| nf02ch1pos.xzf.my.id/img/wheel.png | 172.67.189.3 | 200 OK | 55 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/img/wheel.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typePNG image data, 859 x 871, 8-bit/color RGBA, non-interlaced Hash16ef0d10bc717ef3f5f503bfb8fcd5cd 5ad4d846bd3343ae0eb69c0160d57e15f50a5831 d48485a468b2b5d0ee7dd63efc60de6d4690573cf3b17968b223ec8f2476f84f
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/wheel.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 55386
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Wed, 08 Mar 2023 02:28:00 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xJ5%2BvItLgxdcO%2BhR8dp3%2FRHFoFH0WWugTFZPgpLpqZ%2Fv1rY51TfcwNZGLhtDHApY0GI9hSw%2FBJ%2Bu16D9mmE0sJ%2Bsh0plAJ%2By812mXx8uuay2Txn9q5em%2BJ8LhHZ3uk02e%2BNfxxlYOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755da360b55-OSL
|
|
| nf02ch1pos.xzf.my.id/static/img/reward/2.png | 172.67.189.3 | 200 OK | 85 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/reward/2.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1226x1600, components 3 Hash119470accbd2af810041fdcd49d8e2f5 0b615a7891fee7437025006d4dda5efcbf1b1691 e9025908646237265a70354884e48df20c5681753d512275987845c68c508a64
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/reward/2.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 85175
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Sun, 14 May 2023 03:08:46 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=boYvsNbMxDp4d6mz%2B6ElcUSfy4gnnxQmQflzMWazb4BaADjJodd6u8v%2Fi2QoKK3XD%2FAPEprtrVu3m4AaGkPo2QVDC2%2FVI0dlbK6wK5clqTDKq3M2sD407XHmt2De7UyOzvVY%2FnNDBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755ea380b55-OSL
|
|
| nf02ch1pos.xzf.my.id/static/img/reward/3.png | 172.67.189.3 | 200 OK | 46 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/reward/3.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 981x1280, components 3 Hashc582e9dba2ae73af6182e1fe9abb0fee 1fcea27e64d9f506ecaec0bf7263b79beb819538 d18eac5a647b3cbe70ffdfeb59637a4701fca0cf983342e30a5b6a7de7ffedd1
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/reward/3.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 46354
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Sun, 14 May 2023 03:08:46 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qZMCkNtVOYPTGgz1Hz7Bkm9mB83i3Rd7ntislsty2cMIIp0rfu3vAbu3miS5nMyIKOS7865XmDiBcomHcMZRWVYqZQl1XsOhgcP%2BmwgeZx4orsG54fkBfeLkbRnCp%2BsACjzZNrKSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755ea390b55-OSL
|
|
| nf02ch1pos.xzf.my.id/static/img/reward/4.png | 172.67.189.3 | 200 OK | 57 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/reward/4.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 981x1280, components 3 Hash1d24f499e014e54e681b9b83d8f4330a cd03a98e6b0bba779b6384e3968425c043783b8f 26f68851aa876e4fbae37344a370ba6bce35ef0807c6adc420ab32fe19c277fb
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/reward/4.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 56916
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Sun, 14 May 2023 03:08:46 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2FquxZgofJ8OcM87Rq6NLjzg3CgbjSto26xA%2BUoqJOXrgTOCELwmcMXqVBSWiWsFGwxm138ui7%2FnYhmBblevJ8VrIJrLrNAEX0WgkQBVrY2kU7%2BZ0HYfg1vNXI0KeCdAk0baUu%2FxSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755ea3b0b55-OSL
|
|
| nf02ch1pos.xzf.my.id/static/img/reward/6.png | 172.67.189.3 | 200 OK | 53 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/reward/6.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 981x1280, components 3 Hash00702a294de0dee58898f80fd177710a 6d93fd47f320c9660bb2c5aea8612b93b78ec591 6335a7a45110af2b62ca750cce10b1da121b7e6d3d1bb182375cd69bc3945040
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/reward/6.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 52731
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Sun, 14 May 2023 03:08:46 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tczBqqVLBDHBFF21HRhHyNkKyVYYr4BRzba8sAJnd%2BZ27vQSTTY7AbRMrqv5oRLl4ggAX%2FZ0O1C3dk8ztc1HTjZre4a6rgN9sAbLlpS4TBQhqhgsjcunCb1tsrhPUG6qSyroYy1prg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755ea3c0b55-OSL
|
|
| nf02ch1pos.xzf.my.id/static/img/reward/7.png | 172.67.189.3 | 200 OK | 60 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/reward/7.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1226x1600, components 3 Hash84697d8e828968245b32ea4be54e38ad ef9aecb795a05bb1a48cee4a06888bf1abdbea46 09042b2b039b8c28cc69d3cc777c38546e491abf5c9798907c834fb53a26b1fd
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/reward/7.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 60017
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Sun, 14 May 2023 03:08:46 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fs8hAnFqyL6v3ffLiCIFaQcA1jvCQwA8NkKkFuLu%2BU1zw8F2tGzfWbKyW4jNO5vBDmZxkzxndyhRM3QQreXRVzbk04KEm6e%2FYXdg2GWVTxtYjyUVu2HgLeEsAVP2gon3r%2FCF%2B%2F6IQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755ea3d0b55-OSL
|
|
