| cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css |  104.17.24.14 | 200 OK | 10 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css IP104.17.24.14:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (59158) Hashc4af24ce595437830af0a401897698b2 06b7f92dd894a9edb0aeb9d040b489460ecff593 d1fb8d8337cd22568295b0ed998c85c58f0b4cd083af0b0db21cb0af80002f2d
GET /ajax/libs/font-awesome/5.15.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/css; charset=utf-8
content-length: 10472
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5fff7431-e7d0"
last-modified: Wed, 13 Jan 2021 22:29:05 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 234063
expires: Tue, 08 Apr 2025 10:48:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=004lCyQZzXVOLMZiEvQb2bTr7jUJbQHuCjVnE5kkHj912yg4b140VNvcC7PGLBeUcRVZRY6s5fX8YRByFiXfugR%2Foka%2B4l7jANYKVks1DNnAyvTD7QiZrdQWNdN6N0YwpQEUVXEi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 876415bf7d390b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css | 104.17.24.14 | 200 OK | 5.8 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css IP104.17.24.14:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashe9365fe85b7e4db79a87015e52c3db6c 2e2b5eb6e08f0f3d11fe0ada97c962a23ba6a0d9 dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/css; charset=utf-8
content-length: 5845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-1149f"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 618485
expires: Tue, 08 Apr 2025 10:48:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gze%2FyNR%2F%2F8HV%2BaaEVF0P3eM74cs%2BQDsTsXnpQuXn%2FceZxA%2FpjIo7Kiz1g%2BZd54%2Fie%2F11Kt%2BSP6k34ZdvM98iteFMupl46XO2uOOn7s9pIfHOqh44XeW9LUiNG0HM9WE5wKbB%2FNcf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 876415bfad850b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP104.17.24.14:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fre487nv.xzf.my.id
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2962839
expires: Tue, 08 Apr 2025 10:48:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kkm%2Bkglpo78X32ln83%2B14O5DpQfLa8h0V9ba1qR0MJpQrGxaBuffUcCSyHECARsmS%2BuQyVUGfYMqMskDTujGw%2FGCyvoT3YJ7z7SaoHsjQeq1ZEzMJWe%2BO0vBAAfYOqeZlUEqNgzv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 876415bfcdaf0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css |  151.101.193.229 | 200 OK | 11 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css IP151.101.193.229:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Hash79877fb82de8ca50845081e3c9a201c5 4f6ea69c0e03431ffa1a097a45453b5b3b246d8b af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc
GET /npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.8.1
x-jsd-version-type: version
etag: W/"13a7e-T26mnA4DQx/6Ggl6RUU7WzskbYs"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 10:48:52 GMT
age: 325096
x-served-by: cache-fra-etou8220090-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10883
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/gh/gowebid/assets@main/go_login/vk.webp | 151.101.193.229 | 200 OK | 1.6 kB |
URL GET HTTP/2cdn.jsdelivr.net/gh/gowebid/assets@main/go_login/vk.webp IP151.101.193.229:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeRIFF (little-endian) data, Web/P image Hash8e2c62ec296ece5f6a69e2cfd1133310 a6ae37e62d2f201d0e783df0890df55bc11d52e0 ac250ff6fe61157727de9e17fedeb5c162452fc1aa031c4c1fe2f8eb3290ed98
GET /gh/gowebid/assets@main/go_login/vk.webp HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/webp
x-jsd-version: main
x-jsd-version-type: branch
etag: W/"63a-pq435i0vIB0OeD3wiQ31W8EdUuA"
accept-ranges: bytes
age: 36249
date: Thu, 18 Apr 2024 10:48:52 GMT
x-served-by: cache-fra-eddf8230049-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1594
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/tittle2.png | 104.21.43.237 | 200 OK | 24 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/tittle2.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typePNG image data, 151 x 45, 8-bit/color RGBA, non-interlaced Hash43b12100b99f0747a7d74c5eadd7f559 f2ee9778c4fc202120720817037040fc479825c8 10247b341cbfb00357771f67d54e8650b15a776829b91a1d8a6cd80418eee50c
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/tittle2.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 24103
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Sat, 17 Feb 2024 06:14:04 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i6Q8%2FcL5ztIXhPy9GonP9heBQQHXOWnlkmqTdVLC50h%2F%2B0evu8LbUqGJ3Mkpnp5sEE%2FSKz2mfKo14TkcLmThwgqAe6Apnu2OMIjtI0Q0SPMrNlUIGWRYu%2BU3CyyaxpwGzY5xEes%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf1b4bb527-OSL
|
|
| cdn.jsdelivr.net/gh/gowebid/assets@main/go_login/facebook_white.png | 151.101.193.229 | 200 OK | 29 kB |
URL GET HTTP/2cdn.jsdelivr.net/gh/gowebid/assets@main/go_login/facebook_white.png IP151.101.193.229:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typePNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced Hash74190b93fc4f5d88f0c8e6411ba20bd8 89ce2ecb660a90b8e6ed1b335443d7767c59f28a 092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
GET /gh/gowebid/assets@main/go_login/facebook_white.png HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
x-jsd-version: main
x-jsd-version-type: branch
etag: W/"7075-ic4uy2YKkLjm7RszVEPXdnxZ8oo"
accept-ranges: bytes
age: 444
date: Thu, 18 Apr 2024 10:48:52 GMT
x-served-by: cache-fra-etou8220127-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 28789
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/gh/gowebid/assets@main/go_login/google.svg | 151.101.193.229 | 200 OK | 959 B |
URL GET HTTP/2cdn.jsdelivr.net/gh/gowebid/assets@main/go_login/google.svg IP151.101.193.229:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeSVG Scalable Vector Graphics image Hash848700651ce9c04987e04f292c598cba 976fc1619e149ed6161d834d5e3c3be7b7957669 f0562ef3624d99ef205211177586097eb7ebd8f5b31711d335a74d368c75ec27
GET /gh/gowebid/assets@main/go_login/google.svg HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/svg+xml
x-jsd-version: main
x-jsd-version-type: branch
etag: W/"7ea-l2/BYZ4UntYWHYNNXjw757eVdmk"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 10:48:52 GMT
age: 2490
x-served-by: cache-fra-eddf8230119-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 959
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/gh/AlexHostX/mlbb@main/old/logo.png | 151.101.193.229 | 404 Not Found | 53 B |
URL GET HTTP/2cdn.jsdelivr.net/gh/AlexHostX/mlbb@main/old/logo.png IP151.101.193.229:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeASCII text, with no line terminators Hashcb71d2b197dd6af21b39e0261fb1497c 9ab080da6e72161e565846ba4fe9a3279f8f9acf a3abb1833e1a60b26006a99e3ca8c8aefff91c61003548a8f34fc6c92d62acd7
GET /gh/AlexHostX/mlbb@main/old/logo.png HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=600, s-maxage=600
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
etag: W/"30-mrCA2m5yFh5WWEa6T+mjJ5+Pms8"
content-encoding: br
accept-ranges: bytes
age: 180
date: Thu, 18 Apr 2024 10:48:52 GMT
x-served-by: cache-fra-eddf8230118-FRA, cache-hel1410029-HEL
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 53
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/bingkai.gif | 104.21.43.237 | 200 OK | 121 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/bingkai.gif IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeGIF image data, version 89a, 224 x 224 Size121 kB (120915 bytes) Hash127c4202ac37e7b0f72463cebc557b0c 84284b34dd377dbd4feb444aabeb959ac3e2b217 630f7fcbba5df4d44b11d2b9afb87d9ab75ba06f203485650f0fa26b2ca9db43
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/bingkai.gif HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/gif
content-length: 120915
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 19 Feb 2024 18:07:54 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8E4EB8g3O5xHP7xxhm%2Bqi1maemVMKtSpMo5x2k7l%2BtK6NXlfeL9tsMtiSSVZFfwvo1WsDvHTw%2FyJanGa%2FuqJir3TIJEIksLonHr5xOLYMofNCXmJhn2F82JLWiE81ejLNzY4rQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b59b527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/h1.jpeg | 104.21.43.237 | 200 OK | 49 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/h1.jpeg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 519x361, components 3 Hasha6a1ae291b8991edac5e40faa81ea050 b20a09ff8c6440b26ec9bab11df366f3fa11f9dd 4d9f7f3da20bb0794c6354e101e1d33b3c5a25b924a41e9479f1e7b4ada764f1
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/h1.jpeg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 49433
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Sat, 17 Feb 2024 07:46:44 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JJfsVpSi5EmByzy88RvRFkUwWvMgLkuwiYlSOkcdgO8tzsx2xptJlTvT66NWyNRVgvnPT4niProF8xumcoCfRVGTDON8PW2TBwvUpdFhOR6SBHYgnqAG6NVWcxOx3wk%2Fc3EtOjY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b5bb527-OSL
|
|
| rawcdn.githack.com/AlexHostX/all.asset/3ddd40ca064d997b6655739e7a0e8a65acc106e8/alex-vikontakte.css | 104.21.234.230 | 404 Not Found | 14 B |
URL GET HTTP/2rawcdn.githack.com/AlexHostX/all.asset/3ddd40ca064d997b6655739e7a0e8a65acc106e8/alex-vikontakte.css IP104.21.234.230:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgithack.com FingerprintA4:13:2F:80:0A:C6:7C:8B:08:12:12:22:60:76:15:7D:40:80:70:54 ValidityFri, 01 Mar 2024 13:12:36 GMT - Thu, 30 May 2024 13:12:35 GMT
File typeASCII text, with no line terminators Hash3be7b8b182ccd96e48989b4e57311193 78fb38f212fa49029aff24c669a39648d9b4e68b d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed
GET /AlexHostX/all.asset/3ddd40ca064d997b6655739e7a0e8a65acc106e8/alex-vikontakte.css HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Thu, 18 Apr 2024 10:48:52 GMT
content-length: 14
x-github-request-id: CC5A:19F23A:1AF2440:1C63385:6620F9DB
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1713437147.078504,VS0,VE168
vary: Authorization,Accept-Encoding,Origin
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 447767372f6b47de95ccc660cf9456516b12059d
source-age: 0
cache-control: max-age=60, public
x-githack-cache-status: HIT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RbO5kikigD2wRa4jgFQA2vrewINYbgzvgSnh0sPsvfbKg8saxTIg30DjeJMjWjVqBdQsnYswGRauOowVrtTh8KphRAr28RStWjwXcidDVQwyBZVO03Bjwsh2JV%2B%2Bf7J1m%2Ba2Jcs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415bfde9b23ea-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rawcdn.githack.com/AlexHostX/all.asset/1591ba04a57c11f4b18d2ebb39e03e4a81715c83/alex-google.css | 104.21.234.230 | 404 Not Found | 14 B |
URL GET HTTP/2rawcdn.githack.com/AlexHostX/all.asset/1591ba04a57c11f4b18d2ebb39e03e4a81715c83/alex-google.css IP104.21.234.230:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgithack.com FingerprintA4:13:2F:80:0A:C6:7C:8B:08:12:12:22:60:76:15:7D:40:80:70:54 ValidityFri, 01 Mar 2024 13:12:36 GMT - Thu, 30 May 2024 13:12:35 GMT
File typeASCII text, with no line terminators Hash3be7b8b182ccd96e48989b4e57311193 78fb38f212fa49029aff24c669a39648d9b4e68b d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed
GET /AlexHostX/all.asset/1591ba04a57c11f4b18d2ebb39e03e4a81715c83/alex-google.css HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Thu, 18 Apr 2024 10:48:52 GMT
content-length: 14
x-github-request-id: A416:2C0C22:2B3B633:2DA821A:6620F99B
via: 1.1 varnish
x-served-by: cache-hel1410028-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1713437084.551105,VS0,VE162
vary: Authorization,Accept-Encoding,Origin
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 8292bfcacbc7d2dea8ec45a4d50cb78300d2fd38
source-age: 0
cache-control: max-age=60, public
x-githack-cache-status: HIT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYLBRQUM0YxZemyyIyiryYgi1vkkO2J38XQc2%2FgmNs5t3qdFVCSB4Lj%2FPBaXEcKFu%2F6F8Gtkx%2FTo7CFdbTk6GnuQj5Et4l4CjHHLF2YDFLPknpbFteo5JA52CtFtQ%2Fgl86j01TI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415bfde9e23ea-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rawcdn.githack.com/AlexHostX/all.asset/c9f3ddecc56e688f8660a2d31a5beea4909fa5b9/alex-facebook.css | 104.21.234.230 | 404 Not Found | 14 B |
URL GET HTTP/2rawcdn.githack.com/AlexHostX/all.asset/c9f3ddecc56e688f8660a2d31a5beea4909fa5b9/alex-facebook.css IP104.21.234.230:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgithack.com FingerprintA4:13:2F:80:0A:C6:7C:8B:08:12:12:22:60:76:15:7D:40:80:70:54 ValidityFri, 01 Mar 2024 13:12:36 GMT - Thu, 30 May 2024 13:12:35 GMT
File typeASCII text, with no line terminators Hash3be7b8b182ccd96e48989b4e57311193 78fb38f212fa49029aff24c669a39648d9b4e68b d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed
GET /AlexHostX/all.asset/c9f3ddecc56e688f8660a2d31a5beea4909fa5b9/alex-facebook.css HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Thu, 18 Apr 2024 10:48:52 GMT
content-length: 14
x-github-request-id: ED84:28618D:1BF37BF:1D69CD6:6620F95A
via: 1.1 varnish
x-served-by: cache-hel1410032-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1713437019.933462,VS0,VE166
vary: Authorization,Accept-Encoding,Origin
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 5a82a2e20d3789fe7b125eb61561978d8343afff
source-age: 0
cache-control: max-age=60, public
x-githack-cache-status: HIT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n19cPNrZ4QDUGsMbTxHrVO9IopAlOCH8SvwzCM92a2debC6HhJQ4RPXaZfgZ6F4yv3YEaaKemRU6%2FaXQfpYiIyOenW0m6ZwbIAY4oINcW8rp4TAWPGg66xZWHvmL6sBmkv2Qoyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415bffec823ea-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rawcdn.githack.com/AlexHostX/all.asset/3fce8843edde49a48905ae1ed9cf237534e547dd/alex-moonton.css | 104.21.234.230 | 404 Not Found | 14 B |
