| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP104.17.24.14:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7862) Hash96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
Origin: https://russshatswelluzy49.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 321771
expires: Thu, 24 Apr 2025 10:52:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2BJeoT8R%2BPZA5xYQrgqbSitHgvFqAvWGUCygDgQKa%2Bxkq%2Ba4q3zeQgotVPbd1JYvP5UNhMsrLVvvOViN4HCR6ku8KDZGlO7aveHMC2omG0crWsQMeqRHq9HPSDYY%2Fl8P3KP8rEu7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e7f1b4988a56c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js | 104.17.24.14 | 200 OK | 22 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP104.17.24.14:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65241) Hash1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
Origin: https://russshatswelluzy49.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 325043
expires: Thu, 24 Apr 2025 10:52:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTIbF%2FMXdPiXIT97VmR9dddgQnNMEMO2AvpzQ2iW78jCMOC3fde3QPiH5BNullh%2BJ52t2%2B79qkIvidzZhasR39%2B427xM4Mfp61Fr1qWXdoPOaBn%2F1PfFhHrNPDsYobNyuW1anskZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87e7f1b4887c56c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif | 142.250.74.161 | 200 OK | 362 B |
URL GET HTTP/23.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif IP142.250.74.161:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeGIF image data, version 89a, 52 x 15 Hashfd2c05a8c327ace309722b0a5fc4faf3 f446e97c43f8830be9f60644563dd846abe6b8e8 0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Sat, 04 May 2024 09:38:01 GMT
expires: Sun, 05 May 2024 09:38:01 GMT
cache-control: public, max-age=86400, no-transform
age: 4495
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js IP172.240.108.68:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31291), with no line terminators Hash6cab4cc3eda506ddaab698c18efb6210 70e7f144b9115b60d62c71ab3136e8cfb7903043 27d1bb1fb7a7ef79d1e57b0a4353b04c4b498831be88fbf4a4d983155bfa9cb3
GET /3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:52:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a69bfbaad7665fd0018cd114e8feeb3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.r2m03.amazontrust.com/ | 3.164.222.26 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP3.164.222.26:0
Hash353dbae1e1b45a750770ae51bef13ba7 465917a2a0bbb947e9727e7f08b584a82aa6fb81 9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 10:52:57 GMT
Last-Modified: Sat, 04 May 2024 09:41:21 GMT
Server: ECAcc (ska/F6E1)
X-Cache: Miss from cloudfront
Via: 1.1 d6c4df67fbc9179b8107c6193c7dead8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: FwSNapo6TzN1MMuxIFkUy2S54OD1KuoYYIGmHeoy8H1NtW9K7tEFeQ==
Age: 4296
|
|
| proftrafficcounter.com/stats | 52.29.105.35 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.29.105.35:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash5646033eb3e8b85d2766e814b5aa3766 31f9bf2c1b5e9835b2ba96f90f7deaf1d770c9c7 46aa5b66ca108570d006356f5449314edef2218c7397955384963ca950ff0460
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
Origin: https://russshatswelluzy49.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:57 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://russshatswelluzy49.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551:3:1; expires=Tue, 02 May 2034 10:52:57 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d | 104.21.86.41 | 200 OK | 12 kB |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP104.21.86.41:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hash500accfab8797557b0f922957a9319dd 8d35e1a694c6b6425f79cda1bdc33684b3a05435 29631aedec51cdf985b9ea2e0a34a4d72f4382bac37b5c0f0388f8c9f51fd8e4
GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 10:52:57 GMT
content-type: application/javascript
set-cookie: PHPSESSID=cta2h4c4ujcj47u6pq1dr2mgv3; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2BxYtWFxaO8dG7r%2Bue14%2BoNnpr0PrzbZ7Nj%2BHviQUGXi4fxQ4AFTpbRxs7L8xpf8UhQ9iyllf8ph34jxTjvnaTYfjAAnHqML53Pm%2BZOuNMQKnax8jHzdyb1%2Bwi6H%2BYgRWGXJcAyOAN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7f1bad890b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js | 172.240.108.68 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/1f00c6b60ce46955dbdc5d473dcaea71/invoke.js IP172.240.108.68:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31291), with no line terminators Hashe9be6b21b8c0fc0ee39d10bf40286c6b d2ded1bf3c7db38d1c2e9cc7a1f7d1a86ca70106 277d6e12a0105c18be985fa816acd589fe08f4d30a37b141813c4dcd9b333925
