henley-gail-7136.firebaseapp.com/
200 OK 25 kB URL User Request GET HTTP/2 henley-gail-7136.firebaseapp.com/
IP
Certificate IssuerGoogle Trust Services LLC
Subjectfirebaseapp.com
Fingerprint04:74:6E:47:BF:94:51:56:F9:27:7E:1F:07:A6:D0:AA:1F:2B:20:9D
ValidityMon, 11 Sep 2023 19:28:58 GMT - Sun, 10 Dec 2023 19:28:57 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5831), with CRLF line terminators
Hash 465980fdd4d559e3843c7ca5a844cd86
a2ae3515f103b5270b5e7f2c4699ed0f0071152a
4abf416867684a1de35675e4f6771722ec6868b7386fa54718b16f72257ffff5
GET / HTTP/1.1
Host: henley-gail-7136.firebaseapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: br
content-type: text/html; charset=utf-8
etag: "e6b8b2513c902424290fa517adfde90936c03e539985551e212994e865230b72-br"
last-modified: Mon, 21 Sep 2020 23:16:22 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Mon, 23 Oct 2023 20:04:16 GMT
x-served-by: cache-bma1643-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1698091456.204387,VS0,VE229
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25225
X-Firefox-Spdy: h2
www.nulltag.com/game/firewall.js
302 Found 683 B URL GET HTTP/2 www.nulltag.com/game/firewall.js
IP
ASN #59253 Leaseweb Asia Pacific pte. ltd.
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerLet's Encrypt
Subjectwww.nulltag.com.chunma.biz.id
Fingerprint58:A6:0A:29:1D:8A:C9:55:00:7B:28:14:CD:7B:47:32:CD:7C:64:E9
ValidityMon, 02 Oct 2023 05:28:33 GMT - Sun, 31 Dec 2023 05:28:32 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 6371befc85069a96b0cb3c52e754a55a
de3def799f60ce2a16721687937ffb2a3f9bd3ae
db6f3663ecb5b124f3c02ce15691739fe69888b7ed6112f03062489470517f77
GET /game/firewall.js HTTP/1.1
Host: www.nulltag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://henley-gail-7136.firebaseapp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html
content-length: 683
date: Mon, 23 Oct 2023 20:04:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: https://kerangajaib.biz.id/game/firewall.js
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
henley-gail-7136.firebaseapp.com/favicon.ico
404 Not Found 11 kB URL GET HTTP/3 henley-gail-7136.firebaseapp.com/favicon.ico
IP
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerGoogle Trust Services LLC
Subjectfirebaseapp.com
Fingerprint04:74:6E:47:BF:94:51:56:F9:27:7E:1F:07:A6:D0:AA:1F:2B:20:9D
ValidityMon, 11 Sep 2023 19:28:58 GMT - Sun, 10 Dec 2023 19:28:57 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8125)
Hash 30b57fc35a6c2b706de9ce2c38f257c2
7270e201ec681343de06bf6c1c63ae61de526c98
e5be0c3483138abfc50dae40ad4ebc51443cf8693b3cee01469d88bcf36bfd76
GET /favicon.ico HTTP/1.1
Host: henley-gail-7136.firebaseapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://henley-gail-7136.firebaseapp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
content-length: 10712
cache-control: max-age=3600
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Mon, 23 Oct 2023 20:04:19 GMT
x-served-by: cache-bma1663-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1698091459.012401,VS0,VE136
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
www.effectivecreativeformat.com/70a2cad1dcdb19d5acae185ef0c34608/invoke.js
200 OK 11 kB URL GET HTTP/1.1 www.effectivecreativeformat.com/70a2cad1dcdb19d5acae185ef0c34608/invoke.js
IP
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerLet's Encrypt
Subjecteffectivecreativeformat.com
Fingerprint6A:8F:F6:A0:C1:B6:14:AE:5C:CC:1E:DE:42:5D:60:E8:38:7A:B6:42
ValidityThu, 19 Oct 2023 06:30:20 GMT - Wed, 17 Jan 2024 06:30:19 GMT
File type exported SGML document, ASCII text, with very long lines (29619), with no line terminators