URL GET HTTP/2rawcdn.githack.com/AlexHostX/all.asset/3fce8843edde49a48905ae1ed9cf237534e547dd/alex-moonton.css IP104.21.234.230:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgithack.com FingerprintA4:13:2F:80:0A:C6:7C:8B:08:12:12:22:60:76:15:7D:40:80:70:54 ValidityFri, 01 Mar 2024 13:12:36 GMT - Thu, 30 May 2024 13:12:35 GMT
File typeASCII text, with no line terminators Hash3be7b8b182ccd96e48989b4e57311193 78fb38f212fa49029aff24c669a39648d9b4e68b d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed
GET /AlexHostX/all.asset/3fce8843edde49a48905ae1ed9cf237534e547dd/alex-moonton.css HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Thu, 18 Apr 2024 10:48:52 GMT
content-length: 14
x-github-request-id: CA84:19F23A:1AF5EC5:1C67022:6620FA32
via: 1.1 varnish
x-served-by: cache-hel1410034-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1713437235.806690,VS0,VE178
vary: Authorization,Accept-Encoding,Origin
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 7f7d162437dadca7330a5887fdb00dec88e6cae2
source-age: 0
cache-control: max-age=60, public
x-githack-cache-status: HIT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qR%2BvkBPUL6k8HZROcqABYaWwtm7LmNDIPwCc44JWZb1P7YEYOHzlomjjfnetXYNfHQLdcxGg6B9QLOeKQgu8mUhZPnO1Bf2%2FeARXyP7N2ZvYA7azwlSj3CmDBo%2FOxE3CNBmegA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415bffebf23ea-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/senjata/t1.jpg | 104.21.43.237 | 200 OK | 108 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/t1.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3 Size108 kB (107539 bytes) Hash3aa21e6dc07731eee8b81185daab135c 64fe84d381e69c370b271a64c4d7ea11fc5415aa bdd298959f024ab47802ce7092bc9e295f9b1de0993190e4e6fbc377cefc6564
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/t1.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 107539
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 22 May 2023 07:35:55 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jC%2B7rbmWdpIUZGaIoZS%2FM21CiDY6lYN0XWBfulYSxPkDYqfwy3Tsllj4WJMIAd97ZGeHw9B7LwTdb08PwgVYon%2BYbbFg%2BpDSNH%2BUd7ss9FH8M5u4iVdrGItQaXL1oRmu1OKQqE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b5eb527-OSL
|
|
| filebagasarya.com/img/border/borderatasorange.png | 104.21.21.5 | 200 OK | 82 kB |
URL GET HTTP/2filebagasarya.com/img/border/borderatasorange.png IP104.21.21.5:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectfilebagasarya.com FingerprintF8:10:79:DD:D9:42:FF:FD:E3:35:9B:09:62:4F:9B:40:07:DD:BA:85 ValidityMon, 26 Feb 2024 19:06:41 GMT - Sun, 26 May 2024 19:06:40 GMT
File typePNG image data, 979 x 578, 8-bit/color RGBA, non-interlaced Hash06868c2454d9d8c0a17e49c915f6aca3 d4584aac766db94d6617cbc4494cd42b44b9a24a 4923c888864d76243b116d6ac21e4e24049b195098809f6e0540aabb38ef9a88
GET /img/border/borderatasorange.png HTTP/1.1
Host: filebagasarya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:53 GMT
content-type: image/png
content-length: 82404
cache-control: public, max-age=604800
expires: Sun, 21 Apr 2024 10:30:58 GMT
last-modified: Thu, 04 May 2023 03:26:42 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 346675
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYauwV9VbfYYs%2F6OAQH5Xp9Otm9GbMESwNfDmfTrCi32PkhvqQSfLW%2BtEJoHgbA9pqaWTVfWeL3Y82m17kDgsDiYX7WAl2HVH2l3gqVqwqjKePFXmdsVbvEECyIq3TTgkYXLwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415c34c9f712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/senjata/t2.jpg | 104.21.43.237 | 200 OK | 120 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/t2.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3 Size120 kB (119615 bytes) Hash390c51eba9889a3f8602c0c8a0d1fade 6a0574718588d909e19270dc76251fcf02ad4645 eedf5cf21bc0196270343c98473488a81bdfd5280abe8415bde3fbd046ff1e52
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/t2.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 119615
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 22 May 2023 07:35:53 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8P31bHFgJfbcONsmYvpiJr%2FTFM8xlU7q3Ca%2FdrVg1X1NikW7S%2BvCEiBiG9KIGV%2B2szcjLH%2Be97gRjLtqAihgpidcG41IyNN8RMkrTblJnOFc2jv9O7Y%2BbSqEI34RCMrzPi4%2BgTk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b61b527-OSL
|
|
| dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/full_logo.969f536.png | 152.195.133.221 | 200 OK | 8.3 kB |
URL GET HTTP/2dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/full_logo.969f536.png IP152.195.133.221:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerDigiCert Inc Subjectgarenanow.com Fingerprint65:54:F1:4C:20:75:FB:11:D3:A9:95:B8:F9:AE:05:C7:77:EF:78:58 ValidityFri, 23 Feb 2024 00:00:00 GMT - Thu, 30 May 2024 23:59:59 GMT
File typePNG image data, 616 x 90, 8-bit/color RGBA, non-interlaced Hashc632e6bfd0076695e56477bdb3f7232c 5b4212f029814b5dfda946ac5e5a6ba97857feb9 86ccbc1dbeb58af3e6bce5ee52f86a47399da998ad34a0fd2ce9b0b539d92f6c
GET /common/web_event/official2/dist/client/img/full_logo.969f536.png HTTP/1.1
Host: dl.dir.freefiremobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
age: 2330
cache-control: public, max-age=3600
content-md5: xjLmv9AHZpXlZHe9s/cjLA==
content-type: image/png
date: Thu, 18 Apr 2024 10:48:53 GMT
ec-version: v6.05
etag: "c632e6bfd0076695e56477bdb3f7232c"
expires: Thu, 18 Apr 2024 11:48:53 GMT
last-modified: Wed, 10 Apr 2024 03:54:58 GMT
server: ECAcc (ska/F692)
via: 1.1 d6c4df67fbc9179b8107c6193c7dead8.cloudfront.net (CloudFront)
x-amz-cf-id: Nx3Uyz1PdU4igeEgwjeUJO048_rsBUVQao3GvDiD-XHH39C_Dek2OQ==
x-amz-cf-pop: ARN53-P1
x-cache: HIT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSVa6Ab9zQ++25c4ELanwQ2Cz5SRHRAB
x-obs-replication-status: REPLICA
x-obs-request-id: 0000018EF0AF48B6901C02E5CB95BE40
content-length: 8314
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/senjata/t3.jpg | 104.21.43.237 | 200 OK | 186 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/t3.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3 Size186 kB (185559 bytes) Hash1dd0e73b90ad26acb8d339a91e074e9c 6cb645ec8c8456146c81583abd133d5a633b3b68 de7e078ab4de666a20400e6fd1fcd815a6fe893ca77042b133f38a57de2bf556
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/t3.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 185559
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 22 May 2023 11:57:10 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bbq6%2FHnovbq%2BPA1lzhHQbCLyfKb8%2BnSpDyoG6hWGhYc39mTkjDIMBMov1y97mBtbhIQwyhm%2FA0ISb6wImArLb9wL5v2yg35uKOEmPA4787X5eFzzEhX5sU%2B9bHpRi9Fnbqe2c1A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b62b527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/1.jpg | 104.21.43.237 | 200 OK | 78 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/1.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 999x1024, components 3 Hash5b9bd06824081f3370d369a3bae652e7 d6e93b6128cede7828fbc922c6c55ca8a257b303 355c5fb2f6587040eb783d3348ff54ca3ee3939c0bdee1d508a7275cfd9c2ab4
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/1.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 78490
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c0yCBabQ%2B%2BN5gegB3BilmHcok0RFx%2BK1YZmTnRu7HieN%2Fkb3ejS1K9A0IspLzgAyCy9RJI8kIjtWzbqyqvsM%2FUYsC18hASwCbTLuccTDCwwiipjC7tcL6OPmk%2FJ6zMem8ta%2BpTw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b66b527-OSL
|
|
| filebagasarya.com/img/border/claimepepgold.jpg | 104.21.21.5 | 200 OK | 17 kB |
URL GET HTTP/3filebagasarya.com/img/border/claimepepgold.jpg IP104.21.21.5:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectfilebagasarya.com FingerprintF8:10:79:DD:D9:42:FF:FD:E3:35:9B:09:62:4F:9B:40:07:DD:BA:85 ValidityMon, 26 Feb 2024 19:06:41 GMT - Sun, 26 May 2024 19:06:40 GMT
File typePNG image data, 193 x 59, 8-bit/color RGBA, non-interlaced Hashc61321f52aeff74693795602cf069eae 835e9f7d87c963a4f443130277f6a8074b1abc71 ac8a111bd0d029a03e1301abdec8d372b71c7e021f62c34c9050455f07b76995
GET /img/border/claimepepgold.jpg HTTP/1.1
Host: filebagasarya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:53 GMT
content-type: image/jpeg
content-length: 16891
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 04:48:22 GMT
last-modified: Wed, 03 May 2023 01:21:06 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 21631
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pxlmYX9AX7ZxpGcmkSZyKo1izpXwEeymAkczjz5fDtuN8dRQnpXOqooQV%2Fz88HGYTh4NtN9QHnMPbW3z1n8EA8sxyqLjkJ%2FHF432n4O9yuGq0e41BLf9p7ucMvGacyKVV60DNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415c45ecdb4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.jsdelivr.net/gh/AlexHostX/mlbb@main/old/IMG-20220417-184327.jpg | 151.101.193.229 | 404 Not Found | 53 B |
URL GET HTTP/3cdn.jsdelivr.net/gh/AlexHostX/mlbb@main/old/IMG-20220417-184327.jpg IP151.101.193.229:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeASCII text, with no line terminators Hashcb71d2b197dd6af21b39e0261fb1497c 9ab080da6e72161e565846ba4fe9a3279f8f9acf a3abb1833e1a60b26006a99e3ca8c8aefff91c61003548a8f34fc6c92d62acd7
GET /gh/AlexHostX/mlbb@main/old/IMG-20220417-184327.jpg HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
content-length: 53
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=600, s-maxage=600
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
etag: W/"30-mrCA2m5yFh5WWEa6T+mjJ5+Pms8"
content-encoding: br
accept-ranges: bytes
age: 95
date: Thu, 18 Apr 2024 10:48:53 GMT
x-served-by: cache-fra-eddf8230046-FRA, cache-hel1410032-HEL
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
|
|
| fonts.gstatic.com/s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 IP216.58.207.227:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15044, version 1.0 Hash4806226b885b3b3d0ae52142f6bfb3af 2ea5cc6d5e4adb874989a2b74bda062296fb1ad3 714088bef569d6981bfae79530ef315f4d6505f302a944ce9063601919977e6f
GET /s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fre487nv.xzf.my.id
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15044
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 20:39:40 GMT
expires: Tue, 15 Apr 2025 20:39:40 GMT
cache-control: public, max-age=31536000
age: 223753
last-modified: Thu, 24 Aug 2023 21:55:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com | 172.217.21.174 | 200 OK | 54 kB |
URL GET HTTP/2www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com IP172.217.21.174:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (58088) Hashd149e2bac98c74e8b55685ee014aacfb 5a967d97d510f6cc6a75833601a15535e4ed28ae a5021b856b489d6fe77f1bec2253c846870893b86c564daa1346efe83b38672c
GET /embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 18 Apr 2024 10:48:53 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=d2gqGnDv3VQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=cLKU8cd0Cks; Domain=.youtube.com; Expires=Tue, 15-Oct-2024 10:48:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_PRIVACY_METADATA=CgJOTxIIEgQSAgsMID0%3D; Domain=.youtube.com; Expires=Tue, 15-Oct-2024 10:48:53 GMT; Path=/; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP216.58.207.227:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0 Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 17:25:07 GMT
expires: Fri, 11 Apr 2025 17:25:07 GMT
cache-control: public, max-age=31536000
age: 581026
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/senjata/2.jpg | 104.21.43.237 | 200 OK | 49 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/2.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 544x540, components 3 Hashb5a6d62277ce3509c4486c03278f5baa e0876453362058b662d85bc96b79d3e272f4b6e0 0e32e347f1375a0869711eb1589ecc0420c2e44ccaa19acaf2b625086a63e560
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/2.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 48611
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CUWIs%2BRrCoaBtxdYIsPpTMEkWvfJAmVDT5uWZ9iyjAazpiuK%2Bfkuw%2B2UOcV8MJxO4px8uSWaC3%2BYhjraJ%2BQ%2BcXuBJE8%2BQgUiVYSsq91hyLyoTJXogPqryisIyMgTeY8OPqe4684%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b68b527-OSL
|
|
| www.youtube.com/s/player/f92087f2/www-player.css | 172.217.21.174 | 200 OK | 48 kB |
URL GET HTTP/3www.youtube.com/s/player/f92087f2/www-player.css IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hasheff7afac8f7ac0ed881f37ffd3eebcbe 21acf841f4603dbfaed62decef15175b5d68f20f ff1235e0e6c896931d1f31f618b35e68a469befd8c90d7a0da22f1d988b0bbc2
GET /s/player/f92087f2/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 48137
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:20:55 GMT
expires: Wed, 16 Apr 2025 07:20:55 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 16 Apr 2024 04:18:33 GMT
content-type: text/css
vary: Accept-Encoding, Origin
age: 185278
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| i.postimg.cc/nVkV8M0W/FfMaxx.jpg |  162.19.61.80 | 200 OK | 37 kB |
URL GET HTTP/2i.postimg.cc/nVkV8M0W/FfMaxx.jpg IP162.19.61.80:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerLet's Encrypt Subjectpostimg.cc FingerprintF9:1B:A9:B2:AB:2D:30:75:4E:44:3F:7A:6F:40:77:77:39:CE:1B:13 ValidityWed, 21 Feb 2024 07:13:33 GMT - Tue, 21 May 2024 07:13:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3 Hash61aa45bf291755caa8f0664e4e8b91e9 33f6c6304486ce8004d9d459f08aa6b95982f0ba 323b5ffc0bc7f906cf266b1622e4de3f8dfddcb3f38c460e58b468906d51ebf3
GET /nVkV8M0W/FfMaxx.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 10:48:53 GMT
