Report - bernettariedl1xsqa.pages.dev/

Report Overview

Submitted URL
bernettariedl1xsqa.pages.dev/
IP
172.66.47.65
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-05 11:52:14
Access
public
Website Title
bernettariedl1xsqa.pages.dev/
Final URL
bernettariedl1xsqa.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tse1.mm.bing.net	7917	1997-09-03	2014-03-13	2024-04-30	430 B	1.6 kB	204.79.197.200
bernettariedl1xsqa.pages.dev	unknown	unknown	No data	No data	485 B	18 kB	172.66.47.65
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-04	985 B	28 kB	104.17.24.14
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-05-03	1.4 kB	38 kB	192.243.61.227
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-04	1.4 kB	191 kB	45.133.44.9
shayscholz.blogspot.com	unknown	2000-07-31	2024-03-16	2024-03-16	443 B	894 B	216.58.207.225
3.bp.blogspot.com	11048	2000-07-31	2012-05-21	2024-05-04	494 B	894 B	142.250.74.161
ads.bisniskini.biz.id	unknown	2023-09-30	2024-02-24	2024-04-18	920 B	8.4 kB	172.67.214.128
skyscraperearnings.com	unknown	unknown	No data	No data	2.4 kB	5.6 kB	192.243.61.227
suggestqueries.google.com	1239	1997-09-15	2012-06-27	2024-05-03	470 B	1.3 kB	142.250.74.14
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-04	457 B	435 B	52.29.105.35
skinssailing.com	unknown	unknown	No data	No data	2.4 kB	5.6 kB	172.240.108.84
backgroundcocoaenslave.com	unknown	unknown	No data	No data	2.4 kB	5.6 kB	172.240.253.132

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-05	medium	backgroundcocoaenslave.com	Sinkholed
2024-05-05	medium	skyscraperearnings.com	Sinkholed
2024-05-05	medium	backgroundcocoaenslave.com	Sinkholed
2024-05-05	medium	skyscraperearnings.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	bernettariedl1xsqa.pages.dev/	407 B	2024-03-16	2024-05-18
Pretty URL bernettariedl1xsqa.pages.dev/ IP 172.66.47.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-18 21:52:23 Times Seen150 Hash 033f01caf6d0f553ffc421cc2772f928 67876067762ac6818db46c43a14ed10d9c046a0c 873ff640f3ae1bde848bbd3a7156f7991cf3a34e1236471b8f83ab7608ccb51b Loading...

	unknown	145 B	2024-04-25	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:55:43 Last Seen2024-05-18 13:57:49 Times Seen25 Hash 8211a33992e0f7a4140a2285c8a0d386 9257846fd3a34c4481b88d0a2b05f6f62bead2e2 376449adb7f156c481ed2ca013082b5e374c13b9b34426de732e340b23a96e79 Loading...

	unknown	3.3 kB	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:21 Times Seen1 Hash d23d4d60223dbc36a237112a73a5ff8b 586f4d45db224629e619207f138d2c4f7dd90a7e 2f9c7466e9a26bb63618ea87e14fbbcefc6cb3a7259dc72678f50bb79c1b7415 Loading...

	bernettariedl1xsqa.pages.dev/	3 B	2023-03-07	2024-05-18
Pretty URL bernettariedl1xsqa.pages.dev/ IP 172.66.47.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:09:38 Last Seen2024-05-18 21:52:23 Times Seen712 Hash d2a16faace6f59c009a1dc045e086658 1335c7f603963b6f76f45a8045f12cce142f1175 009966d20c582967816f9721a10b558b07333c88849bff11176b5140e746191e Loading...

	www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js	31 kB	2024-05-05	2024-05-05
Pretty URL www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 14:39:52 Times Seen4 Hash 1a1ae6bfcba5b8a367448a003ad4b90c f21a18256da5f1e2b2c65db72e412cfb2c20a976 9fa95c4c60435ab3cb8b7f6ada84e4546e608b0718b110d33d9573f07a5f5c10 Loading...

	ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f	292 B	2024-05-02	2024-05-18
Pretty URL ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f IP 172.67.214.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 13:27:25 Last Seen2024-05-18 13:57:49 Times Seen35 Hash da5be2f58448ab4d361b13fc4aa856d6 8aed36020a313c60c453d48b4a88157d8853cbd6 c70f11d7f1e67dfd4341b00b430d7cf96feadef332fe1be92541c7ea19cd13ff Loading...

	www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js	31 kB	2024-05-05	2024-05-05
Pretty URL www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:22 Times Seen2 Hash 95a7bc4202b870e26c1b378ca93ceb45 316d119386a39052de9695911bbebf0d5ae0d1a8 9286e534a3d777e2efbd20674bfd2dd3db9e2f544429722ae0f611b68b62a728 Loading...

	unknown	3.3 kB	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:21 Times Seen1 Hash a68a6543e11f959106991212786c6443 fb1422015b203fd51bb2bab31d093fc450dbcc45 5a1f28528ef10be872c354045592d04fd55d2a65df5e77d3363f002a048fe817 Loading...

	ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d	293 B	2024-04-26	2024-05-05
Pretty URL ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP 172.67.214.128 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 14:35:35 Last Seen2024-05-05 16:43:33 Times Seen104 Hash 500accfab8797557b0f922957a9319dd 8d35e1a694c6b6425f79cda1bdc33684b3a05435 29631aedec51cdf985b9ea2e0a34a4d72f4382bac37b5c0f0388f8c9f51fd8e4 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js	72 kB	2023-03-07	2024-05-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:59 Last Seen2024-05-18 21:52:24 Times Seen4671 Hash 1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512 Loading...

	bernettariedl1xsqa.pages.dev/	2.7 kB	2024-03-16	2024-05-18
Pretty URL bernettariedl1xsqa.pages.dev/ IP 172.66.47.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-18 13:57:49 Times Seen97 Hash 372cd0e8ad89ee27fefebce4470d5a08 e70fccac5381673af0c002f5172fde78f8f71de0 393c63070292b13107be81d5ce120b72e6a002a2ac0183c1c28ab6159fb6cf74 Loading...

	unknown	145 B	2024-04-26	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 14:35:36 Last Seen2024-05-05 16:43:34 Times Seen54 Hash 8763daf8043ccc7fbb428269cf14e65a e5c81042dd360dc2b1a64e75e1f1e750db8f25c9 55ca7b56667545066eea7ed316508ba360ea29d2bd99e795a27ac612a5d4695b Loading...

	www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js	31 kB	2024-05-05	2024-05-05
Pretty URL www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:22 Times Seen2 Hash 71043967793b326f240548e0df382e44 c5c8728e161b268bde25cd500ea394f30b9e1256 5e96a50b509c94a6575bebe6d4eb46f2400be9ea4f59b81fa94775db35263a86 Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js	7.9 kB	2023-03-07	2024-05-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:12 Last Seen2024-05-18 21:52:24 Times Seen1364 Hash 96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98 Loading...

	bernettariedl1xsqa.pages.dev/	658 B	2024-03-16	2024-05-18
Pretty URL bernettariedl1xsqa.pages.dev/ IP 172.66.47.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-18 21:52:23 Times Seen284 Hash 9d3d818ca9f81a71b4da9fa707cafb6a 5d49232709a360c05ec5721f7e1e3b2d7a899ee0 bf346b7f785a552ee4c436e06f3c5388b4229f91ee5eda32e75a6c234e66ca52 Loading...

	unknown	3.3 kB	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:21 Times Seen1 Hash 34182e999671b3943ef9ce961de05c15 86980c4afdd448c99ea6343765a9465429c8d427 0dab17f7b32b4bfa95b5931686c150ba158ce52a9401cec3de9d911a12430fff Loading...

	bernettariedl1xsqa.pages.dev/	1.6 kB	2024-03-16	2024-05-18
Pretty URL bernettariedl1xsqa.pages.dev/ IP 172.66.47.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-18 13:57:49 Times Seen97 Hash 2d8da26e690c8f38327ea27b6b3de976 5f3690feb3394fe91eb9a5c5516feb125d74b79c 25cc80ecbfcdad55f15bb883126a93c5e986544b5b925121e7b73cc6008ffc18 Loading...

	suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=	20 B	2023-05-14	2024-05-18
Pretty URL suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP 142.250.74.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-14 08:59:35 Last Seen2024-05-18 21:52:24 Times Seen267 Hash fdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4 Loading...