Hash 0bde62bc03256de6792e65dc793ff028
f075852cab713fa86a8461f8b0635d64c054dc52
180e702ac7ff368c26e3f1efba7b1f670013491749659b712a3c03242150ec2c
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
Quad9 DNS malicious Sinkholed
GET /70a2cad1dcdb19d5acae185ef0c34608/invoke.js HTTP/1.1
Host: www.effectivecreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://henley-gail-7136.firebaseapp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 23 Oct 2023 20:04:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b6451a3623bac4743fd234b60a0460a6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.effectivecreativeformat.com/71013c3701458440f498f78a6e5c67cd/invoke.js
200 OK 11 kB URL GET HTTP/1.1 www.effectivecreativeformat.com/71013c3701458440f498f78a6e5c67cd/invoke.js
IP
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerLet's Encrypt
Subjecteffectivecreativeformat.com
Fingerprint6A:8F:F6:A0:C1:B6:14:AE:5C:CC:1E:DE:42:5D:60:E8:38:7A:B6:42
ValidityThu, 19 Oct 2023 06:30:20 GMT - Wed, 17 Jan 2024 06:30:19 GMT
File type exported SGML document, ASCII text, with very long lines (29622), with no line terminators
Hash e485138e7abef7d335eb27c4c51561eb
80d4f9cf5646d5b87db319e37630157a5b586dee
c6e35af0099ded38a863c110f8ad65d656e669f8cdb1ee2edd159a1c05e8b351
Analyzer Verdict Alert mnemonic secure dns malicious Sinkholed
Quad9 DNS malicious Sinkholed
GET /71013c3701458440f498f78a6e5c67cd/invoke.js HTTP/1.1
Host: www.effectivecreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://henley-gail-7136.firebaseapp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 23 Oct 2023 20:04:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba030467a9890a9310e5627c1cc061f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
professionalswebcheck.com/stats
200 OK 40 B URL GET HTTP/2 professionalswebcheck.com/stats
IP
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 920c7409860b053283f66e14ce086546
04464ca893b8907fea00810f5e62ab4aa5b451c3
fda122dc9aa4426e1a332fadb697c82d02d4526ce184f54e1e04500ea9bc9881
GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://henley-gail-7136.firebaseapp.com
DNT: 1
Connection: keep-alive
Referer: https://henley-gail-7136.firebaseapp.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 23 Oct 2023 20:04:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://henley-gail-7136.firebaseapp.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab:1:1; expires=Thu, 20 Oct 2033 20:04:19 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
downtowndisapproval.com/watch.941176361399.js?key=71013c3701458440f498f78a6e5c67cd&kw=%5B%22delicious%22%2C%22recipes%22%5D&refer=https%3A%2F%2Fhenley-gail-7136.firebaseapp.com%2F&tz=0&dev=e&res=14.2079&uuid=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab%3A1%3A1
307 Temporary Redirect 0 B URL GET HTTP/1.1 downtowndisapproval.com/watch.941176361399.js?key=71013c3701458440f498f78a6e5c67cd&kw=%5B%22delicious%22%2C%22recipes%22%5D&refer=https%3A%2F%2Fhenley-gail-7136.firebaseapp.com%2F&tz=0&dev=e&res=14.2079&uuid=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab%3A1%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerLet's Encrypt
Subjectdowntowndisapproval.com
FingerprintF7:0B:01:4D:45:DC:44:A4:A3:E4:23:2C:30:0B:F0:E1:8D:42:E9:07
ValidityTue, 10 Oct 2023 08:38:05 GMT - Mon, 08 Jan 2024 08:38:04 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.941176361399.js?key=71013c3701458440f498f78a6e5c67cd&kw=%5B%22delicious%22%2C%22recipes%22%5D&refer=https%3A%2F%2Fhenley-gail-7136.firebaseapp.com%2F&tz=0&dev=e&res=14.2079&uuid=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab%3A1%3A1 HTTP/1.1
