| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js | 104.17.24.14 | 200 OK | 22 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP104.17.24.14:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65241) Hash1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 414976
expires: Fri, 25 Apr 2025 11:51:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfCf%2FT0p5aUVhq%2FJa6S7RP5n8LU8Bdx6o7bLrvJSQsO0bTdftnI%2BDVJGybbWi%2BRcLTlAxQf5bkBHZRVG%2FMhYk1M34i5Ka83B88xbX5xAWynAeUsJpQcIbLbylmVDOM5PvarA9pNd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87f0855658cb568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP104.17.24.14:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7862) Hash96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 411704
expires: Fri, 25 Apr 2025 11:51:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XvWhXPUxSCQwEaQY5KrPmTKaJTm6yCoRUEt3kwGpfog8aMD1hJLuH2f11hP4vTFEpfXmkta%2B0636O6dJC7v46pavsNCe6y5fL%2FwUNpXw61qD8pVnypc4BLzzG%2FdJCUTRackHFlgd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87f0855668ce568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif | 142.250.74.161 | 200 OK | 362 B |
URL GET HTTP/23.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif IP142.250.74.161:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeGIF image data, version 89a, 52 x 15 Hashfd2c05a8c327ace309722b0a5fc4faf3 f446e97c43f8830be9f60644563dd846abe6b8e8 0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Sun, 05 May 2024 09:41:11 GMT
expires: Mon, 06 May 2024 09:41:11 GMT
cache-control: public, max-age=86400, no-transform
age: 7838
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js | 192.243.61.227 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31285), with no line terminators Hash71043967793b326f240548e0df382e44 c5c8728e161b268bde25cd500ea394f30b9e1256 5e96a50b509c94a6575bebe6d4eb46f2400be9ea4f59b81fa94775db35263a86
GET /3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16b2ab142d76ffb86cd6062223a47417
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f | 172.67.214.128 | 200 OK | 654 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f IP172.67.214.128:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hashda5be2f58448ab4d361b13fc4aa856d6 8aed36020a313c60c453d48b4a88157d8853cbd6 c70f11d7f1e67dfd4341b00b430d7cf96feadef332fe1be92541c7ea19cd13ff
GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:50 GMT
content-type: application/javascript
set-cookie: PHPSESSID=711424seo37g34n713bcbh75l7; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jI4x6bFq3e9GtAdHaSZX1AzTVB13rUgCqjVq0GlnF269MrVUYx18pppwgk79GFslfW0YamOpDpX7sD43nRTt7RWWVqLiNDgsx%2BYch6PpZsj6tGw1xUq0RH4a9zgWW5yTSsa%2FqT2AlEY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f0855889225685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 52.29.105.35 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.29.105.35:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash9e34a34a8afa6e8bc02d4a1cfbb1ca74 c8c7f9da6e700b5bf2076fe13a22b3087c58930c b5838c6937ee0878e1fdbc9cf1042b60e03bf0c97811a624dbb2b13e587a8b3a
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bernettariedl1xsqa.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Wed, 03 May 2034 11:51:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js | 192.243.61.227 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31303), with no line terminators Hash1a1ae6bfcba5b8a367448a003ad4b90c f21a18256da5f1e2b2c65db72e412cfb2c20a976 9fa95c4c60435ab3cb8b7f6ada84e4546e608b0718b110d33d9573f07a5f5c10
GET /3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 352407454eaeef92cb4f875747b588ac
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| skinssailing.com/watch.431676094222.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 | 172.240.108.84 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1skinssailing.com/watch.431676094222.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 IP172.240.108.84:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectskinssailing.com FingerprintCA:15:20:E3:B0:DD:52:E8:B3:46:F4:47:2F:93:A5:44:51:0D:2C:6C ValidityMon, 29 Apr 2024 12:32:59 GMT - Sun, 28 Jul 2024 12:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch.431676094222.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skinssailing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Location: https://skinssailing.com/watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
Set-Cookie: u_pl=17761257; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw; expires=Sun, 05 May 2024 11:52:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e002f8d9305b25bb11b9029ed23c6b5d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js | 192.243.61.227 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31315), with no line terminators Hash95a7bc4202b870e26c1b378ca93ceb45 316d119386a39052de9695911bbebf0d5ae0d1a8 9286e534a3d777e2efbd20674bfd2dd3db9e2f544429722ae0f611b68b62a728
GET /1f00c6b60ce46955dbdc5d473dcaea71/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f2333af8bead0f7875756a98ae34332
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| skinssailing.com/watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 | 172.240.108.84 | 200 OK | 2.0 kB |