GET /1f00c6b60ce46955dbdc5d473dcaea71/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:52:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 27839fd6fcace0ad26c31dcfd778dc33
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| lazyrelentless.com/watch.1224007269261.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 | 192.243.59.13 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1lazyrelentless.com/watch.1224007269261.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectlazyrelentless.com Fingerprint6A:F6:99:3B:A1:19:BA:81:D8:58:5F:A0:AE:BB:95:E8:D6:A0:3D:B0 ValidityMon, 29 Apr 2024 08:04:53 GMT - Sun, 28 Jul 2024 08:04:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1224007269261.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 HTTP/1.1
Host: lazyrelentless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
Origin: https://russshatswelluzy49.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 May 2024 10:52:57 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Origin: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Credentials: true
Location: https://lazyrelentless.com/watch.1224007269261.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820037&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=e35e3a55ae00ef684bac78108dbb33d84fd7ecb35a9f40c7c67e164c2cf62f0faea88e45fcd42efaa1c8e783f16ce17084159573ac1349f9a17ab7276de5e7b4c10d534af02d9c8cc2f7378f6e502ba23bbcf3413f88739c674071640e8812&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1
Set-Cookie: u_pl=17761257; expires=Sun, 05 May 2024 10:52:57 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3J1c3NzaGF0c3dlbGx1enk0OS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.JeH7hWdUgTsz3_U_Is4TohaFb3QUTpRt01TitYSuaWo; expires=Sat, 04 May 2024 10:53:57 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 86a2c11ed7b6768aab62c8cc63283167
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| tse1.mm.bing.net/th?q= | 204.79.197.200 | 404 Not Found | 727 B |
IP204.79.197.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3 Hash5116706c119475f5ae2fc135c3358037 7e5bdf3585153e317ebef05a9b8241d311e44cb3 7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c
GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CE4FFF193F424A099F0784EE193AEA86 Ref B: OSL30EDGE0516 Ref C: 2024-05-04T10:52:58Z
date: Sat, 04 May 2024 10:52:57 GMT
X-Firefox-Spdy: h2
|
|
| misuseproductions.com/watch.1040354965003.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 | 192.243.61.227 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1misuseproductions.com/watch.1040354965003.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectmisuseproductions.com FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6 ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1040354965003.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
Origin: https://russshatswelluzy49.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:52:58 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Origin: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Credentials: true
Location: https://misuseproductions.com/watch.1040354965003.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=6a22d77a1106dbbf8f9efefacc35582de6ebf86d650fb0768421cdc1513ee0b43def9223f87ca7a015986bb307641f86a93296b42b81b54fcfd91d0239cc8c9b2998ae0a9cfbf9e9992345f1aec29cecac1358757ada53a2ba1c75bd95&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1
Set-Cookie: u_pl=17761257; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3J1c3NzaGF0c3dlbGx1enk0OS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.JeH7hWdUgTsz3_U_Is4TohaFb3QUTpRt01TitYSuaWo; expires=Sat, 04 May 2024 10:53:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5bcb473a779e26f290f0d1c1e808ee67
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d | 104.21.86.41 | 200 OK | 712 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP104.21.86.41:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hash500accfab8797557b0f922957a9319dd 8d35e1a694c6b6425f79cda1bdc33684b3a05435 29631aedec51cdf985b9ea2e0a34a4d72f4382bac37b5c0f0388f8c9f51fd8e4
GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:56 GMT
content-type: application/javascript
set-cookie: PHPSESSID=h6ip5ctq1s8mnm3764hak0uo8m; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohC42JOip2rXPZGcJTqN8Exmhum8qz4nlKa1SDQNOZV65iJ7TAeJcc7FoFBMGYJVz31UuFyyareg094kNJxw2PTvxKeNH9f156BVJyppjFNZ9y%2BXlfo7fP2aAmmM46Sf7rqATVVyaoQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7f1b4dd4156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f | 104.21.86.41 | 200 OK | 654 B |
