| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js | 104.17.24.14 | 200 OK | 22 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP104.17.24.14:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65241) Hash1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 850339
expires: Wed, 30 Apr 2025 12:47:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wx9IuQFdiQ5ysSEnxQM2Xk4DtRzzomqYHcHfcQwcutyRKX95bznbU2KvdQyWO77F4rOQMQs25K62QzPxJGyBrRYqoEE5n4gq8MS0SlpIjEpX4%2BgkrVGCLZIhCXhA1Bd4sPxKiIrP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881a0a514889712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP104.17.24.14:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7862) Hash96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 847067
expires: Wed, 30 Apr 2025 12:47:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2kiU7K7y5vlQZbEElJZmiBGrCVq29%2BqWu9jnYCHR59MwReMMFmaU5Tj62YUeU6VJ6v1e%2BU2sevelK9WZgC6cMkFLsdO2J11yL5mKy4xEG7K%2BZsql4yh%2B1%2BpdbWWEQIqU7zVmc1B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881a0a51588e712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif | 142.250.74.65 | 200 OK | 362 B |
URL GET HTTP/23.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif IP142.250.74.65:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeGIF image data, version 89a, 52 x 15 Hashfd2c05a8c327ace309722b0a5fc4faf3 f446e97c43f8830be9f60644563dd846abe6b8e8 0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 11:21:00 GMT
expires: Sat, 11 May 2024 11:21:00 GMT
cache-control: public, max-age=86400, no-transform
age: 5212
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f | 172.67.214.128 | 200 OK | 12 kB |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f IP172.67.214.128:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeJavaScript source, ASCII text, with very long lines (31442), with CRLF line terminators Hash162a295ed9640449a638fe4ebb3acace e799372811c7456703c001b8b00a04dc4e92942c dabbe6794b4770dd52d92f4be511a60ac5d6755cc033dc8cf086f22ea2598ce8
GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:53 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=al2nuso3d7e96e1emdti6u4v9q; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S0tBVW9yWZ5XfFaTPDs2xgmzYtF9FJyWS%2Fudu7LGdbeCou15YJxZ5ZmvUdb9cPjXYpatHF1N6I4ZMlY2KB26%2BhZ%2BXPmoQ%2Blqrmx3MQp378MYDGynk28c6zgpHFP1erRx1duYjT1SJ6o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a0a53bbca5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e | 172.67.214.128 | 200 OK | 694 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/cb1f929c7c7c523575650f47146f231e IP172.67.214.128:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typegzip compressed data, from Unix Hashd8ff0fe8cd554bc907131b5200b6dd3e de36cc92fa002b9a3919540ca72867b237a88949 6138d82832311621442370b80abd18510df42b78bd524dc314aaa1227260fc45
GET /get/site/js/cb1f929c7c7c523575650f47146f231e HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:53 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=o5bq0k3d2c5adm33hufuglumom; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DrWS38KFDfS7ubu%2B%2F4%2ByDXnF0pJajaO%2FGL8JmBhyME4bo6gq0uFcrft3fziAmhV1pb%2BMiJgKbs8lfXUGi74SiMMnpEP%2FILx%2FgSNnWpJClAMAr%2FIsz1v02fi3xi4Ewr%2FFDY5fh%2FgF6rs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a0a53bbcb5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js | 172.240.108.76 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP172.240.108.76:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31292), with no line terminators Hashbfba1b90d86b9e94f1f5460eff7146e4 709bbff9fc364fc414ac2d7f01e95f89ae969810 a651f0f730a50ba738af57acf63b967171d31e9fe280c70da39558c5f1174916
GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 52b033008e864acc72d24b7ae150ee90
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash207fe7e2ccd86abc4a0a721538600064 fd20890f85c95761796f3ec666a0f4dbc1817af9 9a6c4bbeea18281254caa5695aa9421b6bc0a6576ac0dc8cae2f222d79b20939
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://margueritedruvenga1g47572nc.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; expires=Mon, 08 May 2034 12:47:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 3.124.83.201 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP3.124.83.201:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash207fe7e2ccd86abc4a0a721538600064 fd20890f85c95761796f3ec666a0f4dbc1817af9 9a6c4bbeea18281254caa5695aa9421b6bc0a6576ac0dc8cae2f222d79b20939
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Cookie: uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://margueritedruvenga1g47572nc.pages.dev
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| wansafeguard.com/watch.1689179130263.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 | 172.240.108.84 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1wansafeguard.com/watch.1689179130263.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectwansafeguard.com Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1689179130263.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:54 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Origin: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Credentials: true
