Report - wenonahwadara.pages.dev/

Report Overview

Submitted URL
wenonahwadara.pages.dev/
IP
172.66.45.9
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 16:39:52
Access
public
Website Title
Janot Loralee - Explore ideas, tips guide and info Janot Loralee
Final URL
wenonahwadara.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
actressdoleful.com	unknown	2023-07-26	2023-07-26	2024-03-22	888 B	44 kB	192.243.59.12
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	416 B	1.3 kB	142.250.74.106
wenonahwadara.pages.dev	unknown	unknown	No data	No data	10 kB	454 kB	172.66.45.9
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-07	422 B	327 B	192.243.59.13
ascensionunfinished.com	unknown	unknown	No data	No data	8.1 kB	13 kB	172.240.108.76
skilledskillemergency.com	unknown	2024-05-06	2024-05-07	2024-05-07	502 B	469 B	172.240.108.68
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-07	338 B	942 B	143.204.53.97
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-07	441 B	61 kB	45.133.44.10
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-07	432 B	28 kB	172.67.180.87
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-06	2.8 kB	184 kB	172.67.141.24
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	526 B	17 kB	216.58.207.227
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-08	447 B	430 B	52.29.105.35
coordinatereopen.com	unknown	unknown	No data	No data	3.2 kB	22 kB	192.243.59.20
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-07	1.5 kB	847 B	192.243.61.227
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-07	491 B	6.1 kB	45.133.44.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	actressdoleful.com	Sinkholed
2024-05-08	medium	actressdoleful.com	Sinkholed
2024-05-08	medium	coordinatereopen.com	Sinkholed
2024-05-08	medium	coordinatereopen.com	Sinkholed
2024-05-08	medium	coordinatereopen.com	Sinkholed
2024-05-08	medium	unseenreport.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed
2024-05-08	medium	skilledskillemergency.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed
2024-05-08	medium	unseenreport.com	Sinkholed
2024-05-08	medium	ascensionunfinished.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	unknown	145 B	2023-11-11	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-11 20:30:10 Last Seen2024-05-19 15:35:20 Times Seen15 Hash e021917df254032b9dfedf181e819c53 0184946d1f92e5e6ffa60e76b9209cc9a44cbd4c 78dc7f2a72cb60e4e1d26a7412b455d8acdf1de46c374b7312080f00efd003ec Loading...

	unknown	3.3 kB	2024-05-08	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:39:59 Last Seen2024-05-08 18:39:59 Times Seen1 Hash 4e9e1bb131bd508e5bc9e4c055a9f39e 1ed0361ce0a25fd1f8ca8526e43d8abdcf72f0cc b703d1602af1a6b8800c22dba6a919e4dc735fe0c4b065a2a234907728100a2d Loading...

	wenonahwadara.pages.dev/	3.0 kB	2024-05-01	2024-05-19
Pretty URL wenonahwadara.pages.dev/ IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 16:26:46 Last Seen2024-05-19 15:35:19 Times Seen7 Hash e1a51a8cc9c84ef3d4a3698aa8e42ff9 53581360b7111e011196f525004c0bc5c461a58d cf82cba8afb40123ffbe65efc2cc4617c7642f3222854950a0e38e94edfcb9fd Loading...

	actressdoleful.com/47e256568502d808b0f4997433da285b/invoke.js	31 kB	2024-05-08	2024-05-08
Pretty URL actressdoleful.com/47e256568502d808b0f4997433da285b/invoke.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:39:59 Last Seen2024-05-08 18:40:00 Times Seen2 Hash f7e243ccce02b7a78c26533f4265e2dc 90a4600f483c2eb6d08a66dcaf25ec122525c5c3 751fb5ec8db7395765bf3abf9aad60d97e4144bde5c40ae771e969218ded9eff Loading...

	wenonahwadara.pages.dev/wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1	3.9 kB	2023-08-22	2024-05-19
Pretty URL wenonahwadara.pages.dev/wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1 IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-22 19:23:33 Last Seen2024-05-19 15:35:20 Times Seen213 Hash dd5ae6bc707588fef1ed7e01dbdbe20f bde44294a64da36bd3382ab6646a976299156fea 756530782672d6af0bec6df0d11aaa9f36ee2ed6e2337e42620b447a718ed8ec Loading...

	wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/navigation.js?ver=01062020	3.1 kB	2023-03-07	2024-05-08
Pretty URL wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/navigation.js?ver=01062020 IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:10 Last Seen2024-05-08 18:39:59 Times Seen23 Hash 1def668134976741ff740af5b259d0f6 f27ad6225f73b7df32c28e59a2b6d9c49fc1c2b8 fbc0800c6cac651ced7cdfa014c5cdd114b1cf9f6a317e99e99919fa8da6bb3a Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.67.180.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	coordinatereopen.com/76/b1/e6/76b1e60a07741106ab551c8186791238.js	44 kB	2024-05-08	2024-05-08
Pretty URL coordinatereopen.com/76/b1/e6/76b1e60a07741106ab551c8186791238.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:39:59 Last Seen2024-05-08 18:40:00 Times Seen2 Hash 49f7a77b6d3c0932f10f1812e52be0a0 c4c5a3257f79aa7799ae65203a82e07f4b11bc54 aab1813545e2ca897aa692288ebc3e42468d25213a296c96788cab3378acf22d Loading...

	wenonahwadara.pages.dev/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	88 kB	2023-11-03	2024-05-20
Pretty URL wenonahwadara.pages.dev/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26:43 Last Seen2024-05-20 02:20:50 Times Seen49227 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	wenonahwadara.pages.dev/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	14 kB	2023-05-09	2024-05-20
Pretty URL wenonahwadara.pages.dev/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21:05 Last Seen2024-05-20 02:16:09 Times Seen87724 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	wenonahwadara.pages.dev/	407 B	2024-05-08	2024-05-08
Pretty URL wenonahwadara.pages.dev/ IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 18:39:59 Last Seen2024-05-08 18:39:59 Times Seen1 Hash 5b5f87f67c202c8ea8b3ef6f36097377 4086620eb18b8b6dbfb478c84f3efef9a2581f54 18da6d4165ae949e84f4da7de9208c032ed7db5cecd8efc89f64ca1759298f50 Loading...

	wenonahwadara.pages.dev/	282 B	2023-11-11	2024-05-18
Pretty URL wenonahwadara.pages.dev/ IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 20:30:10 Last Seen2024-05-18 21:09:08 Times Seen16 Hash c66ea7963d8635cc33b5c226e0f4957b 6426c11d240bab06ae5b1f46bc4a8a58ac3581f9 2cd50d338677a4217a8e0b95cce5c738bb7afac56ea4b2929f2cbaea6f6640a7 Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-20
Pretty URL capaciousdrewreligion.com/advertisers.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 03:05:51 Times Seen37853656 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js	87 kB	2023-03-07	2024-05-20
Pretty URL cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js IP 172.67.141.24 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 01:58:47 Times Seen68110 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	actressdoleful.com/c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js	84 kB	2024-05-08	2024-05-08
Pretty URL actressdoleful.com/c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:39:59 Last Seen2024-05-08 18:40:00 Times Seen2 Hash 2650ea4afec5f6b6f0269b7f7e0cb663 f233fb576163eb2173eba0645808f468ba91bc08 7001005c15493d6b70d426844527e04a480727c317787f544fe7bf109ca123b4 Loading...

	wenonahwadara.pages.dev/	74 B	2024-04-26	2024-05-19
Pretty URL wenonahwadara.pages.dev/ IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 16:31:08 Last Seen2024-05-19 15:35:20 Times Seen12 Hash 099605762c72cc6fa6b7652646c4fa19 8d6c1c61dd281c99e7cd0fd65774c90469c533c4 668950b232c885b14c97216e8d0f303115b63fc16363c74cb24bd8c8bf84c1ea Loading...

	wenonahwadara.pages.dev/	73 B	2024-01-19	2024-05-19
Pretty URL wenonahwadara.pages.dev/ IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-19 20:33:42 Last Seen2024-05-19 15:35:20 Times Seen9 Hash 4ca949f5ffa885fb5073336a83762314 461ad2502ac878d5adedcb25e6881a0143d3835e f536a2577cb53457531c5a7f1818699a958d5ef59b8664fa774ae8d125a683be Loading...

	wenonahwadara.pages.dev/	190 B	2024-05-08	2024-05-08
Pretty URL wenonahwadara.pages.dev/ IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 18:39:59 Last Seen2024-05-08 18:40:00 Times Seen1 Hash b9bd63089707f93e7551bed1b1796aec 7632dbefe971c0c47f28946ff4f15ada757aad5b ee9c1c3fecb398f2ec822e0d00aac8087fe959bc9a107774aa06e9c4d10b170c Loading...

	wenonahwadara.pages.dev/	325 B	2023-03-07	2024-05-19
Pretty URL wenonahwadara.pages.dev/ IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:19:13 Last Seen2024-05-19 15:50:14 Times Seen1915 Hash 06f019a6ff09db6b297570940eec1d5d 872efe186950ce534aad341e7030fe24f7c672dc 53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536 Loading...

	wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/custom.js?ver=6.4.3	1.7 kB	2023-03-07	2024-05-08
Pretty URL wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/custom.js?ver=6.4.3 IP 172.66.45.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:10 Last Seen2024-05-08 18:40:00 Times Seen9 Hash 2adf6a6ab79832058217629f25c5ee05 b17f53780e9e2fc17573021b5ec100b9836b3d8b da02fec518a2fbdb0996b05ebcccc6b8df64a601013ecf157b078684e95dfcce Loading...

	unknown	437 B	2024-05-08	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 18:40:00 Last Seen2024-05-10 21:04:21 Times Seen7 Hash 8156cf9cde1c5d9fd2778b11afa37a6a 84ff4fee4b2c80891a964f5bbac987ce8f06aceb e148c2dfc7ff5ded07e1ae2d7fa7bb8726e51c8149bde7ff2205baf4f1daa43e Loading...