	bernettariedl1xsqa.pages.dev/	424 B	2024-03-16	2024-05-18
Pretty URL bernettariedl1xsqa.pages.dev/ IP 172.66.47.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44:49 Last Seen2024-05-18 13:57:49 Times Seen97 Hash 931ef0af690b9f574a888dd47f5fe6a6 98971ca06dba745aa4f8b6d735b6f628d9668e98 747ca94860b1741ad0a224703fb741208b72c16a173a7a79d411cb69ea886712 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2885203a89e3a590afc5fd8442fe9a55	2.1 kB	2024-05-05	2024-05-05
Pretty Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:21 Times Seen1 Hash 2885203a89e3a590afc5fd8442fe9a55 48b13d97dcf0002ad50bc0a4c403d7d39aee4d4a a047f2df5db40cc1eea4b13c5d108ba7cba308c588b8b4080166112ca89f03ba Loading...

	#2 Eval - 524d79c1fc1a2f0d2cdb34ec9d20a4ea	2.1 kB	2024-05-05	2024-05-05
Pretty Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:21 Times Seen1 Hash 524d79c1fc1a2f0d2cdb34ec9d20a4ea 375a869bfdb7f0d5f8aa179b27d397403579e29b 23a23e785995b43a8535056b76bcaaae213ee096e07f6e0794019c86c3ea588c Loading...

	#3 Eval - e16a734e1b5245987bffa3ea0267b87d	2.1 kB	2024-05-05	2024-05-05
Pretty Observations First Seen2024-05-05 13:52:21 Last Seen2024-05-05 13:52:21 Times Seen1 Hash e16a734e1b5245987bffa3ea0267b87d 41d4b5a3821568024b0412fbd8eaa46fef8c0a24 2a6ab71cce389564e10ce84fb11694ef49514caaed322de51242909cf9f24016 Loading...

		Size	First Seen	Last Seen
	#1 Write - 4fb59aec06fe8fdfc14fa52576fea41d	117 B	2024-04-26	2024-05-05
Pretty Observations First Seen2024-04-26 14:35:36 Last Seen2024-05-05 16:43:34 Times Seen54 Hash 4fb59aec06fe8fdfc14fa52576fea41d 8799e5e931732e56fb86efe4098e26fe2200e1eb 74abc6075898f200175533a18f75cafa75d7509958bb6a595c7043c34af55288 Loading...

	#2 Write - 86afb395fbd52fcaf769128b828bbb51	117 B	2024-04-25	2024-05-18
Pretty Observations First Seen2024-04-25 19:55:44 Last Seen2024-05-18 13:57:49 Times Seen25 Hash 86afb395fbd52fcaf769128b828bbb51 283b91e0f2037de05dc085c2c4b544c3d40aa30c e50abc9713883819b49247b8ce4ef1573d61cbb3ca7ddafdd39f8db3b0654c53 Loading...

	#3 Write - 811a7da70e54c8c50a76774257dad93a	138 B	2024-03-16	2024-05-18
Pretty Observations First Seen2024-03-16 20:44:50 Last Seen2024-05-18 21:52:24 Times Seen183 Hash 811a7da70e54c8c50a76774257dad93a cece740ca0320764b2f43cb2df97d1c54ea55974 2b51ee1a7ee63d01e92e50a183e8c8473a4d2549c28010ff65a1e086903ecf1d Loading...

HTTP Transactions (22)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js

104.17.24.14

200 OK

22 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65241)
Size
22 kB (22329 bytes)
Hash
1276065911521c5c22037a31365d179d
d1c6704e94efe2d465fc161b6381e127d35acd81
bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 414976
expires: Fri, 25 Apr 2025 11:51:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfCf%2FT0p5aUVhq%2FJa6S7RP5n8LU8Bdx6o7bLrvJSQsO0bTdftnI%2BDVJGybbWi%2BRcLTlAxQf5bkBHZRVG%2FMhYk1M34i5Ka83B88xbX5xAWynAeUsJpQcIbLbylmVDOM5PvarA9pNd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87f0855658cb568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js

104.17.24.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
96201abb62283557a9d7b97b4cab14ab
a72f33d920d0ab863df4cb60edf44ec140304cdb
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

HTTP Headers

GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 411704
expires: Fri, 25 Apr 2025 11:51:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XvWhXPUxSCQwEaQY5KrPmTKaJTm6yCoRUEt3kwGpfog8aMD1hJLuH2f11hP4vTFEpfXmkta%2B0636O6dJC7v46pavsNCe6y5fL%2FwUNpXw61qD8pVnypc4BLzzG%2FdJCUTRackHFlgd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87f0855668ce568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif

142.250.74.161

200 OK

362 B

URL GET HTTP/2
3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
GIF image data, version 89a, 52 x 15
Size
362 B (362 bytes)
Hash
fd2c05a8c327ace309722b0a5fc4faf3
f446e97c43f8830be9f60644563dd846abe6b8e8
0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4

HTTP Headers

GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Sun, 05 May 2024 09:41:11 GMT
expires: Mon, 06 May 2024 09:41:11 GMT
cache-control: public, max-age=86400, no-transform
age: 7838
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31285), with no line terminators
Size
12 kB (11840 bytes)
Hash
71043967793b326f240548e0df382e44
c5c8728e161b268bde25cd500ea394f30b9e1256
5e96a50b509c94a6575bebe6d4eb46f2400be9ea4f59b81fa94775db35263a86

HTTP Headers

GET /3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16b2ab142d76ffb86cd6062223a47417
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f

172.67.214.128

200 OK

654 B

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f
IP
172.67.214.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with CRLF line terminators
Size
654 B (654 bytes)
Hash
da5be2f58448ab4d361b13fc4aa856d6
8aed36020a313c60c453d48b4a88157d8853cbd6
c70f11d7f1e67dfd4341b00b430d7cf96feadef332fe1be92541c7ea19cd13ff

HTTP Headers

GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:50 GMT
content-type: application/javascript
set-cookie: PHPSESSID=711424seo37g34n713bcbh75l7; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jI4x6bFq3e9GtAdHaSZX1AzTVB13rUgCqjVq0GlnF269MrVUYx18pppwgk79GFslfW0YamOpDpX7sD43nRTt7RWWVqLiNDgsx%2BYch6PpZsj6tGw1xUq0RH4a9zgWW5yTSsa%2FqT2AlEY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f0855889225685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
9e34a34a8afa6e8bc02d4a1cfbb1ca74
c8c7f9da6e700b5bf2076fe13a22b3087c58930c
b5838c6937ee0878e1fdbc9cf1042b60e03bf0c97811a624dbb2b13e587a8b3a

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bernettariedl1xsqa.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Wed, 03 May 2034 11:51:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31303), with no line terminators
Size
12 kB (11843 bytes)
Hash
1a1ae6bfcba5b8a367448a003ad4b90c
f21a18256da5f1e2b2c65db72e412cfb2c20a976
9fa95c4c60435ab3cb8b7f6ada84e4546e608b0718b110d33d9573f07a5f5c10

HTTP Headers

GET /3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 352407454eaeef92cb4f875747b588ac
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

skinssailing.com/watch.431676094222.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1

172.240.108.84

307 Temporary Redirect

0 B

URL GET HTTP/1.1
skinssailing.com/watch.431676094222.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectskinssailing.com
FingerprintCA:15:20:E3:B0:DD:52:E8:B3:46:F4:47:2F:93:A5:44:51:0D:2C:6C
ValidityMon, 29 Apr 2024 12:32:59 GMT - Sun, 28 Jul 2024 12:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.431676094222.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skinssailing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Location: https://skinssailing.com/watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
Set-Cookie: u_pl=17761257; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw; expires=Sun, 05 May 2024 11:52:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e002f8d9305b25bb11b9029ed23c6b5d
Strict-Transport-Security: max-age=0; includeSubdomains

www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31315), with no line terminators
Size
12 kB (11841 bytes)
Hash
95a7bc4202b870e26c1b378ca93ceb45
316d119386a39052de9695911bbebf0d5ae0d1a8
9286e534a3d777e2efbd20674bfd2dd3db9e2f544429722ae0f611b68b62a728

HTTP Headers

GET /1f00c6b60ce46955dbdc5d473dcaea71/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f2333af8bead0f7875756a98ae34332
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

skinssailing.com/watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1

172.240.108.84

200 OK

2.0 kB

URL GET HTTP/1.1
skinssailing.com/watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectskinssailing.com
FingerprintCA:15:20:E3:B0:DD:52:E8:B3:46:F4:47:2F:93:A5:44:51:0D:2C:6C
ValidityMon, 29 Apr 2024 12:32:59 GMT - Sun, 28 Jul 2024 12:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (2456)
Size
2.0 kB (1994 bytes)
Hash
1dd1731704bd5c0c7f5c0a710ec493f2
05f52e75f8a9f0ad688d824b9a07a7c01a476743
7a89b1a9674c11d5a0716fdb80a994c4839570efdaebe1036f6ef0d994f2a4c6