Location: https://wansafeguard.com/watch.1689179130263.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=56d855eaacca822d5537aeb51c8787d9941d8d3ec1774d6fb5aa89c8efa10e0566808eb1723c4ed503f6f4bdcd9846d450d5306a59fa1eb516db7b0e4c7cad9ec8991dcb06ebe2b637bb6a7a98a15245a1cb6aa2c8e0d8da47b789b575b6258c46&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWFyZ3Vlcml0ZWRydXZlbmdhMWc0NzU3Mm5jLnBhZ2VzLmRldi8iLCJhciI6W119fQ.zRtrKSYYIrrXQgR9Yjd7iZEtr5lCKYP3AZQqNKykNFo; expires=Fri, 10 May 2024 12:48:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e75682f31235784279b3d927464c1f27
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| shapedcongest.com/watch.1411746264825.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 | 192.243.61.225 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1shapedcongest.com/watch.1411746264825.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1411746264825.js?key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:54 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Origin: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Credentials: true
Location: https://shapedcongest.com/watch.1411746264825.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=9e99e67d82df16056b36880a76b35eb140660b6bd26796f1c0abecc08f0a0328763bb1ab3e139cd0ec64cc6a1aabda6ea35f295fc02bb99a8715c6a036e1edd0dacb89b6fa66fa740c1f2b825e8aa8a152765f197e455e8cd1923aa36d8b101d3cb774&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1
Set-Cookie: u_pl=23149106; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWFyZ3Vlcml0ZWRydXZlbmdhMWc0NzU3Mm5jLnBhZ2VzLmRldi8iLCJhciI6W119fQ.il3a2B4Xm76tFBLKSw-GVjD7_lU7TkNOyChTvEECVRw; expires=Fri, 10 May 2024 12:48:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 89f08bad78b80e85a434dbbde66d01d5
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| wansafeguard.com/watch.1689179130263.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=56d855eaacca822d5537aeb51c8787d9941d8d3ec1774d6fb5aa89c8efa10e0566808eb1723c4ed503f6f4bdcd9846d450d5306a59fa1eb516db7b0e4c7cad9ec8991dcb06ebe2b637bb6a7a98a15245a1cb6aa2c8e0d8da47b789b575b6258c46&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 | 172.240.108.84 | 200 OK | 2.1 kB |
URL GET HTTP/1.1wansafeguard.com/watch.1689179130263.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=56d855eaacca822d5537aeb51c8787d9941d8d3ec1774d6fb5aa89c8efa10e0566808eb1723c4ed503f6f4bdcd9846d450d5306a59fa1eb516db7b0e4c7cad9ec8991dcb06ebe2b637bb6a7a98a15245a1cb6aa2c8e0d8da47b789b575b6258c46&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectwansafeguard.com Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT
File typeJavaScript source, ASCII text, with very long lines (2634) Hashf1cef659d09edf38122d615fbad75e0e 74b084e109cfe41fd7610fc20f17c3e9de3dac54 19253ddbcaec55e8478677bbd8493d9b6c15ed4cefcb593d74e7fe0d31e2459a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1689179130263.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=56d855eaacca822d5537aeb51c8787d9941d8d3ec1774d6fb5aa89c8efa10e0566808eb1723c4ed503f6f4bdcd9846d450d5306a59fa1eb516db7b0e4c7cad9ec8991dcb06ebe2b637bb6a7a98a15245a1cb6aa2c8e0d8da47b789b575b6258c46&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://margueritedruvenga1g47572nc.pages.dev
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWFyZ3Vlcml0ZWRydXZlbmdhMWc0NzU3Mm5jLnBhZ2VzLmRldi8iLCJhciI6W119fQ.zRtrKSYYIrrXQgR9Yjd7iZEtr5lCKYP3AZQqNKykNFo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Origin: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; expires=Fri, 17 May 2024 12:47:54 GMT; secure; SameSite=None
iprc56e775975321518bc7595f86f1eda839=3569806; expires=Fri, 10 May 2024 16:47:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 656304eb5a8c7625ccabb59e5ae9c7f8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| shapedcongest.com/watch.1411746264825.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=9e99e67d82df16056b36880a76b35eb140660b6bd26796f1c0abecc08f0a0328763bb1ab3e139cd0ec64cc6a1aabda6ea35f295fc02bb99a8715c6a036e1edd0dacb89b6fa66fa740c1f2b825e8aa8a152765f197e455e8cd1923aa36d8b101d3cb774&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 | 192.243.61.225 | 200 OK | 2.0 kB |
URL GET HTTP/1.1shapedcongest.com/watch.1411746264825.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=9e99e67d82df16056b36880a76b35eb140660b6bd26796f1c0abecc08f0a0328763bb1ab3e139cd0ec64cc6a1aabda6ea35f295fc02bb99a8715c6a036e1edd0dacb89b6fa66fa740c1f2b825e8aa8a152765f197e455e8cd1923aa36d8b101d3cb774&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectshapedcongest.com Fingerprint92:A2:D9:7A:1E:FD:F7:37:DF:46:9B:BD:2F:92:7E:81:1D:89:61:01 ValidityMon, 06 May 2024 12:44:57 GMT - Sun, 04 Aug 2024 12:44:56 GMT
File typeJavaScript source, ASCII text, with very long lines (2437) Hash3739e17828bb639593f5f844e1218437 43766c58d8cc4c4ebe3885e1a1b3690c44d5cf80 5aa84fdbe95a36a5afd12ef24acd359e85db29f2384ca73fc64d30a00da73a13