| nf02ch1pos.xzf.my.id/static/img/reward/8.png | 172.67.189.3 | 200 OK | 59 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/reward/8.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 998x1280, components 3 Hash268282ec549b205fcfab016bf7457635 5368395a7af6d23b0b8298f2036b77dfa100e3a4 f8f7c2631ce36948aebfdc7a924067763b0165344d9803245485f024604bd729
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/reward/8.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 58985
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Sun, 14 May 2023 03:08:46 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XBrevhlcj2nFF5a2QZPlzu7xNYF6aKkmBLiSZ66HNJe4lt0Wgd68tFFwwdPvxqcrmiA%2FFu8o9lrCmOgk7zCkJ5DGve9BnIB3wZHg6hVB6x9LyDThVF%2Frwd9xcOyWEQrUjHkFePMc3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755ea3e0b55-OSL
|
|
| nf02ch1pos.xzf.my.id/static/img/reward/0.png | 172.67.189.3 | 200 OK | 121 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/reward/0.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 906x1222, components 3 Size121 kB (120852 bytes) Hashb50f0811e7d87b244cb28104dc0a13d8 f43e68d1209ae869161bb7f64f1197ad8396c4af 0b96372eec76f5b9d50f461b6d70c73eb7418eb89ede901721d8a6cd80a8438e
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/reward/0.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 120852
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Tue, 07 Mar 2023 09:00:00 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LwFLV7JP6JyR6C8t3pXwCCvYNgNwdclq37LIra2eNbd0bufuUgtQtrqKsgbVbhkB6wBt2cETxJamP%2FEDoH5R%2FmhmJ6zNcnaRggTOZHTo6cMA0LEagrR1Lc%2FrNE2vPWgOdG%2BVBuh0eg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755fa3f0b55-OSL
|
|
| cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css | 104.17.25.14 | 200 OK | 5.8 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css IP104.17.25.14:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashe9365fe85b7e4db79a87015e52c3db6c 2e2b5eb6e08f0f3d11fe0ada97c962a23ba6a0d9 dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: text/css; charset=utf-8
content-length: 5845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-1149f"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1285706
expires: Wed, 16 Apr 2025 04:09:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v2B2Wu08uBJaAPOcttUo22PO%2FoXKbQm94w07Z3fcfSQIyYQVL7WkbTPyRTzP8G01%2F%2BzYUnCQMNnU2pRu60Oivyzo%2FiKnrMpxDAUXKNNY9ZAfNLTDasv6qBqCqZJzC%2FcCuPkiYZKu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a3b7561da17127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/static/img/btnWheel.png | 172.67.189.3 | 200 OK | 904 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/img/btnWheel.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typePNG image data, 809 x 911, 8-bit/color RGBA, non-interlaced Size904 kB (904260 bytes) Hashc872d74e2f2c918698ae03c4e0211766 ef3c5725cc1f2a8346dbac6b5027180086ee672c 2520996250ae9ae5b2dec3bccb4f268bf5d1e6baaad648c4bd8163441987e697
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/img/btnWheel.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: image/png
content-length: 904260
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Thu, 30 Sep 2021 23:55:00 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EkypvSesnNfhj4x0xhvmsUQUmy0UBXboO4kh7%2FFlDzPgoWFqfuPCX45Rq8Z66PXCzJUtyzYRoULFJH4vcqdTh7BWm%2BQ6wQGLD8l0SJyFO4JG8VoFhuh5natfb%2Fq1xIH7e6SVbatwkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b755da370b55-OSL
|
|
| ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js | 216.58.207.234 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js IP216.58.207.234:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeJavaScript source, ASCII text, with very long lines (32180) Hash32015dd42e9582a80a84736f5d9a44d7 41b4bfbaa96be6d1440db6e78004ade1c134e276 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Apr 2024 18:35:20 GMT
expires: Thu, 24 Apr 2025 18:35:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 120834
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js | 216.58.207.234 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP216.58.207.234:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeJavaScript source, ASCII text, with very long lines (32061) Hashe40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 17:32:12 GMT
expires: Fri, 25 Apr 2025 17:32:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 38222
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| file.gifan.id/upload/files/WhatsApp%20Image%202024-02-01%20at%2023.01.05.jpeg | 104.21.234.34 | 200 OK | 90 kB |
URL GET HTTP/2file.gifan.id/upload/files/WhatsApp%20Image%202024-02-01%20at%2023.01.05.jpeg IP104.21.234.34:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgifan.id Fingerprint65:21:CF:78:C6:F3:9C:82:42:72:2D:29:CC:E1:28:F9:68:C7:DA:50 ValidityTue, 26 Mar 2024 02:33:24 GMT - Mon, 24 Jun 2024 02:33:23 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x610, components 3 Hash9d3f1fd34406e8581cd1c655366a49dc fba480abe841f5ae23a284c06300f645da34e497 086c7b2c9186b338d9c0a44f0db046bf22681ff03a462c125d1bae186dbb7d88
GET /upload/files/WhatsApp%20Image%202024-02-01%20at%2023.01.05.jpeg HTTP/1.1