content-type: image/jpeg
content-length: 37166
last-modified: Sat, 04 Mar 2023 14:21:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/senjata/3.jpg | 104.21.43.237 | 200 OK | 78 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/3.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 997x1024, components 3 Hash22481399131d102cfd8f0a54a7cc2477 6d3d8b0ee6b75e568dc105596cd65b788a2d62a9 a932647f3f142202bc341dd50cb0c949fb4cca3f2dc39b6cc3aa749902946893
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/3.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 77540
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eFlcL1Nuf2zbZlR%2BCwkTLOmg1dEco%2B7cB0dujDk0a0hh9xPsa%2FTdptxNfbd5nHmC06WHedu4a6slHNjPVOlihSxCWkCbel7tfB4oNnKSrXcd0q8y8rtxo6VlQD%2BIluFLUCgnuWY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b69b527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/4.jpg | 104.21.43.237 | 200 OK | 73 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/4.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1029x1280, components 3 Hashd078a634bb85179223fad3b606aa4cef ea158abcf539ce182bad1da6595b89951dae57a6 2876317ed4d3b97531299a3282da4ef8119cc0a6e653560adb827430fc59991e
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/4.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 72574
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1eA1%2FBC0B77AZO8xAfuufQugfC0c8KP5n0aRM9sR%2Bn58zAeq5svZM2PTTWTIIFCJxhdrncKeb2l6IDCkgNpkKf6CaVjTlNpNEJkNReA%2FKyDIdO7Zok2kpV19VAOTdyQ6Npds5jQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b6bb527-OSL
|
|
| fre487nv.xzf.my.id/bagas/css/moonton.css | 104.21.43.237 | 200 OK | 99 kB |
URL GET HTTP/3fre487nv.xzf.my.id/bagas/css/moonton.css IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeASCII text, with CRLF line terminators Hash99598fad1f5706054ad5d6cb3fc793de a6cf0678494edf9ece7918fc32f97a43c7724418 5e9973f789c6b11b44992b8f3232427c4b2c05099db3179f6bab1aee75faba2d
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /bagas/css/moonton.css HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 06 Nov 2023 17:15:52 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zrJbpurd9ptpQwpLtfh1uWdQiV%2Fs2%2BlInt1dAJJF6o%2F6AZewybpd%2Baf9smUWVUtqqEt2d%2FATqmfp%2FdjSakz4I0Ryy4yEvSRdQdr9fKkFAsHRQ83aQ4Jyjiwy7kdctckdMGOco38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415bf1b43b527-OSL
content-encoding: br
|
|
| fre487nv.xzf.my.id/img/senjata/5.jpg | 104.21.43.237 | 200 OK | 83 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/5.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 796x1052, components 3 Hash3cccee9d57d94fdbf74c48a850f0f98e 98c88f308741de8229882af1cbd8f2a6baf4d4de 5711c16803d5ad559dfd341cf8366d2863d2e150cb54dd9c64a9a9a642967620
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/5.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 83104
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rnWlIO13JHoTdLmD%2BBAFsTWImScWBLGAfOVRjN0aXiBKdkPdiHDgj%2FY49R3P421sJn2crHlNytUCzhMW0Roev5fOToOiTBUQQdVC5XSfpgDdp4ahpnPoIXY3UEQxdLZ9zUeQ7lQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf2b6cb527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/6.jpg | 104.21.43.237 | 200 OK | 84 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/6.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7], baseline, precision 8, 560x740, components 3 Hash6eed7fb4cf035039f3bba04778cc5db3 a8e6952294e705c92a86db9394874062958f8f47 9e42ff7e13eeea40c241c5406255e8efd322128dba76cfffbfa71263b41b1b8a
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/6.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 83638
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cRQLr17r%2FK%2Fi51OMAS%2F7T%2Fp9Nl%2FL393fFc6CTOojsACpWDm%2FXsuZ%2BWoqrlOfec8ENO5Jt%2Fjt4GdCI8gzxJhU%2BpZEG%2FmfUU78fF9vvVG4HH4HohFWKEeL4I758z%2F5hXil1ViH738%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf4b94b527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/7.jpg | 104.21.43.237 | 200 OK | 44 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/7.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x290, components 3 Hash3a2c83793835b5368b13d958c26b8490 3602414a07ac93f56d0a069352f1096803feaa21 cb529b14d072c791be4cb6c352e3fe0efae788e759034ebfd547c71a3f0d9bfe
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/7.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 43744
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nw72L71WY0iaOTB%2Fj29oXnPmAdVi%2FE1t8ZgtNToPyZhNAKQ3i6uIIHkdVdI0RVDNtzCYP829TBJqZfb6nzRsUExgtZcCK3IJkKXm2adU8G5i5VnfZGzRU%2FOgYrAaq7OvEK2yE4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf4b99b527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/8.jpg | 104.21.43.237 | 200 OK | 26 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/8.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 335x354, components 3 Hash042df6ae6e2a48458b94a41111fce6da 7785d4cd7f9ab767f3ab8495e94c1888e29f0542 7b8542123bfc06f37312a1756361916d7e3f7a1af974877a63da2b2ff8dd03ab
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/8.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 25821
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IlJC5%2B2i9UxjOVoHGW39JnVBuY0nVtEOq7yml77gE49ow%2F0EdWUEPnAdPYgUaedw8S3mlJj7nwIVBtubXNnp4fsfbyknalB4XYFYGPnccp1r7wHivPpUbraHzl%2Fk0jCdiD8DGhA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf4b9fb527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/9.jpg | 104.21.43.237 | 200 OK | 119 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/9.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 962x961, components 3 Size119 kB (118900 bytes) Hash1daecd6000bc56f1faf1d9cdffb67dd7 a0b0f2fcbb75bbaa84ec7857101cf93d39f3cdeb 3a124f7c8781af398764ba316b3fa7bad44e83520f78a90521b0cbb3012a783b
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/9.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 118900
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xf%2FvVjpckQ2vPsE6643tAiXruQ1YOj6VcKJ5q8mmmN%2BrobwaLLqoc9lKrR88Jt0rqzzpOBtslkEBeSF3fWeUoIZV28eptpcz6SFTkoqQDuslfMUtWczRM9YPyaYNTS6FSJTD3iE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf4ba2b527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/10.jpg | 104.21.43.237 | 200 OK | 83 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/10.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 796x1052, components 3 Hash3cccee9d57d94fdbf74c48a850f0f98e 98c88f308741de8229882af1cbd8f2a6baf4d4de 5711c16803d5ad559dfd341cf8366d2863d2e150cb54dd9c64a9a9a642967620
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/10.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 83104
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNtK1Y2%2BRbFUzJTYzyhDktN%2BOciJfWoK0zkHYM5nsvIHI6TocKzNLflA90knEF1zS%2FKGQXJFs4B5lngr8pB0qKgUu%2BqpnZuzOh0kTZt6wwVBjnKZ%2FRZEUBZnr%2FpTZ44LhzFZtrQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf4ba5b527-OSL
|
|
| www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/base.js | 172.217.21.174 | 200 OK | 809 kB |
URL GET HTTP/3www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/base.js IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeJavaScript source, ASCII text, with very long lines (555) Size809 kB (809144 bytes) Hash0d2406f6a79bde4d11ad5f70b18ba433 699a5d887b0557a5f788fea125e4260cf41fdb55 001b4c1ed0ccce6c39372a81fc4e9464950f77c72fd53aea1f78f999c0dd9bd3
GET /s/player/f92087f2/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-encoding: gzip
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 809144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 18:56:43 GMT
expires: Wed, 16 Apr 2025 18:56:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 16 Apr 2024 04:18:33 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 143530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fre487nv.xzf.my.id/img/senjata/11.jpg | 104.21.43.237 | 200 OK | 47 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/11.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 560x740, components 3 Hashdae76322741301f8aa1384636c9a0b15 d1a9b81837d1660dd92b0fe3cc3439c4ece67cd0 516ec8f5074cc7e52bfc102e42923b36d36729496cc69aa6a84a1ecbd4bc44fd
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/11.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 47405
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FcYJdkV6zwexa2eKeMqPzA1OsFrXUPd0%2F0cxu0NcAx6puxsCGXyo4ethO2idiH8O7zTy9I3A6YWfw4nNi5DlGonJoNesiVBr0zjS0EKRPcAmD66OxbZbGMTsxSONKwWYYQxfB8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf5bcdb527-OSL
|
|
| fre487nv.xzf.my.id/img/senjata/12.jpg | 104.21.43.237 | 200 OK | 47 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/senjata/12.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x290, components 3 Hashda8902b3f1e8f5dbce0873022fe55ae5 b1956d7420881884baecf03d9739f8c82f857d1a 480e24cce7e7d225ffb50dc58b21a81bc99006e0894f0ef52a01203774495050
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/senjata/12.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 47259
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 17 Jan 2022 19:33:16 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KDBSUDWMyX6LZ%2BXwWKEi4alnXXSysUBmyKfXCW6%2B0RfuZK2ozreauLN1odvd%2FlI2FkHrMGJEI1Ygi9XE5%2FTTQlzvuNIBuZgzxCNu44yQs3FaCUPjjF4Xdapp17zqm1BGsczaeB8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf5bd1b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/1.jpg | 104.21.43.237 | 200 OK | 59 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/1.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3 Hashd0c711d1ab95b03a1a1f733a60ba8984 eceaead218d602337bdd89ba90fdc31bd70f0156 8e50767bd0edcca88b3b611cd905e3d05b34b04447076fcf6a3567cf55f3bb20
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/1.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 58745
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IQxW7IMdjwBUGF%2F6n6vMj9IBLiwj%2Bf4a7uOXaiFGHBAb3ODTc5JbDClWd%2FifggxvdnLdN6hc%2FZagESmyyWT%2BjD3pVok2AcQ%2FOzkmU9rp9kTLqpgnokQEBItRe0p9x7MVBFCAAtw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf5bd3b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/2.jpg | 104.21.43.237 | 200 OK | 43 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/2.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3 Hashd90e22f880ff0e9cc33ce41a6bb541b2 a4f08fe678a177545600ba36b25c83a8daf5fd16 10bc32127a5ceb3f33fc38029145931334f6f49bd7274b62697036fd59be2f65
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/2.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 42687
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:56 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KOATo9qgCvoOp03MKtMbXhHbAx8MtyTJoQvhrCGQU0MAaMgIOF93Xy7k7BwGkS0eIZy%2Bv73ydFjGYM5OzixmcYiv89nPNdoOph85wON%2F55bbRqA2DrylHEd0U%2FVoiLsIITkqsh0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf5bd4b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/3.jpg | 104.21.43.237 | 200 OK | 58 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/3.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3 Hash316dfba4d81ad853bef7088dbe9737ca 38c7bdbdb9b227c060d6f5474ba807a0cdaff4a7 258a47a929eb483613c81aae8432b705d949ac9facf5a5c02d7d8d4a3db823af
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/3.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 58510
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:56 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5tMxb6TosLWETKIg8%2FaVLoAYiiRiHb004Sk1q3v%2FVS11pvwU2EA0vVgpSdbJ1OFShnpsmaYzSbd6P226o9IwWVsCLuzqavwMJZdBt2caWNGjdHa8oL6gbZ7y6Wh6U7cfarbs7JM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf5bd6b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/4.jpg | 104.21.43.237 | 200 OK | 78 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/4.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3 Hash47bacaf7d9e42c0551f43472624e0b33 f069dea9f1f7c86358e1a5529ccac2f7e3b7369d 1a91aa8dc8c721db22e66f1f0911319aed59816a8c7e709970fbe9ca6b0c9773
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/4.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 77706
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:56 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ISRJZOd01MkNQYrk8mwZ4IZ4ZVRXq8L0gjezsrYs%2BnGg9aqj5xSmWsV8eixzFykTOwKOKb9gDaJk5vHVmuFWB4Efe8HuSPTZaxbcdT1AcfVQmO%2BLu395LPhrgesZ8EnUNc30ROg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c02b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/5.jpg | 104.21.43.237 | 200 OK | 87 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/5.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3 Hashbd612732360a5da1efb70d2f26b795bc 02d5ede707c6313e2335e7ff7a9164b5ee7ec877 9e5329360a8a2ef8a4ab0ce77f3230be443c093a3a3f02a007641e3f6fca5f5a
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/5.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 87053
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PbhXyl40h2keZ9UUAqnA6U4CgS7QYSNzLknBTNLokZVmjSUKVJDYbxHQZPPfDcqRk6cYFE5fEn%2B%2ByLBRS%2F2lVwXmlcLgtoUp5T1fjXAXy9T5pyeDXV4sCLnuh9ptk438JgXt5UE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c03b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/6.jpg | 104.21.43.237 | 200 OK | 79 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/6.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3 Hashe53f2f3d3d1abe0ab8119b8a87dc27c4 d702efd2b2011beaa297d87b9a93ad7b48fc20eb 51646465be1a3b745191c5cb6dceda47fb9be8a1c859beb345660fca8291e824
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/6.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 78581