URL GET HTTP/2ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f IP104.21.86.41:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectbisniskini.biz.id FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT
File typeASCII text, with CRLF line terminators Hashda5be2f58448ab4d361b13fc4aa856d6 8aed36020a313c60c453d48b4a88157d8853cbd6 c70f11d7f1e67dfd4341b00b430d7cf96feadef332fe1be92541c7ea19cd13ff
GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:56 GMT
content-type: application/javascript
set-cookie: PHPSESSID=br6bv62gtlq4ckdjrhi6f5nrbk; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lF9ZqySgomxExLvFXJPVF7tQuMAd2e5iND3XHKgnf4MJ3GrKjVjHDEwaSCNVe74TbD3wDoknYAaKrn9rbFHiStFTUG91JHlhAiTZ%2FD4fj14ASp1N6rONVAVvj6z8qAw7F323XEqoUzw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e7f1b4dd3e56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| agrarianbrowse.com/watch.477583338830.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 | 192.243.59.20 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1agrarianbrowse.com/watch.477583338830.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectagrarianbrowse.com Fingerprint5C:E3:DC:E6:D1:6E:DA:7C:F7:7E:BE:3E:DA:4C:35:B6:B4:58:B3:96 ValidityTue, 30 Apr 2024 15:25:21 GMT - Mon, 29 Jul 2024 15:25:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.477583338830.js?key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 HTTP/1.1
Host: agrarianbrowse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
Origin: https://russshatswelluzy49.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 May 2024 10:52:58 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Origin: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Credentials: true
Location: https://agrarianbrowse.com/watch.477583338830.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=a3e364b764eee4da9e6c8c99c5a6320a38b73494cafc339ccb3219ecd08bc6549890da6577afb48d8782734978d9da8ca4930d764bcbc012073d51e130732668459e7698ba03d7da7fdbee728ebc45679aaea100f377a5c085cd7e04c7ab&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1
Set-Cookie: u_pl=17761293; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI5MywiayI6IjFmMDBjNmI2MGNlNDY5NTVkYmRjNWQ0NzNkY2FlYTcxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODYyLCJwaWQiOjM5OTU3NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImJ0cWthNWJmeiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3J1c3NzaGF0c3dlbGx1enk0OS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.ZkYyGWefkJYXtmie97wy9wYBCZ98Od2jppFdWRyT8xk; expires=Sat, 04 May 2024 10:53:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c408306c7fb1f57a5ff6065393fc7761
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| misuseproductions.com/watch.1040354965003.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=6a22d77a1106dbbf8f9efefacc35582de6ebf86d650fb0768421cdc1513ee0b43def9223f87ca7a015986bb307641f86a93296b42b81b54fcfd91d0239cc8c9b2998ae0a9cfbf9e9992345f1aec29cecac1358757ada53a2ba1c75bd95&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 | 192.243.61.227 | 200 OK | 2.0 kB |
URL GET HTTP/1.1misuseproductions.com/watch.1040354965003.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=6a22d77a1106dbbf8f9efefacc35582de6ebf86d650fb0768421cdc1513ee0b43def9223f87ca7a015986bb307641f86a93296b42b81b54fcfd91d0239cc8c9b2998ae0a9cfbf9e9992345f1aec29cecac1358757ada53a2ba1c75bd95&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectmisuseproductions.com FingerprintAE:BD:BB:C1:A9:8B:FD:93:7D:63:43:E2:6D:71:12:A4:64:7C:51:D6 ValidityMon, 29 Apr 2024 12:56:02 GMT - Sun, 28 Jul 2024 12:56:01 GMT
File typeJavaScript source, ASCII text, with very long lines (2435) Hashd83b2d9924c0c50036c6b22beca96f1e c1110bd3ceffdb9a2bec482628b54b5ea4250a34 f88a0f87e6d07b25d07daeb6595723e156753d1b03a37c59477bf5460294dab8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1040354965003.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=6a22d77a1106dbbf8f9efefacc35582de6ebf86d650fb0768421cdc1513ee0b43def9223f87ca7a015986bb307641f86a93296b42b81b54fcfd91d0239cc8c9b2998ae0a9cfbf9e9992345f1aec29cecac1358757ada53a2ba1c75bd95&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 HTTP/1.1
Host: misuseproductions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://russshatswelluzy49.pages.dev