Host: file.gifan.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: image/jpeg
content-length: 90520
cache-control: public, max-age=604800
expires: Sat, 27 Apr 2024 17:26:48 GMT
last-modified: Thu, 01 Feb 2024 17:30:42 GMT
x-powered-by: Niagahoster
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 470545
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qh5OGYWYNeiOUIjEkpIUdDh1iWYX1I5DcV2EhJ2M8cXBQysgOtKApWae7jw7oZic%2Bly8WZEPfUdqPTjZyhBN79ldeLIcpVWuYf0%2BQV%2Bm923xPdubPIlpcsQBP8dAcPI7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b7571807491c-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-1.10.2.min.js | 151.101.66.137 | 200 OK | 93 kB |
URL GET HTTP/2code.jquery.com/jquery-1.10.2.min.js IP151.101.66.137:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32072) Hash628072e7212db1e8cdacb22b21752cda 0511abe9863c2ea7084efa7e24d1d86c5b3974f1 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: "28feccc0-16bb3"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 26 Apr 2024 04:09:14 GMT
age: 752360
x-served-by: cache-lga13622-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 1606, 6167
x-timer: S1714104554.109881,VS0,VE0
vary: Accept-Encoding
content-length: 93107
X-Firefox-Spdy: h2
|
|
| i.postimg.cc/nVkV8M0W/FfMaxx.jpg | 162.19.88.68 | 200 OK | 37 kB |
URL GET HTTP/2i.postimg.cc/nVkV8M0W/FfMaxx.jpg IP162.19.88.68:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerLet's Encrypt Subjectpostimg.cc Fingerprint53:90:A2:AC:6E:D0:9C:56:06:D5:4F:6E:EE:C9:67:58:10:CF:9A:D6 ValidityMon, 22 Apr 2024 06:32:22 GMT - Sun, 21 Jul 2024 06:32:21 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3 Hash61aa45bf291755caa8f0664e4e8b91e9 33f6c6304486ce8004d9d459f08aa6b95982f0ba 323b5ffc0bc7f906cf266b1622e4de3f8dfddcb3f38c460e58b468906d51ebf3
GET /nVkV8M0W/FfMaxx.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: image/jpeg
content-length: 37166
last-modified: Sat, 04 Mar 2023 14:21:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| i.postimg.cc/3wBVgZTz/login-Method1.png | 162.19.88.68 | 200 OK | 29 kB |
URL GET HTTP/2i.postimg.cc/3wBVgZTz/login-Method1.png IP162.19.88.68:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerLet's Encrypt Subjectpostimg.cc Fingerprint53:90:A2:AC:6E:D0:9C:56:06:D5:4F:6E:EE:C9:67:58:10:CF:9A:D6 ValidityMon, 22 Apr 2024 06:32:22 GMT - Sun, 21 Jul 2024 06:32:21 GMT
File typePNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced Hash74190b93fc4f5d88f0c8e6411ba20bd8 89ce2ecb660a90b8e6ed1b335443d7767c59f28a 092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
GET /3wBVgZTz/login-Method1.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: image/png
content-length: 28789
last-modified: Sun, 26 Dec 2021 01:51:44 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/img/btn-off.png | 172.67.189.3 | 200 OK | 737 B |
URL GET HTTP/3nf02ch1pos.xzf.my.id/img/btn-off.png IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typePNG image data, 195 x 58, 8-bit colormap, non-interlaced Hash0ec1c29e13291ba7838177581aaf9578 f9fe0f9a9e9d5333c6c21ee099766e67ed076778 5c53b5b7d34dc07cb451499f37ff279a87d87033e9f3b6589c887a667fedfc4d
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/btn-off.png HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: image/png
content-length: 737
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Tue, 29 Nov 2022 22:13:36 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FhnoXOAccCjacAgwWbfT78Uq4og41PC5JDfWP%2F1TzZhsZcfOO69YLfFXSZkQ01eP1M56zX44LNCopOXk128krRychKiKgOml%2FAy%2FRSv%2FSMCOre5QxSPCadRY2VukCEeNCLh9tpgWbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b7598af20b55-OSL
|
|
| dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/garena_logo.b28b2b6.png | 152.195.133.221 | 200 OK | 11 kB |
URL GET HTTP/2dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/garena_logo.b28b2b6.png IP152.195.133.221:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerDigiCert Inc Subjectgarenanow.com FingerprintE5:A1:91:47:D0:BB:48:3B:61:90:65:8C:F4:53:95:6B:F0:2D:C6:D9 ValidityThu, 25 Apr 2024 00:00:00 GMT - Mon, 26 May 2025 23:59:59 GMT
File typePNG image data, 459 x 138, 8-bit/color RGBA, non-interlaced Hashf77fe97fc8f4d06fd93eaf7552c4a3e9 c73f03f3e5a9f460eb83e10ae7312738a36ce720 b695d33c5ece1af9739e89855c4cc718fd6e9550528009ee5ff644cac193cb41
GET /common/web_event/official2/dist/client/img/garena_logo.b28b2b6.png HTTP/1.1
Host: dl.dir.freefiremobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
age: 2354
cache-control: public, max-age=3600
content-md5: 93/pf8j00G/ZPq91UsSj6Q==
content-type: image/png
date: Fri, 26 Apr 2024 04:09:14 GMT
ec-version: v6.05
etag: "f77fe97fc8f4d06fd93eaf7552c4a3e9"
expires: Fri, 26 Apr 2024 05:09:14 GMT
last-modified: Wed, 10 Apr 2024 03:54:57 GMT
server: ECAcc (ska/F6CE)
via: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)
x-amz-cf-id: oq9nFPmUVz5qKaF12j8FwcoF-FrSk2xU-KivE0HoqU75f2bCDVIV9A==
x-amz-cf-pop: ARN56-P1
x-cache: HIT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS52txp5FEgjbD0J1KQWJYRedUbvV8S7
x-obs-replication-status: REPLICA
x-obs-request-id: 0000018F1873E7F4941F7785A2C30B85
content-length: 11185