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1411746264825.js?dev=e&key=d64164e145fb760de2b76872de4432d8&kw=%5B%5D&pst=1715345334&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=9e99e67d82df16056b36880a76b35eb140660b6bd26796f1c0abecc08f0a0328763bb1ab3e139cd0ec64cc6a1aabda6ea35f295fc02bb99a8715c6a036e1edd0dacb89b6fa66fa740c1f2b825e8aa8a152765f197e455e8cd1923aa36d8b101d3cb774&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 HTTP/1.1
Host: shapedcongest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://margueritedruvenga1g47572nc.pages.dev
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149106; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0OTEwNiwiayI6ImQ2NDE2NGUxNDVmYjc2MGRlMmI3Njg3MmRlNDQzMmQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoicTN2cHlkeXh1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWFyZ3Vlcml0ZWRydXZlbmdhMWc0NzU3Mm5jLnBhZ2VzLmRldi8iLCJhciI6W119fQ.il3a2B4Xm76tFBLKSw-GVjD7_lU7TkNOyChTvEECVRw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Origin: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; expires=Fri, 17 May 2024 12:47:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 11 May 2024 12:47:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 089664dfddce7826b809ac7273f619c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js | 192.243.61.225 | 200 OK | 16 kB |
URL GET HTTP/1.1pl23249615.highcpmgate.com/36/35/24/36352469ba20ff8ade54795907dd51e5.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjecthighcpmgate.com FingerprintE7:53:32:23:DA:D6:BE:EB:98:90:05:4B:AC:AC:8C:89:F2:4D:FB:2E ValidityFri, 19 Apr 2024 10:31:16 GMT - Thu, 18 Jul 2024 10:31:15 GMT
File typeJavaScript source, ASCII text, with very long lines (44092), with no line terminators Hashde39d206425d910b002355e198b27172 65544e65fde2d2d5cb48e7af03d21c3cdf4cbff3 5a1a8697009b3f5124c7e52877ba375e5d39e81a9ea72c87ac1108f38666f753
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /36/35/24/36352469ba20ff8ade54795907dd51e5.js HTTP/1.1
Host: pl23249615.highcpmgate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9c0b7fed0f4fcd91d2ba6ec8200b22f6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js | 172.240.108.76 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/872eda8cdc00d65d8016b8e6fba2d29b/invoke.js IP172.240.108.76:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31361), with no line terminators Hashdbf904eac5c88a3e4751a8068d687d3a a368e86cddffbdd7f8640cc832991dbbc712c89e cda76a1c93bd1a5b5f79242f30b4d6c14002a96f319d799c27b0f28ed337b459
GET /872eda8cdc00d65d8016b8e6fba2d29b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da65fb11ea350eb1d742b7e2fac43fdf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png | 45.133.44.10 | 200 OK | 65 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 728 x 90, 8-bit/color RGB, non-interlaced Hash7b7a5b41c35f8431cbe8da8d833533ab 763cbed7a77765c52c00a2496c0dcf49f92bb867 c5739d41dd101ae24bc1bed6a0b34f11141d52d690b75a79b43f888ab12b67b2
GET /cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:55 GMT
content-type: image/png
content-length: 65272
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 15:15:21 GMT
etag: "61080c09-fef8"
expires: Sun, 12 May 2024 12:47:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.10 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:55 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 12 May 2024 12:47:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| downstairsnegotiatebarren.com/sfp.js | 188.114.97.1 | 200 OK | 28 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP188.114.97.1:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:55 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3189ac5ed5def99560dc914634f79407
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 12:47:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Arm%2F%2BGOVrkefypxIgb7Cqygb%2BwZS%2FQbwR2QcIsLvMKubo1geIvG7ip0ffKWfsDkMPzp8XN5h7dcHZmaygcgD4LBiS%2BTm7zyZpDdKTfyEPXz20v2mSlXb%2FmrQRcSn0uqX%2F6I3Thj2IsAj%2ButD2sqqCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a0a613e965699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| tse1.mm.bing.net/th?q= | 204.79.197.200 | 404 Not Found | 727 B |
IP204.79.197.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3 Hash5116706c119475f5ae2fc135c3358037 7e5bdf3585153e317ebef05a9b8241d311e44cb3 7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c
GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C58CABD0F1D24E81876F8BC6C16867AB Ref B: OSL30EDGE0117 Ref C: 2024-05-10T12:47:55Z
date: Fri, 10 May 2024 12:47:54 GMT
X-Firefox-Spdy: h2
|
|
| unauthorizedsufficientlysensitivity.com/watch.37630948808.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 | 192.243.59.13 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1unauthorizedsufficientlysensitivity.com/watch.37630948808.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectunauthorizedsufficientlysensitivity.com Fingerprint83:8A:10:7A:01:D6:71:57:66:FF:15:E8:33:65:6A:F4:19:BD:B0:02 ValidityMon, 06 May 2024 12:52:41 GMT - Sun, 04 Aug 2024 12:52:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.37630948808.js?key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 HTTP/1.1