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2F0xo5q9YX2XjowCUr6J5OxOIzgFw%2FAaFHHZwsf1WtVXD4uhpqj1yGvgpSCzzfNf8979jsNrFqf6LIDVAvXOF%2FY%2B2rbYpo1d4aRJXVcfT0neDXSZ3K3dD2qOQmYnyZCoOk2EDD0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c04b527-OSL
|
|
| www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/embed.js | 172.217.21.174 | 200 OK | 18 kB |
URL GET HTTP/3www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/embed.js IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeJavaScript source, ASCII text, with very long lines (3391) Hash1acbd20b4a303a41bba4c1af0636abbe 21497b44dca32bad04a2abbba7dd517e8cc16055 760bcaf29c194cd5c63b59b29fef5bc7fa164c844152ff5eee8f7b97e84a38ac
GET /s/player/f92087f2/player_ias.vflset/en_US/embed.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 18187
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:28:07 GMT
expires: Wed, 16 Apr 2025 07:28:07 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 16 Apr 2024 04:18:33 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 184848
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create | 142.250.74.138 | 200 OK | 0 B |
URL POST HTTP/2jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create IP142.250.74.138:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 18 Apr 2024 10:48:55 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| yt3.ggpht.com/Pwnw9qWQuKgdKS72XPcRYHnZ4yIIyryaBkn_6IF9yR7jugDpwcGNqOCbAa5paa3ddEY31MHuOCM=s68-c-k-c0x00ffffff-no-rj | 142.250.74.161 | 200 OK | 4.6 kB |
URL GET HTTP/2yt3.ggpht.com/Pwnw9qWQuKgdKS72XPcRYHnZ4yIIyryaBkn_6IF9yR7jugDpwcGNqOCbAa5paa3ddEY31MHuOCM=s68-c-k-c0x00ffffff-no-rj IP142.250.74.161:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googleusercontent.com FingerprintE0:0C:38:A4:4D:4F:CB:42:05:30:9A:C4:60:B3:64:3F:EF:43:D1:2F ValidityMon, 04 Mar 2024 07:14:32 GMT - Mon, 27 May 2024 07:14:31 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3 Hashbc57ab4f932a6079d620bddcedebfb98 64a2dd45f35a54ada4e2cd3d2fecce7742847e08 aa83c68bd76b28466287ab4f1d12527fa8f305192e89060106f509768188a304
GET /Pwnw9qWQuKgdKS72XPcRYHnZ4yIIyryaBkn_6IF9yR7jugDpwcGNqOCbAa5paa3ddEY31MHuOCM=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="channels4_profile.jpg"
x-content-type-options: nosniff
server: fife
content-length: 4564
x-xss-protection: 0
date: Thu, 18 Apr 2024 08:05:07 GMT
expires: Fri, 19 Apr 2024 08:05:07 GMT
cache-control: public, max-age=86400, no-transform
age: 9828
etag: "v1"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/js/th/miBSy5jQPJh1sa2HAK-WLAAFHwiuSy-Xwy9oQisegJw.js | 142.250.74.164 | 200 OK | 20 kB |
URL GET HTTP/2www.google.com/js/th/miBSy5jQPJh1sa2HAK-WLAAFHwiuSy-Xwy9oQisegJw.js IP142.250.74.164:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06 ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT
File typeJavaScript source, ASCII text, with very long lines (51811) Hash5145e2908423fe4aac30cdd17c12277c bd8117e06b0151b88d0867008d51c5b6f225bf56 9a2052cb98d03c9875b1ad8700af962c00051f08ae4b2f97c32f68422b1e809c
GET /js/th/miBSy5jQPJh1sa2HAK-WLAAFHwiuSy-Xwy9oQisegJw.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 20259
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 05:03:48 GMT
expires: Thu, 17 Apr 2025 05:03:48 GMT
cache-control: public, max-age=31536000
age: 107107
last-modified: Thu, 04 Apr 2024 18:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ka-f.fontawesome.com/releases/v6.0.0/css/free-v5-font-face.min.css?token=869e25b803 | 104.21.26.223 | 200 OK | 30 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.0.0/css/free-v5-font-face.min.css?token=869e25b803 IP104.21.26.223:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (608) Hashe8ee688b3310772b65f39c69b76f4720 d57c6b7957aabb07762d473ea0b4bd3462f1175e 0e751f751587617116614deaf11f087ea82f7644196c1d0571f71fd549b556b5
GET /releases/v6.0.0/css/free-v5-font-face.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fre487nv.xzf.my.id/
Origin: https://fre487nv.xzf.my.id
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:54 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"e8ee688b3310772b65f39c69b76f4720"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IXoTdAR3QlbsWLvPkrl40Nj9hZNrZmaDZTLJwf7J3kjIEVXpa9DgqQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pKn12Dnu3vsavdzM54evUttpnSQ%2F8u0iISqrgTyOtVP29RUdAE4YVk6ucyJybUVrmf85Ij3l2UPiY07sWUs4dYIUAQ%2FU1FNoELD6A%2Fe7o3VydmqhBrjfzdDK4MsVPcis4x9XQu09Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415caabda1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create | 142.250.74.138 | 200 OK | 42 kB |
URL POST HTTP/2jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create IP142.250.74.138:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hash28692b432f714037a0400afcff6759db bcef8b39fbcbbfe28228ab3dd0aea0638c409015 b7c7866d50334944bb224ed0d2c0ea3953bd71be32cd3dfb77cc24e023797334
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 18 Apr 2024 10:48:55 GMT
server: ESF
cache-control: private
content-length: 41889
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.youtube.com/generate_204?cS1dPw | 172.217.21.174 | 204 No Content | 0 B |
URL GET HTTP/3www.youtube.com/generate_204?cS1dPw IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?cS1dPw HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Thu, 18 Apr 2024 10:48:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.youtube.com/api/stats/qoe?fmt=396&cpn=Tt9YoRPN5MEXG848&el=embedded&ns=yt&fexp=v1%2C23858057%2C125239%2C21348%2C76094%2C54572%2C304051%2C60171%2C24566%2C36318%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C1157%2C850%2C9072%2C8154%2C4364%2C7557%2C643%2C2298%2C6135%2C531%2C223%2C596%2C847%2C8582%2C1413%2C1104%2C9712%2C695%2C6&cl=625055724&seq=1&docid=4hIMRUTqARM&ei=l_ogZrbUB5ar0u8P9ZGFqAk&event=streamingstats&plid=AAYWXLe1TbhpdZgq&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4hIMRUTqARM%3Fcontrols%3D0%26loop%3D1%26autoplay%3D1%26fs%3D1%26iv_load_policy%3D3%26showinfo%3D0%26rel%3D0%26cc_load_policy%3D0%26start%3D0%26end%3D0%26origin%3Dhttps%3A%2F%2Fyoutubeembedcode.com&qclc=ChBUdDlZb1JQTjVNRVhHODQ4EAE&embargoed=0&cbr=Firefox&cbrver=96.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240415.01.00&cplayer=UNIPLAYER&cos=X11&cplatform=DESKTOP&vps=0.000:N,0.010:B,0.414:B,0.414:B&cat=streaming&cmt=0.010:0.000,0.414:0.000&vfs=0.414:396:396::r&view=0.414:390:190&bwe=0.414:130000&vis=0.414:0&bh=0.414:0.000 | 172.217.21.174 | 204 No Content | 0 B |
URL POST HTTP/3www.youtube.com/api/stats/qoe?fmt=396&cpn=Tt9YoRPN5MEXG848&el=embedded&ns=yt&fexp=v1%2C23858057%2C125239%2C21348%2C76094%2C54572%2C304051%2C60171%2C24566%2C36318%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C1157%2C850%2C9072%2C8154%2C4364%2C7557%2C643%2C2298%2C6135%2C531%2C223%2C596%2C847%2C8582%2C1413%2C1104%2C9712%2C695%2C6&cl=625055724&seq=1&docid=4hIMRUTqARM&ei=l_ogZrbUB5ar0u8P9ZGFqAk&event=streamingstats&plid=AAYWXLe1TbhpdZgq&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4hIMRUTqARM%3Fcontrols%3D0%26loop%3D1%26autoplay%3D1%26fs%3D1%26iv_load_policy%3D3%26showinfo%3D0%26rel%3D0%26cc_load_policy%3D0%26start%3D0%26end%3D0%26origin%3Dhttps%3A%2F%2Fyoutubeembedcode.com&qclc=ChBUdDlZb1JQTjVNRVhHODQ4EAE&embargoed=0&cbr=Firefox&cbrver=96.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240415.01.00&cplayer=UNIPLAYER&cos=X11&cplatform=DESKTOP&vps=0.000:N,0.010:B,0.414:B,0.414:B&cat=streaming&cmt=0.010:0.000,0.414:0.000&vfs=0.414:396:396::r&view=0.414:390:190&bwe=0.414:130000&vis=0.414:0&bh=0.414:0.000 IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/stats/qoe?fmt=396&cpn=Tt9YoRPN5MEXG848&el=embedded&ns=yt&fexp=v1%2C23858057%2C125239%2C21348%2C76094%2C54572%2C304051%2C60171%2C24566%2C36318%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C1157%2C850%2C9072%2C8154%2C4364%2C7557%2C643%2C2298%2C6135%2C531%2C223%2C596%2C847%2C8582%2C1413%2C1104%2C9712%2C695%2C6&cl=625055724&seq=1&docid=4hIMRUTqARM&ei=l_ogZrbUB5ar0u8P9ZGFqAk&event=streamingstats&plid=AAYWXLe1TbhpdZgq&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4hIMRUTqARM%3Fcontrols%3D0%26loop%3D1%26autoplay%3D1%26fs%3D1%26iv_load_policy%3D3%26showinfo%3D0%26rel%3D0%26cc_load_policy%3D0%26start%3D0%26end%3D0%26origin%3Dhttps%3A%2F%2Fyoutubeembedcode.com&qclc=ChBUdDlZb1JQTjVNRVhHODQ4EAE&embargoed=0&cbr=Firefox&cbrver=96.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240415.01.00&cplayer=UNIPLAYER&cos=X11&cplatform=DESKTOP&vps=0.000:N,0.010:B,0.414:B,0.414:B&cat=streaming&cmt=0.010:0.000,0.414:0.000&vfs=0.414:396:396::r&view=0.414:390:190&bwe=0.414:130000&vis=0.414:0&bh=0.414:0.000 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Visitor-Id: CgtjTEtVOGNkMENrcyiV9YOxBjIOCgJOTxIIEgQSAgsMID0%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240415.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1713437334835&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C390%2C190&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Content-Length: 226
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
date: Thu, 18 Apr 2024 10:48:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
x-content-type-options: nosniff
server: Video Stats Server
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/annotations_module.js | 172.217.21.174 | 200 OK | 19 kB |
URL GET HTTP/3www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/annotations_module.js IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeJavaScript source, ASCII text, with very long lines (1115) Hasha2728a094e024866fabfd1d7c1f98897 01323ef7e8f80a71ba85f02b875ac0b15bdeda5f 5d510af5b4c0a2ffba73c3a4d5836b576727a8999e8c9b0dd2987cbaa2eea362
GET /s/player/f92087f2/player_ias.vflset/en_US/annotations_module.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 18905
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:28:40 GMT
expires: Wed, 16 Apr 2025 07:28:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 16 Apr 2024 04:18:33 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 184815
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/captions.js | 172.217.21.174 | 200 OK | 24 kB |
URL GET HTTP/3www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/captions.js IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeJavaScript source, ASCII text, with very long lines (546) Hash63d5bdb87eb3a4dabeef982071301002 79093e9a19e733c0cdd00a5ef8fc4d78005a676a 6774cd608e2edb69599e19a11945ecec700b1c1c250c50481e4661e5e5ed2eba
GET /s/player/f92087f2/player_ias.vflset/en_US/captions.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 24389
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:28:17 GMT
expires: Wed, 16 Apr 2025 07:28:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 16 Apr 2024 04:18:33 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 184838
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT | 142.250.74.138 | 200 OK | 0 B |
URL OPTIONS HTTP/2jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT IP142.250.74.138:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 18 Apr 2024 10:48:55 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=0-65900&rn=2&rbuf=0&pot=IjoJAwkAbyPzlEpkfWldRn1VRkRHaERGR3FqemBVMFpGe0tpQExKZENMXXtASkxkWFBIZHpOQEc5JjpH&ump=1&srfvp=1 |  91.90.45.173 | 200 OK | 66 kB |
URL POST HTTP/1.1rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=0-65900&rn=2&rbuf=0&pot=IjoJAwkAbyPzlEpkfWldRn1VRkRHaERGR3FqemBVMFpGe0tpQExKZENMXXtASkxkWFBIZHpOQEc5JjpH&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Hash1cc212aa97fc69d07790f0a17b6a36bd 43b44c6e8c14ef5a83f8956f52de9dcfbba3ae30 9c87a2aab6fc1e6e5596700c8eeddfca07fc703ce1c853d19929c207465d3101
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=0-65900&rn=2&rbuf=0&pot=IjoJAwkAbyPzlEpkfWldRn1VRkRHaERGR3FqemBVMFpGe0tpQExKZENMXXtASkxkWFBIZHpOQEc5JjpH&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Last-Modified: Tue, 02 Apr 2024 22:02:53 GMT
Content-Type: application/vnd.yt-ump
Date: Thu, 18 Apr 2024 10:48:55 GMT
Expires: Thu, 18 Apr 2024 10:48:55 GMT
Cache-Control: private, max-age=21300
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=0-84349&rn=1&rbuf=0&pot=Ijq_Wr9Z2XpFzfw9yzDrH8sM8B3xMfIf8SjcI9YMhgPwIv0w9hX8PfUV6yL2E_o97gn-PcwX9h6Pf4we&ump=1&srfvp=1 | 91.90.45.173 | 200 OK | 84 kB |
URL POST HTTP/1.1rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=0-84349&rn=1&rbuf=0&pot=Ijq_Wr9Z2XpFzfw9yzDrH8sM8B3xMfIf8SjcI9YMhgPwIv0w9hX8PfUV6yL2E_o97gn-PcwX9h6Pf4we&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Hashf7dc5c74173b342887b03e86dc303804 2d18f71b55246cb647122a27be22e1c5a7663a37 66f6e0b789ba82948cfbbc464821f8341bdb4f21b3a1072741036503adfcb76b
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=0-84349&rn=1&rbuf=0&pot=Ijq_Wr9Z2XpFzfw9yzDrH8sM8B3xMfIf8SjcI9YMhgPwIv0w9hX8PfUV6yL2E_o97gn-PcwX9h6Pf4we&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Last-Modified: Wed, 03 Apr 2024 11:15:08 GMT
Content-Type: application/vnd.yt-ump
Date: Thu, 18 Apr 2024 10:48:55 GMT
Expires: Thu, 18 Apr 2024 10:48:55 GMT
Cache-Control: private, max-age=21300
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
|
|
| jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT | 142.250.74.138 | 200 OK | 114 B |
URL OPTIONS HTTP/2jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT IP142.250.74.138:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
Hash16f686bbc24ff8ce96873acace97974e 05a4206898288c9791aa521073e802a40df37476 aa79c05eb1dafa1b28f81d6d0794f4552b65be2d6d8d377c07929e01ef68f3d2
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 831