Host: downtowndisapproval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://henley-gail-7136.firebaseapp.com
DNT: 1
Connection: keep-alive
Referer: https://henley-gail-7136.firebaseapp.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 23 Oct 2023 20:04:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://henley-gail-7136.firebaseapp.com
Access-Control-Allow-Origin: https://henley-gail-7136.firebaseapp.com
Access-Control-Allow-Credentials: true
Location: https://downtowndisapproval.com/watch.941176361399.js?key=71013c3701458440f498f78a6e5c67cd&kw=%5B%22delicious%22%2C%22recipes%22%5D&refer=https%3A%2F%2Fhenley-gail-7136.firebaseapp.com%2F&tz=0&dev=e&res=14.2079&uuid=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab%3A1%3A1&shu=380fa62b985055f9ba780cb666445ef3ad09bc39631d240a6ad061945ac9c801b8fca79bf298a2ba20b66d13f1d2a3c7045be94d32439407885685d86906084d03b122e7ab15950efffd62e1a63c438240f410c264b13a48785dcaa4babf26&pst=1698091520&rmtc=t
Set-Cookie: u_pl=15994005; expires=Tue, 24 Oct 2023 20:04:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTk5NDAwNSwiayI6IjcxMDEzYzM3MDE0NTg0NDBmNDk4Zjc4YTZlNWM2N2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDM4NzY0LCJwaWQiOjI0OTc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMiwiYWlkIjoyMywicHQiOjQsInBrIjoid3pmM2Z1M3V3IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9oZW5sZXktZ2FpbC03MTM2LmZpcmViYXNlYXBwLmNvbS8ifX0.F03rEFIlYCPWuMjQigZ327zlyY0f17W_z5Askmpxs9g; expires=Mon, 23 Oct 2023 20:05:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a13a8aa7d2d26226095d9da01cf3568
Strict-Transport-Security: max-age=0; includeSubdomains
downtowndisapproval.com/watch.941176361399.js?key=71013c3701458440f498f78a6e5c67cd&kw=%5B%22delicious%22%2C%22recipes%22%5D&refer=https%3A%2F%2Fhenley-gail-7136.firebaseapp.com%2F&tz=0&dev=e&res=14.2079&uuid=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab%3A1%3A1&shu=380fa62b985055f9ba780cb666445ef3ad09bc39631d240a6ad061945ac9c801b8fca79bf298a2ba20b66d13f1d2a3c7045be94d32439407885685d86906084d03b122e7ab15950efffd62e1a63c438240f410c264b13a48785dcaa4babf26&pst=1698091520&rmtc=t
200 OK 2.0 kB URL GET HTTP/1.1 downtowndisapproval.com/watch.941176361399.js?key=71013c3701458440f498f78a6e5c67cd&kw=%5B%22delicious%22%2C%22recipes%22%5D&refer=https%3A%2F%2Fhenley-gail-7136.firebaseapp.com%2F&tz=0&dev=e&res=14.2079&uuid=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab%3A1%3A1&shu=380fa62b985055f9ba780cb666445ef3ad09bc39631d240a6ad061945ac9c801b8fca79bf298a2ba20b66d13f1d2a3c7045be94d32439407885685d86906084d03b122e7ab15950efffd62e1a63c438240f410c264b13a48785dcaa4babf26&pst=1698091520&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerLet's Encrypt
Subjectdowntowndisapproval.com
FingerprintF7:0B:01:4D:45:DC:44:A4:A3:E4:23:2C:30:0B:F0:E1:8D:42:E9:07
ValidityTue, 10 Oct 2023 08:38:05 GMT - Mon, 08 Jan 2024 08:38:04 GMT
File type HTML document, ASCII text, with very long lines (2483)
Hash d3e1ca5483445bc81e1bd7d989d7b768
14ec4920b9497323dc6a7f7eab36fd4cbd739fae
68deda8af321960d94536c4479a462f3305cf62b1772fbff296c6aa9529cfaf4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.941176361399.js?key=71013c3701458440f498f78a6e5c67cd&kw=%5B%22delicious%22%2C%22recipes%22%5D&refer=https%3A%2F%2Fhenley-gail-7136.firebaseapp.com%2F&tz=0&dev=e&res=14.2079&uuid=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab%3A1%3A1&shu=380fa62b985055f9ba780cb666445ef3ad09bc39631d240a6ad061945ac9c801b8fca79bf298a2ba20b66d13f1d2a3c7045be94d32439407885685d86906084d03b122e7ab15950efffd62e1a63c438240f410c264b13a48785dcaa4babf26&pst=1698091520&rmtc=t HTTP/1.1
