Xas1aI6w3O4yGfhS1qZCNeqvT6PgtIRqBbMCpEsotgToP%2B2pCru2USNWEvHHlBRg9hdOn4GoZNL8CWpSguyX2k4cJVT2jq9zEEKZEmq0g2%2FMO9QW5PBvixtYTSH5248%2FaLMBtidSW%2BFI9I%2Bjq%2B6M7piBHd0zhyJOtNFOx2qfTAe9kNJPLDz%2BSe4WxYuOWG37%2FHp8C0%2FLRXemyTZoIlXQd%2BeGmEkLadWO5JD9vuM8k287d7s3cJnm6uf3%2B%2BkacWumcMskYdLqrLyy4mpBXL9%2Bd7e7Vn7ah7Bg2LxHnZ2QeUGYMnh7ApQv9zhBYveCw1EORlyMbssWlVgRaLnrKSrj%2F9GxRjyydvqaqPHT30bVLoNk9JHGJvi3R1yWoHsLly6MstWc3fp%2FLYHppxLRdOmLa6u9mNk%2BPx3DqvFLzRYvJSLaYrDfqkeSCNRrM5xFnNdFuc2RuEr1rv%2FobAAD%2F%2FwEAAP%2F%2F%2FiIN%2FpUEAAA%3D | 192.243.61.227 | 200 OK | 7 B |
URL GET HTTP/1.1retortedattendnovel.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BL8lOEJTuamEWLiqYyXtvfrdisdZIMDaxqehO7q83uc597z7ufW%2FeJC4MFqTLwb%2Fg5ZukwVqk3QoWmRRcBISOqyzMxv%2BgQtcy4%2BDoWdxzzv2%2BC9%2F9zvn2ML8gIXJ6futjs6%2B0pmuNql%2B5%2BnkQXK9sqiQfVAbt5hfN%2BvWK7V%2FrNKv%2BW5UPJe%2BZtdAPfD%2Fwg8q6sjIyg7UpCJU%2B6gTVjl%2Bth9WgUcfA%2Fr93uQdHPYj%2BBXkdSkxWnnmXoPgYSfz4lnS9zKRvfxDnmmbGoi9OPk16iSkSxIsysh6i5GTOhnHP15%2FCJMczuTD9f4lMTYj361Ow5GQuEqx%2FNNPJNGQCJl5B0R9D6jEUHYObe1DiOQG4wO0tJPGD28YWdO8flE7RCVl5%2BRdUMSErf1xCEv94U6tBZcfoPFMmcRhEJdRgDNUdI81Pke0vQRWn4Nk3UOI3svZyE0l8tOW0gRLnb%2FphRFlDdlYjXu%2Bs1nkrXO1Eor0ayLDVZB0mwqg9M0ipMVQ0hpZDULeM3HnIlYc88pCnHmJxXuFBELR8wanf7nBeEy3JmsIPaCsKaOA328j59A9DZOkQXA%2FB7QFSe4CeGsLmv8DtlnBiGS6bEO%2BTr9EXJQpJUDiCghIUiqDICIp%2BeSy0C135QGiXs2Cew3mulSOTdQ%2Fpscm6MiGgdggrysP0grw2NdGj195BT55Xas1aI6w3O4yGfhS1qZCNeqvT6PgtIRqBbMCpEsotgToP%2B2pCru2USNWEvHHlBRg9hdOn4GoZNL8CWpSguyX2k4cJVT2jq9zEEKZEmq0g2%2FMO9QW5PBvixtYTSH5248%2FaLMBtidSW%2BFI9I%2Bjq%2B6M7piBHd0zhyJOtNFOx2qfTAe9kNJPLDz%2BSe4WxYuOWG37%2FHp8C0%2FLRXemyTZoIlXQd%2BeGmEkLadWO5JD9vuM8k287d7s3cJnm6uf3%2B%2BkacWumcMskYdLqrLyy4mpBXL9%2Bd7e7Vn7ah7Bg2LxHnZ2QeUGYMnh7ApQv9zhBYveCw1EORlyMbssWlVgRaLnrKSrj%2F9GxRjyydvqaqPHT30bVLoNk9JHGJvi3R1yWoHsLly6MstWc3fp%2FLYHppxLRdOmLa6u9mNk%2BPx3DqvFLzRYvJSLaYrDfqkeSCNRrM5xFnNdFuc2RuEr1rv%2FobAAD%2F%2FwEAAP%2F%2F%2FiIN%2FpUEAAA%3D IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRS%2BL8lOEJTuamEWLiqYyXtvfrdisdZIMDaxqehO7q83uc597z7ufW%2FeJC4MFqTLwb%2Fg5ZukwVqk3QoWmRRcBISOqyzMxv%2BgQtcy4%2BDoWdxzzv2%2BC9%2F9zvn2ML8gIXJ6futjs6%2B0pmuNql%2B5%2BnkQXK9sqiQfVAbt5hfN%2BvWK7V%2FrNKv%2BW5UPJe%2BZtdAPfD%2Fwg8q6sjIyg7UpCJU%2B6gTVjl%2Bth9WgUcfA%2Fr93uQdHPYj%2BBXkdSkxWnnmXoPgYSfz4lnS9zKRvfxDnmmbGoi9OPk16iSkSxIsysh6i5GTOhnHP15%2FCJMczuTD9f4lMTYj361Ow5GQuEqx%2FNNPJNGQCJl5B0R9D6jEUHYObe1DiOQG4wO0tJPGD28YWdO8flE7RCVl5%2BRdUMSErf1xCEv94U6tBZcfoPFMmcRhEJdRgDNUdI81Pke0vQRWn4Nk3UOI3svZyE0l8tOW0gRLnb%2FphRFlDdlYjXu%2Bs1nkrXO1Eor0ayLDVZB0mwqg9M0ipMVQ0hpZDULeM3HnIlYc88pCnHmJxXuFBELR8wanf7nBeEy3JmsIPaCsKaOA328j59A9DZOkQXA%2FB7QFSe4CeGsLmv8DtlnBiGS6bEO%2BTr9EXJQpJUDiCghIUiqDICIp%2BeSy0C135QGiXs2Cew3mulSOTdQ%2Fpscm6MiGgdggrysP0grw2NdGj195BT55Xas1aI6w3O4yGfhS1qZCNeqvT6PgtIRqBbMCpEsotgToP%2B2pCru2USNWEvHHlBRg9hdOn4GoZNL8CWpSguyX2k4cJVT2jq9zEEKZEmq0g2%2FMO9QW5PBvixtYTSH5248%2FaLMBtidSW%2BFI9I%2Bjq%2B6M7piBHd0zhyJOtNFOx2qfTAe9kNJPLDz%2BSe4WxYuOWG37%2FHp8C0%2FLRXemyTZoIlXQd%2BeGmEkLadWO5JD9vuM8k287d7s3cJnm6uf3%2B%2BkacWumcMskYdLqrLyy4mpBXL9%2Bd7e7Vn7ah7Bg2LxHnZ2QeUGYMnh7ApQv9zhBYveCw1EORlyMbssWlVgRaLnrKSrj%2F9GxRjyydvqaqPHT30bVLoNk9JHGJvi3R1yWoHsLly6MstWc3fp%2FLYHppxLRdOmLa6u9mNk%2BPx3DqvFLzRYvJSLaYrDfqkeSCNRrM5xFnNdFuc2RuEr1rv%2FobAAD%2F%2FwEAAP%2F%2F%2FiIN%2FpUEAAA%3D HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 92987a605467fdd72e1e3d3e03f28371