		Size	First Seen	Last Seen
	#1 Eval - f3da1ecfd62b8c2e5d829685082b1e57	2.1 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 18:40:00 Last Seen2024-05-08 18:40:00 Times Seen1 Hash f3da1ecfd62b8c2e5d829685082b1e57 c37ccf0704385e4d7169aa7c4a2459367e764bd2 156cae8e9907d588cbb214723b803e8b25670d04a7c4f5e14f9d6b1e5d7a1f00 Loading...

		Size	First Seen	Last Seen
	#1 Write - 49fe3d36f4979f25a28c86c28668e0d4	110 B	2023-11-11	2024-05-18
Pretty Observations First Seen2023-11-11 20:30:10 Last Seen2024-05-18 21:09:09 Times Seen17 Hash 49fe3d36f4979f25a28c86c28668e0d4 999345220d1c831e00407d83ee7677b382c7d0d7 b0ee77382ac078b401c71dfdd0f0787577a0b6657f956c0a73cb57a5aa5a2e5c Loading...

HTTP Transactions (50)

URL IP Response Size

wenonahwadara.pages.dev/wp-content/themes/skt-glass/css/skt-glass-custom-style.css?ver=6.4.3

172.66.45.9

200 OK

1 B

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/themes/skt-glass/css/skt-glass-custom-style.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

HTTP Headers

GET /wp-content/themes/skt-glass/css/skt-glass-custom-style.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
content-length: 1
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c81f34a698e7379f2708f0e39898b25e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nN5IDxWZSbNGzNg7HPZJQm%2BWUxpSoUeq9bjcWCg6f1L10ysFGiB4dVZtL7%2FHvPdcs7DgDgPrspB0n3T3Lf06VG%2B%2FGEPuCBkZ21Xvh9NEnDNccpzZ7VkLWavLwNrkIv6gq7TpkSKjlpWtHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf4e2256c3-OSL
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1

172.66.45.9

200 OK

1.8 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
JavaScript source, ASCII text
Size
1.8 kB (1822 bytes)
Hash
dd5ae6bc707588fef1ed7e01dbdbe20f
bde44294a64da36bd3382ab6646a976299156fea
756530782672d6af0bec6df0d11aaa9f36ee2ed6e2337e42620b447a718ed8ec

HTTP Headers

GET /wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"155e673a0ef0fa0671bf62a6b4137ed9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKWbwM%2FkSHEEXrFFMJnnXpydAZjeNDgvKf1UjIBys9Tu1eJ2XWWMPFgQFIVZY%2Fraj7uDiIolfgN0T8Nr6ItkutUJDrpQEERX%2BsN1ZcXDNVpf2ijmLX7wdXXENPhVsck%2BTBlyjj14c08Ohg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf5e5c56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

actressdoleful.com/c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js

192.243.59.12

200 OK

31 kB

URL GET HTTP/1.1
actressdoleful.com/c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectactressdoleful.com
Fingerprint2D:0E:60:B8:63:9F:B1:22:4F:1C:82:92:36:74:6A:09:CA:D4:58:8C
ValiditySat, 23 Mar 2024 06:03:40 GMT - Fri, 21 Jun 2024 06:03:39 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30613 bytes)
Hash
2650ea4afec5f6b6f0269b7f7e0cb663
f233fb576163eb2173eba0645808f468ba91bc08
7001005c15493d6b70d426844527e04a480727c317787f544fe7bf109ca123b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js HTTP/1.1
Host: actressdoleful.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 16:39:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2991ffd5523b4e3612cd1a1b0f0de5a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
17d83a6a1ce5ec032b9d0be6c8c68106
9b412e1c9f9694753b73daa262811ec4c420e7d1
935af939ae598190c9c8175f1ac54241ab2614b3c7599a4c92e1be2ecd42ab23

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 08 May 2024 16:39:26 GMT
Last-Modified: Wed, 08 May 2024 14:53:29 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FV8vIlkPlrrskl27qpgYCwFl3I87pOQbTphVn2G_jOl99zE1SdPkIA==
Age: 6357

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
4c6314da504acb585eb6e72d55f5317d
0dad325f04cc86c4492103c50cc9551f0f139b2a
71939c73d570c93e5142d73886b111685f40ec92e37595de5e9599ca90c15949

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://wenonahwadara.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; expires=Sat, 06 May 2034 16:39:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

wenonahwadara.pages.dev/wp-content/fonts/poppins/pxiEyp8kv8JHgFVrJJfecg.woff2

172.66.45.9

200 OK

7.9 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/fonts/poppins/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /wp-content/fonts/poppins/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://wenonahwadara.pages.dev/wp-content/fonts/b98e47528f6014d79ef788191ca21358.css?ver=20201110
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:26 GMT
content-type: font/woff2
content-length: 7884
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "9cc0158c2f34a9bbf8afb6f59f1b7194"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Flu0pn3F12Z1a1Jyky8WzPS%2F6oAbJF6SCdHA%2BObV19B5xUJX5sB2BXfy45D26gXJdHuNWf%2BhWHBoo1xWI0sI4TyrFRr1H7zK%2FpGeee%2FNem%2F1aJkawZ0udf6GMncaH5qEmo1RB8wEBDcZFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2c5a8ad56c3-OSL
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-content/fonts/playfair-display/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2

172.66.45.9

200 OK

38 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/fonts/playfair-display/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
Web Open Font Format (Version 2), TrueType, length 38372, version 1.0
Size
38 kB (38372 bytes)
Hash
16ecec131289ca4925d35c0515b28d9f
e2cbe7ec2bb494226ea423c7a7353b0e18b304c2
cb8cac32d5cef83e7674916378c2f47bdbba7e6e6bd936f8026a58ac4e71fa53

HTTP Headers

GET /wp-content/fonts/playfair-display/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://wenonahwadara.pages.dev/wp-content/fonts/b98e47528f6014d79ef788191ca21358.css?ver=20201110
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:26 GMT
content-type: font/woff2
content-length: 38372
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "3c55185cb577cb7ae21a578127b20c79"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLH1fDJZZVSnbEnftznsUh4JpvaR6GdmH3Px9kJHbgpWiJHu98MXVbe2ShGaza11Mufa0P5ibcimoieIMlzhdpPBn3OMuxkmWJOEwqEDVMyDmjAojmd1r6fJd6a%2ByTBi%2Bd3w1De7peMZWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2c598a256c3-OSL
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-content/fonts/poppins/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

172.66.45.9

200 OK

7.8 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/fonts/poppins/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /wp-content/fonts/poppins/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://wenonahwadara.pages.dev/wp-content/fonts/b98e47528f6014d79ef788191ca21358.css?ver=20201110
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:26 GMT
content-type: font/woff2
content-length: 7816
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "91ec2edb63365377f289207a97941dea"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHQL04ULH5kWGTTLC7dXNio91TD6DXnuUeDOVE2Ec3jEjamdprPUSBzhmJ%2F%2F%2FSu3oF7W5K2QanSZc7FvFKMzIyfDNvLtcMUu2X%2BZrP2dpWZsm0RfZJjOaNqZfgaTpw8tEg7FSDjvpF7aIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2c5b8bf56c3-OSL
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-content/fonts/poppins/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