X-Firefox-Spdy: h2
|
|
| dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/full_logo.969f536.png | 152.195.133.221 | 200 OK | 8.3 kB |
URL GET HTTP/2dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/full_logo.969f536.png IP152.195.133.221:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerDigiCert Inc Subjectgarenanow.com FingerprintE5:A1:91:47:D0:BB:48:3B:61:90:65:8C:F4:53:95:6B:F0:2D:C6:D9 ValidityThu, 25 Apr 2024 00:00:00 GMT - Mon, 26 May 2025 23:59:59 GMT
File typePNG image data, 616 x 90, 8-bit/color RGBA, non-interlaced Hashc632e6bfd0076695e56477bdb3f7232c 5b4212f029814b5dfda946ac5e5a6ba97857feb9 86ccbc1dbeb58af3e6bce5ee52f86a47399da998ad34a0fd2ce9b0b539d92f6c
GET /common/web_event/official2/dist/client/img/full_logo.969f536.png HTTP/1.1
Host: dl.dir.freefiremobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
age: 2704
cache-control: public, max-age=3600
content-md5: xjLmv9AHZpXlZHe9s/cjLA==
content-type: image/png
date: Fri, 26 Apr 2024 04:09:14 GMT
ec-version: v6.05
etag: "c632e6bfd0076695e56477bdb3f7232c"
expires: Fri, 26 Apr 2024 05:09:14 GMT
last-modified: Wed, 10 Apr 2024 03:54:58 GMT
server: ECAcc (ska/F692)
via: 1.1 e9eeb72bccacc26d81e7bd02c27d126a.cloudfront.net (CloudFront)
x-amz-cf-id: ZeuJ-84BPWCWAICQ4c8He6shV9FbzgGqRMNhEpWsspdvNzOel7CoZw==
x-amz-cf-pop: ARN1-C1
x-cache: HIT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS3LgHSvsvcSkQBersn3h5U8AgbFocdo
x-obs-replication-status: REPLICA
x-obs-request-id: 0000018F186E8FBF901DA95E9556B13F
content-length: 8314
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 | 104.17.25.14 | 200 OK | 38 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 IP104.17.25.14:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 38384, version 1.0 Hasha4d31128b633bc0b1cc1f18a34fb3851 6ee4c79372c3fd679706306ede47e4b03cf53d60 e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
GET /ajax/libs/material-design-iconic-font/2.2.0/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nf02ch1pos.xzf.my.id
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 38384
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03ed9-95f0"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 113871
expires: Wed, 16 Apr 2025 04:09:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FlxvQAZKZWB7eR4%2BxHfqo7Xpfq3%2FuW24A77EhWh5tFj4Spmf2R47gNtty%2BxbW0kzNZHp3tQXCj%2FlXRYNtNGdKQkDM0v8g6zVuyT4T%2FfIKvAbb255Uis%2BU%2BJt2cpC5ZEmQS5QsiA8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a3b75a7e330b61-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nf02ch1pos.xzf.my.id/static/wheelsong.mp3 | 172.67.189.3 | 206 Partial Content | 315 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/wheelsong.mp3 IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 256 kbps, 44.1 kHz, JntStereo Size315 kB (315326 bytes) Hash4f1dfb48eeed526b2276f6eeceeab4a0 b0b22cb2230a00325ae88b9bc9720d87ccb41423 20c58a45d16c1d9b12e413833dbf0a2604e15e5d1e398da3884aba70bbd7adaa
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/wheelsong.mp3 HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: audio/mpeg
content-length: 315326
last-modified: Tue, 04 Oct 2022 05:34:34 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-range: bytes 0-315325/315326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=krj0HK27sAy2UZiFrbTonGuLxgN9CIoVa9AXLM8TQYvyTE1AsH0ajPg032PlQUIENT8DyVv%2FMXFITLlfNBVL5uxflkWjk3kWjrQ8llN9OrdGoCsI2WkNs4VBfnnSvFjkOy3wGswhLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b75a8b2a0b55-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 | 142.250.74.99 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 IP142.250.74.99:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15044, version 1.0 Hash4806226b885b3b3d0ae52142f6bfb3af 2ea5cc6d5e4adb874989a2b74bda062296fb1ad3 714088bef569d6981bfae79530ef315f4d6505f302a944ce9063601919977e6f
GET /s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nf02ch1pos.xzf.my.id
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15044
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 00:23:40 GMT
expires: Wed, 23 Apr 2025 00:23:40 GMT
cache-control: public, max-age=31536000
age: 272734
last-modified: Thu, 24 Aug 2023 21:55:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/css/login/twitter.css | 172.67.189.3 | 200 OK | 22 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/css/login/twitter.css IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeASCII text, with CRLF line terminators Hash98f79a4913cc9ae2008dbd3219c513ed 3770564dd21883bbbe6bc3692601f0b0facf2bb8 9cb8389620d77a8b47f1a6eced08eb751789a912baf245f2b8132372b4f36040
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css/login/twitter.css HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Wed, 22 Jun 2022 15:02:08 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i26ocQrwb0XDzBQYs%2BgdU6sxfANpMRjGnAEkZFvvLB4jIzAsCYJT54FIbVP6bevVGx%2BakMdm30XICESHB0LYzLWsSo4yu6qYZj7Q6CgIcp3OZnz4qW9qUf6pb%2BI5iiStM%2FHW2GhNzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b755ca230b55-OSL
content-encoding: br
|
|