URL GET HTTP/1.1skinssailing.com/watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 IP172.240.108.84:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectskinssailing.com FingerprintCA:15:20:E3:B0:DD:52:E8:B3:46:F4:47:2F:93:A5:44:51:0D:2C:6C ValidityMon, 29 Apr 2024 12:32:59 GMT - Sun, 28 Jul 2024 12:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (2456) Hash1dd1731704bd5c0c7f5c0a710ec493f2 05f52e75f8a9f0ad688d824b9a07a7c01a476743 7a89b1a9674c11d5a0716fdb80a994c4839570efdaebe1036f6ef0d994f2a4c6
GET /watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skinssailing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bernettariedl1xsqa.pages.dev
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Sun, 12 May 2024 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 93530bf5be389873646cc1b32bbf3a9a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| tse1.mm.bing.net/th?q= | 204.79.197.200 | 404 Not Found | 727 B |
IP204.79.197.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3 Hash5116706c119475f5ae2fc135c3358037 7e5bdf3585153e317ebef05a9b8241d311e44cb3 7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c
GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 125E3038F310492BAEB6E67E762BFD2A Ref B: OSL30EDGE0411 Ref C: 2024-05-05T11:51:51Z
date: Sun, 05 May 2024 11:51:50 GMT
X-Firefox-Spdy: h2
|
|
| backgroundcocoaenslave.com/watch.1364929955424.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 | 172.240.253.132 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1backgroundcocoaenslave.com/watch.1364929955424.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 IP172.240.253.132:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectbackgroundcocoaenslave.com FingerprintD8:A5:C3:52:CC:15:93:A7:CA:71:6E:A2:06:BC:E9:86:B9:2D:78:23 ValidityFri, 03 May 2024 08:57:59 GMT - Thu, 01 Aug 2024 08:57:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1364929955424.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: backgroundcocoaenslave.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Location: https://backgroundcocoaenslave.com/watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
Set-Cookie: u_pl=17761293; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI5MywiayI6IjFmMDBjNmI2MGNlNDY5NTVkYmRjNWQ0NzNkY2FlYTcxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODYyLCJwaWQiOjM5OTU3NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImJ0cWthNWJmeiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.9pKd7DsV2GkmMVgVFDo8DMHUirhNq7HWJE3hJ9xquOU; expires=Sun, 05 May 2024 11:52:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 780384946e9d969a8e96726cb5fd7b66
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= | 142.250.74.14 | 200 OK | 527 B |
URL GET HTTP/2suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP142.250.74.14:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hashfdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4
GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Xbw8UX_PlJ2fwgmdpg8sig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/a3/52/3e/a3523e9edca6705b6cf12b7928744f8d/1627916018.png | 45.133.44.9 | 200 OK | 87 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/a3/52/3e/a3523e9edca6705b6cf12b7928744f8d/1627916018.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGB, non-interlaced Hash617ed75a77c895661681287847a25114 d12b69f9c68c07e6019e49328c67644974a737e1 07e84d0dd10b99f347193232866ca93f6a2d3dba4a058852e071fe88aeccc4a8
GET /cti/a3/52/3e/a3523e9edca6705b6cf12b7928744f8d/1627916018.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
content-type: image/png
content-length: 87394
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:53:46 GMT
etag: "610806fa-15562"
expires: Tue, 07 May 2024 11:51:51 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| skyscraperearnings.com/watch.1152392826037.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 | 192.243.61.227 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1skyscraperearnings.com/watch.1152392826037.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectskyscraperearnings.com FingerprintB7:DE:F1:71:F6:6F:5B:BC:67:B7:5E:D8:EB:24:D8:CD:34:48:FF:F8 ValidityFri, 03 May 2024 09:00:17 GMT - Thu, 01 Aug 2024 09:00:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1152392826037.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skyscraperearnings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Location: https://skyscraperearnings.com/watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
Set-Cookie: u_pl=17761257; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw; expires=Sun, 05 May 2024 11:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7e4f165a99bc3d7ff72ce5265d00961f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| backgroundcocoaenslave.com/watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 | 172.240.253.132 | 200 OK | 2.0 kB |
URL GET HTTP/1.1backgroundcocoaenslave.com/watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 IP172.240.253.132:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectbackgroundcocoaenslave.com FingerprintD8:A5:C3:52:CC:15:93:A7:CA:71:6E:A2:06:BC:E9:86:B9:2D:78:23 ValidityFri, 03 May 2024 08:57:59 GMT - Thu, 01 Aug 2024 08:57:58 GMT
File typeJavaScript source, ASCII text, with very long lines (2448) Hash4504914fe76d342b6f29365e92ae91d7 8d3d445f3a939fba52380f832f9c48faf0fa0817 55138a4129817221c9bfd70e17636c5c8d73e823d4bba465db05c9ca3be68116
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: backgroundcocoaenslave.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bernettariedl1xsqa.pages.dev