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3J1c3NzaGF0c3dlbGx1enk0OS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.JeH7hWdUgTsz3_U_Is4TohaFb3QUTpRt01TitYSuaWo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 10:52:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Origin: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551:3:1; expires=Sat, 11 May 2024 10:52:58 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 28c0ac50e4bf2399e5043985ca87f25e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| agrarianbrowse.com/watch.477583338830.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=a3e364b764eee4da9e6c8c99c5a6320a38b73494cafc339ccb3219ecd08bc6549890da6577afb48d8782734978d9da8ca4930d764bcbc012073d51e130732668459e7698ba03d7da7fdbee728ebc45679aaea100f377a5c085cd7e04c7ab&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 | 192.243.59.20 | 200 OK | 2.0 kB |
URL GET HTTP/1.1agrarianbrowse.com/watch.477583338830.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=a3e364b764eee4da9e6c8c99c5a6320a38b73494cafc339ccb3219ecd08bc6549890da6577afb48d8782734978d9da8ca4930d764bcbc012073d51e130732668459e7698ba03d7da7fdbee728ebc45679aaea100f377a5c085cd7e04c7ab&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 IP192.243.59.20:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectagrarianbrowse.com Fingerprint5C:E3:DC:E6:D1:6E:DA:7C:F7:7E:BE:3E:DA:4C:35:B6:B4:58:B3:96 ValidityTue, 30 Apr 2024 15:25:21 GMT - Mon, 29 Jul 2024 15:25:20 GMT
File typeJavaScript source, ASCII text, with very long lines (2442) Hash7851fa1764f2e0e5405c19475496616c df0f793fcee43127ac01daea168d56dc477240ec f1e36b118831b868aa4e26d2daffc38703ca6f234b72d7414b78ea87850052c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.477583338830.js?dev=e&key=1f00c6b60ce46955dbdc5d473dcaea71&kw=%5B%5D&pst=1714820038&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=a3e364b764eee4da9e6c8c99c5a6320a38b73494cafc339ccb3219ecd08bc6549890da6577afb48d8782734978d9da8ca4930d764bcbc012073d51e130732668459e7698ba03d7da7fdbee728ebc45679aaea100f377a5c085cd7e04c7ab&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 HTTP/1.1
Host: agrarianbrowse.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://russshatswelluzy49.pages.dev
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761293; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI5MywiayI6IjFmMDBjNmI2MGNlNDY5NTVkYmRjNWQ0NzNkY2FlYTcxIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODYyLCJwaWQiOjM5OTU3NSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImJ0cWthNWJmeiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3J1c3NzaGF0c3dlbGx1enk0OS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.ZkYyGWefkJYXtmie97wy9wYBCZ98Od2jppFdWRyT8xk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 10:52:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Origin: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551:3:1; expires=Sat, 11 May 2024 10:52:58 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a12cc579862bcaf30aadc5a2cdf1bc63
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/f4/5d/a9/f45da9217a040f710ab7e6eb63f725f9/1708072373.png | 45.133.44.10 | 200 OK | 55 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/f4/5d/a9/f45da9217a040f710ab7e6eb63f725f9/1708072373.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Hash1a32ad655fade33771fc11663348e89c 556c19aab477a000d35caf3172e0bf98a14d56af 51cad869f8092caf3c3cb629eec029a57c38a4917388475f6da5bed9221cecaa
GET /cti/f4/5d/a9/f45da9217a040f710ab7e6eb63f725f9/1708072373.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:58 GMT
content-type: image/png
content-length: 55084
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:33:01 GMT
etag: "65cf1dbd-d72c"
expires: Mon, 06 May 2024 10:52:58 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| lazyrelentless.com/watch.1224007269261.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820037&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=e35e3a55ae00ef684bac78108dbb33d84fd7ecb35a9f40c7c67e164c2cf62f0faea88e45fcd42efaa1c8e783f16ce17084159573ac1349f9a17ab7276de5e7b4c10d534af02d9c8cc2f7378f6e502ba23bbcf3413f88739c674071640e8812&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 | 192.243.59.13 | 200 OK | 2.0 kB |
URL GET HTTP/1.1lazyrelentless.com/watch.1224007269261.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820037&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=e35e3a55ae00ef684bac78108dbb33d84fd7ecb35a9f40c7c67e164c2cf62f0faea88e45fcd42efaa1c8e783f16ce17084159573ac1349f9a17ab7276de5e7b4c10d534af02d9c8cc2f7378f6e502ba23bbcf3413f88739c674071640e8812&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 IP192.243.59.13:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectlazyrelentless.com Fingerprint6A:F6:99:3B:A1:19:BA:81:D8:58:5F:A0:AE:BB:95:E8:D6:A0:3D:B0 ValidityMon, 29 Apr 2024 08:04:53 GMT - Sun, 28 Jul 2024 08:04:52 GMT