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=366 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=366 IP172.240.108.84:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=366 HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| retortedattendnovel.com/pixel/sbs?c=1 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1retortedattendnovel.com/pixel/sbs?c=1 IP172.240.108.84:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| downstairsnegotiatebarren.com/sfp.js | 172.67.180.87 | 200 OK | 86 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP172.67.180.87:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:11 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e8f55ab54f9564fa8edca90eecb5bf4e
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 19:16:10 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajPUdc9CcMp3g1beSh6QRsYAbxnjS2MaqyhKemtXgTSPgu3W3TzczUdCTmpUN5Ica4KPotMTil7ykpM9DTT%2Bee0ldULFzTfOdjMZjKtGTqWtN4tQ3IlgT8XErwJZrVTdw1pOZc2y4eyWwImo93l%2FQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c43201a03b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| diegobreslerb3u088qrl.pages.dev/ | 188.114.96.1 | 200 OK | 17 kB |
URL User Request GET HTTP/2diegobreslerb3u088qrl.pages.dev/ IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectdiegobreslerb3u088qrl.pages.dev FingerprintA4:5B:D6:B2:3A:36:98:97:33:52:49:D5:65:DC:99:4B:F5:20:56:62 ValidityThu, 09 May 2024 15:05:58 GMT - Wed, 07 Aug 2024 15:05:57 GMT
File typeHTML document, ASCII text, with very long lines (7816) Hash80742c8a2ee4e9da264d2b26c841bca9 30ea7cc7a12e7e9c64eba8e0313dcf6f41649bd3 c2aefd96fc1e1d101b2410ebbaafb06721ad7912e6ef10c2339ac166c9c238bc
GET / HTTP/1.1
Host: diegobreslerb3u088qrl.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:08 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cfddb8ade536401fc22dc581df304d02"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0XXyqmbxfz%2F96A265cr7DJR9iGXuWqudHtnyL0B7w9xEEWXHTLYJWA2p8q%2B18oDfHUn0DXAM%2Flit7VXcxwvUqrhlqLH1fEhfxzsl0PNbucYu8rG3QTT5D38lAadzBaW5K5MXmRMx7T%2Fndz6CY3GxppMP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c430f68d50b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.131 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.131:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 10:46:32 GMT
expires: Wed, 07 May 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 289780
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 188.114.96.1 | 200 OK | 3.4 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP188.114.96.1:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (3537), with no line terminators Hashb8a277e051f047a41d3229377460f0c9 596b934114e1b6e3cee15ef19925c7f2ff5607e7 9cf981fe6d59b72cb9d12e4bc958983bac07f16b8f1b40bb1c6ced0bf2d6b2d0