HTTP Headers

GET /watch.431676094222.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=8f930efc9e70157f1c1f1c3353491bfdaeb858b9a8bf2d84ad1704fe6743b42303716bda7248f3cda8a639ad8e1ba34c34450c348d6769b6264250bd354bb0ac673cb93da4c6b95bfe69ec1bfdc756f144cc05a70354fb6636ad60b6985979e5ea&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skinssailing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bernettariedl1xsqa.pages.dev
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Sun, 12 May 2024 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 93530bf5be389873646cc1b32bbf3a9a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

tse1.mm.bing.net/th?q=

204.79.197.200

404 Not Found

727 B

URL GET HTTP/2
tse1.mm.bing.net/th?q=
IP
204.79.197.200:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58
ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3
Size
727 B (727 bytes)
Hash
5116706c119475f5ae2fc135c3358037
7e5bdf3585153e317ebef05a9b8241d311e44cb3
7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c

HTTP Headers

GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 125E3038F310492BAEB6E67E762BFD2A Ref B: OSL30EDGE0411 Ref C: 2024-05-05T11:51:51Z
date: Sun, 05 May 2024 11:51:50 GMT
X-Firefox-Spdy: h2

backgroundcocoaenslave.com/watch.1364929955424.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1

172.240.253.132

307 Temporary Redirect

0 B

URL GET HTTP/1.1
backgroundcocoaenslave.com/watch.1364929955424.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectbackgroundcocoaenslave.com
FingerprintD8:A5:C3:52:CC:15:93:A7:CA:71:6E:A2:06:BC:E9:86:B9:2D:78:23
ValidityFri, 03 May 2024 08:57:59 GMT - Thu, 01 Aug 2024 08:57:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1364929955424.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: backgroundcocoaenslave.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:51 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Location: https://backgroundcocoaenslave.com/watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
Set-Cookie: u_pl=17761293; expires=Mon, 06 May 2024 11:51:51 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI5MywiayI6IjFmMDBjNmI2MGNlNDY5NTVkYmRjNWQ0NzNkY2FlYTcxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODYyLCJwaWQiOjM5OTU3NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImJ0cWthNWJmeiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.9pKd7DsV2GkmMVgVFDo8DMHUirhNq7HWJE3hJ9xquOU; expires=Sun, 05 May 2024 11:52:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 780384946e9d969a8e96726cb5fd7b66
Strict-Transport-Security: max-age=0; includeSubdomains

suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=

142.250.74.14

200 OK

527 B

URL GET HTTP/2
suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=
IP
142.250.74.14:443
ASN
#15169 GOOGLE

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
ASCII text, with no line terminators
Size
527 B (527 bytes)
Hash
fdbaede1a8136a6bd589d54e2f69fff8
883905e057c9b758a95c9ece940d089e3af85e0a
5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4

HTTP Headers

GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Xbw8UX_PlJ2fwgmdpg8sig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/a3/52/3e/a3523e9edca6705b6cf12b7928744f8d/1627916018.png

45.133.44.9

200 OK

87 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/a3/52/3e/a3523e9edca6705b6cf12b7928744f8d/1627916018.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced
Size
87 kB (87394 bytes)
Hash
617ed75a77c895661681287847a25114
d12b69f9c68c07e6019e49328c67644974a737e1
07e84d0dd10b99f347193232866ca93f6a2d3dba4a058852e071fe88aeccc4a8

HTTP Headers

GET /cti/a3/52/3e/a3523e9edca6705b6cf12b7928744f8d/1627916018.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
content-type: image/png
content-length: 87394
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:53:46 GMT
etag: "610806fa-15562"
expires: Tue, 07 May 2024 11:51:51 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

skyscraperearnings.com/watch.1152392826037.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1