172.66.45.9

200 OK

7.7 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/fonts/poppins/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /wp-content/fonts/poppins/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://wenonahwadara.pages.dev/wp-content/fonts/b98e47528f6014d79ef788191ca21358.css?ver=20201110
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:26 GMT
content-type: font/woff2
content-length: 7748
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "bb17e458d195348d2c89141f6363e4fe"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z9IBPMlcfrLmL0Q3EsFFa2wNK55vF626aatTMdZYhOqtWiCG4xusW2Y7FvvBaywHQnidotcubIFXb5p4uP30pfPmlO45OG4WWIPsicrO2Y4eiELEXoll39SIDQl%2FxI1B0Dx3HSeZCUwcsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2c5b8bd56c3-OSL
alt-svc: h3=":443"; ma=86400

actressdoleful.com/47e256568502d808b0f4997433da285b/invoke.js

192.243.59.12

200 OK

12 kB

URL GET HTTP/1.1
actressdoleful.com/47e256568502d808b0f4997433da285b/invoke.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectactressdoleful.com
Fingerprint2D:0E:60:B8:63:9F:B1:22:4F:1C:82:92:36:74:6A:09:CA:D4:58:8C
ValiditySat, 23 Mar 2024 06:03:40 GMT - Fri, 21 Jun 2024 06:03:39 GMT

File type
JavaScript source, ASCII text, with very long lines (31360), with no line terminators
Size
12 kB (11886 bytes)
Hash
f7e243ccce02b7a78c26533f4265e2dc
90a4600f483c2eb6d08a66dcaf25ec122525c5c3
751fb5ec8db7395765bf3abf9aad60d97e4144bde5c40ae771e969218ded9eff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /47e256568502d808b0f4997433da285b/invoke.js HTTP/1.1
Host: actressdoleful.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 16:39:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a51ffe4b2a2680627a96ecb69f0973a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

wenonahwadara.pages.dev/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3

172.66.45.9

200 OK

15 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
ASCII text, with very long lines (57196)
Size
15 kB (14898 bytes)
Hash
0234d0a7685aefa6fd06041fbd602928
cbcba60aa82286dd1f877cb8bd5b5cc047f82ce0
0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"141cf6fd3e4b533eaa9c573b7c16bc31"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yi1kDiRN7SDsk%2Bi8%2BgKuxTQ8hb3dZ1l1Cwiin1Q2BisllmaKHEqGSV2n%2B1SVyebVdlGp6JOd81aAYaepoK6oh5m71LMdr%2FM6LozPc38kP2hmK%2Bk0UWBXWSQ7a86EbdpZ64PGx7%2Bq1LJGuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf3e0d56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

coordinatereopen.com/watch.1263800524199.js?key=47e256568502d808b0f4997433da285b&kw=%5B%22janot%22%2C%22loralee%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22janot%22%2C%22loralee%22%5D&refer=https%3A%2F%2Fwenonahwadara.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1

192.243.59.20

307 Temporary Redirect

0 B

URL GET HTTP/1.1
coordinatereopen.com/watch.1263800524199.js?key=47e256568502d808b0f4997433da285b&kw=%5B%22janot%22%2C%22loralee%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22janot%22%2C%22loralee%22%5D&refer=https%3A%2F%2Fwenonahwadara.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcoordinatereopen.com
Fingerprint50:B4:D6:69:01:CA:60:05:4D:2C:55:98:1C:68:5D:64:DE:67:14:BD
ValidityMon, 06 May 2024 12:55:45 GMT - Sun, 04 Aug 2024 12:55:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1263800524199.js?key=47e256568502d808b0f4997433da285b&kw=%5B%22janot%22%2C%22loralee%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22janot%22%2C%22loralee%22%5D&refer=https%3A%2F%2Fwenonahwadara.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1 HTTP/1.1
Host: coordinatereopen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 08 May 2024 16:39:26 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://wenonahwadara.pages.dev
Access-Control-Allow-Origin: https://wenonahwadara.pages.dev
Access-Control-Allow-Credentials: true
Location: https://coordinatereopen.com/watch.1263800524199.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22janot%22%2C%22loralee%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22janot%22%2C%22loralee%22%5D&pst=1715186426&refer=https%3A%2F%2Fwenonahwadara.pages.dev%2F&res=14.2071&rmtc=t&shu=6d4c9f5a6b788632099eaffef3c5b4f1d301abfe375b398b7b6a2f2d2149350126a67780f8c849cab3e64428e100cf7836d5695ff6e171ef5aa41aa42d881e66754473f4c14f93867ed94821bcea7b89f5e8f3&tz=0&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1
Set-Cookie: u_pl=16337114; expires=Thu, 09 May 2024 16:39:26 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjMzNzExNCwiayI6IjQ3ZTI1NjU2ODUwMmQ4MDhiMGY0OTk3NDMzZGEyODViIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzg0OTA0LCJwaWQiOjk1ODkzLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6NSwicHQiOjQsInBrIjoicGt6Z2Rpc2RzIiwiY3BrcyI6eyIyOCI6IjM3ZWIzYzg4MDE5Yjg1OGZhYWZhMmZiMWQ5ODIwNDRlIiwiMjkiOiI3NmIxZTYwYTA3NzQxMTA2YWI1NTFjODE4Njc5MTIzOCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93ZW5vbmFod2FkYXJhLnBhZ2VzLmRldi8iLCJhciI6W119fQ.jHJ4CeIjtDq4QZkh_Jv5cYKmeHPWbMu54WxFCwCh8bc; expires=Wed, 08 May 2024 16:40:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bb17319decf94aeda87bf6cc432887b7
Strict-Transport-Security: max-age=0; includeSubdomains

coordinatereopen.com/76/b1/e6/76b1e60a07741106ab551c8186791238.js

192.243.59.20

200 OK

16 kB

URL GET HTTP/1.1
coordinatereopen.com/76/b1/e6/76b1e60a07741106ab551c8186791238.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcoordinatereopen.com
Fingerprint50:B4:D6:69:01:CA:60:05:4D:2C:55:98:1C:68:5D:64:DE:67:14:BD
ValidityMon, 06 May 2024 12:55:45 GMT - Sun, 04 Aug 2024 12:55:44 GMT

File type
JavaScript source, ASCII text, with very long lines (44067), with no line terminators
Size
16 kB (15797 bytes)
Hash
49f7a77b6d3c0932f10f1812e52be0a0
c4c5a3257f79aa7799ae65203a82e07f4b11bc54
aab1813545e2ca897aa692288ebc3e42468d25213a296c96788cab3378acf22d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /76/b1/e6/76b1e60a07741106ab551c8186791238.js HTTP/1.1
Host: coordinatereopen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 16:39:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3f35de8db2620f053614f1407b4b21c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

coordinatereopen.com/watch.1263800524199.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22janot%22%2C%22loralee%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22janot%22%2C%22loralee%22%5D&pst=1715186426&refer=https%3A%2F%2Fwenonahwadara.pages.dev%2F&res=14.2071&rmtc=t&shu=6d4c9f5a6b788632099eaffef3c5b4f1d301abfe375b398b7b6a2f2d2149350126a67780f8c849cab3e64428e100cf7836d5695ff6e171ef5aa41aa42d881e66754473f4c14f93867ed94821bcea7b89f5e8f3&tz=0&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1

192.243.59.20

200 OK

2.0 kB

URL GET HTTP/1.1
coordinatereopen.com/watch.1263800524199.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22janot%22%2C%22loralee%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22janot%22%2C%22loralee%22%5D&pst=1715186426&refer=https%3A%2F%2Fwenonahwadara.pages.dev%2F&res=14.2071&rmtc=t&shu=6d4c9f5a6b788632099eaffef3c5b4f1d301abfe375b398b7b6a2f2d2149350126a67780f8c849cab3e64428e100cf7836d5695ff6e171ef5aa41aa42d881e66754473f4c14f93867ed94821bcea7b89f5e8f3&tz=0&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcoordinatereopen.com
Fingerprint50:B4:D6:69:01:CA:60:05:4D:2C:55:98:1C:68:5D:64:DE:67:14:BD
ValidityMon, 06 May 2024 12:55:45 GMT - Sun, 04 Aug 2024 12:55:44 GMT

File type
JavaScript source, ASCII text, with very long lines (2428)
Size
2.0 kB (1981 bytes)
Hash
726d9c6221095bc1bb8f685c697940f5
8a610cf3882a6c94bb1ad87d3b7d1a98e376f0d1
c93a406b3aad055ca92b1808df659716e6a2123f61278bd1f3b4abbc98886028