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:12 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0WVE1Glcmjs171XhvMV7KdpUtJnMlni1ApPC4vDBsdLIHvcUrc9rOrEiWMsQC2fjglSTDAzj86JU%2BjCs3GT7yBDjheti%2BWK0FtsfISatMdM0j4f4eY%2BfD2PL98jI%2BmBeVllsye0JuhV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c43280b0a569d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=153 | 192.243.61.227 | 200 OK | 0 B |
URL GET HTTP/1.1retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=153 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=153 HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 188.114.96.1 | 200 OK | 84 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP188.114.96.1:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:12 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 870576
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uS9Mz66dTBdLW2u4bioY9dWTGYGnIEHNvZj3OL5kcENQhsUvGjd6I%2F8MsQy7I8lgI0LnpPWhLt%2BmWV7Bbym3hvHvQHmTGxQir0cjbnOyCb8O%2FNMuYWlKRyXcyPEYAF3XB%2B%2Fhjn%2F%2BIJBi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c43286b8c569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= | 142.250.74.78 | 200 OK | 20 B |
URL GET HTTP/2suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP142.250.74.78:443
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hasha1b72ded50d7e2b047cd0d3966b148ab 8ff9743451774724c183efa801b999ecce23821a 4d9063bb918234965c25e4a0844d20c1cb01dae120c181c92f39a33b869be23f
GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:11 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-q2k_R4SHtCBGvzxXjOBNHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.3 | 200 OK | 1.3 kB |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com Fingerprint08:55:F0:C8:EA:24:54:0D:3C:B9:2C:95:3E:DC:BF:FB:A8:76:BA:BC ValidityThu, 09 May 2024 03:01:15 GMT - Wed, 07 Aug 2024 03:01:14 GMT
File typeHTML document, ASCII text, with very long lines (1405), with no line terminators Hash5373f3c4843345dde67db670323b2d54 666b2db9872196e52a2bc902111de5e37aa1ae28 e398fbdac28494dec6505fb0143d4cd41cee83989517e12c13ea113fef006fda
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
Origin: https://diegobreslerb3u088qrl.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:16:12 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 10 May 2024 20:16:12 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=365 | 192.243.61.227 | 200 OK | 0 B |
URL GET HTTP/1.1retortedattendnovel.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=365 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://diegobreslerb3u088qrl.pages.dev/ CertificateIssuerLet's Encrypt Subjectretortedattendnovel.com FingerprintA0:8F:B2:AE:74:76:3F:1D:3A:3F:44:7E:D6:E4:12:F1:7A:C0:42:1B ValidityMon, 06 May 2024 12:51:05 GMT - Sun, 04 Aug 2024 12:51:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=365 HTTP/1.1
Host: retortedattendnovel.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://diegobreslerb3u088qrl.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=02fab5e9-fc49-4c72-9fd8-1e276b9bd2f8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 19:16:12 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|