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 18 Apr 2024 10:48:55 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| i.ytimg.com/vi/4hIMRUTqARM/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-DoACuAiKAgwIABABGHIgRCg0MA8=&rs=AOn4CLDmkIQtr7VBGEWd49tclJs4Rocw9Q | 142.250.74.86 | 200 OK | 26 kB |
URL GET HTTP/2i.ytimg.com/vi/4hIMRUTqARM/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-DoACuAiKAgwIABABGHIgRCg0MA8=&rs=AOn4CLDmkIQtr7VBGEWd49tclJs4Rocw9Q IP142.250.74.86:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subjectedgestatic.com Fingerprint78:1A:D9:37:F2:33:3C:A9:0F:4C:4A:E8:40:9E:55:8E:02:75:1E:15 ValidityMon, 04 Mar 2024 06:35:07 GMT - Mon, 27 May 2024 06:35:06 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components 3 Hashcc85d6cc54c5003dee041117e5aed1d9 bd70735bd30376af98a8abc455633928bd5defbf 0c66f7ec0695b90aacd63bde4b84f7c97392cd92189ee42fb810d6a214c177a3
GET /vi/4hIMRUTqARM/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-DoACuAiKAgwIABABGHIgRCg0MA8=&rs=AOn4CLDmkIQtr7VBGEWd49tclJs4Rocw9Q HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 26512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 10:18:14 GMT
expires: Thu, 18 Apr 2024 12:18:14 GMT
cache-control: public, max-age=7200
age: 1841
etag: "1705996351"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.youtube.com/youtubei/v1/next?prettyPrint=false | 172.217.21.174 | 200 OK | 1.9 kB |
URL POST HTTP/3www.youtube.com/youtubei/v1/next?prettyPrint=false IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hashed89420d93e66e982bd61936afcfe02f bca0a23f6410d8d84ddc90a8e688cabd8ee0ee18 bb0d3530ee38a0cf6bd7e849ab5ae76af8597015b141228a24d58d69718b9d4c
POST /youtubei/v1/next?prettyPrint=false HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Goog-Visitor-Id: CgtjTEtVOGNkMENrcyiV9YOxBjIOCgJOTxIIEgQSAgsMID0%3D
X-Youtube-Bootstrap-Logged-In: false
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20240415.01.00
Content-Length: 2672
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Thu, 18 Apr 2024 10:48:55 GMT
server: scaffolding on HTTPServer2
content-length: 1860
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 | 172.217.21.174 | 200 OK | 31 B |
URL POST HTTP/3www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hash5e1fa6fd9abd549a576f3f24b1d3c8d4 d5335d7f7d33be6a0b663f03b2df4df2521c4a87 d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1713437335902
Content-Type: application/json
X-Goog-Visitor-Id: CgtjTEtVOGNkMENrcyiV9YOxBjIOCgJOTxIIEgQSAgsMID0%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240415.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1713437334835&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C390%2C190&vis=1&wgl=true&ca_type=image
Content-Length: 16743
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Thu, 18 Apr 2024 10:48:55 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| yt3.ggpht.com/Pwnw9qWQuKgdKS72XPcRYHnZ4yIIyryaBkn_6IF9yR7jugDpwcGNqOCbAa5paa3ddEY31MHuOCM=s88-c-k-c0x00ffffff-no-rj | 142.250.74.161 | 200 OK | 6.2 kB |
URL GET HTTP/3yt3.ggpht.com/Pwnw9qWQuKgdKS72XPcRYHnZ4yIIyryaBkn_6IF9yR7jugDpwcGNqOCbAa5paa3ddEY31MHuOCM=s88-c-k-c0x00ffffff-no-rj IP142.250.74.161:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googleusercontent.com FingerprintE0:0C:38:A4:4D:4F:CB:42:05:30:9A:C4:60:B3:64:3F:EF:43:D1:2F ValidityMon, 04 Mar 2024 07:14:32 GMT - Mon, 27 May 2024 07:14:31 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 88x88, components 3 Hash9f092f0c78bcebf9e84d404501b93b8c 4f05c7e0d4c5d9ebd11eb86124a49fe89f82c26a 4d981d6f52640ccfa70a557943339d5daaf64d139d925304309472eb037319bd
GET /Pwnw9qWQuKgdKS72XPcRYHnZ4yIIyryaBkn_6IF9yR7jugDpwcGNqOCbAa5paa3ddEY31MHuOCM=s88-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="channels4_profile.jpg"
x-content-type-options: nosniff
server: fife
content-length: 6244
x-xss-protection: 0
date: Thu, 18 Apr 2024 09:23:29 GMT
expires: Fri, 19 Apr 2024 09:23:29 GMT
cache-control: public, max-age=86400, no-transform
age: 5126
etag: "v1"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 | 172.217.21.174 | 200 OK | 31 B |
URL POST HTTP/3www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hash5e1fa6fd9abd549a576f3f24b1d3c8d4 d5335d7f7d33be6a0b663f03b2df4df2521c4a87 d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
POST /youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Request-Time: 1713437337080
Content-Type: application/json
X-Goog-Visitor-Id: CgtjTEtVOGNkMENrcyiV9YOxBjIOCgJOTxIIEgQSAgsMID0%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240415.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1713437334168&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C390%2C190&vis=1&wgl=true&ca_type=image
Content-Length: 2265
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Thu, 18 Apr 2024 10:48:57 GMT
server: scaffolding on HTTPServer2
content-length: 31
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| i.postimg.cc/nVkV8M0W/FfMaxx.jpg | 162.19.61.80 | 200 OK | 37 kB |
URL GET HTTP/2i.postimg.cc/nVkV8M0W/FfMaxx.jpg IP162.19.61.80:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerLet's Encrypt Subjectpostimg.cc FingerprintF9:1B:A9:B2:AB:2D:30:75:4E:44:3F:7A:6F:40:77:77:39:CE:1B:13 ValidityWed, 21 Feb 2024 07:13:33 GMT - Tue, 21 May 2024 07:13:32 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3 Hash61aa45bf291755caa8f0664e4e8b91e9 33f6c6304486ce8004d9d459f08aa6b95982f0ba 323b5ffc0bc7f906cf266b1622e4de3f8dfddcb3f38c460e58b468906d51ebf3
GET /nVkV8M0W/FfMaxx.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 10:48:58 GMT
content-type: image/jpeg
content-length: 37166
last-modified: Sat, 04 Mar 2023 14:21:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/img/old/7.jpg | 104.21.43.237 | 200 OK | 75 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/7.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3 Hash473caf5f238322583e04e7aeee46c2a7 e56ebd24f2179527c21ab1262180ca834b6c5d24 622b5322352025505e01c71ff1d6520e62ce1f1211fc11efb3ede9d24a110c75
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/7.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 75427
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eRJ%2BYmZ%2FLRvjmmkqBMpyfz878eBxdt5B8W6Tk1EEI4uONvVJJgiS7v4or%2FmisyPni%2F4%2B%2BlN2cXu95ppJmI4KBqvXD%2FPK%2Bu4VtFHVwsg%2B0y2TtiA5REjImeyVVgPUACI5rPMx4Aw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c05b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/8.jpg | 104.21.43.237 | 200 OK | 85 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/8.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x1000, components 3 Hash5b988ca12f0928c882f7ff50a32ffe01 a44b37e7bb7ecbbe76d47b084cd94effd6e9f552 0eb6a14eeb1c27e7c3c471db0f10c25eea89a65df20b2dbeea6c9ee3ccc0c78f
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/8.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 85199
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N6ulU7RbG3ZnKSvhzORsPtb99RWN9GQKV%2B10fSG%2FNyOJXzGvD3FvkoiyNtJ3MW9Oo6jpfynkySzpudwLpLowYOiIcViWluntC53OHCZxB8bWzj91BlAHNu52%2FG4QMkOZ%2B5VyMIo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c08b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/9.jpg | 104.21.43.237 | 200 OK | 92 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/9.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x1000, components 3 Hashd3fa373bbd9a288f7162ffc76c179ebd 1add685f2def7f1c8d359fafe5f2ed3761e0188f 63fbe80d8ea4766ecc80faddd1387ef9681cb2ec2b4ad45164f4b36ffb4e2e43
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/9.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 91553
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UQDh52kBkSfv%2FOv5DzZHvpN8LPvUbvzkr04h92QFXsMH8y3k9Rflu74fWjJl501UDPQ4Rnm%2FTkXIMQBS6bF7tgaHBMr1zlzC%2BBerHrhkAA%2BwMyoHtsJYxajXZ3EAvUZsdPDJ%2Bo8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c0ab527-OSL
|
|
| fre487nv.xzf.my.id/img/old/10.jpg | 104.21.43.237 | 200 OK | 39 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/10.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 684x916, components 3 Hashbf58fb6f6463a1720fb1d0e0f58a3896 e0b9c0a61b1c60fe8748c7d007b981a3b7056489 de9e872524b79699ce8b0624de9bba409dd246d16dd48f171e4ed1072c00cfeb
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/10.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 39371
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L27y5FjnGUX3zFcLevVmMpYuRHTWg%2FG1E%2FEKjig7NPKgV2n4T%2Bb0eSYTy5QV1%2BD1bbYHql8Y0Sp%2FfVRE4te5ngxV9m3RSYysSGu41gb%2BbTWGd1tWlpDiiEyG60fXsdRraJV%2FV84%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c0fb527-OSL
|
|
| fre487nv.xzf.my.id/img/old/11.jpg | 104.21.43.237 | 200 OK | 46 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/11.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 940x1052, components 3 Hash0a4bc07510a030baffb2ec9ef5870aea 453b316a4e3fa4d955e1395280d506761156a06c 908c3acad2bff2c347166113be45b73a35869eed538a900acca3fedd81ff5183
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/11.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 46471
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBJD0Cmb9vj5OtGT3Z%2FQy9wC5xTsz3pECpN1c%2Fxcc4WAPy0wNmJbXAcT46JEbdzpPhdyVmXDjNPsmmAl3dNmXmzJ0O4xJ37sgIC0uvUtlNcdsAXT6mpImY%2Bo8RuhGa%2BvetcKfLQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c11b527-OSL
|
|
| fre487nv.xzf.my.id/img/old/12.jpg | 104.21.43.237 | 200 OK | 17 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/old/12.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x688, components 3 Hashf8351c5498cd1e97e3db1dc2e21f6cef 1b831a0dc34a8bf15ba6a10ee8b02bc010f59016 b9b545590950ff252a5b53bfc9b3d64ed373aee3ae94dec68033d0c857e8b3d8
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/old/12.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 17081
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:32:58 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2f8uICA4n0wtHmsd57jo3IAuemJvAvUTJIpD3kpAfm%2BVtk%2BQzLCMD54Y1lWcjI6J%2BlBeugsqwc3nh2ncXMPhirE%2FYwJiDUXEWhigbj0I3cnhUwlycvEaDNhvmZxAMZSFw67ZdSU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf7c14b527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/1.png | 104.21.43.237 | 200 OK | 2.8 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/1.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 130x162, components 3 Hashbd1e125844fffc6d3485bcf93c224f9d 2782371542228b448959c8610cf3790b662185cc b8f4fec91600d5be6d465792f7f7fab635d01019e148fe8b6f7bf59f717041de
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/1.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 2814
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kJG4Kv7j8KbDITUUIHvvhGDSuPIO%2B7wk3OiNlq85f9cloJsCVolSYoSS0JiGdOXh4%2FyaRzMdWppAz3SuDVho82DqKQGno6Eyg4aVxU7M0wtZQs8wpW4hnE2Zpzi27VZvbRr5i%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c2cb527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/2.png | 104.21.43.237 | 200 OK | 2.9 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/2.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 130x162, components 3 Hash63344bf9eaf1a509a9f8a749a06a36e1 0ff516d19ef2ff1b9a44ab20e3eb9579a8894654 788c47722a4dc77173ab620f196bfc24a2d8668bcf08f9fd296574545cf700f1
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/2.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 2878
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TClLopMaNWcK8ACzs9Nt9VEERY2zhcxGmkp0Qiu1eRXNZICoIxQanPviFb5Hp4CB6hagOqLYhTsRt4fvWdG0ADq%2BM%2FP8s%2FOWTk%2FBpaU8ULGOw4GdSau6tmZUI9ffjO1Ys%2BZjLh4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c30b527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/3.png | 104.21.43.237 | 200 OK | 2.9 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/3.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 130x162, components 3 Hashdf5bfc626761a05e26222598f27cdf15 ed37075f86574bdeb39a5608384d722f8347df03 762fe8a43c859633d41642dd93c10478d3dacf62ff1310ddcefa17db5fa61f29
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/3.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 2875
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=La%2BwV6pVrGGf1FY%2BG4tJTAGLcGqSAdqpC5M1Ps%2FNUtGlVovzZDXjR5eYJyjzwZRX9yPNlc%2BEoGKb5ycF%2FxlWrxS6Olg8aXFjR0SNZjXLX7NPIbbaTketT2Nk0UKKp5HfTtoxJDQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c37b527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/4.png | 104.21.43.237 | 200 OK | 2.8 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/4.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 130x162, components 3 Hash9322979ec6bc2f29f5f0215487d1be4b 17302260777757a2a811b76ad1d0e96a86781df7 6cc42f3ad3aa5606237a601793c1fb42458386d888adab6cf9077d23887eefed
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/4.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 2761
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bsqLIPpljk1jxidcuhDpaUjIeCHWQhyN4zEv1JzJ3rAJX3aZCf2D2OoityofdmHeJFGt8L%2Frd1YDPInsROQoH%2B%2BGM6LvF5dR8b6rrBxuDl%2BfMnbcWn0vvV5fnM1jyOaRKkzTeW8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c39b527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/5.png | 104.21.43.237 | 200 OK | 2.8 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/5.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 130x162, components 3 Hashf7fe1bdb99bdc8d0685e5f4bb5bf4e4c 965db0214225f37399495346a972e83c83f3fcdd e436ac38500431763697f5bd387d494324f320b76b25c97e29938d90bd7b1557
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/5.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 2779