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1263800524199.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22janot%22%2C%22loralee%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22janot%22%2C%22loralee%22%5D&pst=1715186426&refer=https%3A%2F%2Fwenonahwadara.pages.dev%2F&res=14.2071&rmtc=t&shu=6d4c9f5a6b788632099eaffef3c5b4f1d301abfe375b398b7b6a2f2d2149350126a67780f8c849cab3e64428e100cf7836d5695ff6e171ef5aa41aa42d881e66754473f4c14f93867ed94821bcea7b89f5e8f3&tz=0&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1 HTTP/1.1
Host: coordinatereopen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wenonahwadara.pages.dev
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16337114; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjMzNzExNCwiayI6IjQ3ZTI1NjU2ODUwMmQ4MDhiMGY0OTk3NDMzZGEyODViIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzg0OTA0LCJwaWQiOjk1ODkzLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6NSwicHQiOjQsInBrIjoicGt6Z2Rpc2RzIiwiY3BrcyI6eyIyOCI6IjM3ZWIzYzg4MDE5Yjg1OGZhYWZhMmZiMWQ5ODIwNDRlIiwiMjkiOiI3NmIxZTYwYTA3NzQxMTA2YWI1NTFjODE4Njc5MTIzOCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93ZW5vbmFod2FkYXJhLnBhZ2VzLmRldi8iLCJhciI6W119fQ.jHJ4CeIjtDq4QZkh_Jv5cYKmeHPWbMu54WxFCwCh8bc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 16:39:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://wenonahwadara.pages.dev
Access-Control-Allow-Origin: https://wenonahwadara.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; expires=Wed, 15 May 2024 16:39:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 16:39:27 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 16:39:27 GMT; secure; SameSite=None
pdhtkv5=true; expires=Thu, 09 May 2024 16:39:27 GMT; secure; SameSite=None
uncs5=1; expires=Thu, 09 May 2024 16:39:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b6f639a6e5aa7a65ac4ab5b14e85603f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintBB:9C:12:88:24:43:D4:47:71:3F:F0:A4:BB:E1:85:65:CE:E7:92:E4
ValidityMon, 06 May 2024 02:35:23 GMT - Sun, 04 Aug 2024 02:35:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 16:39:27 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0e066b593c4c1669659f6e941fb9b0a5
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/95/12/c0/9512c0d6dbf2eab8fc046a912fe18a7a/1707727883.png

45.133.44.10

200 OK

60 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/95/12/c0/9512c0d6dbf2eab8fc046a912fe18a7a/1707727883.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
60 kB (60534 bytes)
Hash
fa59b7eed8d39eefbb6e5d86ee62f954
2639e72081ee834a38e97ecf19098ba89fdbc300
e728eb929eb52eaae61f77303cba7348e610229d08bce64b9c7b4ae58c019dad

HTTP Headers

GET /cti/95/12/c0/9512c0d6dbf2eab8fc046a912fe18a7a/1707727883.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:27 GMT
content-type: image/png
content-length: 60534
server: nginx/1.21.6
last-modified: Mon, 12 Feb 2024 08:51:32 GMT
etag: "65c9dc14-ec76"
expires: Fri, 10 May 2024 16:39:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=f1700f4b-0822-4d16-b236-b00f784d2e93&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=c331f53d8cb1f5b6cb7f7b13f9d18a13&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=f1700f4b-0822-4d16-b236-b00f784d2e93&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=c331f53d8cb1f5b6cb7f7b13f9d18a13&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=f1700f4b-0822-4d16-b236-b00f784d2e93&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=c331f53d8cb1f5b6cb7f7b13f9d18a13&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:27 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0afa3c366d590787d69184aaa3143f7c
Strict-Transport-Security: max-age=0; includeSubdomains

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27462 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:27 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: aae4c878535f1b66c8505cfd72903b79
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 May 2024 16:39:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8NdW5TS3PlIQGP5ByzpWf8v3CHgp5jxAYVwYD%2FxpF6U7meKeqsoVjW%2FPE0Itbgcv5lwrlwzp44EuQGw9Uk%2B5dLT1ZsZ6bFYoD%2B%2FN1jXJFbKJG2DTFKsyWqP39mE1qB%2BjZRPO8i1Oolb9otnuxcbRug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2ca8c75b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ascensionunfinished.com/sbar.json?key=76b1e60a07741106ab551c8186791238&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1

172.240.108.76

200 OK

8.1 kB

URL GET HTTP/1.1
ascensionunfinished.com/sbar.json?key=76b1e60a07741106ab551c8186791238&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type
JSON text data
Size
8.1 kB (8081 bytes)
Hash
1e9672c367e25eb4b39374130359a9b5
801ca8b99d86acc2abd6587be058192ed474bcb0
6fa366226f6cbf0e34a84fcc4c88d60d846d0cba2f4004d810f27bc9a3e5ce60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=76b1e60a07741106ab551c8186791238&uuid=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:28 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://wenonahwadara.pages.dev
Access-Control-Allow-Origin: https://wenonahwadara.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22919410; expires=Thu, 09 May 2024 16:39:28 GMT; secure; SameSite=None
uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; expires=Wed, 15 May 2024 16:39:28 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 16:39:28 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 16:39:28 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 09 May 2024 16:39:28 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 09 May 2024 16:39:28 GMT; secure; SameSite=None
slec76b1e60a07741106ab551c8186791238=[5210994,5210995]; expires=Wed, 08 May 2024 16:39:33 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 30840092a93dc83439990859d59640f1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ascensionunfinished.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutnuztd%2FihxJMII3hQyM529cx2z5hDMH9Wgms2JoqCilR3VU%2FKre5qqvrPZC4GAxLwMgjqwUvvm90EYxC95WISZhcUFoQdT3twLwqeBFEIgh5kJouL36G%2F7%2Bv3Cl69Vx9sFAfEQ8H2z76sh1IptrTccpvPvkHpyeaqTItBc9D13%2FE7J5umfL7nt9znmi%2BKaF0veS51XerS5oo0ItaDpRkImd3p0VbPbXW8Fl3uYGD%2Bu9vCgWUOeHlAHofk04Ud5zhkNEGafHVW2PVcZyfOJYViuTYo%2Ba3X0vVUVymSozE2DuL01iEb2u6t3INOt%2BZyoct%2FiaGcEufbewjTW4ciEZabc52hgkgR8v%2BhKicQagLJJoj0dUi%2BR4CI48Ia0uTmBW0qdvURymbolCw8%2FAOympKFH48jTb48reSgeVmrIpc6tRjENeRgAtmfICu2kQ8bkNU2ovx9SP49WXq4ijTZXLNKQ%2FL9Z2IauG7cCRfdructdjj1F0Ov7S%2BGrhsH3Q73RK89N0jKCWQ8gRIjMHsMhXVQSAdF7KDIHCR8vxlRSgOXR8zt9qKozQMR%2BtylLIgpo67fRRHN7jBCno0QqREicw2ZuYZ1OYIpHsBeqWF5AzafEueV91DyGpUgqCxBxQgqSVDlBFVZb3FlPVvf5MoWIT3s3mFv12Od9zfYls77IiVgZgTD643sgDw2M9F5%2B%2B7vWBf7zcAPqfBd5gZBh1LXZ%2BHyMo26tOsHPeq1u7CyhrQNMOtgKKfkiae%2FQzYLtvwYIduGVduI5DGw4imwqga7UmOY3o1YIpSSbGiYVayVsb6wLS5KcF0jyxeQX3U21AF5ch7p2nUDEe2e%2Bnvns62fLv%2BJyNTITI135Q5BX90YX9IV2bykK0u%2BXstymcghm8V9OWe5WLj9krhaacPPn7Wjz1%2BIZsBsvPOqsPkqS7lM%2B5Z8cVpyLsyKNpEg35y3r4vwYmGvnC5MWmSrF8%2BsnE8yI6yVOp2Ayb1znyKSU%2FL%2F%2B2%2FN3%2FGJN3%2BGNBOYokZS7JLDgtTbiLJrsNnuqV%2F%2F%2BkV9eOYTWE1g1BEnzBxURT02Xnj0U0kCJY52Ftaw4siCUOze%2F%2B0RNjZsdprJesPeQN80wPLrSJMapalRqhpMjWCLY%2BM8M7unfmjPC6FqjENlGpuhMuqjucmzj4WV%2B82g3XaZ31umQcBEEHa8buxTzpjX8T3fZ23kdhqfvP3gHwAAAP%2F%2FAQAA%2F%2F8pwn2UoQQAAA%3D%3D

172.240.108.76

200 OK

7 B

URL GET HTTP/1.1
ascensionunfinished.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutnuztd%2FihxJMII3hQyM529cx2z5hDMH9Wgms2JoqCilR3VU%2FKre5qqvrPZC4GAxLwMgjqwUvvm90EYxC95WISZhcUFoQdT3twLwqeBFEIgh5kJouL36G%2F7%2Bv3Cl69Vx9sFAfEQ8H2z76sh1IptrTccpvPvkHpyeaqTItBc9D13%2FE7J5umfL7nt9znmi%2BKaF0veS51XerS5oo0ItaDpRkImd3p0VbPbXW8Fl3uYGD%2Bu9vCgWUOeHlAHofk04Ud5zhkNEGafHVW2PVcZyfOJYViuTYo%2Ba3X0vVUVymSozE2DuL01iEb2u6t3INOt%2BZyoct%2FiaGcEufbewjTW4ciEZabc52hgkgR8v%2BhKicQagLJJoj0dUi%2BR4CI48Ia0uTmBW0qdvURymbolCw8%2FAOympKFH48jTb48reSgeVmrIpc6tRjENeRgAtmfICu2kQ8bkNU2ovx9SP49WXq4ijTZXLNKQ%2FL9Z2IauG7cCRfdructdjj1F0Ov7S%2BGrhsH3Q73RK89N0jKCWQ8gRIjMHsMhXVQSAdF7KDIHCR8vxlRSgOXR8zt9qKozQMR%2BtylLIgpo67fRRHN7jBCno0QqREicw2ZuYZ1OYIpHsBeqWF5AzafEueV91DyGpUgqCxBxQgqSVDlBFVZb3FlPVvf5MoWIT3s3mFv12Od9zfYls77IiVgZgTD643sgDw2M9F5%2B%2B7vWBf7zcAPqfBd5gZBh1LXZ%2BHyMo26tOsHPeq1u7CyhrQNMOtgKKfkiae%2FQzYLtvwYIduGVduI5DGw4imwqga7UmOY3o1YIpSSbGiYVayVsb6wLS5KcF0jyxeQX3U21AF5ch7p2nUDEe2e%2Bnvns62fLv%2BJyNTITI135Q5BX90YX9IV2bykK0u%2BXstymcghm8V9OWe5WLj9krhaacPPn7Wjz1%2BIZsBsvPOqsPkqS7lM%2B5Z8cVpyLsyKNpEg35y3r4vwYmGvnC5MWmSrF8%2BsnE8yI6yVOp2Ayb1znyKSU%2FL%2F%2B2%2FN3%2FGJN3%2BGNBOYokZS7JLDgtTbiLJrsNnuqV%2F%2F%2BkV9eOYTWE1g1BEnzBxURT02Xnj0U0kCJY52Ftaw4siCUOze%2F%2B0RNjZsdprJesPeQN80wPLrSJMapalRqhpMjWCLY%2BM8M7unfmjPC6FqjENlGpuhMuqjucmzj4WV%2B82g3XaZ31umQcBEEHa8buxTzpjX8T3fZ23kdhqfvP3gHwAAAP%2F%2FAQAA%2F%2F8pwn2UoQQAAA%3D%3D
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutnuztd%2FihxJMII3hQyM529cx2z5hDMH9Wgms2JoqCilR3VU%2FKre5qqvrPZC4GAxLwMgjqwUvvm90EYxC95WISZhcUFoQdT3twLwqeBFEIgh5kJouL36G%2F7%2Bv3Cl69Vx9sFAfEQ8H2z76sh1IptrTccpvPvkHpyeaqTItBc9D13%2FE7J5umfL7nt9znmi%2BKaF0veS51XerS5oo0ItaDpRkImd3p0VbPbXW8Fl3uYGD%2Bu9vCgWUOeHlAHofk04Ud5zhkNEGafHVW2PVcZyfOJYViuTYo%2Ba3X0vVUVymSozE2DuL01iEb2u6t3INOt%2BZyoct%2FiaGcEufbewjTW4ciEZabc52hgkgR8v%2BhKicQagLJJoj0dUi%2BR4CI48Ia0uTmBW0qdvURymbolCw8%2FAOympKFH48jTb48reSgeVmrIpc6tRjENeRgAtmfICu2kQ8bkNU2ovx9SP49WXq4ijTZXLNKQ%2FL9Z2IauG7cCRfdructdjj1F0Ov7S%2BGrhsH3Q73RK89N0jKCWQ8gRIjMHsMhXVQSAdF7KDIHCR8vxlRSgOXR8zt9qKozQMR%2BtylLIgpo67fRRHN7jBCno0QqREicw2ZuYZ1OYIpHsBeqWF5AzafEueV91DyGpUgqCxBxQgqSVDlBFVZb3FlPVvf5MoWIT3s3mFv12Od9zfYls77IiVgZgTD643sgDw2M9F5%2B%2B7vWBf7zcAPqfBd5gZBh1LXZ%2BHyMo26tOsHPeq1u7CyhrQNMOtgKKfkiae%2FQzYLtvwYIduGVduI5DGw4imwqga7UmOY3o1YIpSSbGiYVayVsb6wLS5KcF0jyxeQX3U21AF5ch7p2nUDEe2e%2Bnvns62fLv%2BJyNTITI135Q5BX90YX9IV2bykK0u%2BXstymcghm8V9OWe5WLj9krhaacPPn7Wjz1%2BIZsBsvPOqsPkqS7lM%2B5Z8cVpyLsyKNpEg35y3r4vwYmGvnC5MWmSrF8%2BsnE8yI6yVOp2Ayb1znyKSU%2FL%2F%2B2%2FN3%2FGJN3%2BGNBOYokZS7JLDgtTbiLJrsNnuqV%2F%2F%2BkV9eOYTWE1g1BEnzBxURT02Xnj0U0kCJY52Ftaw4siCUOze%2F%2B0RNjZsdprJesPeQN80wPLrSJMapalRqhpMjWCLY%2BM8M7unfmjPC6FqjENlGpuhMuqjucmzj4WV%2B82g3XaZ31umQcBEEHa8buxTzpjX8T3fZ23kdhqfvP3gHwAAAP%2F%2FAQAA%2F%2F8pwn2UoQQAAA%3D%3D HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec76b1e60a07741106ab551c8186791238=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 800cd7c24cd9d75648fa1fe93487849f
Strict-Transport-Security: max-age=0; includeSubdomains

ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Findex.html&l=1125&fd=120

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Findex.html&l=1125&fd=120
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Findex.html&l=1125&fd=120 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec76b1e60a07741106ab551c8186791238=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/icon.png

172.67.141.24

200 OK

12 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/icon.png
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 230 x 253, 8-bit colormap, non-interlaced
Size
12 kB (11963 bytes)
Hash
b1f546ae7b0fbf8f3d19946146456d8a
37792f4d6fb3482b3d0281139a61e2e426fa3056
2a0b851026a70a5da3b5f2fe9e7f5d098c4126c035a68de8e90f8408bab6fd33

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/img/icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:28 GMT
content-type: image/png
content-length: 11963
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: "65aa847c-2ebb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 692488
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcG5lO0le7HhoZljgM4VyU1Ean1BnsPyF4vw30z4uTZ10d9594Q3rpHJ3xZUv9oqlCFBZY81MZhk3z7C6EUTZO1jMNRmuQLzimiiJtOn6p72u3ctebsTeNIR18m3WsF61HBoWP3I9GU7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2d46cedb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/close.svg

172.67.141.24

200 OK

1.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/close.svg
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1047 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:28 GMT
content-type: image/svg+xml
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1981590
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9eKX2%2BLS%2BCpr7KSU5wwXgQiQWoUuXuMbvw4Pusk%2FxK8NpZ9sW%2FMSQAClUP5IBrBLoLOjIkl7wKpTDWUWxGPvaqCjHOdVNbJqLUdcoVwE6xDUVrCCMPLTZFKQewpjyFPPTbLCnCBETLsf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2d46ce9b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/interstitial/sweep/default/stories/1/index.html

45.133.44.3

200 OK

5.7 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/interstitial/sweep/default/stories/1/index.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
gzip compressed data, from Unix
Size
5.7 kB (5721 bytes)
Hash
c8baa7e71d37994fcd68f65beeafd52c
46c44c038bd3b0e89accb58ce9ea2811d443bb63
f67b64a8f38bd7cb21f619542f86de868b954c3a6d72c4cea29c1468d3401a73

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:28 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-465"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 08 May 2024 17:39:28 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

717 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
717 B (717 bytes)
Hash
5e48f11f5e65274412215f94f73f8c49
4dd35e5b5136df76bd7ff9da1f119d0ec0e57ff7
40992eb57d95a0165a6d56399cd9afd60cc2cac6f06579b8d87079ccaab91e29

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 16:39:28 GMT
date: Wed, 08 May 2024 16:39:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/style.css

172.67.141.24

200 OK

505 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/style.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
505 B (505 bytes)
Hash
09e402648e8c3edf74a22296eec8ed6e
50f3fccaf2074366bd61b4925cdad604f951c17b
4cf2b716e0c42dfcdbb8bb614c9011874da5d744edc1db3a9bc9bea28e13301d

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:28 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-59a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EQd8LhS9%2F%2Fw08rBb8V2tKJHbNskJA%2BrQ9Cfe%2FnOjlDkVAr42R5mowdZRKd%2B0TuPKBxEul0Sduu6qiJzO2YGwC7hqlPPvv3%2B9d4c3a%2Fw5TtvmhTY%2BdRG9eSQ6Z3x0ZSIuEHJMaBbiM3Fm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2d3dc25b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/script.js

172.67.141.24

200 OK

145 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/script.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
145 B (145 bytes)
Hash
f892d13477b4dc50738e456394213c85
7fd3b8db8ae9065a1ca71e93d2d8c54a30f0c4d3
fce0518bf4195114ede5ba3e52220db0b2566b606eb8ee6d28199bc6587f7f5d

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:29 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-141"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKV6GNRxoWkWsiUzzJKuQLT2DZiqObx9YY9r682C4ZlXbjs2HX%2BKu3pHuDOdUAmmK8utbi4Ye9ahhkQpPlfYtHz5TjORYY4RzCfsxrSsPAB2WtRJmTIo5y90WFkV60XKmcDMS1kXR4ut"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2d57e8bb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 371452
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ascensionunfinished.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcxR%2Btnuztf%2FijxJMII3hQyM52z%2FeYQzAfK8E1GxNFQUXqqyflVnc1Vf0xmYvBBQl4GQT14KX3zW4WYxC95WISZhcUFoQdT3twLwqeBFEIgh5kJouLv0P%2Ffr9%2Br%2BDVe%2FXBRnZI6sjowfmXzVBpTZdaNb%2F67BtBcLq6ouJsUB102%2B%2B0m6erNn%2B%2B1675z1VflHzNLNX9wPcDP6guKytDM1iagVDJnV5Q6%2Fm1Zr0WtJoY2P%2FuLvPgqAeRH5LHocR0Ydc7CcUniKOvzku3lprk1IUo0zQ1FrnYfi1ei00RIzoeQ%2BshjLeP2DBuf%2FkeTLw1lwuT%2F0tkakq8b%2B%2BBxdtHIsHyzblOpiFjMPE%2FFPkEUk%2Bg6ATcrEOJfQJwgUuriKNbl4wt6PVHKJ2hU7Lw8A%2BoYkoWfjyJOPryrFaD6lWjs1SZ2GEQllCDCVR%2FgiTbQTqsQBU74On7UOJ7svRwBXG0ueq0gRIHz4RBx%2FfDJlv0u%2FX6YlME7UVWb7QXme%2BHnW5T1GWvMTdIqQlUOIGWI1B3ApnzkCkPWeghSzxE4qDKgyDo%2BIJTv9vjvCE6krWFH9BOGNDAb3eR8dkdRkiTEbgegdsbSOwNrKkRbPYA7loJJypw6ZR4r7yHXJQoJEHhCApKUCiCIiUo8nJLaFd35S2hXcaCo14%2F6o1ybNL%2BBt0yaV%2FGBNSOYEW5kRySx2Ymem%2Ff%2FR1r8qDaabNAtn3qdzrNIPDblLVaAe8G3XanF9QbXThVQrkKqPMwVFPyxNPfIZkFm38MRnfg9A64OgGaPQValKDXSgzju5xGUmtFh5Y6TWsJ7UtXEzKHMCWSdAHpdW9DH5In55GurltIvnfm793Ptn66%2Bie4LZHYEu%2BqXYK%2Bvjm%2BYgqyecUUjny9mqQqUkM6i%2FtqSlO5cPsleb0wVlw870afv8BnwGy886p06QqNhYr7jnxxVgkh7bKxXJJvLrrXJbucuWtnMxtnycrlc8sXo8RK55SJJ6Bq%2F8Kn4GpK%2Fn%2F%2Frfk7PvXmz1B2ApuViLI9clRQZgc8uQGX7J359a9f9IfnPoEzBFYfc1jiocjKsa2z459aEWh5vFNWwsljC5jcu%2F%2FbI2xs6ew0VeWGu4m%2BrYCm64ijErktkesSVI%2FgshPjNLF7Z35ozAtMV8ZM28om01Z%2FNDd59nFw6qDa8EWHyVB2mGy2mqHkgrVazOchZw3R7XKkbhqevv3gHwAAAP%2F%2FAQAA%2F%2F%2BpFqh8oQQAAA%3D%3D

172.240.108.76

200 OK

7 B

URL GET HTTP/1.1
ascensionunfinished.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcxR%2Btnuztf%2FijxJMII3hQyM52z%2FeYQzAfK8E1GxNFQUXqqyflVnc1Vf0xmYvBBQl4GQT14KX3zW4WYxC95WISZhcUFoQdT3twLwqeBFEIgh5kJouLv0P%2Ffr9%2Br%2BDVe%2FXBRnZI6sjowfmXzVBpTZdaNb%2F67BtBcLq6ouJsUB102%2B%2B0m6erNn%2B%2B1675z1VflHzNLNX9wPcDP6guKytDM1iagVDJnV5Q6%2Fm1Zr0WtJoY2P%2FuLvPgqAeRH5LHocR0Ydc7CcUniKOvzku3lprk1IUo0zQ1FrnYfi1ei00RIzoeQ%2BshjLeP2DBuf%2FkeTLw1lwuT%2F0tkakq8b%2B%2BBxdtHIsHyzblOpiFjMPE%2FFPkEUk%2Bg6ATcrEOJfQJwgUuriKNbl4wt6PVHKJ2hU7Lw8A%2BoYkoWfjyJOPryrFaD6lWjs1SZ2GEQllCDCVR%2FgiTbQTqsQBU74On7UOJ7svRwBXG0ueq0gRIHz4RBx%2FfDJlv0u%2FX6YlME7UVWb7QXme%2BHnW5T1GWvMTdIqQlUOIGWI1B3ApnzkCkPWeghSzxE4qDKgyDo%2BIJTv9vjvCE6krWFH9BOGNDAb3eR8dkdRkiTEbgegdsbSOwNrKkRbPYA7loJJypw6ZR4r7yHXJQoJEHhCApKUCiCIiUo8nJLaFd35S2hXcaCo14%2F6o1ybNL%2BBt0yaV%2FGBNSOYEW5kRySx2Ymem%2Ff%2FR1r8qDaabNAtn3qdzrNIPDblLVaAe8G3XanF9QbXThVQrkKqPMwVFPyxNPfIZkFm38MRnfg9A64OgGaPQValKDXSgzju5xGUmtFh5Y6TWsJ7UtXEzKHMCWSdAHpdW9DH5In55GurltIvnfm793Ptn66%2Bie4LZHYEu%2BqXYK%2Bvjm%2BYgqyecUUjny9mqQqUkM6i%2FtqSlO5cPsleb0wVlw870afv8BnwGy886p06QqNhYr7jnxxVgkh7bKxXJJvLrrXJbucuWtnMxtnycrlc8sXo8RK55SJJ6Bq%2F8Kn4GpK%2Fn%2F%2Frfk7PvXmz1B2ApuViLI9clRQZgc8uQGX7J359a9f9IfnPoEzBFYfc1jiocjKsa2z459aEWh5vFNWwsljC5jcu%2F%2FbI2xs6ew0VeWGu4m%2BrYCm64ijErktkesSVI%2FgshPjNLF7Z35ozAtMV8ZM28om01Z%2FNDd59nFw6qDa8EWHyVB2mGy2mqHkgrVazOchZw3R7XKkbhqevv3gHwAAAP%2F%2FAQAA%2F%2F%2BpFqh8oQQAAA%3D%3D
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcxR%2Btnuztf%2FijxJMII3hQyM52z%2FeYQzAfK8E1GxNFQUXqqyflVnc1Vf0xmYvBBQl4GQT14KX3zW4WYxC95WISZhcUFoQdT3twLwqeBFEIgh5kJouLv0P%2Ffr9%2Br%2BDVe%2FXBRnZI6sjowfmXzVBpTZdaNb%2F67BtBcLq6ouJsUB102%2B%2B0m6erNn%2B%2B1675z1VflHzNLNX9wPcDP6guKytDM1iagVDJnV5Q6%2Fm1Zr0WtJoY2P%2FuLvPgqAeRH5LHocR0Ydc7CcUniKOvzku3lprk1IUo0zQ1FrnYfi1ei00RIzoeQ%2BshjLeP2DBuf%2FkeTLw1lwuT%2F0tkakq8b%2B%2BBxdtHIsHyzblOpiFjMPE%2FFPkEUk%2Bg6ATcrEOJfQJwgUuriKNbl4wt6PVHKJ2hU7Lw8A%2BoYkoWfjyJOPryrFaD6lWjs1SZ2GEQllCDCVR%2FgiTbQTqsQBU74On7UOJ7svRwBXG0ueq0gRIHz4RBx%2FfDJlv0u%2FX6YlME7UVWb7QXme%2BHnW5T1GWvMTdIqQlUOIGWI1B3ApnzkCkPWeghSzxE4qDKgyDo%2BIJTv9vjvCE6krWFH9BOGNDAb3eR8dkdRkiTEbgegdsbSOwNrKkRbPYA7loJJypw6ZR4r7yHXJQoJEHhCApKUCiCIiUo8nJLaFd35S2hXcaCo14%2F6o1ybNL%2BBt0yaV%2FGBNSOYEW5kRySx2Ymem%2Ff%2FR1r8qDaabNAtn3qdzrNIPDblLVaAe8G3XanF9QbXThVQrkKqPMwVFPyxNPfIZkFm38MRnfg9A64OgGaPQValKDXSgzju5xGUmtFh5Y6TWsJ7UtXEzKHMCWSdAHpdW9DH5In55GurltIvnfm793Ptn66%2Bie4LZHYEu%2BqXYK%2Bvjm%2BYgqyecUUjny9mqQqUkM6i%2FtqSlO5cPsleb0wVlw870afv8BnwGy886p06QqNhYr7jnxxVgkh7bKxXJJvLrrXJbucuWtnMxtnycrlc8sXo8RK55SJJ6Bq%2F8Kn4GpK%2Fn%2F%2Frfk7PvXmz1B2ApuViLI9clRQZgc8uQGX7J359a9f9IfnPoEzBFYfc1jiocjKsa2z459aEWh5vFNWwsljC5jcu%2F%2FbI2xs6ew0VeWGu4m%2BrYCm64ijErktkesSVI%2FgshPjNLF7Z35ozAtMV8ZM28om01Z%2FNDd59nFw6qDa8EWHyVB2mGy2mqHkgrVazOchZw3R7XKkbhqevv3gHwAAAP%2F%2FAQAA%2F%2F%2BpFqh8oQQAAA%3D%3D HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec76b1e60a07741106ab551c8186791238=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:29 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 961f386f3c5e261d8c2dd51a2ef3d387
Strict-Transport-Security: max-age=0; includeSubdomains

wenonahwadara.pages.dev/wp-content/themes/skt-glass/css/responsive.css?ver=6.4.3

172.66.45.9

200 OK

3.8 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/themes/skt-glass/css/responsive.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
ASCII text, with CRLF line terminators
Size
3.8 kB (3801 bytes)
Hash
2f44c9d880998ea6022a640185ccc067
f958e557c6fd33623836d6e846c75639e4dda908
2427ce1369251245c47be65d147c4a5e0e1c187a9f661c1d743b1720be0001b9

HTTP Headers

GET /wp-content/themes/skt-glass/css/responsive.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"85df1ae8c0e8aea9068c5af7e39ed0a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j3fg3COabXieKVy9N%2Fj%2FJgYIKiVvv7zx1uk8dnN090hi9Kqp0s139oO8q72NjmtzisHV%2FfspgkN3LOXPaxRqA5Syf33JEhV%2Fxm5liBtxdFLVQww8gJtyxANGwfZ2oCB6MrPH3f0f5x0%2Buw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf3e1256c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/custom.js?ver=6.4.3

172.66.45.9

200 OK

11 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/custom.js?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
11 kB (10977 bytes)
Hash
2adf6a6ab79832058217629f25c5ee05
b17f53780e9e2fc17573021b5ec100b9836b3d8b
da02fec518a2fbdb0996b05ebcccc6b8df64a601013ecf157b078684e95dfcce

HTTP Headers

GET /wp-content/themes/skt-glass/js/custom.js?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"6ec2c68b5287124b160e004ee58ac8ad"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3lTkzIJUPCcLQ9CJWSstcqwDB0GeZdMXCkDWceZ5NvJ4iX1iDBEUuhsHA8MsMdfRUuq%2F93xRqD5ns%2FCQUieNm5JgTUf%2FzUoZeqzLr0ItxZcwgFbT8lA6mVen6V%2BUY7qtIiUCMgUvVMUNbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf5e5256c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-content/themes/skt-glass/css/style_base.css?ver=6.4.3

172.66.45.9

200 OK

8.4 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/themes/skt-glass/css/style_base.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
8.4 kB (8387 bytes)
Hash
5865ce058be82698841c8fe9b5753862
b9abe947dacff433bebe5246612063df41988359
082cbc1ae4b883be94e382b73caa4341037725426b2300e4c0f7cfdbc43402d1

HTTP Headers

GET /wp-content/themes/skt-glass/css/style_base.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d8e4fd3d60ad4b672d84012314c192d6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b8ilNd6T%2BZFenDEhDRJDC%2BqgxXnMJU%2Bhc5dV0%2FmUM9nwRYNnxVJWu1IlMfOKYKFOBtPbNRRUYSggCqwLViH5zejXHJ8EX4nAdpVTAwaeak8J7mMCGLgYK2S5VZjz5fPzfF2%2B1mL%2FzELtWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf3e2056c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-content/plugins/advanced-random-posts-widget/assets/css/arpw-frontend.css?ver=6.4.3

172.66.45.9

200 OK

275 B

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/plugins/advanced-random-posts-widget/assets/css/arpw-frontend.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
ASCII text, with very long lines (312), with no line terminators
Size
275 B (275 bytes)
Hash
58e671c19d0c80d4cd0dfc871532c81d
1236a814bc62bb0f3eaa97ff3b3464969211d835
6ee0f5e3cc7aff02c7f1ff31581494303213619f7f31004c7c2a748891592301

HTTP Headers

GET /wp-content/plugins/advanced-random-posts-widget/assets/css/arpw-frontend.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"89495a62273346014c21c363f32c166b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EzSF28ew1yLS4%2FhoSgqakX2eOhx1k4nGYEEeHs8cL8Pb0kZUEvzEy%2BFWUGEOjsdkW0ymORzfONG%2BOEW2UpJsefQGy%2F8D4I8EFvCkKDj0a5fS%2FrbiePLe%2FZR4WacXROTecWFTkj064pfGFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf4e2856c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

skilledskillemergency.com/pixel/purst?dl=0&th=0&sc=0&rs=1364&rd=1364&fd=1005&bv=24.5.6485&tmpl=70

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
skilledskillemergency.com/pixel/purst?dl=0&th=0&sc=0&rs=1364&rd=1364&fd=1005&bv=24.5.6485&tmpl=70
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectskilledskillemergency.com
Fingerprint21:B4:F5:6D:B3:E3:91:D3:47:51:9B:77:81:06:39:2A:87:28:32:03
ValidityMon, 06 May 2024 08:19:35 GMT - Sun, 04 Aug 2024 08:19:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1364&rd=1364&fd=1005&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: skilledskillemergency.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/animate.css

172.67.141.24

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/animate.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (78693 bytes)
Hash
5982c5377696d20476871062646b253f
8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242
4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
Origin: https://wenonahwadara.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:28 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rr9keNzNzp%2FDDKvTNVRfuXg9G2sIzebsL0IVqjienZ3Rt5lMh5MCZ%2FkgV1xhNCJKXbwVoXdC9%2BsPTnW0OLxGUdO5l%2B0bxyjQcPh6cI4zHrSPZuLGKVZVwcKWyxq6ViXZmnuGlnOxM6Kc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2d3dc29b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wenonahwadara.pages.dev/

172.66.45.9

200 OK

46 kB

URL User Request GET HTTP/2
wenonahwadara.pages.dev/
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type

Size
46 kB (45724 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"945adcc06e4281f01af7a9a3e41c1148"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mGuR9Ww1eSGtDiS%2FEgEhRyeEQSFCSIPhv1eXjUBtjVj1EOnN5%2BMm6%2FBBWcpov3eEDxDbfdCOW%2B31XcIVnXHNICMQBrWWsnn3PpUScaMpMUPSDBCysa1fPaVDXg3CixstjSj8kfYbK%2F6%2FAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bd299056b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wenonahwadara.pages.dev/wp-content/fonts/b98e47528f6014d79ef788191ca21358.css?ver=20201110

172.66.45.9

200 OK

46 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/fonts/b98e47528f6014d79ef788191ca21358.css?ver=20201110
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
ASCII text
Size
46 kB (45646 bytes)
Hash
37530d7c7164c401a7f6815f977d74a6
6503cf1214019667d748079dc50f171dbe2216fa
ed4b58bc078f5fc730bad14e6f639d70e638e6bcef0ebc8f6bfaee78a2975975

HTTP Headers

GET /wp-content/fonts/b98e47528f6014d79ef788191ca21358.css?ver=20201110 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ad2b4bdb870ed6bb2c106258b0a03ea2"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1tm4%2FcJ9oVvOP%2FACFtSOpDSi%2F65aKU1mm3ymo8Y24BwehShXZHLovM0OtoezHyE0fqs2vz7fTTB3P8npH%2FRpuMsu1Z1dGTAGyUBX%2FLFkr%2FNkT3LY1%2BTW7ziCgC4GLOZbI%2Fmn96rK8%2FSKrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf3e0b56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fanimate.css&l=78693&fd=345

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fanimate.css&l=78693&fd=345
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fanimate.css&l=78693&fd=345 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec76b1e60a07741106ab551c8186791238=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wenonahwadara.pages.dev/wp-content/themes/skt-glass/style.css?ver=6.4.3

172.66.45.9

200 OK

36 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/themes/skt-glass/style.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
ASCII text, with very long lines (614), with CRLF line terminators
Size
36 kB (36509 bytes)
Hash
a23d0f12b867832ccb8999fdceca6964
6c6dab4a9107cb7b87b95c07b7a09c889464d734
d1dd911c1e8c0f4087752399b4a468fd6831db4f0622b1eee0ca5a4eb603fd8d

HTTP Headers

GET /wp-content/themes/skt-glass/style.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"3875cc236812e967fb064da895259ebf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=103zKPXsGCZFYWaRWuutuXbGGbaovpdNnT9TN6cAdZQLDEpattT3V6feAmSoEV8OvHIVmmf3zrfXJ5lMg%2FDmeoxy8BkGVAOdC%2BXwuVdtvDvvWD4wVSCCHw3yN4hbUi2cTEOu6RI34AHSPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf3e1056c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js

172.67.141.24

200 OK

87 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 16:39:28 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-15283"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 692488
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rHPZQoGB5qAB9BsMa0Z3XzyPj5nnIKbTULkyhqFMxOiY9aSSB6j863QJy0138HBl4UGwRmtVKknqj%2BR8zIV32yN5dXBKZKx5hHz3wv1Cj2pRDWbfHehETdtwqE%2FyrpHO%2FsiNlWQYhOIe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2d46cf1b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wenonahwadara.pages.dev/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

172.66.45.9

200 OK

88 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87553 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"4faaa9d1e8ac6b951abd4ab674ea9ec1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ipjxlafm64onjL%2B75IwQ%2FMxB0sXRrlWmkfEj%2FQL%2B2C78t5uuzWVwtVmeBlCnhJLun8Fd4bEHEaiJ%2BuBSdolwdGkG44EJ6%2BtS1emE88Z7EIaP1u%2Fvojp%2FgjwlcO2xUlqhi5ZJ0ZE3FtYew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf4e4256c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ascensionunfinished.com/pixel/sbs?c=1

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
ascensionunfinished.com/pixel/sbs?c=1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec76b1e60a07741106ab551c8186791238=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wenonahwadara.pages.dev/wp-content/themes/skt-glass/editor-style.css?ver=6.4.3

172.66.45.9

200 OK

139 B

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/themes/skt-glass/editor-style.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
ASCII text, with no line terminators
Size
139 B (139 bytes)
Hash
4cb0a1a0edb939cbddc5ad062f80709c
a86f144dde037c784a2f87c641790361fd4734a9
60fa7e762c023e5e3e9e722e523f9e77a1907490fe2fd2db01860aceaba662dd

HTTP Headers

GET /wp-content/themes/skt-glass/editor-style.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"f86d019fd3fcae60a173636fa640fbb7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r7mqOOYAcMmlg44mv%2BT6lihWwbACrVHok4qGz9oEkodno%2F8wenQ%2BQbzVAhUU%2BKz5yhjTCWV87CxwDB%2F%2Bk56jneKU2QZUV3Fd4XKZcGNz7MiUtzOLKM6uH%2FsWdlGi%2BIsXuecHE9na8awneg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf3e1956c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-includes/css/dashicons.min.css?ver=6.4.3

172.66.45.9

200 OK

59 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-includes/css/dashicons.min.css?ver=6.4.3
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
ASCII text, with very long lines (59011)
Size
59 kB (59046 bytes)
Hash
698dbaf3ba36efe1268bbc435cecc176
f47d3648beb42f03e62e441cd34ce7e5f62a9ab9
cb09b363564f8d8aee9bebbf4cd2f1f6437a8d9394c07a0e01ef07856328e871

HTTP Headers

GET /wp-includes/css/dashicons.min.css?ver=6.4.3 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"71c6d306fcffa56f32aac2c94e870649"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XPyhabXujiAfUQJHxIh8T%2BXWSiCwGx7F8yppGBxzhjzGZpINxD3I09nehv8a64xkImTUkuTMIMYjHOqMGXQiw2RqhJlIiCc3c8sPVS%2FtGpRH3MUT2wZ6a2T8%2B0SRKxr8tSVEz%2FruUz6ZZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf4e3256c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

172.66.45.9

200 OK

14 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ff416357a541c2641e2808b797569af3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=igwduzSJPetWn8G9tKc6%2F%2BwmRZ73SmL42yG6Lvj14lsQkvTJdWVwspUgxeO2fbOWirwcFzS9nMPKgDQRNcrg4x%2FvCnrtEPJxV%2FIAAm07VARWVYNTkTMyYQY6H8vXSJuUlxpyIkxGJ1w2%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf4e4556c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fjs%2Fscript.js&l=321&fd=299

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fjs%2Fscript.js&l=321&fd=299
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fjs%2Fscript.js&l=321&fd=299 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec76b1e60a07741106ab551c8186791238=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=f1700f4b-0822-4d16-b236-b00f784d2e93&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=76b1e60a07741106ab551c8186791238&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=f1700f4b-0822-4d16-b236-b00f784d2e93&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=76b1e60a07741106ab551c8186791238&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=f1700f4b-0822-4d16-b236-b00f784d2e93&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=76b1e60a07741106ab551c8186791238&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:27 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ec089788f78fadab923f0d6384677100
Strict-Transport-Security: max-age=0; includeSubdomains

ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fstyle.css&l=1434&fd=373

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fstyle.css&l=1434&fd=373
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectascensionunfinished.com
Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8
ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fstyle.css&l=1434&fd=373 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=f1700f4b-0822-4d16-b236-b00f784d2e93:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec76b1e60a07741106ab551c8186791238=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 16:39:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/navigation.js?ver=01062020

172.66.45.9

200 OK

3.1 kB

URL GET HTTP/3
wenonahwadara.pages.dev/wp-content/themes/skt-glass/js/navigation.js?ver=01062020
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type
JavaScript source, ASCII text, with very long lines (3417), with no line terminators
Size
3.1 kB (3074 bytes)
Hash
24c004bbf911f2d7c64b7a929d7a1363
cc703dfef1d721658a4d270ebf45da3becddfab9
97bf5b0af4b872eb7a9586cb0555f43642757de60ec6121ce483f42de06661ff

HTTP Headers

GET /wp-content/themes/skt-glass/js/navigation.js?ver=01062020 HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:25 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"97d0544032289d68cb70d3e2469d2cca"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pJYXXxx5Vt0XCfAMr45pPYtSWrThU0O08840mS6Y8u%2Fpa4Sd9hm2%2F30gaSDDOVoe3NqVb9XolICtCL6D%2Fh6IXmDwXa9opdJHruSQma6pE8tJu5aPjDrQKsjdRC4IqNr%2FDPcqT2nIqia6XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2bf6e6a56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wenonahwadara.pages.dev/favicon.ico

172.66.45.9

200 OK

46 kB

URL GET HTTP/3
wenonahwadara.pages.dev/favicon.ico
IP
172.66.45.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wenonahwadara.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwenonahwadara.pages.dev
Fingerprint3E:E2:30:3B:84:88:35:38:F5:DA:0C:4A:23:7F:A1:EA:E9:44:23:B6
ValidityTue, 07 May 2024 15:57:34 GMT - Mon, 05 Aug 2024 15:57:33 GMT

File type

Size
46 kB (45724 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wenonahwadara.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wenonahwadara.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=f1700f4b-0822-4d16-b236-b00f784d2e93%3A3%3A1; pp_main_c331f53d8cb1f5b6cb7f7b13f9d18a13=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 08 May 2024 16:39:27 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"945adcc06e4281f01af7a9a3e41c1148"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GRHMFP8uq5Y4c%2B9WFAj4eJ%2FatYDSzdwdwp2Xvw99AafrruSSBys%2Bij2emKNM0mOTzbOsR7M6UnH9F0Mmwbz4gjUtG9Iw2bKFpl%2Fbu%2BelT%2FywVFJxUgGreF3JZ6M1v3gmeiqF%2F1VNHqRArQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ae2cb692456c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by