192.243.61.227

307 Temporary Redirect

0 B

URL GET HTTP/1.1
skyscraperearnings.com/watch.1152392826037.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectskyscraperearnings.com
FingerprintB7:DE:F1:71:F6:6F:5B:BC:67:B7:5E:D8:EB:24:D8:CD:34:48:FF:F8
ValidityFri, 03 May 2024 09:00:17 GMT - Thu, 01 Aug 2024 09:00:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1152392826037.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skyscraperearnings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
Origin: https://bernettariedl1xsqa.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Location: https://skyscraperearnings.com/watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
Set-Cookie: u_pl=17761257; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw; expires=Sun, 05 May 2024 11:52:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7e4f165a99bc3d7ff72ce5265d00961f
Strict-Transport-Security: max-age=0; includeSubdomains

backgroundcocoaenslave.com/watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1

172.240.253.132

200 OK

2.0 kB

URL GET HTTP/1.1
backgroundcocoaenslave.com/watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectbackgroundcocoaenslave.com
FingerprintD8:A5:C3:52:CC:15:93:A7:CA:71:6E:A2:06:BC:E9:86:B9:2D:78:23
ValidityFri, 03 May 2024 08:57:59 GMT - Thu, 01 Aug 2024 08:57:58 GMT

File type
JavaScript source, ASCII text, with very long lines (2448)
Size
2.0 kB (1988 bytes)
Hash
4504914fe76d342b6f29365e92ae91d7
8d3d445f3a939fba52380f832f9c48faf0fa0817
55138a4129817221c9bfd70e17636c5c8d73e823d4bba465db05c9ca3be68116

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1364929955424.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714909971&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=ab242f5bc7495ffe9ff1b77fcc8f37a947220bd0745232c038eea31a9cc1d9af25981099125be5f1e260ebdf3c4d077a76c5022598280b5ae9ca1eec254c0f616a573d21c0ef9523b7605a7d1926438b7bb1251cd6815ae8d89a53eb5b6eee8d90&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: backgroundcocoaenslave.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bernettariedl1xsqa.pages.dev
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761293; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI5MywiayI6IjFmMDBjNmI2MGNlNDY5NTVkYmRjNWQ0NzNkY2FlYTcxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODYyLCJwaWQiOjM5OTU3NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImJ0cWthNWJmeiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.9pKd7DsV2GkmMVgVFDo8DMHUirhNq7HWJE3hJ9xquOU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Sun, 12 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b7224a8cea97aa27f2c1320df5b28ea
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

skyscraperearnings.com/watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1

192.243.61.227

200 OK

2.0 kB

URL GET HTTP/1.1
skyscraperearnings.com/watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectskyscraperearnings.com
FingerprintB7:DE:F1:71:F6:6F:5B:BC:67:B7:5E:D8:EB:24:D8:CD:34:48:FF:F8
ValidityFri, 03 May 2024 09:00:17 GMT - Thu, 01 Aug 2024 09:00:16 GMT

File type
JavaScript source, ASCII text, with very long lines (2500)
Size
2.0 kB (2039 bytes)
Hash
2501c699c68fb26c68a18f54da0b46ef
9a020cab540f8318cbff2194693723f612ed5b46
7bc1da5ebdd4bdcfd38f8bfdb4df91ba0d4d6077428248e0edd59449a92b0258

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1152392826037.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714909972&refer=https%3A%2F%2Fbernettariedl1xsqa.pages.dev%2F&res=14.2071&rmtc=t&shu=b7cceae482d3257999bfd2086b72c9600394fa429cf78ace878efc6427758379960f59e84815e483140a2db0996d530be50059c212e77e76d9f300a358b1fedbe1b284ebda7650e40bdf1bb87755603b73f063a3d0cd8a738f6f6299397dda3675a854&tz=0&uuid=d0718615-2048-4255-8930-8bfd019c6daf%3A1%3A1 HTTP/1.1
Host: skyscraperearnings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bernettariedl1xsqa.pages.dev
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Jlcm5ldHRhcmllZGwxeHNxYS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.23c8btJRurjMudeiL-0bIvVpDqnXhDd8ctU0y6tuGnw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 11:51:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Origin: https://bernettariedl1xsqa.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d0718615-2048-4255-8930-8bfd019c6daf:1:1; expires=Sun, 12 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 06 May 2024 11:51:52 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffc9b9e03d5bb8c48fb4091124f7f131
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/31/45/f4/3145f441339156fa544f201afe037317/1707890249.png