Host: unauthorizedsufficientlysensitivity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 10 May 2024 12:47:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Origin: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Credentials: true
Location: https://unauthorizedsufficientlysensitivity.com/watch.37630948808.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345335&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=4a6dc5fcbf4942395638648f7ce3feac618ad326fcbe5e130c289c04f974b1c196c465ee7b106c3f4a069bf105d1c775b0f630f682789e207ef60906d4816171e09fe10f836a273c337d742822202fee5e2eb3a911940fc9fa5352119b5792&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1
Set-Cookie: u_pl=23148904; expires=Sat, 11 May 2024 12:47:55 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWFyZ3Vlcml0ZWRydXZlbmdhMWc0NzU3Mm5jLnBhZ2VzLmRldi8iLCJhciI6W119fQ.zRtrKSYYIrrXQgR9Yjd7iZEtr5lCKYP3AZQqNKykNFo; expires=Fri, 10 May 2024 12:48:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d3340eb4987259781503dc288e3ee2db
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unauthorizedsufficientlysensitivity.com/watch.37630948808.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345335&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=4a6dc5fcbf4942395638648f7ce3feac618ad326fcbe5e130c289c04f974b1c196c465ee7b106c3f4a069bf105d1c775b0f630f682789e207ef60906d4816171e09fe10f836a273c337d742822202fee5e2eb3a911940fc9fa5352119b5792&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 | 192.243.59.13 | 200 OK | 2.0 kB |
URL GET HTTP/1.1unauthorizedsufficientlysensitivity.com/watch.37630948808.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345335&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=4a6dc5fcbf4942395638648f7ce3feac618ad326fcbe5e130c289c04f974b1c196c465ee7b106c3f4a069bf105d1c775b0f630f682789e207ef60906d4816171e09fe10f836a273c337d742822202fee5e2eb3a911940fc9fa5352119b5792&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectunauthorizedsufficientlysensitivity.com Fingerprint83:8A:10:7A:01:D6:71:57:66:FF:15:E8:33:65:6A:F4:19:BD:B0:02 ValidityMon, 06 May 2024 12:52:41 GMT - Sun, 04 Aug 2024 12:52:40 GMT
File typeJavaScript source, ASCII text, with very long lines (2483) Hashd9c9eca8a55b0d04ba77a337bab575d3 d3abf6a31012f36441488b8d5f9f248b902af0dd def6045a0134b727564e64b9e174b74c612ae13160589c9fbbe67be8f58feb46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.37630948808.js?dev=e&key=872eda8cdc00d65d8016b8e6fba2d29b&kw=%5B%5D&pst=1715345335&refer=https%3A%2F%2Fmargueritedruvenga1g47572nc.pages.dev%2F&res=14.2071&rmtc=t&shu=4a6dc5fcbf4942395638648f7ce3feac618ad326fcbe5e130c289c04f974b1c196c465ee7b106c3f4a069bf105d1c775b0f630f682789e207ef60906d4816171e09fe10f836a273c337d742822202fee5e2eb3a911940fc9fa5352119b5792&tz=0&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 HTTP/1.1
Host: unauthorizedsufficientlysensitivity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://margueritedruvenga1g47572nc.pages.dev
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23148904; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzE0ODkwNCwiayI6Ijg3MmVkYThjZGMwMGQ2NWQ4MDE2YjhlNmZiYTJkMjliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozODIyNDk2LCJwaWQiOjE4NDI2NzQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJzcTU1MTZuN2FmIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWFyZ3Vlcml0ZWRydXZlbmdhMWc0NzU3Mm5jLnBhZ2VzLmRldi8iLCJhciI6W119fQ.zRtrKSYYIrrXQgR9Yjd7iZEtr5lCKYP3AZQqNKykNFo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 12:47:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Origin: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; expires=Fri, 17 May 2024 12:47:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 12:47:55 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 12:47:55 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 11 May 2024 12:47:55 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 11 May 2024 12:47:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 32cce85fc0dea414591b5b6869a779b6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/6e/8c/f5/6e8cf5e6269324a2f8594200a549c673/1707727902.png | 45.133.44.10 | 200 OK | 58 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/6e/8c/f5/6e8cf5e6269324a2f8594200a549c673/1707727902.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hashcd767aa7f68fbd096568816e15226a65 e24ab13e2427df52e4d5f1c5a8d472578fb50480 4cbedc8792aa2a900dc7bd36cf347aec3c738b743735c245332343e64ea0f2d0
GET /cti/6e/8c/f5/6e8cf5e6269324a2f8594200a549c673/1707727902.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:55 GMT
content-type: image/png
content-length: 58545
server: nginx/1.21.6
last-modified: Mon, 12 Feb 2024 08:51:50 GMT
etag: "65c9dc26-e4b1"
expires: Sun, 12 May 2024 12:47:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= | 142.250.74.142 | 200 OK | 7.3 kB |
URL GET HTTP/2suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP142.250.74.142:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hashfdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4
GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:55 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-tjRgJTQDsluPVs6zF_kWNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 | 192.243.59.12 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36352469ba20ff8ade54795907dd51e5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18e55aeecf34b86aeaa8753306ec0dd5
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 188.114.96.1 | 200 OK | 591 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP188.114.96.1:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:56 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 851412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6p4v9Bur374Z88r82QFZuuEmjx4wZFqAg6LNOKiTQLCeIFwNkQdoNt1DAPA0WOP6KLwalSIHjs3pWxJ86lyY%2BDQcNt91FnkqYP1pGvbY32tf55zZeOLVC1zyppApKNBldrd1%2FZHsogU%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a0a69ebcc0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.10 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:56 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sun, 12 May 2024 12:47:56 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ascensionunfinished.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuTnITBGXBw7owBw8rmEl3z0zPTFZcjDESjJu4WdGbVHXVTMqp7mqquqcnQSS4IHsc%2FAWdb5INrovsXgUXmSx4CAg7nnIwF%2F%2FBCnuWHgfHfYd679X3FXz1vffdUXZJfGT0Yv0TfSCVoiuNqlu5%2FoXn3ahsyTgbVAat4MugfqNi%2BqvtoOq%2BXflIhD294rue63quV9mQRnT0YKUEIZOHba%2Fadqt1v%2Bo16hiYl3ubObDUAe9fktch%2BWTpqXMFMhwjjh6tC9tLdfLOh1GmaKoN%2Bvz0s7gX6zxGNC87xkEnPp2xoe2zjSfQ8clULnT%2FPyKTE%2BL89gQsPp2JBOsfT3UyBRGD8VeQ98cQagxJxwj1XUj%2BjAAhx61txNH9W9rkdP9flJbohCy9%2BBsyn5ClP68gjn5aU3JQ2dUqS6WOLQadAnIwhuyOkWRnSA8WIPMzhOm3kPx3svJiC3F0vG2VhuQXbzVD7jY5Z8uh7%2FrLddFoLLeZx5e9JqOthucy7rGpQVKOITtjKDEEtYvIrINMOsg6DrLEQcQvKqHneU2Xh9RttcOwxpuCBdz1aLPjUc8NWsjC8g9DpMkQoRoiNIdIzCF6cgiT%2FQq7V8DyJdh0QpxPv0GfF8gFQW4JckqQS4I8Jcj7xQlX1rfFfa5sxrxZ9me5Vox02j2iJzrtipiAmiEML46SS%2FJaaaJDV99FT1xUakGt4deDNqO%2B2%2Bm0KBeNerPdaJeeNDzRgJUFpF0AtQ4O5ISs7hZI5IS8ee05GD2DVWcI5SJodg00L0D3ChzED2Iqe1pVQx2B6wJJuoR03zlSl%2BTqdIib248hwvObf9WmgdAUSEyBr%2BRTgq66N7qtc3J8W%2BeWPN5OUhnJA1oOeDelqVh88LHYz7Xhm%2Bt2%2BMP7YQmU5cM7wqZbNOYy7lry45rkXJgNbUJBftm0nwu2k9m9tczEWbK188HGZpQYYa3U8Ri03NXnBqGckFev3pnu7vWfdyDNGCYrEGXnZBaQeowwOYRN5vqtJjBqzmGJgzwrRsZn80slCZSY95QVsP%2Fr2bweGVq%2BprI4svfQNQug6V3EUYG%2BKdBXBagawmaLozQx5zf%2FmMlgamHElFk4Zsqo76c2l8cjWHlRadZqLg3aDa%2FZpKLJ6n6rE3icUr8e%2BEFAa0jtpPPeG1%2F%2FAwAA%2F%2F8BAAD%2F%2F%2B53vUuVBAAA | 172.240.108.84 | 200 OK | 7 B |
URL GET HTTP/1.1ascensionunfinished.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuTnITBGXBw7owBw8rmEl3z0zPTFZcjDESjJu4WdGbVHXVTMqp7mqquqcnQSS4IHsc%2FAWdb5INrovsXgUXmSx4CAg7nnIwF%2F%2FBCnuWHgfHfYd679X3FXz1vffdUXZJfGT0Yv0TfSCVoiuNqlu5%2FoXn3ahsyTgbVAat4MugfqNi%2BqvtoOq%2BXflIhD294rue63quV9mQRnT0YKUEIZOHba%2Fadqt1v%2Bo16hiYl3ubObDUAe9fktch%2BWTpqXMFMhwjjh6tC9tLdfLOh1GmaKoN%2Bvz0s7gX6zxGNC87xkEnPp2xoe2zjSfQ8clULnT%2FPyKTE%2BL89gQsPp2JBOsfT3UyBRGD8VeQ98cQagxJxwj1XUj%2BjAAhx61txNH9W9rkdP9flJbohCy9%2BBsyn5ClP68gjn5aU3JQ2dUqS6WOLQadAnIwhuyOkWRnSA8WIPMzhOm3kPx3svJiC3F0vG2VhuQXbzVD7jY5Z8uh7%2FrLddFoLLeZx5e9JqOthucy7rGpQVKOITtjKDEEtYvIrINMOsg6DrLEQcQvKqHneU2Xh9RttcOwxpuCBdz1aLPjUc8NWsjC8g9DpMkQoRoiNIdIzCF6cgiT%2FQq7V8DyJdh0QpxPv0GfF8gFQW4JckqQS4I8Jcj7xQlX1rfFfa5sxrxZ9me5Vox02j2iJzrtipiAmiEML46SS%2FJaaaJDV99FT1xUakGt4deDNqO%2B2%2Bm0KBeNerPdaJeeNDzRgJUFpF0AtQ4O5ISs7hZI5IS8ee05GD2DVWcI5SJodg00L0D3ChzED2Iqe1pVQx2B6wJJuoR03zlSl%2BTqdIib248hwvObf9WmgdAUSEyBr%2BRTgq66N7qtc3J8W%2BeWPN5OUhnJA1oOeDelqVh88LHYz7Xhm%2Bt2%2BMP7YQmU5cM7wqZbNOYy7lry45rkXJgNbUJBftm0nwu2k9m9tczEWbK188HGZpQYYa3U8Ri03NXnBqGckFev3pnu7vWfdyDNGCYrEGXnZBaQeowwOYRN5vqtJjBqzmGJgzwrRsZn80slCZSY95QVsP%2Fr2bweGVq%2BprI4svfQNQug6V3EUYG%2BKdBXBagawmaLozQx5zf%2FmMlgamHElFk4Zsqo76c2l8cjWHlRadZqLg3aDa%2FZpKLJ6n6rE3icUr8e%2BEFAa0jtpPPeG1%2F%2FAwAA%2F%2F8BAAD%2F%2F%2B53vUuVBAAA IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuTnITBGXBw7owBw8rmEl3z0zPTFZcjDESjJu4WdGbVHXVTMqp7mqquqcnQSS4IHsc%2FAWdb5INrovsXgUXmSx4CAg7nnIwF%2F%2FBCnuWHgfHfYd679X3FXz1vffdUXZJfGT0Yv0TfSCVoiuNqlu5%2FoXn3ahsyTgbVAat4MugfqNi%2BqvtoOq%2BXflIhD294rue63quV9mQRnT0YKUEIZOHba%2Fadqt1v%2Bo16hiYl3ubObDUAe9fktch%2BWTpqXMFMhwjjh6tC9tLdfLOh1GmaKoN%2Bvz0s7gX6zxGNC87xkEnPp2xoe2zjSfQ8clULnT%2FPyKTE%2BL89gQsPp2JBOsfT3UyBRGD8VeQ98cQagxJxwj1XUj%2BjAAhx61txNH9W9rkdP9flJbohCy9%2BBsyn5ClP68gjn5aU3JQ2dUqS6WOLQadAnIwhuyOkWRnSA8WIPMzhOm3kPx3svJiC3F0vG2VhuQXbzVD7jY5Z8uh7%2FrLddFoLLeZx5e9JqOthucy7rGpQVKOITtjKDEEtYvIrINMOsg6DrLEQcQvKqHneU2Xh9RttcOwxpuCBdz1aLPjUc8NWsjC8g9DpMkQoRoiNIdIzCF6cgiT%2FQq7V8DyJdh0QpxPv0GfF8gFQW4JckqQS4I8Jcj7xQlX1rfFfa5sxrxZ9me5Vox02j2iJzrtipiAmiEML46SS%2FJaaaJDV99FT1xUakGt4deDNqO%2B2%2Bm0KBeNerPdaJeeNDzRgJUFpF0AtQ4O5ISs7hZI5IS8ee05GD2DVWcI5SJodg00L0D3ChzED2Iqe1pVQx2B6wJJuoR03zlSl%2BTqdIib248hwvObf9WmgdAUSEyBr%2BRTgq66N7qtc3J8W%2BeWPN5OUhnJA1oOeDelqVh88LHYz7Xhm%2Bt2%2BMP7YQmU5cM7wqZbNOYy7lry45rkXJgNbUJBftm0nwu2k9m9tczEWbK188HGZpQYYa3U8Ri03NXnBqGckFev3pnu7vWfdyDNGCYrEGXnZBaQeowwOYRN5vqtJjBqzmGJgzwrRsZn80slCZSY95QVsP%2Fr2bweGVq%2BprI4svfQNQug6V3EUYG%2BKdBXBagawmaLozQx5zf%2FmMlgamHElFk4Zsqo76c2l8cjWHlRadZqLg3aDa%2FZpKLJ6n6rE3icUr8e%2BEFAa0jtpPPeG1%2F%2FAwAA%2F%2F8BAAD%2F%2F%2B53vUuVBAAA HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c81561ad841e05fd6fc1eba7d0ed8072