| fonts.gstatic.com/s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 | 142.250.74.99 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 IP142.250.74.99:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15044, version 1.0 Hash4806226b885b3b3d0ae52142f6bfb3af 2ea5cc6d5e4adb874989a2b74bda062296fb1ad3 714088bef569d6981bfae79530ef315f4d6505f302a944ce9063601919977e6f
GET /s/teko/v20/LYjNdG7kmE0gfaN9pQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nf02ch1pos.xzf.my.id
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15044
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 00:23:40 GMT
expires: Wed, 23 Apr 2025 00:23:40 GMT
cache-control: public, max-age=31536000
age: 272734
last-modified: Thu, 24 Aug 2023 21:55:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/css/login/facebook.css | 172.67.189.3 | 200 OK | 773 B |
URL GET HTTP/3nf02ch1pos.xzf.my.id/css/login/facebook.css IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
Hash7963984a8f422cb6cdabcb6597f3f252 8932b3a35c501044ccf88aab675703b972868182 a20af21afb394e0efb04bb292e5faaf2684003d2d94d71122b8f98c69fb68870
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css/login/facebook.css HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Mon, 20 Jun 2022 15:07:26 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4se7qhDmmyZ0vHZ%2BBHAfY2dzby3z5UzyB6dRdEdiDG1sYgx15vIfE49XPQEx9La2Lr28A7k0cfz7EV4FsPFWlqLHiRhsDUGY3MPKT9rlhmi35LEfoIzcOU0E4MryKYsb0%2Fv2caDh4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b755ca200b55-OSL
content-encoding: br
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 | 142.250.74.106 | 200 OK | 323 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 IP142.250.74.106:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typegzip compressed data, max compression Size323 kB (323021 bytes) Hash5000502f01da5475110561470a564051 5c2aa630e02bdd455deb67f4ff42e38aeba6ff99 11b1defdab342e9de1bc59c7eb269e97e9909fef26fca32aed68f191bd930822
GET /css?family=Roboto:300,400,500,700|Teko:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 04:09:14 GMT
date: Fri, 26 Apr 2024 04:09:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| unpkg.com/package-ion@2.4.3-icons/ionicons.map.js | 104.17.247.203 | 404 Not Found | 61 B |
URL GET HTTP/2unpkg.com/package-ion@2.4.3-icons/ionicons.map.js IP104.17.247.203:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectunpkg.com Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3 ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT
File typeASCII text, with no line terminators Hash1b7d58e6be5296ca1bc48c0969ad49c1 7d8b871d5a51877c5eb5c459a45e2db2ccd2dffd efd408ae21cb31df9cc0bdd16c7cd5328e8736dc5606987077c9bd319392116f
GET /package-ion@2.4.3-icons/ionicons.map.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
content-encoding: br
etag: W/"2b-fYuHHVpRh3xetcRZpF4tsszS3/0"
via: 1.1 fly.io
fly-request-id: 01HWC9FMM0YQ05C4RPKM6HTJG7-arn
cf-cache-status: EXPIRED
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a3b75708d2569c-OSL
X-Firefox-Spdy: h2
|
|
| i.postimg.cc/nVkV8M0W/FfMaxx.jpg | 162.19.88.68 | 200 OK | 37 kB |
URL GET HTTP/2i.postimg.cc/nVkV8M0W/FfMaxx.jpg IP162.19.88.68:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerLet's Encrypt Subjectpostimg.cc Fingerprint53:90:A2:AC:6E:D0:9C:56:06:D5:4F:6E:EE:C9:67:58:10:CF:9A:D6 ValidityMon, 22 Apr 2024 06:32:22 GMT - Sun, 21 Jul 2024 06:32:21 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 512x512, components 3 Hash61aa45bf291755caa8f0664e4e8b91e9 33f6c6304486ce8004d9d459f08aa6b95982f0ba 323b5ffc0bc7f906cf266b1622e4de3f8dfddcb3f38c460e58b468906d51ebf3
GET /nVkV8M0W/FfMaxx.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 04:09:15 GMT
content-type: image/jpeg
content-length: 37166
last-modified: Sat, 04 Mar 2023 14:21:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| play-lh.googleusercontent.com/jWN9pjF7atbqHYXAAfwvIjtzpGwTIVwX9etT0-9HiWjRjE1hInoEgJiWjwsiemu2rEb8 | 142.250.74.86 | 200 OK | 73 kB |
URL GET HTTP/2play-lh.googleusercontent.com/jWN9pjF7atbqHYXAAfwvIjtzpGwTIVwX9etT0-9HiWjRjE1hInoEgJiWjwsiemu2rEb8 IP142.250.74.86:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectedgestatic.com FingerprintF5:71:D6:56:B9:45:4B:F5:FD:12:4B:A7:FF:5F:1D:C9:74:FE:B0:C8 ValidityMon, 18 Mar 2024 19:37:13 GMT - Mon, 10 Jun 2024 19:37:12 GMT
File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced Hash2bafc2fba248405e93058e3c26dfa614 8361bf3eec4ea108953492ad3a332d48d6f7671f 828588fb737f1eb815949ff596fe72a7ba7a1fdb9ad6816d95aa97e88f150506
GET /jWN9pjF7atbqHYXAAfwvIjtzpGwTIVwX9etT0-9HiWjRjE1hInoEgJiWjwsiemu2rEb8 HTTP/1.1
Host: play-lh.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 73303
x-xss-protection: 0
date: Fri, 26 Apr 2024 04:09:15 GMT
expires: Sat, 27 Apr 2024 04:09:15 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
content-type: image/png
vary: Origin
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/ | 216.58.211.4 | | 73 kB |
IP216.58.211.4:0
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73 ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (14922) Hashba197c1327a1c5d98d93e6e01032fba8 91b2c631d9d41614203e3475fee17c18096d2f43 00b7d1ea4e984d5aa9c187edb54d7e092184b48e09e35627512abb7a952ba304
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nf02ch1pos.xzf.my.id/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:09:15 GMT
expires: -1
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-hyDkpmoaoGghGceH8sJuOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 72723
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: AEC=AQTF6HzfN7d8Ltg8dDQDx_oYbFQS3moN-rJgamacMszEaNNNaSCxb4bLTm4; expires=Wed, 23-Oct-2024 04:09:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
__Secure-ENID=19.SE=DcPyTFv4O7Qd_8H7KDaEIF1ZPZRD5kmZWBgbuR6I77g20rRiaUrp6V1bmzSw_v4I_auiBvMj9LM7CSIVcMwL25PyXVBo6XQ_e82d-p9aGLuNkmPE-cflhOk5cXcTPDVEpgxQg4oAvhcNcs_erYkq7sjpjErdqYQEd19osS7b4zIg8LxQaQfF_Ulw; expires=Mon, 26-May-2025 20:27:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/ | 216.58.211.4 | | 73 kB |
IP216.58.211.4:0
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73 ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (14070) Hash7beaf9b414416e75ab5bc715ec565c3a 94f5d954bbf84f18a10b8d33bede48414a0d66f0 3539b10e9a9b006a4a67091e8dd62fdef8ce78acc4f4f1084f593b8419b59c86
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nf02ch1pos.xzf.my.id/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:09:15 GMT
expires: -1
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-t1WZgmu1WiTMWhUbX-Smhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 72820
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: AEC=AQTF6HyDmNlhZkfN_zAb8zfMGUXRHvJQ6R4R_zd0Y0lL0snjzhUfDPqKRZM; expires=Wed, 23-Oct-2024 04:09:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
__Secure-ENID=19.SE=KYOD_uPP-_CMbmroJzV0Eg6RSCO1BsypBWR5maJwyizFNG1sFI9a4FeoIjI1Bdn8E7TcRg5dOq1EDcrHDIw5v43SvEcMC2PRXXuytmSzWOA5Sycn9etE5FQLY5QKintpSzMUAs8OXdnSKOkmt2rcqeMGbJ4pLRrR-7O0aTvvLWnHD9B_D3DWWvo8; expires=Mon, 26-May-2025 20:27:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/css/style.css | 172.67.189.3 | 200 OK | 12 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/css/style.css IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeassembler source, ASCII text, with CRLF line terminators Hashfbea87a03da32f663d08058ff2ff78b0 3894787ff78495f96b0795d462319f39cbf37a38 91592823e8a6d85735b4b4cf3828f6b8dd37f5bc65e4144f0cc21ed73ab2cf0a
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css/style.css HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Thu, 27 Oct 2022 23:30:40 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tqg2d%2BJhCwkuZaB3TsSrecvaEuOBKmsjoD%2F9jOt7VmrWbT2lajpiZJf66WVjmcAFtBnKu5z%2BfoDgAEvI09PUtPTp3UlI6oqKbc0qL13084dgQmlXa%2BtEJz2F7nNIwGc%2BNZmrUrj19Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b755ca1d0b55-OSL
content-encoding: br
|
|
| www.pubgmobile.com/en/images/nav_menu.svg | 23.36.76.250 | 200 OK | 426 B |
URL GET HTTP/2www.pubgmobile.com/en/images/nav_menu.svg IP23.36.76.250:443 ASN#20940 Akamai International B.V.
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerDigiCert Inc Subjectwetv.acc.qq.com Fingerprint5C:D9:77:1B:16:32:99:FE:C5:2E:BD:E3:86:D8:71:22:B0:1B:6A:3F ValidityMon, 30 Oct 2023 00:00:00 GMT - Wed, 30 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha1f09c4f5c87271dbccf8cb05885ad42 18bbacc9c372dcb6bc77c2475595e058c1ad1594 b0d849e0e910d13bcdab1e94f5c799dda1a9429c908e18069f9dc7f7d551d58a
GET /en/images/nav_menu.svg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 13:24:18 GMT
etag: "62387c82-374"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 26 Apr 2024 04:09:16 GMT
content-length: 426
akamai-grn: 0.f64c2417.1714104554.22c8f2f9
X-Firefox-Spdy: h2
|
|
| rawcdn.githack.com/AlexHostX/all.asset/d1a42a80f01064a559cb0ce4e5ec0474091c651f/click.mp3 | 104.21.234.230 | 301 Moved Permanently | 0 B |
URL GET HTTP/2rawcdn.githack.com/AlexHostX/all.asset/d1a42a80f01064a559cb0ce4e5ec0474091c651f/click.mp3 IP104.21.234.230:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgithack.com FingerprintA4:13:2F:80:0A:C6:7C:8B:08:12:12:22:60:76:15:7D:40:80:70:54 ValidityFri, 01 Mar 2024 13:12:36 GMT - Thu, 30 May 2024 13:12:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AlexHostX/all.asset/d1a42a80f01064a559cb0ce4e5ec0474091c651f/click.mp3 HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: text/html
location: https://raw.githubusercontent.com/AlexHostX/all.asset/d1a42a80f01064a559cb0ce4e5ec0474091c651f/click.mp3
cache-control: max-age=86400, public
access-control-allow-origin: *
cf-cache-status: HIT
age: 57376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvi9GMXzmMVNVESqc4Oc5Lk2qcotYsPMqNeTI1I9ulXrdQeS3JCkXb1T1Yk2h5ZDBQ1gbd9Oh4vzRHKUlpx63P2PRvHkuEv4YPMLaOZFOYopM7xRlAK0mouL2on4sanyB878g%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b75b09a063a8-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/static/wheelStop.mp3 | 172.67.189.3 | 206 Partial Content | 21 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/static/wheelStop.mp3 IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 48 kHz, JntStereo Hashda5c02d0af9c7f9db0fb0e213858ccfa 9f7c649258009c2c853b74349c060d9de12109b1 2998755f4b37c49010974e07f9aa0643b0a9c5be592d42988c733d0e3acc9ae3
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /static/wheelStop.mp3 HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 206 Partial Content
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: audio/mpeg
content-length: 20994
last-modified: Tue, 04 Oct 2022 05:34:34 GMT
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-range: bytes 0-20993/20994
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VoJocfKvoU0MoqH36dHwB8eK3QAuLMGzfASpRcUSaxoC8bVG0rKu8%2FDHuG3ESvY7%2BJAC3evogDSiEU%2B4u5%2BIXuyinAIJ7D7E5qM8802fxCyf4y8A4QtFFxM0MBwrV%2BEfpf%2B0ENyLQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b75a8b2b0b55-OSL
|
|
| rawcdn.githack.com/AlexHostX/all.asset/6635455e463c4b55d9c4dac99f2c44f9091b612c/unclick.mp3 | 104.21.234.230 | 301 Moved Permanently | 0 B |
URL GET HTTP/2rawcdn.githack.com/AlexHostX/all.asset/6635455e463c4b55d9c4dac99f2c44f9091b612c/unclick.mp3 IP104.21.234.230:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgithack.com FingerprintA4:13:2F:80:0A:C6:7C:8B:08:12:12:22:60:76:15:7D:40:80:70:54 ValidityFri, 01 Mar 2024 13:12:36 GMT - Thu, 30 May 2024 13:12:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AlexHostX/all.asset/6635455e463c4b55d9c4dac99f2c44f9091b612c/unclick.mp3 HTTP/1.1
Host: rawcdn.githack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: text/html
location: https://raw.githubusercontent.com/AlexHostX/all.asset/6635455e463c4b55d9c4dac99f2c44f9091b612c/unclick.mp3
cache-control: max-age=86400, public
access-control-allow-origin: *
cf-cache-status: HIT
age: 57376
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VKECKPL8v2xHO8f9JKKhHy51mt6IFob90oEI096wL26BegBz2ohe0Eyez6XMEEHhr7fRqi4F%2FCKENCNUqULrb1LDx1ttJZUg73RtmdiJeNh8ihdCK2iWEV%2FynGlRtWXZVfbB0M8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b75b099d63a8-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| raw.githubusercontent.com/AlexHostX/all.asset/d1a42a80f01064a559cb0ce4e5ec0474091c651f/click.mp3 | 185.199.111.133 | 404 Not Found | 0 B |
URL GET HTTP/2raw.githubusercontent.com/AlexHostX/all.asset/d1a42a80f01064a559cb0ce4e5ec0474091c651f/click.mp3 IP185.199.111.133:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerDigiCert Inc Subject*.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AlexHostX/all.asset/d1a42a80f01064a559cb0ce4e5ec0474091c651f/click.mp3 HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, identity
Range: bytes=0-
Referer: https://nf02ch1pos.xzf.my.id/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 2FE0:25D837:136B4F:154353:662B28EA
accept-ranges: bytes
date: Fri, 26 Apr 2024 04:09:14 GMT
via: 1.1 varnish
x-served-by: cache-hel1410031-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1714104555.870248,VS0,VE119
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 95db23b6b7015f6998ae254ad5c58ffd8bbfb6d1
expires: Fri, 26 Apr 2024 04:14:14 GMT
source-age: 0
content-length: 14
X-Firefox-Spdy: h2
|
|
| | 172.67.189.3 | 200 OK | 22 kB |
URL User Request GET HTTP/2IP172.67.189.3:443
CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET / HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tk2p5vyTXE0PLZBh6u6QUb33VTpp92x3efazxuVcB5cLIExrR0AeAlhwMpL2Jr6C7WXGHtQe1ncJgKmlyUlyjV0z4RgAoTrFAPpcf2Mz%2FK%2BQjVkgSWAXzlm3QaWVUJDU6XSKHShg8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b7537e1db4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/js/ryucodex.js | 172.67.189.3 | 200 OK | 4.3 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/js/ryucodex.js IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
File typeJavaScript source, ASCII text, with very long lines (4762), with no line terminators Hashdecdcba332baceb9b9b35d877f590465 f902f3eb9c01e750fdd50049f3c4508a7583319e 410f9ffe1cee74c404fd7b3b58cfbb4a6c388e2b167560dbf10b1aa159d70243
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js/ryucodex.js HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: text/javascript
last-modified: Wed, 26 Oct 2022 17:44:40 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXsLr7ZrQQLZ32lh06Ns7KX3YczEPKDE%2Fv%2BYGw1PfN%2B0N5K%2Fp7bqXVBAqhWsVpkBuoYm8WR8oUT1b5gr9i%2BCp4fA2EfYzmpie7nIhPh3oFgWAygOaTXouXRPyn4plLye1%2FVPf63KgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b7560a460b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css | 104.18.11.207 | 200 OK | 31 kB |
URL GET HTTP/2stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css IP104.18.11.207:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File typeASCII text, with very long lines (30837) Hash269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 10/31/2023 18:48:06
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 722
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: dd809c84048d5afa8e77adc8acacd559
cdn-cache: HIT
cf-cache-status: HIT
age: 13478728
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87a3b7560d3156ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| file.gifan.id/upload/files/WhatsApp%20Image%202024-02-01%20at%2023.01.38.jpeg | 0.0.0.0 | | 0 B |
URL GET file.gifan.id/upload/files/WhatsApp%20Image%202024-02-01%20at%2023.01.38.jpeg IP0.0.0.0:0
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgifan.id Fingerprint65:21:CF:78:C6:F3:9C:82:42:72:2D:29:CC:E1:28:F9:68:C7:DA:50 ValidityTue, 26 Mar 2024 02:33:24 GMT - Mon, 24 Jun 2024 02:33:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upload/files/WhatsApp%20Image%202024-02-01%20at%2023.01.38.jpeg HTTP/1.1
Host: file.gifan.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: text/html
location: https://www.google.com/
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AySt6ZwD0CCtOSPqNpVTS25mbd7VlNHaahS08e8qmhQ%2Fy0WmDvOqce6A94hOx8QeN48wpK0GQDSFGn54KU8%2BL3fbR%2ByUc89rCYMJjVZESCFGhQHDF2RonmnmXWUhWYJv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b7570806491c-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| wallpapercave.com/wp/wp5253203.jpg | 104.22.53.71 | 200 OK | 322 kB |
URL GET HTTP/2wallpapercave.com/wp/wp5253203.jpg IP104.22.53.71:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerCloudflare, Inc. Subjectwallpapercave.com Fingerprint95:87:21:80:3B:3B:56:39:ED:73:CE:52:C0:CA:E4:BE:0F:5A:F6:89 ValidityWed, 09 Aug 2023 00:00:00 GMT - Thu, 08 Aug 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1920, components 3 Size322 kB (322124 bytes) Hash6a3b22f90af838c81f5c15a3d0fcfb35 4316104b1e72bde2dc97ed2fa44db1b0a662b022 a0f3ad24755221e2d445615017aa8168d0ea55102a17bb05a9ff83a387a41ff5
GET /wp/wp5253203.jpg HTTP/1.1
Host: wallpapercave.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:09:15 GMT
content-type: image/jpeg
content-length: 322124
cf-bgj: imgq:85,h2pri
cf-polished: origSize=322599, status=webp_bigger
etag: "5e51769c-4ec27"
last-modified: Sat, 22 Feb 2020 18:44:44 GMT
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3b75a787bb4ff-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nf02ch1pos.xzf.my.id/css/animate.css | 172.67.189.3 | 200 OK | 78 kB |
URL GET HTTP/3nf02ch1pos.xzf.my.id/css/animate.css IP172.67.189.3:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectxzf.my.id FingerprintF1:DF:90:EA:FF:DE:20:E4:38:CF:31:CB:22:F8:E3:3E:E4:5A:68:5C ValidityThu, 04 Apr 2024 06:51:42 GMT - Wed, 03 Jul 2024 06:51:41 GMT
Hash8eae1a9cfafdc593321d4d59ec4905ea 232f5f3f4c3a0a56823e0e933f9c7fec3aa9cbcc e89c81987c5cbc157097eaa6657d6a594abf030cc89bb63f0d2154d8383e9fab
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css/animate.css HTTP/1.1
Host: nf02ch1pos.xzf.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:09:13 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Thu, 02 May 2024 22:44:54 GMT
last-modified: Mon, 20 Jun 2022 15:07:26 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 19459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=71CxS5VYdSXTlyoDL%2BXUVuqtSfHTuFLjs6LDhK9JmNnusruP4QSzllYLUOQ5KemAKeEf%2BWkPPimmld%2BDMAMw7OW3nqf3OkvLXCq9lL9JUtWbhpgd1Yv8vE7W1IQLa6yCG80GqF7Eyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b755ca1f0b55-OSL
content-encoding: br
|
|
| raw.githubusercontent.com/AlexHostX/all.asset/6635455e463c4b55d9c4dac99f2c44f9091b612c/unclick.mp3 | 185.199.111.133 | 404 Not Found | 0 B |
URL GET HTTP/2raw.githubusercontent.com/AlexHostX/all.asset/6635455e463c4b55d9c4dac99f2c44f9091b612c/unclick.mp3 IP185.199.111.133:443
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerDigiCert Inc Subject*.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AlexHostX/all.asset/6635455e463c4b55d9c4dac99f2c44f9091b612c/unclick.mp3 HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, identity
Range: bytes=0-
Referer: https://nf02ch1pos.xzf.my.id/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 3282:0DE2:450733:491962:662B28EA
accept-ranges: bytes
date: Fri, 26 Apr 2024 04:09:15 GMT
via: 1.1 varnish
x-served-by: cache-hel1410031-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1714104555.895003,VS0,VE123
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 10feb8c17d6f783adceae0b60f7181927b269294
expires: Fri, 26 Apr 2024 04:14:15 GMT
source-age: 0
content-length: 14
X-Firefox-Spdy: h2
|
|
| file.gifan.id/upload/files/WhatsApp%20Image%202024-02-01%20at%2023.03.01.jpeg | 0.0.0.0 | | 0 B |
URL GET file.gifan.id/upload/files/WhatsApp%20Image%202024-02-01%20at%2023.03.01.jpeg IP0.0.0.0:0
Requested byhttps://nf02ch1pos.xzf.my.id/ CertificateIssuerGoogle Trust Services LLC Subjectgifan.id Fingerprint65:21:CF:78:C6:F3:9C:82:42:72:2D:29:CC:E1:28:F9:68:C7:DA:50 ValidityTue, 26 Mar 2024 02:33:24 GMT - Mon, 24 Jun 2024 02:33:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upload/files/WhatsApp%20Image%202024-02-01%20at%2023.03.01.jpeg HTTP/1.1
Host: file.gifan.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nf02ch1pos.xzf.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 26 Apr 2024 04:09:14 GMT
content-type: text/html
location: https://www.google.com/
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-powered-by: Niagahoster
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QVyAC2DvswDgD3kbrAUf9Aq6mYQE89wsSLC99yFr2yfCQ1IZJKQ3AFz3955iWfdlsZdDxR1zM%2BQCYGiKozx1X0qCiGl93SZtzT%2Bd23p%2B8hEXPVErD0tME8ZrC362LOC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3b7570804491c-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|