File typeJavaScript source, ASCII text, with very long lines (2456) Hash8efbedd45e3f0176b5946a30ec2796f8 daf04927ee550cc7888705ba9f8de0cc34a6e58d 825c4c4e7e639ba4d7d5f8e9f2af2a60958af8cb88ef8df532c04eccc8b3b3af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1224007269261.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714820037&refer=https%3A%2F%2Frussshatswelluzy49.pages.dev%2F&res=14.2071&rmtc=t&shu=e35e3a55ae00ef684bac78108dbb33d84fd7ecb35a9f40c7c67e164c2cf62f0faea88e45fcd42efaa1c8e783f16ce17084159573ac1349f9a17ab7276de5e7b4c10d534af02d9c8cc2f7378f6e502ba23bbcf3413f88739c674071640e8812&tz=0&uuid=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551%3A3%3A1 HTTP/1.1
Host: lazyrelentless.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://russshatswelluzy49.pages.dev
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3J1c3NzaGF0c3dlbGx1enk0OS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.JeH7hWdUgTsz3_U_Is4TohaFb3QUTpRt01TitYSuaWo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 10:52:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Origin: https://russshatswelluzy49.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cf0c41fa-1e8d-4d80-bcbe-c65c7a4c0551:3:1; expires=Sat, 11 May 2024 10:52:58 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 05 May 2024 10:52:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1a811ea76fc30939c6d2c3ad6f868727
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png | 45.133.44.10 | 200 OK | 96 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGB, non-interlaced Hash0ba904126a4592e4866c657f761ddc25 6b40223686b8ce5bf58ec0375a09de7c0c3bec7a f0e24a117d128140b403f57dc94cf263cf5e6ed39c757f7e0f39988cb32bc00b
GET /cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:58 GMT
content-type: image/png
content-length: 96103
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:53:29 GMT
etag: "610806e9-17767"
expires: Mon, 06 May 2024 10:52:58 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png | 45.133.44.10 | 200 OK | 136 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGB, non-interlaced Size136 kB (136090 bytes) Hash11675ef6f5c8559ec0ade47755155665 20df6be038de603b97f849e07460cd0600b34867 4d361374b3e2e4f8de896a1f1014d500ed0802bf028d2c7bbd606f9e87ba88a4
GET /cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:58 GMT
content-type: image/png
content-length: 136090
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:51:59 GMT
etag: "6108068f-2139a"
expires: Mon, 06 May 2024 10:52:58 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| shayscholz.blogspot.com/favicon.ico | 216.58.207.193 | | 412 B |
URL GET shayscholz.blogspot.com/favicon.ico IP216.58.207.193:0
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeMS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel Hash59a0c7b6e4848ccdabcea0636efda02b 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/x-icon
expires: Sat, 04 May 2024 10:52:58 GMT
date: Sat, 04 May 2024 10:52:58 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= | 142.250.74.142 | 200 OK | 20 B |
URL GET HTTP/2suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP142.250.74.142:443
Requested byhttps://russshatswelluzy49.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hasha1b72ded50d7e2b047cd0d3966b148ab 8ff9743451774724c183efa801b999ecce23821a 4d9063bb918234965c25e4a0844d20c1cb01dae120c181c92f39a33b869be23f
GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://russshatswelluzy49.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:58 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-YdDPBFwUv7Jzr7BFzqbdkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| russshatswelluzy49.pages.dev/ | 172.66.44.91 | 200 OK | 17 kB |
URL User Request GET HTTP/2russshatswelluzy49.pages.dev/ IP172.66.44.91:443
CertificateIssuerLet's Encrypt Subjectrussshatswelluzy49.pages.dev FingerprintFA:92:8E:28:7E:96:66:F2:77:6F:AC:12:EF:30:4A:C3:5F:87:E6:3D ValiditySat, 04 May 2024 02:57:41 GMT - Fri, 02 Aug 2024 02:57:40 GMT
File typeHTML document, ASCII text, with very long lines (7816) Hashd3d48065034747c228614bf78428edfb bf30d66de3b7a5a75865091f5d0c422cb641e586 30282a3d7fed0b55b8854a5eb615bf9edb4d56805cc4fce22cb19cb719fb4802
GET / HTTP/1.1
Host: russshatswelluzy49.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 10:52:56 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e792f4bb4d72d36ebfa30d180ca7994b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QraWgOuDNVpulrU5lE2wYpOxfKmfPaB5rBmygdlRUZuKRlmDO6wpi%2FSO95dz7wHyySp24zedygISvybAKzAnmUB63qS85Mhqke%2Fy4v2RWnOFs6rcA4suFZ0hnW5sI05BbzDr8r7v1Uf0izyE9aZg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e7f1b18b3056c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|