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hash5cca726950e0c66f634b48e166f782fc e6948d2eedc12638467b3e360a63013b1e2885ce 5f739683fe5561387b44da292f720e38ce0ee668fbc06144794ed2f1362984ae
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 12:47:56 GMT
date: Fri, 10 May 2024 12:47:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 188.114.96.1 | 200 OK | 4.9 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP188.114.96.1:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash3d4123dbfb33d27a5cfdfcfa91df6783 e7d0eeeec54b848f0bc3da8685fa3bc88429d660 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:56 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V6eOL4kbj4NcqNSfaxf4SMNz0STep0NcKDRn%2FGPNAgD%2F%2F%2BdecXArLdwUjXgjICXU0b0L46%2B7aBrSOuj2PpVxhw%2BeKeLy6YEN2tG3TfF66Bs%2BgH3CVPuEDb2MUUXYSZFwEsAnbYV2jaeQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a0a697b120b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=340 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=340 IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=340 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=80 | 192.243.59.12 | 200 OK | 0 B |
URL GET HTTP/1.1ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=80 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=80 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| shayscholz.blogspot.com/favicon.ico | 216.58.207.193 | | 412 B |
URL GET shayscholz.blogspot.com/favicon.ico IP216.58.207.193:0
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeMS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel Hash59a0c7b6e4848ccdabcea0636efda02b 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/x-icon
expires: Fri, 10 May 2024 12:47:56 GMT
date: Fri, 10 May 2024 12:47:56 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=160 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=160 IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=160 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 530359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:55:00 GMT
expires: Fri, 09 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
age: 125576
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ascensionunfinished.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2tc1Rs%2BN8nuBz9QCi5qYRYuKpjJvTNz508rFmuNBGMTm4ru5Py7k%2BOce8%2FlnHvnToJIsCBdDn6Cm2eSBmuRditYZFJwERA6rrIwG79Bha5lxsHRd3He9z3Pc%2BA5z%2Ft%2Bc5hfkBpyen7rI7OvtKZrYdWvXP0sCK5XNlWSDyqDdvPzZuN6xfavdZpV%2F83KB5L3zFrND3w%2F8IPKurIyMoO1KQiVPuoE1Y5fbdSqQdjAwP63d7kHRz2I%2FgV5FUpMVp55l6D4GEn8%2BJZ0vcykb70f55pmxqIvTj5JeokpEsSLMrIeouRkzoZxz9efwiTHM7kw%2FX%2BITE2I98tTsORkLhKsfzTTyTRkAib%2Bh6I%2FhtRjKDoGN%2FegxHMCcIHbW0jiB7eNLeje3yidohOy8vJPqGJCVn6%2FhCT%2B4aZWg8qO0XmmTOIwiEqowRiqO0aanyLbX4IqTsGzr6HEr2Tt5SaS%2BGjLaQMlzt9oceG3hGCrvObXVhsyDFc7LBCrQYvRdhj4TARsZpBSY6hoDC2HoG4ZufOQKw955CFPPcTivMKDIGj5glO%2F3eG8LlqSNYUf0FYU0MBvtpHz6R%2BGyNIhuB6C2wOk9gA9NYTNf4bbLeHEClw2Id7HX6EvShSSoHAEBSUoFEGRERT98lhoV3PlA6FdzoJ5rs1zvRyZrHtIj03WlQkBtUNYUR6mF%2BSVqYkevfY2evK8Um%2FWw1qj2WG05kdRmwoZNlqdsDP1JAxkCKdKKLcE6jzsqwm5tlMiVRPy%2BpUXYPQUTp%2BCq2XQ%2FApoUYLulthPHiZU9YyuchNDmBJptoJszzvUF%2BTybIgbW08g%2BdmNP%2BqzALclUlviC%2FWMoKvvj%2B6YghzdMYUjT7bSTMVqn04HvJPRTC4%2F%2FFDuFcaKjVtu%2BN27fApMy0d3pcs2aSJU0nXk%2B5tKCGnXjeWS%2FLThPpVsO3e7N3Ob5Onm9nvrG3FqpXPKJGPQ6a6%2BsOBqQv5%2F%2Be5sd6%2F%2BuA1lx7B5iTg%2FI%2FOAMmPw9AAuXeh3hsDqBYelHoq8HNkaW1xqRaDloqeshPtXzxb1yNLpa6rKQ3cfXbsEmt1DEpfo2xJ9XYLqIVy%2BPMpSe3bjt7kMppdGTNulI6at%2FnZm8%2FR4DKfOK3VftJiMZIvJRtiIJBcsDJnPI87qot3myNwkeue1L%2F8CAAD%2F%2FwEAAP%2F%2FbqNoo5UEAAA%3D | 192.243.59.12 | 200 OK | 7 B |
URL GET HTTP/1.1ascensionunfinished.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2tc1Rs%2BN8nuBz9QCi5qYRYuKpjJvTNz508rFmuNBGMTm4ru5Py7k%2BOce8%2FlnHvnToJIsCBdDn6Cm2eSBmuRditYZFJwERA6rrIwG79Bha5lxsHRd3He9z3Pc%2BA5z%2Ft%2Bc5hfkBpyen7rI7OvtKZrYdWvXP0sCK5XNlWSDyqDdvPzZuN6xfavdZpV%2F83KB5L3zFrND3w%2F8IPKurIyMoO1KQiVPuoE1Y5fbdSqQdjAwP63d7kHRz2I%2FgV5FUpMVp55l6D4GEn8%2BJZ0vcykb70f55pmxqIvTj5JeokpEsSLMrIeouRkzoZxz9efwiTHM7kw%2FX%2BITE2I98tTsORkLhKsfzTTyTRkAib%2Bh6I%2FhtRjKDoGN%2FegxHMCcIHbW0jiB7eNLeje3yidohOy8vJPqGJCVn6%2FhCT%2B4aZWg8qO0XmmTOIwiEqowRiqO0aanyLbX4IqTsGzr6HEr2Tt5SaS%2BGjLaQMlzt9oceG3hGCrvObXVhsyDFc7LBCrQYvRdhj4TARsZpBSY6hoDC2HoG4ZufOQKw955CFPPcTivMKDIGj5glO%2F3eG8LlqSNYUf0FYU0MBvtpHz6R%2BGyNIhuB6C2wOk9gA9NYTNf4bbLeHEClw2Id7HX6EvShSSoHAEBSUoFEGRERT98lhoV3PlA6FdzoJ5rs1zvRyZrHtIj03WlQkBtUNYUR6mF%2BSVqYkevfY2evK8Um%2FWw1qj2WG05kdRmwoZNlqdsDP1JAxkCKdKKLcE6jzsqwm5tlMiVRPy%2BpUXYPQUTp%2BCq2XQ%2FApoUYLulthPHiZU9YyuchNDmBJptoJszzvUF%2BTybIgbW08g%2BdmNP%2BqzALclUlviC%2FWMoKvvj%2B6YghzdMYUjT7bSTMVqn04HvJPRTC4%2F%2FFDuFcaKjVtu%2BN27fApMy0d3pcs2aSJU0nXk%2B5tKCGnXjeWS%2FLThPpVsO3e7N3Ob5Onm9nvrG3FqpXPKJGPQ6a6%2BsOBqQv5%2F%2Be5sd6%2F%2BuA1lx7B5iTg%2FI%2FOAMmPw9AAuXeh3hsDqBYelHoq8HNkaW1xqRaDloqeshPtXzxb1yNLpa6rKQ3cfXbsEmt1DEpfo2xJ9XYLqIVy%2BPMpSe3bjt7kMppdGTNulI6at%2FnZm8%2FR4DKfOK3VftJiMZIvJRtiIJBcsDJnPI87qot3myNwkeue1L%2F8CAAD%2F%2FwEAAP%2F%2FbqNoo5UEAAA%3D IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2tc1Rs%2BN8nuBz9QCi5qYRYuKpjJvTNz508rFmuNBGMTm4ru5Py7k%2BOce8%2FlnHvnToJIsCBdDn6Cm2eSBmuRditYZFJwERA6rrIwG79Bha5lxsHRd3He9z3Pc%2BA5z%2Ft%2Bc5hfkBpyen7rI7OvtKZrYdWvXP0sCK5XNlWSDyqDdvPzZuN6xfavdZpV%2F83KB5L3zFrND3w%2F8IPKurIyMoO1KQiVPuoE1Y5fbdSqQdjAwP63d7kHRz2I%2FgV5FUpMVp55l6D4GEn8%2BJZ0vcykb70f55pmxqIvTj5JeokpEsSLMrIeouRkzoZxz9efwiTHM7kw%2FX%2BITE2I98tTsORkLhKsfzTTyTRkAib%2Bh6I%2FhtRjKDoGN%2FegxHMCcIHbW0jiB7eNLeje3yidohOy8vJPqGJCVn6%2FhCT%2B4aZWg8qO0XmmTOIwiEqowRiqO0aanyLbX4IqTsGzr6HEr2Tt5SaS%2BGjLaQMlzt9oceG3hGCrvObXVhsyDFc7LBCrQYvRdhj4TARsZpBSY6hoDC2HoG4ZufOQKw955CFPPcTivMKDIGj5glO%2F3eG8LlqSNYUf0FYU0MBvtpHz6R%2BGyNIhuB6C2wOk9gA9NYTNf4bbLeHEClw2Id7HX6EvShSSoHAEBSUoFEGRERT98lhoV3PlA6FdzoJ5rs1zvRyZrHtIj03WlQkBtUNYUR6mF%2BSVqYkevfY2evK8Um%2FWw1qj2WG05kdRmwoZNlqdsDP1JAxkCKdKKLcE6jzsqwm5tlMiVRPy%2BpUXYPQUTp%2BCq2XQ%2FApoUYLulthPHiZU9YyuchNDmBJptoJszzvUF%2BTybIgbW08g%2BdmNP%2BqzALclUlviC%2FWMoKvvj%2B6YghzdMYUjT7bSTMVqn04HvJPRTC4%2F%2FFDuFcaKjVtu%2BN27fApMy0d3pcs2aSJU0nXk%2B5tKCGnXjeWS%2FLThPpVsO3e7N3Ob5Onm9nvrG3FqpXPKJGPQ6a6%2BsOBqQv5%2F%2Be5sd6%2F%2BuA1lx7B5iTg%2FI%2FOAMmPw9AAuXeh3hsDqBYelHoq8HNkaW1xqRaDloqeshPtXzxb1yNLpa6rKQ3cfXbsEmt1DEpfo2xJ9XYLqIVy%2BPMpSe3bjt7kMppdGTNulI6at%2FnZm8%2FR4DKfOK3VftJiMZIvJRtiIJBcsDJnPI87qot3myNwkeue1L%2F8CAAD%2F%2FwEAAP%2F%2FbqNoo5UEAAA%3D HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 73689a696dbf7b874d9e2538cdb908b1
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| ascensionunfinished.com/pixel/sbs?c=1 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1ascensionunfinished.com/pixel/sbs?c=1 IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 188.114.96.1 | 200 OK | 9.4 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP188.114.96.1:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typegzip compressed data, from Unix Hash8d13e80402ae75404f9c8962760d8fc9 4caacbb79627af4f48fb8d6a1104768bdce9ab73 93b666af76a630eaa2d38bdfcf741b226539e1448adad35252eb1b6bb07bda9c
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:56 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I5q3Y%2FPN%2FbM078ultmz%2F8WwZZkEs650f6p45J1AI3v5gkHu7betn1sRC6RvJLP3jdwWvZxAMxHaDOATWt64QtE3ewHa1BuAWDb9phfjUELe2%2BIfH8j%2B%2FaDI1%2B1fWPspRNeivSOmPWB4j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a0a697b150b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.3 | 200 OK | 7.5 kB |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com Fingerprint08:55:F0:C8:EA:24:54:0D:3C:B9:2C:95:3E:DC:BF:FB:A8:76:BA:BC ValidityThu, 09 May 2024 03:01:15 GMT - Wed, 07 Aug 2024 03:01:14 GMT
File typegzip compressed data, from Unix Hash4d6762804f90c4510ecfa0b1ec88d923 15b90982cdde67e1b939feaab50176c4b0011aab d79fec7aec1ee3c9740c6522771f7e023f3683f6c4656a4e64e8a502fd065e92
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:56 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 10 May 2024 13:47:56 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=SjgZ6hMxJDngD9RmCgHgT7SMxG8fWAoQPA7Loh87m1IFiC0D9RZ9bXJ8F5u1dMsha-kXWiv7oGRnGLuVX2qP3WaYnbcCa7ws88ti1fuRC9dq7-RXaZkNQCkFJJ7Uf1Ms
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Fri, 10 May 2024 12:46:55 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 75
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a | 172.67.214.128 | 200 OK | 139 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d0b1e71bd1922518d7cf826d604fe57a IP172.67.214.128:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeHTML document, ASCII text, with no line terminators Hashe15c88b36628c81a52bcb9444eee08ba b77a6fbbc1d1b1b9f0c581f68daa1293873714b8 906d9c79e02071efeb0f05b18df87d7765a990d08563f21f17f9c0da4ae08931
GET /get/site/js/d0b1e71bd1922518d7cf826d604fe57a HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:53 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=1m0vrg1h2u36nr2q5jmh5skmrv; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8cUQYTBzqMM4rNuuxljqYgwyVMHJ8nDf7hKqbYy5KwNntl70PRN3ZDHUOvENNkFdn9HIMCPc6QLtHfvZzeCOwAC1Xp3SseN58FGA1BIWopdfv%2FCnSOCb%2BCR8YQa61lE8FoImIKIbW64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a0a53bbc75699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 188.114.96.1 | 200 OK | 962 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP188.114.96.1:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (1015), with no line terminators Hash88523e22d10f0cbad31aa1d8276764fa 9238cd9499e01abdbeb33e68c550d26cfb6eaba5 d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:56 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=06Ov2WleIts8rhSqgRWvolSVQFUCxoklhM8iZAkBwV3PMTcbxJ1Rk81%2FdQ2r%2BVCfI2kSWlmcUmBhyYupEB14nSdTtcCjqyLBK8YUD2bo4fh4bwpQZonOZTEZsVuYxOlNSHhWQeo%2FxzCl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a0a6a7c940b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d | 172.67.214.128 | 200 OK | 293 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP172.67.214.128:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with very long lines (324), with no line terminators Hash041ede74df53d2be75e709663d64255b 3572555eaf9afcff4ee5eac40161e83a74a62b8c 86312cb5b23a46990fed66e2e09eada2db2352face7d563580cbca6fd864c916
GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:53 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=ae81si3a2plaj1kg88qmu4d1po; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hc0salVGuyhKfUnx5hjXum4Vq1W200roO7apFIAvSzoKeVq5B73tDS%2F9afnGV3YnlHEi9T0CUT5XYErV06EOVOFQoqkBmMf4bvjZSsDc04sr4SpOoJCxq6A3tczUatAqb0aW663v4VM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a0a53bbc25699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ascensionunfinished.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 | 172.240.108.84 | 200 OK | 13 kB |
URL GET HTTP/1.1ascensionunfinished.com/sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
Hash424990beaae88836baf1619049533c05 91c7b2332abe3c28ed1c1d2fbcdc6f5ca51e76c0 0989cdc5012ff5d2997455a1dce47c372af341319bc047a44f3742186bead638
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=36352469ba20ff8ade54795907dd51e5&uuid=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b%3A3%3A1 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
Origin: https://margueritedruvenga1g47572nc.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Origin: https://margueritedruvenga1g47572nc.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=23149116; expires=Sat, 11 May 2024 12:47:56 GMT; secure; SameSite=None
uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; expires=Fri, 17 May 2024 12:47:56 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 11 May 2024 12:47:56 GMT; secure; SameSite=None
uncs=1; expires=Sat, 11 May 2024 12:47:56 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 11 May 2024 12:47:56 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 11 May 2024 12:47:56 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 534627e8500e4409b8190a1d951fbb95
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| margueritedruvenga1g47572nc.pages.dev/ | 172.66.44.126 | 200 OK | 17 kB |
URL User Request GET HTTP/2margueritedruvenga1g47572nc.pages.dev/ IP172.66.44.126:443
CertificateIssuerGoogle Trust Services LLC Subjectmargueritedruvenga1g47572nc.pages.dev FingerprintBA:A5:05:27:96:35:07:AA:E6:27:F5:C4:0F:B9:B2:8B:E2:B8:4C:4C ValidityThu, 09 May 2024 19:42:21 GMT - Wed, 07 Aug 2024 19:42:20 GMT
File typeHTML document, ASCII text, with very long lines (7816) Hashb8ac0d60301dd2f18746713d5b1e6d3c 654efee1b2a42cd972a5763da583c5864283098a a6cca3d187a8d5c8d63616b49abc425e337f94bd6d618640a2d06d400e7f8caa
GET / HTTP/1.1
Host: margueritedruvenga1g47572nc.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:52 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"db2659a62003b35c8ec1ce364597a245"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eN1bUF3KWt%2BMGiIofyfZrR62b8bgXebYiZ3vJ7dKeBlsr3spdh5pLONxvSMeKvHzzdsk71jTPekaw%2Bid56DQtOuaV6e%2BNjLxqgkMIOgAr8zY8j4iaWSC6mtZJ0O2HrZPSdmXzgwPp5wbm9RmN3g8cBJKaDIgtKXw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a0a4d7c1c568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js | 172.240.108.76 | 200 OK | 31 kB |
URL GET HTTP/1.1www.topcreativeformat.com/d64164e145fb760de2b76872de4432d8/invoke.js IP172.240.108.76:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31295), with no line terminators Hashe6a3ea00986a52e4f3569ddb4d3ae02d 150dcf8ff5e334b119de7bbd62c6e353c83b12e5 eb1bf4c9c177e2542654e1ba39e8cc2a6de0f385329c518d7fda7b492187b843
GET /d64164e145fb760de2b76872de4432d8/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a5b0199503fe3acbea393319444b432
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=205 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1ascensionunfinished.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=205 IP172.240.108.84:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerLet's Encrypt Subjectascensionunfinished.com Fingerprint74:73:3B:0F:7A:C1:93:FB:B1:E0:8B:AE:39:45:B5:02:6D:2A:37:C8 ValidityMon, 06 May 2024 12:45:42 GMT - Sun, 04 Aug 2024 12:45:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=205 HTTP/1.1
Host: ascensionunfinished.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margueritedruvenga1g47572nc.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23149116; uid_id2=7cd07ddb-c202-4e55-9b1d-17ba8510bd1b:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 10 May 2024 12:47:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 188.114.96.1 | 200 OK | 84 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP188.114.96.1:443
Requested byhttps://margueritedruvenga1g47572nc.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 12:47:56 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 847280
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FqiM82Cpa6sWnUmrTThKrYZtO1Gz%2FH9rtxOdHLrm5w%2FLzX4M4dXYODcFOpeB%2B%2BCQBLwNE907vwzS3sF53TdzymoT4f7lVnO8HsqWK2mYC84Uud217AgJevgoZhsCLnvFf2daG3vhaSB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881a0a69ebd70b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|