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DQCMUGntjOvJncyUuooED2bCf0hO0dwmXza2U3l3c%2BQhZeDF1fW4%2Fx8Pa%2FLCCJAivwr5eO9Ni9tY%2Fy6A4OiDbgVIEsb2VeGfhu0de1zSls7z%2FCVOYCNhTK4fzbijh3s9qhYD5Yg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c3eb527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/6.png | 104.21.43.237 | 200 OK | 2.8 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/6.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 130x162, components 3 Hash2230594c80150378fe318c774eb216a4 918a13f5861c368c3b19c75cf8ca362b0b29a48c 43de460f27a0d3e43b13b5e75ac00da6ea6b54fb468afc4cffbd53709ee556b4
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/6.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 2781
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1n1kkS9aLGdtLeY9s%2BsqXxI3lXJ%2FzN6d82%2FI5vOcTEIlG9YbA08kRs2ouoEATlAgudWg34QCqQY%2FqlA6G13Y19zmRvfXrPyuG0HpHiVjmUkuG6EUy0E5uawzAqq3suS4WD7Auc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c41b527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/7.png | 104.21.43.237 | 200 OK | 12 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/7.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 233x290, components 3 Hash31c0214a044bb8cc98cab002fdf9bb94 c2b483949f3267aa679d364ce059d1babc3e8f93 585cf192d586d254d46a7a066980137a06e5a23592e66dfc4b54bd6c4b63e088
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/7.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 11823
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RFuHmBi09792O2yTp3JO2CfrDAOBmLIIkKwyBkcxR78tznmy76ir1NjJeTuL7xrfhCe699i0vKWhFZ3VfwSftqYaextvIu9mVh2EJ0jzldfQg%2FNTzVrl5g7zVFsDhbM8igEay9c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c42b527-OSL
|
|
| fre487nv.xzf.my.id/img/diamond/8.png | 104.21.43.237 | 200 OK | 13 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/diamond/8.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 233x290, components 3 Hash18d7331b2312b85b1bfba110763c7574 9186a2527194478a524ffe4b7ceb5e61410bdd42 6afcc18ffa172755862f5c6dc3f20d9c3d6ee6f5f399df00e8568bf747e1cdb9
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/diamond/8.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/png
content-length: 13341
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:30:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbhsZ9rsl6yyzQ%2B%2FTIprto%2BDR3%2FIhD%2BCbnzYiZy0XMMWSwlYAmMkIM8JWMwea026OSB4mg%2FtiYr1FEhIj3PmwFTcWdEaAggSoBdfMksBRHzgMuvuDxis05BddpjEyTx892%2Fz2dM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c45b527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/n1.jpeg | 104.21.43.237 | 200 OK | 100 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/n1.jpeg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 582x773, components 3 Hashdb1fa213e1d17d31fe863149c067eb65 feb589647e77221e77477f577d3c1c8ba6a75477 d2973dde5839f76cfa57932df4f4813939a0061a89376edb063f6bde3b0047b5
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/n1.jpeg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 99696
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 19 Feb 2024 01:49:40 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4eqYskAxT8ckBH0tBXmBj%2BfqMmR%2FwbSJERyMVeYwK7G8g4dRZAJsfD8o0iQF4Wd%2FXVi6eFqrK%2BiWyAXRFIqDMylZFfMIO6%2BU5RsUf6O0l1gZyv0LZE%2BJe7zW%2Fxvh0vmtzl2%2FJOA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c48b527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fre487nv.xzf.my.id/img/incubator/n2.jpeg | 104.21.43.237 | 200 OK | 16 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/n2.jpeg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 242x323, components 3 Hashf666661cf0db48fd27b6beeeac106697 f051aad9f454044593fde4caddff97f5ae1ec247 81b9c32b27f445fb1bbacbefd4bdeece209f23838d9e7e4f4e392faca2f82080
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/n2.jpeg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 15570
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 19 Feb 2024 01:49:36 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zOuXzMkC6ZcUGly6hjWNIUDQ4EFl47ZSA5kakhiwGEP4zXdsIHZtW1T4qvp%2BgMhOBDtX9KiGsTZ7bma7Qk6jbz5KgOTfXiX4wfnm5CDW1g33uvYhZKh2UkWwxeRG5O%2BtOmmL61I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c4ab527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/n3.jpeg | 104.21.43.237 | 200 OK | 63 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/n3.jpeg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x663, components 3 Hash3ba15ab32066f05ac8ae42e77a723e85 116021696ee50fb51cb0c44f683cde855c59a291 f83b1564472584afdac9157172bf634ef3ccd4bcfd947987c1a059395627a387
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/n3.jpeg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 63129
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 19 Feb 2024 01:49:44 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Flierse8BsEFhUXSpN08pjKiiyggkXxIKB7gut2rT79JlBuEJAcjQhK2JvOqLjqA%2F4CQ8FNdJEOltHqr%2B6Nqr4mw%2BSVIOTkrEjz4r%2Fe6dP%2FwIj%2B66FyTeqUYQovb0MCzB3X1pNA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c4cb527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/1.jpg | 104.21.43.237 | 200 OK | 64 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/1.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 559x559, components 3 Hash7c17b4a223a7baf1931ddf915972a1d7 49fa779105da34bc66ef240ed71719d837f1813e 7eb51057deb30db7c6c2900040a45178726b5a63c262f50ff58fdcf876cfa463
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/1.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 63579
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wNDmvknuKGSw8%2FR6g677qXWIrZdCy5AlrUM9YPv7NJnWfkK1vQqbVyLXO7syvy4xP7MRjufk5kw4U89NllzQ0KWsdmqEzgSCVMiJSbz5mMoObHnVLUO5KKMTFswFDKiyaHAQIEQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf8c4fb527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/2.jpg | 104.21.43.237 | 200 OK | 60 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/2.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 565x565, components 3 Hashcaa25bdeee31b9bf65b0558ee9ba03d8 7fda495e1ba5939dacaa87e1231a72e40111e600 35d68e25f22f6688e3a8f7cb2f354cd45b09c8523ba6d4ff53c7ca64d3c9e1bd
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/2.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 59531
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KmI%2FcQtGlgLaaM3E%2BXRCBT3TVA3sUbT1NYJmKhz0ZeSkBlVVM9cRKNLLJp173W9w0tBfD75KHVKRx%2FbwLRJVk0dgV5Yxd%2BdIshCj1rWIvOEEDoR8kYADwrc8ubZRYxqCLK0uhtk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf9c65b527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/3.jpg | 104.21.43.237 | 200 OK | 59 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/3.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 562x562, components 3 Hash979aa3e91bf0371884c91706db7a98c1 658497a52d5551d138d3401210ddf2ecacfb20fd f451a298d4843315ecb7bf2500d946295ecd6776aaf12cb69574bde1aa1f395c
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/3.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 58631
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B2%2FPWJ8J%2Fe7aMQkV8pPfWqQxo85iszVC9CTTktC6u4OOi1BrzpmZqjap0pkGNdGsgLkX3TJl0zx6XsAPVMh4nEB4iHmqVI32iFvVeHzwQbjWFYAVqT4Tc5ks8sSKtwoKasX6zsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf9c66b527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/4.jpg | 104.21.43.237 | 200 OK | 64 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/4.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 575x575, components 3 Hashb5204e496f3122192acd17b2b186b45f 7150bc610c3e4104dd5b101654c9f37406aa04a4 f95ed204614a3599b0bb6ffdcceecb74cd5dc7a60e26ca4e235f1a2a82c5c518
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/4.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 63944
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0fZIjCSr5QxAMIio8FN31dbU7X1n%2BbjPSkAHYdH4f6Bhd2pOcNc2c7E6UayKerhxSxoKn%2Foa%2BxdinUGLB2T293tJsa1kcUmqEwhnrXjd04WffqLiX39cAiEPtw%2F9S%2BMBOzErvw0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bf9c6cb527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/5.jpg | 104.21.43.237 | 200 OK | 56 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/5.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 568x568, components 3 Hash5e7b7e726f0f5182f4268a38b3a5ceab 6495856bce9af91b8e9d728e0e3625189e7e452b a04ed1b5cf22b5ae79a1bbca52ee14f9ca03a83a36c6ce16e7ecb870e95aab55
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/5.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 55457
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FimL8FXVqpVPhzhAMeg%2FRVsR9k4TLBepQfWWoBS%2FcfQ4s1FvUJeViAC6b0MdDjYuapKRat0PklirfA81QvTTOVcwyV3LML%2FZCOFFJom3d8waGFyy7Jncp39jrWuyCjmQT%2BB6CfU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfac77b527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/6.jpg | 104.21.43.237 | 200 OK | 58 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/6.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 568x568, components 3 Hash933113087a731f60a1b1612d67f969cd db40cd025a4738ef85cf2c514f00e69b5d817df3 54fad0de66506819441abb12f48b499596b374f441fe0aaa7a6e9d7ec0668a5e
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/6.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 57623
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aHxNCVSXL5iQRHPrqb5M0eqLfJ8Pyp4Fbw2u39iQtrT3F%2BdlzBPmPv9AkFjf6hrhsBDF2u7IATlgleK%2BDlZbH98EN8ruwpauVCTkT4FLz7yjg7qzuXRdTdhCW%2FZUiAe5y18z76Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfac7bb527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/7.jpg | 104.21.43.237 | 200 OK | 18 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/7.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 203x273, components 3 Hash2e1e3735e5def5bccf44e87f9ae76a95 f3b503d9632acd9e0cb700f7f5d3712da6fc8eb6 f3c3093e4cc9c4988c843918b523d35b42ea7d5ebca79ea89c04c0e661def0cd
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/7.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 17868
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B8pFdv4z6fp%2FBcaCy7m%2B22c4GHu4wWHtDEa5yY2B5eXjOFTexi1m4GuXx1aNe9rlv5MnayCTUzKdVIEPC%2BJNuxfqLcqbBHSwpBW3ejJRGjLtB4gXm9W%2FWJQnxm8tdFc%2BlVdW7qs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfac7cb527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/8.jpg | 104.21.43.237 | 200 OK | 17 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/8.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 201x272, components 3 Hashbb4c22bbf88632acaf74735969c09661 06ec1ada0909e6a314640ea32195f77a6ea832b9 46a89f72eddd4c6b4447622c23bdde5e861bb7afd8a4d1edef030841d373093a
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/8.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 16726
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMXHZ5C0FFTADgDzdl%2FiJU9kgokptn70Ujduc88wjFOEKjkmlXw3VbYQV13SuYmZMPT0gf7w%2BO2fXv0kFvjrVK%2B%2BVD40pXkITclwDOpghQSabT0mF5reCanV84J2K8Leai8lNKc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfac7db527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/9.jpg | 104.21.43.237 | 200 OK | 18 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/9.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 202x273, components 3 Hash324fa71ceab25917b1b39275f0510c34 b15a87ed1e0d8915f9bbddcc634e5c19cb9c09c7 37e9b832341a9e17a95ef5f3d8d1175cc4d72cb67847b8a2eea9025ffe0570c9
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/9.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 17945
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kC2VoiTEIpYyh0VdORcjq31eaeoyr2zdtKJabO5FsJm7bRzGQteOLjWfJm7I3F4Z4qM%2BP9Wo1PjAY8zOdSJrSd3%2FyOXQ6UghuYppJOk%2BttjYmnC3%2B%2Fqga4GQgMFipzomGcTUL74%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfac7fb527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/10.jpg | 104.21.43.237 | 200 OK | 15 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/10.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 205x270, components 3 Hash6662119a701a284803239bd63e60a9f1 331dcad42c43585899aef4049ee759c48b47a464 7dad6721e95be42ff263df89e177b04725f23b7b37a2e7ab7f97e35e5fd02b16
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/10.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 15353
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31pRnG9%2FWjYHpYwj%2Fr7LGQXI3z%2FF5Q3inmbiccTjRpA6S4%2BbWuHxUrz69mxxYeW4aNAdhtd0wYyz0JriAqUTnBMCU45fAKuQBGagAVY5A%2Bhhm25VtsJ1rHvuVg1rePm0kiqZu%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfac80b527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/11.jpg | 104.21.43.237 | 200 OK | 17 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/11.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 201x269, components 3 Hashff130cc7c9b4f2b0b8da9df733b6e46c 7552f1af69a3fe64f388d89efc0c2afccbeba941 a738fedb10c230981aea2faeb99e56ba0f4b80d576559bbe99bc569abc28967f
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/11.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 16631
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kv2ZoLXoqQsx7vvWWX9cVt3HDNBxFxF%2F4FMIOch2O47hxHko4QQHeBDclvlQLvKZv3cQ%2B43mxFNbEWmIpghGI81Y0rJgmglOaMGEmu%2FH%2B7kL%2F23Kxop6J%2BV0YOdvW3Y3BKII3ak%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfbc9db527-OSL
|
|
| fre487nv.xzf.my.id/img/incubator/12.jpg | 104.21.43.237 | 200 OK | 17 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/incubator/12.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 203x273, components 3 Hash89bf879f77e2c739090f65670e1d543e 10a037660ba66df86c1e1dfdc309425a5b81a691 da57aa220b2f676a0dfe336fa5410675c9801312cbd50ccb59f81028e6cb4213