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761293; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI5MywiayI6IjFmMDBjNmI2MGNlNDY5NTVkYmRjNWQ0NzNkY2FlYTcxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODYyLCJwaWQiOjM5OTU3NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImJ0cWthNWJmeiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.9pKd7DsV2GkmMVgVFDo8DMHUirhNq7HWJE3hJ9xquOU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Sun, 12 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b7224a8cea97aa27f2c1320df5b28ea
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| skyscraperearnings.com/watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 | 192.243.61.227 | 200 OK | 2.0 kB |
URL GET HTTP/1.1skyscraperearnings.com/watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectskyscraperearnings.com FingerprintB7:DE:F1:71:F6:6F:5B:BC:67:B7:5E:D8:EB:24:D8:CD:34:48:FF:F8 ValidityFri, 03 May 2024 09:00:17 GMT - Thu, 01 Aug 2024 09:00:16 GMT
File typeJavaScript source, ASCII text, with very long lines (2500) Hash2501c699c68fb26c68a18f54da0b46ef 9a020cab540f8318cbff2194693723f612ed5b46 7bc1da5ebdd4bdcfd38f8bfdb4df91ba0d4d6077428248e0edd59449a92b0258
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skyscraperearnings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bernettariedl1xsqa.pages.dev
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Sun, 12 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffc9b9e03d5bb8c48fb4091124f7f131
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/31/45/f4/3145f441339156fa544f201afe037317/1707890249.png | 45.133.44.9 | 200 OK | 17 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/31/45/f4/3145f441339156fa544f201afe037317/1707890249.png IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hash100b833c830053763eabb5442c5a990f 94f203261a809482b24aba27da54fc944f6e330a a2b3d52d2db4e01373a7513af50c7e0e33072678668ea0cf99a410c5e876656c
GET /cti/31/45/f4/3145f441339156fa544f201afe037317/1707890249.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:52 GMT
content-type: image/png
content-length: 17203
server: nginx/1.21.6
last-modified: Wed, 14 Feb 2024 05:57:39 GMT
etag: "65cc5653-4333"
expires: Tue, 07 May 2024 11:51:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/20/3e/15/203e15a4a37c18e718735a3cc9317a62/1708270295.jpg | 45.133.44.9 | 200 OK | 85 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/20/3e/15/203e15a4a37c18e718735a3cc9317a62/1708270295.jpg IP45.133.44.9:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:16 15:13:33], progressive, precision 8, 300x250, components 3 Hasha243301a72999b8de16df631ade6b6ed 4a73bf3593d21fc3d576bee7abf06395ea58bc31 21a3a022e5e5ca83d90331629f291c8cb589a453f8c45a5707a5fbf3bbba2811
GET /cti/20/3e/15/203e15a4a37c18e718735a3cc9317a62/1708270295.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:52 GMT
content-type: image/jpeg
content-length: 85236
server: nginx/1.21.6
last-modified: Sun, 18 Feb 2024 15:31:43 GMT
etag: "65d222df-14cf4"
expires: Tue, 07 May 2024 11:51:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| shayscholz.blogspot.com/favicon.ico | 216.58.207.225 | | 412 B |
URL GET shayscholz.blogspot.com/favicon.ico IP216.58.207.225:0
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeMS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel Hash59a0c7b6e4848ccdabcea0636efda02b 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/x-icon
expires: Sun, 05 May 2024 11:51:52 GMT
date: Sun, 05 May 2024 11:51:52 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d | 172.67.214.128 | 200 OK | 6.3 kB |
URL GET HTTP/3ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP172.67.214.128:443
Requested byhttps://bernettariedl1xsqa.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hash500accfab8797557b0f922957a9319dd 8d35e1a694c6b6425f79cda1bdc33684b3a05435 29631aedec51cdf985b9ea2e0a34a4d72f4382bac37b5c0f0388f8c9f51fd8e4
GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
content-type: application/javascript
set-cookie: PHPSESSID=5kpmkbt5dfencgg4lb0ejae0ag; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sHLHMBimdKjU9wvPaVhvCT5U9jCWqytlVW27wotzLzOnFIRt6yDjaxswZKim6i87o76X0SmkFOfN1KvsT7L2wDtEITMkvq1tSmqRChC5VoaSz0fx59dzVjtLxG65NnNVWGfwgECw96c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f0855eafff0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| bernettariedl1xsqa.pages.dev/ | 172.66.47.65 | 200 OK | 17 kB |
URL User Request GET HTTP/2bernettariedl1xsqa.pages.dev/ IP172.66.47.65:443
CertificateIssuerLet's Encrypt Subjectbernettariedl1xsqa.pages.dev FingerprintD0:AD:00:4A:A7:79:BB:8F:57:E7:4C:43:CD:2A:8C:9C:CB:B4:99:2B ValiditySat, 04 May 2024 18:53:17 GMT - Fri, 02 Aug 2024 18:53:16 GMT
File typeHTML document, ASCII text, with very long lines (7816) Hash8e59c3942d62c5b505e73a4d2ba54b96 b0f9649bec56a910cb6af2b06fb3cd2d2573b34e 928741499e1df565feccd9b57220a7e58c40003be22b0df907b4e709590b3fe9
GET / HTTP/1.1
Host: bernettariedl1xsqa.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:49 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ee00d3ea0e2af48b2d7a15599c88cf5b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4t1IH4T92ZvsbPm2oje9EHpDUnj5zqc57t2mzXe9PsCF5whBU2RC5gveKa%2F%2FK0kVGeB1x6vECHeAqP8IgLAMUxhtKHbY9kjnGRi%2BZN9q2vHEcRfIQ9KV87BJdeaMaSV9fmUuldbcOpDiT7tdhiqm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f085547b890b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|