Host: downtowndisapproval.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://henley-gail-7136.firebaseapp.com
Referer: https://henley-gail-7136.firebaseapp.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=15994005; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTk5NDAwNSwiayI6IjcxMDEzYzM3MDE0NTg0NDBmNDk4Zjc4YTZlNWM2N2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDM4NzY0LCJwaWQiOjI0OTc4OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMiwiYWlkIjoyMywicHQiOjQsInBrIjoid3pmM2Z1M3V3IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9oZW5sZXktZ2FpbC03MTM2LmZpcmViYXNlYXBwLmNvbS8ifX0.F03rEFIlYCPWuMjQigZ327zlyY0f17W_z5Askmpxs9g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 23 Oct 2023 20:04:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://henley-gail-7136.firebaseapp.com
Access-Control-Allow-Origin: https://henley-gail-7136.firebaseapp.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3c62d2c4-968e-4e2a-acdf-7b6b517c78ab:1:1; expires=Mon, 30 Oct 2023 20:04:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 24 Oct 2023 20:04:20 GMT; secure; SameSite=None
uncs=1; expires=Tue, 24 Oct 2023 20:04:20 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 24 Oct 2023 20:04:20 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 24 Oct 2023 20:04:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2fe8b49d54818ff4cc184dbd4ad26639
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/da/01/05/da0105e4ae1a31a4d43bec6b6ef743d3/1663335078.png
200 OK 38 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/da/01/05/da0105e4ae1a31a4d43bec6b6ef743d3/1663335078.png
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint62:DE:BA:BA:30:E9:EE:15:E9:24:B9:C5:BF:E1:7E:39:8B:20:E5:42
ValiditySun, 24 Sep 2023 23:04:02 GMT - Sat, 23 Dec 2023 23:04:01 GMT
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash aa0956fc38e9c4e68f6f8d8ebff739a2
fec142174247fdc87ae61a304ec8c2649e864c63
474d26f6cb035ab556e59f1b83aafa3941328ae2b3802cefd5a221f139693dfc
GET /cti/da/01/05/da0105e4ae1a31a4d43bec6b6ef743d3/1663335078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 23 Oct 2023 20:04:20 GMT
content-type: image/png
content-length: 37947
server: nginx/1.21.6
last-modified: Fri, 16 Sep 2022 13:31:26 GMT
etag: "63247aae-943b"
expires: Wed, 25 Oct 2023 20:04:20 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
kerangajaib.biz.id/game/firewall.js
200 OK 14 kB URL GET HTTP/2 kerangajaib.biz.id/game/firewall.js
IP
Requested by https://henley-gail-7136.firebaseapp.com/
Certificate IssuerGoogle Trust Services LLC
Subjectkerangajaib.biz.id
Fingerprint35:51:21:55:A9:6E:26:87:94:63:29:8E:A8:1A:BD:FD:51:69:85:AB
ValidityWed, 18 Oct 2023 12:33:39 GMT - Tue, 16 Jan 2024 12:33:38 GMT
File type HTML document, ASCII text, with very long lines (6427), with CR line terminators
Hash d139c21e6a05ff9de67377b24112614b
3f679cfc3551863b8b4512f7f9540d4cd5c09056
f804837db181c7fd6ea989e497cea25921d7ed72a9eb2c6ee361235a8d63ddc1
GET /game/firewall.js HTTP/1.1
Host: kerangajaib.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://henley-gail-7136.firebaseapp.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 23 Oct 2023 20:04:18 GMT
content-type: application/javascript
last-modified: Tue, 28 Feb 2023 11:53:17 GMT
vary: Accept-Encoding
etag: W/"63fdeb2d-35f7"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6UwzQSHijL8WReL8RVXZ%2FaBWLiKR24%2BFTbLGwJhGiCrb%2B%2B7bSe60OjisZwIC25EXLQSI61SDE4iCLAq3YfW30pb4k8rOy2yi9V7ct3S0DR0G6id00frwnClpI7g9leemP%2Bxcvg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81ac969c99780b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
199.36.158.100
3.73.202.184
188.114.97.1
172.96.191.156