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/incubator/12.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: image/jpeg
content-length: 16838
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Wed, 05 Apr 2023 14:31:48 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JgtUO9fBZ%2FyTm4Y75W37T9890C6Wgbti%2B6vlc2bs4hklo%2FTJvpuArs%2BaLY%2F5xg26jNS70vdZQITEXwVW8XswB9bVrfx%2FR7W5TEpdlsE%2FC2bnvD7X865bAFJo0arOxhgPGduO3ko%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfbc9fb527-OSL
|
|
| fre487nv.xzf.my.id/img/back3.jpg | 104.21.43.237 | 200 OK | 37 kB |
URL GET HTTP/3fre487nv.xzf.my.id/img/back3.jpg IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 675x1280, components 3 Hashd49a9d65d02c88f1d08a2d529c3ce262 a48830b010894c7ff4f8b0755b45c0529258564b 6127febdf5ed95db07f069979e91266e2f68c9d4eb09e161e906052cb850023a
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /img/back3.jpg HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:53 GMT
content-type: image/jpeg
content-length: 37092
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:53 GMT
last-modified: Sat, 17 Feb 2024 01:07:56 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6crhoVV%2FGsZdrO%2Fmljnx5Asccyh97GAB0VhrS0IYsLiKyt8C8Y78zAtrRsSugh1kg5HyLOm0GzmIQ%2B%2BBHQMjvkxK%2BHhqQBwnxX7a3MjRwvwU3Drnv%2BZT6p0n7tCmHCECpefxmCQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415c44fcdb527-OSL
|
|
| www.youtube.com/api/stats/qoe?fmt=396&afmt=251&cpn=Tt9YoRPN5MEXG848&el=embedded&ns=yt&fexp=v1%2C23858057%2C125239%2C21348%2C76094%2C54572%2C304051%2C60171%2C24566%2C36318%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C1157%2C850%2C9072%2C8154%2C4364%2C7557%2C643%2C2298%2C6135%2C531%2C223%2C596%2C847%2C8582%2C1413%2C1104%2C9712%2C695%2C6&cl=625055724&seq=2&docid=4hIMRUTqARM&ei=l_ogZrbUB5ar0u8P9ZGFqAk&event=streamingstats&plid=AAYWXLe1TbhpdZgq&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4hIMRUTqARM%3Fcontrols%3D0%26loop%3D1%26autoplay%3D1%26fs%3D1%26iv_load_policy%3D3%26showinfo%3D0%26rel%3D0%26cc_load_policy%3D0%26start%3D0%26end%3D0%26origin%3Dhttps%3A%2F%2Fyoutubeembedcode.com&qclc=ChBUdDlZb1JQTjVNRVhHODQ4EAI&embargoed=0&cbr=Firefox&cbrver=96.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240415.01.00&cplayer=UNIPLAYER&cos=X11&cplatform=DESKTOP&afs=0.418:251::i&cmt=0.444:0.000,10.001:0.000&vps=0.444:N&ctmp=dompaused:t.448;r.promise;m.NotAllowedError,itr:t.877;&bwm=10.001:541530:0.947&bwe=10.001:1480248&bh=10.001:12.583 | 172.217.21.174 | 204 No Content | 0 B |
URL POST HTTP/3www.youtube.com/api/stats/qoe?fmt=396&afmt=251&cpn=Tt9YoRPN5MEXG848&el=embedded&ns=yt&fexp=v1%2C23858057%2C125239%2C21348%2C76094%2C54572%2C304051%2C60171%2C24566%2C36318%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C1157%2C850%2C9072%2C8154%2C4364%2C7557%2C643%2C2298%2C6135%2C531%2C223%2C596%2C847%2C8582%2C1413%2C1104%2C9712%2C695%2C6&cl=625055724&seq=2&docid=4hIMRUTqARM&ei=l_ogZrbUB5ar0u8P9ZGFqAk&event=streamingstats&plid=AAYWXLe1TbhpdZgq&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4hIMRUTqARM%3Fcontrols%3D0%26loop%3D1%26autoplay%3D1%26fs%3D1%26iv_load_policy%3D3%26showinfo%3D0%26rel%3D0%26cc_load_policy%3D0%26start%3D0%26end%3D0%26origin%3Dhttps%3A%2F%2Fyoutubeembedcode.com&qclc=ChBUdDlZb1JQTjVNRVhHODQ4EAI&embargoed=0&cbr=Firefox&cbrver=96.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240415.01.00&cplayer=UNIPLAYER&cos=X11&cplatform=DESKTOP&afs=0.418:251::i&cmt=0.444:0.000,10.001:0.000&vps=0.444:N&ctmp=dompaused:t.448;r.promise;m.NotAllowedError,itr:t.877;&bwm=10.001:541530:0.947&bwe=10.001:1480248&bh=10.001:12.583 IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/stats/qoe?fmt=396&afmt=251&cpn=Tt9YoRPN5MEXG848&el=embedded&ns=yt&fexp=v1%2C23858057%2C125239%2C21348%2C76094%2C54572%2C304051%2C60171%2C24566%2C36318%2C6271%2C26443548%2C7111%2C36343%2C9954%2C1192%2C26496%2C6966%2C2%2C6689%2C1157%2C850%2C9072%2C8154%2C4364%2C7557%2C643%2C2298%2C6135%2C531%2C223%2C596%2C847%2C8582%2C1413%2C1104%2C9712%2C695%2C6&cl=625055724&seq=2&docid=4hIMRUTqARM&ei=l_ogZrbUB5ar0u8P9ZGFqAk&event=streamingstats&plid=AAYWXLe1TbhpdZgq&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4hIMRUTqARM%3Fcontrols%3D0%26loop%3D1%26autoplay%3D1%26fs%3D1%26iv_load_policy%3D3%26showinfo%3D0%26rel%3D0%26cc_load_policy%3D0%26start%3D0%26end%3D0%26origin%3Dhttps%3A%2F%2Fyoutubeembedcode.com&qclc=ChBUdDlZb1JQTjVNRVhHODQ4EAI&embargoed=0&cbr=Firefox&cbrver=96.0&c=WEB_EMBEDDED_PLAYER&cver=1.20240415.01.00&cplayer=UNIPLAYER&cos=X11&cplatform=DESKTOP&afs=0.418:251::i&cmt=0.444:0.000,10.001:0.000&vps=0.444:N&ctmp=dompaused:t.448;r.promise;m.NotAllowedError,itr:t.877;&bwm=10.001:541530:0.947&bwe=10.001:1480248&bh=10.001:12.583 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Visitor-Id: CgtjTEtVOGNkMENrcyiV9YOxBjIOCgJOTxIIEgQSAgsMID0%3D
X-YouTube-Client-Name: 56
X-YouTube-Client-Version: 1.20240415.01.00
X-YouTube-Utc-Offset: 0
X-YouTube-Time-Zone: UTC
X-YouTube-Ad-Signals: dt=1713437334835&flash=0&frm=2&u_tz&u_his=2&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C390%2C190&vis=1&wgl=true&ca_type=image
Content-Type: application/x-www-form-urlencoded
Content-Length: 226
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
date: Thu, 18 Apr 2024 10:49:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
x-content-type-options: nosniff
server: Video Stats Server
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US | 54.230.111.124 | | 82 B |
URL services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US IP54.230.111.124:0
Hash4f822d39c269d2c47e3174b6c6bad3b7 d56bd07959c766e9c18faa9cf1070548f9236b65 cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3
GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 82
server: openresty
date: Thu, 18 Apr 2024 09:58:28 GMT
allow: GET, HEAD, OPTIONS
x-amo-request-id: 10ce6dff4b6746d8b26641de9a673ca7
content-security-policy: form-action 'self'; media-src https://videos.cdn.mozilla.net; child-src https://www.recaptcha.net/recaptcha/; object-src 'none'; connect-src 'self' https://*.google-analytics.com; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; default-src 'none'; font-src 'self' https://addons.mozilla.org/static-server/; script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; frame-src https://www.recaptcha.net/recaptcha/; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; report-uri /__cspreport__
x-frame-options: DENY
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
via: 1.1 google, 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VNQKuHTh8YlX_Nie2ukQDl3GvpGTGuWk9I_0AceVy9FZvfMN-G2fBQ==
age: 3052
X-Firefox-Spdy: h2
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=481396-946204&rn=9&rbuf=30001&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 | 91.90.45.173 | 200 OK | 465 kB |
URL POST HTTP/3rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=481396-946204&rn=9&rbuf=30001&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Size465 kB (464914 bytes) Hash0b6690478fcde9b875c1e8667e2362ff 3b1c40cb34096fbc7b2facd657c939e9099194f3 6f6c8335015b47247e6fc27985df14868a7d04d8d97f673112dbf23270ab0129
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=481396-946204&rn=9&rbuf=30001&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
last-modified: Tue, 02 Apr 2024 22:02:53 GMT
content-type: application/vnd.yt-ump
date: Thu, 18 Apr 2024 10:49:15 GMT
expires: Thu, 18 Apr 2024 10:49:15 GMT
cache-control: private, max-age=21280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
client-protocol: quic
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
vary: Origin
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
server: gvs 1.0
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=263085-481395&rn=7&rbuf=16158&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 | 91.90.45.173 | 200 OK | 218 kB |
URL POST HTTP/3rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=263085-481395&rn=7&rbuf=16158&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Size218 kB (218374 bytes) Hashf8c81efe9202082c6e7b1fb8103170ee 89db23b4e96423c2829270011e2e0afae92b832e 39fa75ef92a7060694cb09b78e5b8bec1e8fe72e136a4727e267e9ffa78f13cb
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=263085-481395&rn=7&rbuf=16158&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
last-modified: Tue, 02 Apr 2024 22:02:53 GMT
content-type: application/vnd.yt-ump
date: Thu, 18 Apr 2024 10:49:05 GMT
expires: Thu, 18 Apr 2024 10:49:05 GMT
cache-control: private, max-age=21290
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
client-protocol: quic
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
vary: Origin
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
server: gvs 1.0
|
|
| file.gifan.id/fontawesome.js | 104.21.234.34 | 200 OK | 11 kB |
URL GET HTTP/2file.gifan.id/fontawesome.js IP104.21.234.34:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgifan.id Fingerprint65:21:CF:78:C6:F3:9C:82:42:72:2D:29:CC:E1:28:F9:68:C7:DA:50 ValidityTue, 26 Mar 2024 02:33:24 GMT - Mon, 24 Jun 2024 02:33:23 GMT
File typeJavaScript source, ASCII text, with very long lines (10594), with CRLF line terminators Hash7653d4719abf98a98d6e9412e33976e6 0b4414adc9da488b97830ce789a79994ba55aa23 051afcaea280590a5c6a5c472ad0852783d794a8923c4d26e388656fc9dcd791
GET /fontawesome.js HTTP/1.1
Host: file.gifan.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:53 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Fri, 19 Apr 2024 22:28:02 GMT
last-modified: Tue, 03 Jan 2023 12:39:32 GMT
vary: Accept-Encoding,User-Agent
x-powered-by: Niagahoster
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 476451
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1V8LibksGGWVrlt0W7bHUlOOxnp1B8Iv7WzS1IugoFXb0fE39jGBkzH0lsUqCMZXUnYUEauoLqSNJeWY7T%2BOib8eS%2FJRNpNAXkYeUwEqNc59cv%2FNZLJvha2kov3h1E5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415c90fea9489-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-font-face.min.css?token=869e25b803 | 104.21.26.223 | 200 OK | 1.8 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-font-face.min.css?token=869e25b803 IP104.21.26.223:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (1817), with no line terminators Hash3dedc00973400e03c5ede855beb3e8b5 c72d245eb6fa18840821a7d53634a4f8ac5119d0 a45344d4b89aadfcddc80ff5e6de83bcbb2799a2af99a046e1cea1dd6fe0f28c
GET /releases/v6.0.0/css/free-v4-font-face.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fre487nv.xzf.my.id/
Origin: https://fre487nv.xzf.my.id
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:54 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"369cbeaee8e26da69cc5b0a0700cd62c"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LfNSTj3R0hPJkrQ-0EZE7Ccmuq_EHcD9Z04-NhZxQdY9uPV3vFWfVQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xsu1E1rILrALt4mCLBS19gSlB1aOHNyscCx26gcPedJblh%2FUCtVJQYCOAusP9F6qoCntVwbEwW%2BpLxTTG3uoLiP4bkxLm7FJhFCQwadcYmXb3twUbFLB1jkrl5gShMCfnAKgYRJrxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415cabbe51c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/endscreen.js | 172.217.21.174 | 200 OK | 34 kB |
URL GET HTTP/3www.youtube.com/s/player/f92087f2/player_ias.vflset/en_US/endscreen.js IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeJavaScript source, ASCII text, with very long lines (607) Hash7f4f31ce51bda637a9dc9b058930def6 52fbca9b51476a96edcae77fccced9d48ee7ebc2 c67dbff7ffba0e89102ad64926eddc09df0da3088a53087f2207c5101edb7707
GET /s/player/f92087f2/player_ias.vflset/en_US/endscreen.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 8384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:28:09 GMT
expires: Wed, 16 Apr 2025 07:28:09 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 16 Apr 2024 04:18:33 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 184846
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| | 104.21.43.237 | 200 OK | 68 kB |
URL User Request GET HTTP/2IP104.21.43.237:443
CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET / HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7d8TsbErSsAiw6Am%2FwOxTDEvUrL%2Bp4L9COxDzOb6CW8jKuxX92zZlR3VGXkXVhih2JK1v%2FxbCRUh5qmt9qTLY2jbnXgtwqGn4xq%2BJOwWetcbNg5wPGZJgQsIM%2FeYlpXNnK9H7nw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415bcda79b52d-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=278134-670584&rn=6&rbuf=12583&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 | 91.90.45.173 | 200 OK | 392 kB |
URL POST HTTP/3rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=278134-670584&rn=6&rbuf=12583&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Size392 kB (392514 bytes) Hash485c2d37a34548003914e9ef423c099c c0fc3150c7ac5b820207e6c96f590233f63a275d bbee47da50e003961c229c3b0e9ee9ac31ac68dc4482b09c65ca88d6ad52f70e
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=278134-670584&rn=6&rbuf=12583&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
last-modified: Wed, 03 Apr 2024 11:15:08 GMT
content-type: application/vnd.yt-ump
date: Thu, 18 Apr 2024 10:49:05 GMT
expires: Thu, 18 Apr 2024 10:49:05 GMT
cache-control: private, max-age=21290
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
client-protocol: quic
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
vary: Origin
cross-origin-resource-policy: cross-origin
x-restrict-formats-hint: None
x-content-type-options: nosniff
server: gvs 1.0
|
|
| ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-shims.min.css?token=869e25b803 | 104.21.26.223 | 200 OK | 26 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-shims.min.css?token=869e25b803 IP104.21.26.223:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (26019) Hashc32e971c7d11c2407f847b61c515f1e2 85ac47a05e49f01cd62301ee121a2ca0dfdc0f83 a7fb3a26d569bec0139baaae950e43c1e10b0afbcf6e9d7654aa1181a8319759
GET /releases/v6.0.0/css/free-v4-shims.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fre487nv.xzf.my.id/
Origin: https://fre487nv.xzf.my.id
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:54 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"c32e971c7d11c2407f847b61c515f1e2"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xwBPT531Bkg8bCGQXEk_lr8lO-yUh35dKxMJCZ1OPbgQzMMHnU9DoA==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNbucjxre73lKU%2BvTRIxmTVud%2BZC%2BvRfiYpsAFFwdwp4rVeEC2qQXWTYr%2FXDovZe%2BuomZeZvNKnfcIXG5VheMhGvyrJJzcDAcqtEuEns%2BVqUchrW%2BZQW6Mq0WfjfR8oBn%2BmshJMoSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415caabdc1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=65901-131580&rn=3&rbuf=3943&pot=Ijpetl6wOJakIR3RKtwK8yrgEfEQ3RPzEMQ9zzfgZ-8RzhzcF_kd0RT5Cs4X_xvRD-Uf0S37F_Juk23y&ump=1&srfvp=1 | 91.90.45.173 | 200 OK | 66 kB |
URL POST HTTP/3rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=65901-131580&rn=3&rbuf=3943&pot=Ijpetl6wOJakIR3RKtwK8yrgEfEQ3RPzEMQ9zzfgZ-8RzhzcF_kd0RT5Cs4X_xvRD-Uf0S37F_Juk23y&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Hashd904eebbe6303ecb00b21e4137d7c63f fc8b35ea2c8ff9e04b21b48da715a13556f244de e6e1e26016bc96b825bdb36cef126ff574619071e578c5751599526977df5c4d
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=65901-131580&rn=3&rbuf=3943&pot=Ijpetl6wOJakIR3RKtwK8yrgEfEQ3RPzEMQ9zzfgZ-8RzhzcF_kd0RT5Cs4X_xvRD-Uf0S37F_Juk23y&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
last-modified: Tue, 02 Apr 2024 22:02:53 GMT
content-type: application/vnd.yt-ump
date: Thu, 18 Apr 2024 10:48:55 GMT
expires: Thu, 18 Apr 2024 10:48:55 GMT
cache-control: private, max-age=21300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
client-protocol: quic
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
vary: Origin
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
server: gvs 1.0
|
|
| ka-f.fontawesome.com/releases/v6.0.0/css/free.min.css?token=869e25b803 | 104.21.26.223 | 200 OK | 90 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.0.0/css/free.min.css?token=869e25b803 IP104.21.26.223:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (65321) Hash345f5ecc270c94968998574a2d37e31a 4b1937ca073a8376a07161bc40549585493ffa3d efad9b46d0c00f2562eb53236717ff21ebd474f8d68f69b45f92c424bfd87e9c
GET /releases/v6.0.0/css/free.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fre487nv.xzf.my.id/
Origin: https://fre487nv.xzf.my.id
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:54 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"345f5ecc270c94968998574a2d37e31a"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qB8v7phTPgauL8LMPQKvdxD1qwl-BFlRyezB9NPKmU5Gx-14Zy6GKw==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1leGtGfLlvowBHiMfX4aTXI6Z8H7TGi40SyWOYZ%2Frq1e6Z5DzB7E76OESkTjBbS3lN8ADAmntTho3JIMx49pXhICaP8FqASjpuqgy5fCbTDBioGtIxINAn7uz7FaGKFnEKY2G5c8NA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415cabbe11c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=131581-263084&rn=5&rbuf=7895&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 | 91.90.45.173 | 200 OK | 132 kB |
URL POST HTTP/3rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=131581-263084&rn=5&rbuf=7895&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Size132 kB (131567 bytes) Hash55e74621b1a502b5c83fc3c57ed60160 a7ae6d5f716d3489e73594f0921abbe1c1416697 7aa49c770758be3905603c256b261fed453305b7bd618dae21f429db379ef91f
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=251&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=audio%2Fwebm&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=946205&dur=59.821&lmt=1712095373244492&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=5532434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIhAOobCcjKLLsSWpSZaynBql7RK_YqHEkHkI8QHg2u594QAiBgCzASPFxSsSczAC2Akssf9CKXH4bcdFsgGPYcSwDWqw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=131581-263084&rn=5&rbuf=7895&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
last-modified: Tue, 02 Apr 2024 22:02:53 GMT
content-type: application/vnd.yt-ump
date: Thu, 18 Apr 2024 10:48:55 GMT
expires: Thu, 18 Apr 2024 10:48:55 GMT
cache-control: private, max-age=21300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
client-protocol: quic
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
vary: Origin
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
server: gvs 1.0
|
|
| stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css | 104.18.11.207 | 200 OK | 31 kB |
URL GET HTTP/2stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css IP104.18.11.207:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File typeASCII text, with very long lines (30837) Hash269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 10/31/2023 18:48:06
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 722
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: dd809c84048d5afa8e77adc8acacd559
cdn-cache: HIT
cf-cache-status: HIT
age: 12811507
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 876415bf9950b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=84350-278133&rn=4&rbuf=6110&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 | 91.90.45.173 | 200 OK | 194 kB |
URL POST HTTP/3rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=84350-278133&rn=4&rbuf=6110&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 IP91.90.45.173:443 ASN#50304 Blix Solutions AS
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.googlevideo.com Fingerprint05:65:DE:5B:B7:CF:9A:4A:22:AF:57:DB:9B:EC:B9:BD:E5:B0:57:E2 ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT
Size194 kB (193847 bytes) Hashd8c948c3856d001ea106063459e96b97 33cdedd8418c38e71a4cf965f78ada05d1f17641 aadd4547caef5c293ac0412d94a34ebb9ace828481acaa54cc65f4392b72bcd9
POST /videoplayback?expire=1713458935&ei=l_ogZrbUB5ar0u8P9ZGFqAk&ip=91.90.42.154&id=o-AN5oZYY9KpwQmXP7lCjpdO3Q64LabaB7f6OJ2ccaNa6P&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&mh=fM&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pcm2cms=yes&pl=21&initcwndbps=2463750&bui=AaUN6a3yB3Puix-Ri66POIEtvb6yeExkGi80jXZvDVx5LAWc5nixIPFZC84ZAoZbmPptopqGQSfEZSsW&spc=UWF9f4s3qRM7Su6QwQ-wf5tUexREUj0-Dr1E9n97BnQ7zuXqM9AXj17l8g&vprv=1&svpuc=1&mime=video%2Fmp4&ns=jNRyBWQ4AAwtlFVnwxf4YToQ&gir=yes&clen=2160384&dur=59.791&lmt=1712142908082106&mt=1713437086&fvip=3&keepalive=yes&c=WEB_EMBEDDED_PLAYER&sefc=1&txp=553C434&n=S69euUPKGm4ARw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRQIgIv1--ynWuXCteZAYoj4FHilYWB1mohxC9nJcVcSoqnwCIQDUQDw1BpyILRt8GZB53NrGI_42kANRfIa7KJpffCfAww%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpcm2cms%2Cpl%2Cinitcwndbps&lsig=ALClDIEwRgIhAIiQglbcP4X1onLrjx4MtdYy2Kq9i7xpSphtcOH830lLAiEAkKTAWrizcGpMLL6zAVeBJuCVZtvY1kiD8ZV5EYv35y8%3D&alr=yes&cpn=Tt9YoRPN5MEXG848&cver=1.20240415.01.00&range=84350-278133&rn=4&rbuf=6110&pot=MnmWeaX8S-CB65ZCklaH8KqBqk0Ws2DalTCy46y-geYXu63Z_MvYjxgCjllZ-QQETYCwiaBxfaUzMPv8mRDTxQ0PB5W7lotmGCBxH5N3en0KpdEAuvlaYaqXNVWA2BZi1wlEfyKCdUzn0WzqtfXOrf0XkOPxKEXYQ1qt&ump=1&srfvp=1 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.youtube.com/
Content-Length: 2
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
last-modified: Wed, 03 Apr 2024 11:15:08 GMT
content-type: application/vnd.yt-ump
date: Thu, 18 Apr 2024 10:48:55 GMT
expires: Thu, 18 Apr 2024 10:48:55 GMT
cache-control: private, max-age=21300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
client-protocol: quic
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
timing-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
vary: Origin
cross-origin-resource-policy: cross-origin
x-restrict-formats-hint: None
x-content-type-options: nosniff
server: gvs 1.0
|
|
| fre487nv.xzf.my.id/alexFrontEnd/tiktok.png | 104.21.43.237 | 404 Not Found | 1.3 kB |
URL GET HTTP/3fre487nv.xzf.my.id/alexFrontEnd/tiktok.png IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /alexFrontEnd/tiktok.png HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2BA01CnRomjFOCPJl1qS9uYIDSlvX7Z6l32j6iY7t8K4DaILUhaxleUn7u0G2ifznqMTeA2okyhrJnc6DdDk%2FSu7%2B7ZeE0zr2JdkKED2DUpz0%2FVnubY4lrwG3xyd424Yf5zCbSY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfccb3b527-OSL
content-encoding: br
|
|
| fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:43:03 GMT
expires: Fri, 18 Apr 2025 02:43:03 GMT
cache-control: public, max-age=31536000
age: 29150
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.youtube.com/s/player/f92087f2/www-embed-player.vflset/www-embed-player.js | 172.217.21.174 | 200 OK | 328 kB |
URL GET HTTP/3www.youtube.com/s/player/f92087f2/www-embed-player.vflset/www-embed-player.js IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
File typeJavaScript source, ASCII text, with very long lines (682) Size328 kB (327827 bytes) Hashb1882b5e3edaca0885f674750fe7bd88 b1c29c838ece05563e2ef1eb10cf7a986c588301 5a1b22f96bab9384df7827c7710b6477229500a6d2c0f6d8f9cff3d33d428894
GET /s/player/f92087f2/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97847
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:20:55 GMT
expires: Wed, 16 Apr 2025 07:20:55 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 16 Apr 2024 04:18:33 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 185278
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fonts.googleapis.com/css2?family=Teko:wght@300;400;500;600;700&display=swap | 216.58.207.234 | 200 OK | 5.5 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Teko:wght@300;400;500;600;700&display=swap IP216.58.207.234:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeASCII text, with very long lines (5645), with no line terminators Hash7e8ccf34cfbd7681f3b6a7b967e632c9 8550d37535c577c1f2454fe033691a280d1a473a 984f7fcf1514b4faf8b84587104475a20d12627f7b3ec5f8fcd6b72d6ccf2d4f
GET /css2?family=Teko:wght@300;400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 10:48:52 GMT
date: Thu, 18 Apr 2024 10:48:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.youtube.com/youtubei/v1/player?prettyPrint=false | 172.217.21.174 | 200 OK | 87 kB |
URL POST HTTP/3www.youtube.com/youtubei/v1/player?prettyPrint=false IP172.217.21.174:443
Requested byhttps://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint02:6C:2F:38:A0:8A:95:AC:E8:2B:67:AA:69:A4:34:6E:15:99:F5:1D ValidityMon, 04 Mar 2024 06:35:50 GMT - Mon, 27 May 2024 06:35:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /youtubei/v1/player?prettyPrint=false HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Goog-Visitor-Id: CgtjTEtVOGNkMENrcyiV9YOxBjIOCgJOTxIIEgQSAgsMID0%3D
X-Youtube-Bootstrap-Logged-In: false
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20240415.01.00
Content-Length: 3061
Origin: https://www.youtube.com
DNT: 1
Connection: keep-alive
Referer: https://www.youtube.com/embed/4hIMRUTqARM?controls=0&loop=1&autoplay=1&fs=1&iv_load_policy=3&showinfo=0&rel=0&cc_load_policy=0&start=0&end=0&origin=https://youtubeembedcode.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: br
date: Thu, 18 Apr 2024 10:48:55 GMT
server: scaffolding on HTTPServer2
content-length: 29924
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| site-assets.fontawesome.com/releases/v6.1.1/css/all.css | 104.18.40.68 | 200 OK | 498 kB |
URL GET HTTP/2site-assets.fontawesome.com/releases/v6.1.1/css/all.css IP104.18.40.68:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typeASCII text, with very long lines (65360) Size498 kB (498160 bytes) Hash325672b036bab9b57f6873aed5eccc43 264f5db348311950380ad1bca79754ff593d87e2 a35f901d01118e5649091bd03ac5784a7db52e111fb3806524c412f3d1dcfc5d
GET /releases/v6.1.1/css/all.css HTTP/1.1
Host: site-assets.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/css
x-amz-id-2: Y1TmNuBPJ2aktX68kJThHqHYS+UBzLzvigLuxqSKGropAjQHJXqctJ8cMj8EZaj3hWZqBw7vjseo/ptPWK0rIs/nC5bnGezhyLprTTXGcJA=
x-amz-request-id: 9ZNBHYHZ9G1WY9FS
last-modified: Tue, 22 Mar 2022 15:39:41 GMT
etag: W/"325672b036bab9b57f6873aed5eccc43"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 12731614
vary: Accept-Encoding
server: cloudflare
cf-ray: 876415bfbe761bfa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fre487nv.xzf.my.id/bagas/css/facebook.css | 104.21.43.237 | 200 OK | 5.2 kB |
URL GET HTTP/3fre487nv.xzf.my.id/bagas/css/facebook.css IP104.21.43.237:443
Requested byhttps://fre487nv.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeASCII text, with very long lines (5644), with no line terminators Hash6c6eede9c902bf0866eeddd6e031b122 25ae33158196270672483a1e0dbda68509485a5f 80b152572eaf6ad6ebc58b3983d99fede9df16c73de5d0e9bf4a8857bcce7201
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Garena |
GET /bagas/css/facebook.css HTTP/1.1
Host: fre487nv.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fre487nv.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:48:52 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 25 Apr 2024 10:48:52 GMT
last-modified: Mon, 06 Nov 2023 16:44:36 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YI0T3J6VNqW8l9CsdLCo5%2FPogJO1sNpVDpmMio8xCU1WacRQ%2BYxtmeNxT4BL727d6T00T5XUi2S%2F%2B3%2BRAVQXpnE8OXNGQcfn5uvA86tbO6oCWTG%2FtyknUal6to43owUzm%2FyDxvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876415bf1b45b527-OSL
content-encoding: br
|
|