45.133.44.9

200 OK

17 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/31/45/f4/3145f441339156fa544f201afe037317/1707890249.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
17 kB (17203 bytes)
Hash
100b833c830053763eabb5442c5a990f
94f203261a809482b24aba27da54fc944f6e330a
a2b3d52d2db4e01373a7513af50c7e0e33072678668ea0cf99a410c5e876656c

HTTP Headers

GET /cti/31/45/f4/3145f441339156fa544f201afe037317/1707890249.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:52 GMT
content-type: image/png
content-length: 17203
server: nginx/1.21.6
last-modified: Wed, 14 Feb 2024 05:57:39 GMT
etag: "65cc5653-4333"
expires: Tue, 07 May 2024 11:51:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/20/3e/15/203e15a4a37c18e718735a3cc9317a62/1708270295.jpg

45.133.44.9

200 OK

85 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/20/3e/15/203e15a4a37c18e718735a3cc9317a62/1708270295.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:16 15:13:33], progressive, precision 8, 300x250, components 3
Size
85 kB (85236 bytes)
Hash
a243301a72999b8de16df631ade6b6ed
4a73bf3593d21fc3d576bee7abf06395ea58bc31
21a3a022e5e5ca83d90331629f291c8cb589a453f8c45a5707a5fbf3bbba2811

HTTP Headers

GET /cti/20/3e/15/203e15a4a37c18e718735a3cc9317a62/1708270295.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:52 GMT
content-type: image/jpeg
content-length: 85236
server: nginx/1.21.6
last-modified: Sun, 18 Feb 2024 15:31:43 GMT
etag: "65d222df-14cf4"
expires: Tue, 07 May 2024 11:51:52 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

shayscholz.blogspot.com/favicon.ico

216.58.207.225

412 B

URL GET
shayscholz.blogspot.com/favicon.ico
IP
216.58.207.225:0
ASN
#15169 GOOGLE

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00
ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
expires: Sun, 05 May 2024 11:51:52 GMT
date: Sun, 05 May 2024 11:51:52 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d

172.67.214.128

200 OK

6.3 kB

URL GET HTTP/3
ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d
IP
172.67.214.128:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bernettariedl1xsqa.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with CRLF line terminators
Size
6.3 kB (6287 bytes)
Hash
500accfab8797557b0f922957a9319dd
8d35e1a694c6b6425f79cda1bdc33684b3a05435
29631aedec51cdf985b9ea2e0a34a4d72f4382bac37b5c0f0388f8c9f51fd8e4

HTTP Headers

GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bernettariedl1xsqa.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 05 May 2024 11:51:51 GMT
content-type: application/javascript
set-cookie: PHPSESSID=5kpmkbt5dfencgg4lb0ejae0ag; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sHLHMBimdKjU9wvPaVhvCT5U9jCWqytlVW27wotzLzOnFIRt6yDjaxswZKim6i87o76X0SmkFOfN1KvsT7L2wDtEITMkvq1tSmqRChC5VoaSz0fx59dzVjtLxG65NnNVWGfwgECw96c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f0855eafff0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bernettariedl1xsqa.pages.dev/

172.66.47.65

200 OK

17 kB

URL User Request GET HTTP/2
bernettariedl1xsqa.pages.dev/
IP
172.66.47.65:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbernettariedl1xsqa.pages.dev
FingerprintD0:AD:00:4A:A7:79:BB:8F:57:E7:4C:43:CD:2A:8C:9C:CB:B4:99:2B
ValiditySat, 04 May 2024 18:53:17 GMT - Fri, 02 Aug 2024 18:53:16 GMT

File type
HTML document, ASCII text, with very long lines (7816)
Size
17 kB (17326 bytes)
Hash
8e59c3942d62c5b505e73a4d2ba54b96
b0f9649bec56a910cb6af2b06fb3cd2d2573b34e
928741499e1df565feccd9b57220a7e58c40003be22b0df907b4e709590b3fe9

HTTP Headers

GET / HTTP/1.1
Host: bernettariedl1xsqa.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 11:51:49 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ee00d3ea0e2af48b2d7a15599c88cf5b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4t1IH4T92ZvsbPm2oje9EHpDUnj5zqc57t2mzXe9PsCF5whBU2RC5gveKa%2F%2FK0kVGeB1x6vECHeAqP8IgLAMUxhtKHbY9kjnGRi%2BZN9q2vHEcRfIQ9KV87BJdeaMaSV9fmUuldbcOpDiT7tdhiqm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f085547b890b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash