| cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js | 104.17.24.14 | 200 OK | 3.2 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP104.17.24.14:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (7862) Hash96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
Origin: https://leifredicanaftf6.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 692449
expires: Mon, 28 Apr 2025 17:50:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2DV7yg5W9Hz1lZ%2FebxTpECbO31DuGC9gLTSCdnbHiBGkxWVZnC8iSL7rjErlS1rIeM18oEiTfVvr0vKuZaOZv9IRC2Q%2BywqXzI2s5AyeGapNFVwQLrCpYGqR4dzaVCsKkU%2BpM4Bw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880b4b74df8d56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js | 104.17.24.14 | 200 OK | 22 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP104.17.24.14:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65241) Hash1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
Origin: https://leifredicanaftf6.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 695721
expires: Mon, 28 Apr 2025 17:50:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oATYliqZAE73PFwvWRo69unTbXIcqpR3WU0b66lTIYbrZrLoDY%2BNPDN8X1QdhRGtKPLtJ2isJ7%2B9lZIMUrz0k6S9chf7aHCEJAir%2BS994M30uo5Ks2kJbfk6ee8FPJTIQon5wxHh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880b4b74df8e56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif | 142.250.74.161 | 200 OK | 362 B |
URL GET HTTP/23.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif IP142.250.74.161:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeGIF image data, version 89a, 52 x 15 Hashfd2c05a8c327ace309722b0a5fc4faf3 f446e97c43f8830be9f60644563dd846abe6b8e8 0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4
GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Wed, 08 May 2024 17:47:09 GMT
expires: Thu, 09 May 2024 17:47:09 GMT
cache-control: public, max-age=86400, no-transform
age: 225
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.topcreativeformat.com/4f23ea6a7864a3f81303e7314c033c07/invoke.js | 172.240.108.76 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/4f23ea6a7864a3f81303e7314c033c07/invoke.js IP172.240.108.76:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31295), with no line terminators Hash97f4bbf5a653bccb5db63e5839b26930 09f9fbbef71a834fae6a78d62028a4b2d3b32fc8 cd187b511ca2752016297b25f944d07687381b81004592c19952f79e796a945d
GET /4f23ea6a7864a3f81303e7314c033c07/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 17:50:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9afd27e3d0bb86398eb8aa940905ef9d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| www.topcreativeformat.com/a0f926b8a0f731895ba922eb5503279b/invoke.js | 172.240.108.76 | 200 OK | 12 kB |
URL GET HTTP/1.1www.topcreativeformat.com/a0f926b8a0f731895ba922eb5503279b/invoke.js IP172.240.108.76:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjecttopcreativeformat.com Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4 ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File typeJavaScript source, ASCII text, with very long lines (31286), with no line terminators Hashc5d72eb1d50c8c8fb0621a263c3c0044 b2dfcfe476ecea28fad9b883bc722c6133adfbeb 0646c579eaf9f86f7365c522b80904801e3d34cc6f7e5630ec0b382ed32dc176
GET /a0f926b8a0f731895ba922eb5503279b/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 17:50:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7e42885e924926fb785f8f7fed8345fc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| iklanku.my.id/get/site/js/78b49be1f04740d5ba30f378b26805d7 | 188.114.96.1 | 200 OK | 481 B |
URL GET HTTP/2iklanku.my.id/get/site/js/78b49be1f04740d5ba30f378b26805d7 IP188.114.96.1:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectiklanku.my.id FingerprintA4:27:C0:C2:C6:E3:35:25:D2:B1:BA:02:9B:56:DC:96:10:A9:C1:BD ValidityMon, 25 Mar 2024 12:53:20 GMT - Sun, 23 Jun 2024 12:53:19 GMT
File typeASCII text, with no line terminators Hash5621601466b8dbf361a63a3e9f838c69 9094fb91e95087468373f678dacd59d324603c27 9532f80457b4871c45810b7f461393d68eddaed68849debb4c9b3053acb1ef1b
GET /get/site/js/78b49be1f04740d5ba30f378b26805d7 HTTP/1.1
Host: iklanku.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:54 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=kn52fn8gc96je8cvmukrr7fr1n; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hHdS%2Ft2Kg5dbAj%2BiqopOUEEF5wy0oecfJy5TzvUGxaS%2BLzmMRQuNtL6sBmbQeElasgAJKfZBPEx1caMLKBHbnZY0PHI7TYKn5UW3OvuY%2FgFNFNZZttqQNGnyU8Q4pD8g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b4b74dbfd56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash5a02b244624768c0020e49ef7c862c9c d1e1db249c87995f870f5bd02a285f34272c18d3 205803b3d97b4de1a016d81b4763f27fed66f58a15818a9f641c383986b90568
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
Origin: https://leifredicanaftf6.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://leifredicanaftf6.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=884f0c5f-1c09-4cf1-9e56-5c121458fd60:3:1; expires=Sat, 06 May 2034 17:50:55 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 18.185.9.67 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.9.67:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashcb019ef979ee1a5ac4129a343072706b 8a56c9888d192c0f687ce0394131d3ab63e19070 64e921ddac34d1222028bfe17f6b6f68ddf126dfe0e4ddfd184d1d5c67021cfc
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
Origin: https://leifredicanaftf6.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://leifredicanaftf6.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=71443469-b33a-4af5-8103-afec2d86d6a1:3:1; expires=Sat, 06 May 2034 17:50:55 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| tse1.mm.bing.net/th?q= | 13.107.21.200 | 404 Not Found | 727 B |
IP13.107.21.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerMicrosoft Corporation Subjectwww.bing.com Fingerprint02:83:27:F9:50:D8:BE:B9:5E:DF:1A:4A:45:3B:6D:3C:BC:30:F2:58 ValidityWed, 01 May 2024 01:58:25 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3 Hash5116706c119475f5ae2fc135c3358037 7e5bdf3585153e317ebef05a9b8241d311e44cb3 7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c
GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 501C7EDC3C39420CB486D14F01AFEDBB Ref B: OSL30EDGE0111 Ref C: 2024-05-08T17:50:55Z
date: Wed, 08 May 2024 17:50:55 GMT
X-Firefox-Spdy: h2
|
|
| iklanku.my.id/get/site/js/a0ec03d1c7303eb4cb413cd6fa7aa622 | 188.114.96.1 | 200 OK | 9.5 kB |
URL GET HTTP/2iklanku.my.id/get/site/js/a0ec03d1c7303eb4cb413cd6fa7aa622 IP188.114.96.1:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectiklanku.my.id FingerprintA4:27:C0:C2:C6:E3:35:25:D2:B1:BA:02:9B:56:DC:96:10:A9:C1:BD ValidityMon, 25 Mar 2024 12:53:20 GMT - Sun, 23 Jun 2024 12:53:19 GMT
File typeASCII text, with CRLF line terminators Hash628e0b4b494f47a2a003d2c5957ed2da 82919115322a298a73aa4b1a29c8fe5c85e1f15a 1596ab9afba73dc2e3a1f9b9f53c56326b4d9b1ea42804c08967520c84a9a036
GET /get/site/js/a0ec03d1c7303eb4cb413cd6fa7aa622 HTTP/1.1
Host: iklanku.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:54 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=3ofa1572agf1iicctftcmepdd7; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQ%2FPn4PYqwSZ%2B4mmVN%2F5n7kQEqMOcw3ChyyYvErwUAaU0RFTeDPJTdi9XHlKFvfe2Cmotuk75yt2a18YpXjY3YOnbIvZj3Lpz1pMy2t5%2BvEXskbTWszC5UjyC9FPUnII"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b4b74cbd856b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= | 142.250.74.142 | 200 OK | 3.9 kB |
URL GET HTTP/2suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP142.250.74.142:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
File typeASCII text, with no line terminators Hashfdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4
GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:55 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-uu5UCW7r92G9sriDv9BDfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| meetingrailroad.com/watch.98491858123.js?key=4f23ea6a7864a3f81303e7314c033c07&kw=%5B%5D&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=884f0c5f-1c09-4cf1-9e56-5c121458fd60%3A3%3A1 | 172.240.108.84 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1meetingrailroad.com/watch.98491858123.js?key=4f23ea6a7864a3f81303e7314c033c07&kw=%5B%5D&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=884f0c5f-1c09-4cf1-9e56-5c121458fd60%3A3%3A1 IP172.240.108.84:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjectmeetingrailroad.com Fingerprint66:48:5A:DA:2B:E7:D3:AA:79:74:AF:54:74:2F:DE:61:4A:54:1C:E1 ValidityMon, 06 May 2024 08:08:51 GMT - Sun, 04 Aug 2024 08:08:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.98491858123.js?key=4f23ea6a7864a3f81303e7314c033c07&kw=%5B%5D&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=884f0c5f-1c09-4cf1-9e56-5c121458fd60%3A3%3A1 HTTP/1.1
Host: meetingrailroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
Origin: https://leifredicanaftf6.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Wed, 08 May 2024 17:50:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Origin: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Credentials: true
Location: https://meetingrailroad.com/watch.98491858123.js?dev=e&key=4f23ea6a7864a3f81303e7314c033c07&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=64a081a791d13b9d267af2ae37ea6f20dcb4d369a8a6f0e155ecdfef05dbd3184257f5303dadb193b2797711c04a91c49d4ad45493ea47c71e222d7f2009fb9ee4c1253ba413f6817f2c9c4d64aa6078b6655ecae45aca90783781c51da8dde8e8dcb6&tz=0&uuid=884f0c5f-1c09-4cf1-9e56-5c121458fd60%3A3%3A1
Set-Cookie: u_pl=21452032; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTQ1MjAzMiwiayI6IjRmMjNlYTZhNzg2NGEzZjgxMzAzZTczMTRjMDMzYzA3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjYwMDYxLCJwaWQiOjE0NDg1MDgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InJza2ZlamY3ZzQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9sZWlmcmVkaWNhbmFmdGY2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.5uNMdXxB3AT0xbxv2OH6P91lveZoGaaezNvw4Z3nY48; expires=Wed, 08 May 2024 17:51:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8de7fc3a2e23ff6a93dfb42775b8c71d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| wansafeguard.com/watch.1339715033656.js?key=a0f926b8a0f731895ba922eb5503279b&kw=%5B%5D&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=71443469-b33a-4af5-8103-afec2d86d6a1%3A3%3A1 | 192.243.59.12 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1wansafeguard.com/watch.1339715033656.js?key=a0f926b8a0f731895ba922eb5503279b&kw=%5B%5D&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=71443469-b33a-4af5-8103-afec2d86d6a1%3A3%3A1 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjectwansafeguard.com Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1339715033656.js?key=a0f926b8a0f731895ba922eb5503279b&kw=%5B%5D&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=71443469-b33a-4af5-8103-afec2d86d6a1%3A3%3A1 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
Origin: https://leifredicanaftf6.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 08 May 2024 17:50:55 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Origin: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Credentials: true
Location: https://wansafeguard.com/watch.1339715033656.js?dev=e&key=a0f926b8a0f731895ba922eb5503279b&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=804899f2734caf257af635fa1534c86bacd143dc78d1732b8bc577dab2543b92a863fbd8eed4099309759ab1feef3983701672bdab54a3790d79037051b68fd46a69781d04b23d0f7b5d4d0d991ca43068fded67ad38dd81f93191d88e5fc3&tz=0&uuid=71443469-b33a-4af5-8103-afec2d86d6a1%3A3%3A1
Set-Cookie: u_pl=21451850; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTQ1MTg1MCwiayI6ImEwZjkyNmI4YTBmNzMxODk1YmE5MjJlYjU1MDMyNzliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjYwMDYxLCJwaWQiOjE0NDg1MDgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6NSwicHQiOjQsInBrIjoid3V5ejE0ZTEwbiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xlaWZyZWRpY2FuYWZ0ZjYucGFnZXMuZGV2LyIsImFyIjpbXX19.x_mhnqr4p2oKNIXRPHDLpYop0-9923jAAZKf_PC_c-o; expires=Wed, 08 May 2024 17:51:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da7027950fe8a7eb25fa965f9c75921f
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| meetingrailroad.com/watch.98491858123.js?dev=e&key=4f23ea6a7864a3f81303e7314c033c07&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=64a081a791d13b9d267af2ae37ea6f20dcb4d369a8a6f0e155ecdfef05dbd3184257f5303dadb193b2797711c04a91c49d4ad45493ea47c71e222d7f2009fb9ee4c1253ba413f6817f2c9c4d64aa6078b6655ecae45aca90783781c51da8dde8e8dcb6&tz=0&uuid=884f0c5f-1c09-4cf1-9e56-5c121458fd60%3A3%3A1 | 172.240.108.84 | 200 OK | 2.1 kB |
URL GET HTTP/1.1meetingrailroad.com/watch.98491858123.js?dev=e&key=4f23ea6a7864a3f81303e7314c033c07&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=64a081a791d13b9d267af2ae37ea6f20dcb4d369a8a6f0e155ecdfef05dbd3184257f5303dadb193b2797711c04a91c49d4ad45493ea47c71e222d7f2009fb9ee4c1253ba413f6817f2c9c4d64aa6078b6655ecae45aca90783781c51da8dde8e8dcb6&tz=0&uuid=884f0c5f-1c09-4cf1-9e56-5c121458fd60%3A3%3A1 IP172.240.108.84:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjectmeetingrailroad.com Fingerprint66:48:5A:DA:2B:E7:D3:AA:79:74:AF:54:74:2F:DE:61:4A:54:1C:E1 ValidityMon, 06 May 2024 08:08:51 GMT - Sun, 04 Aug 2024 08:08:50 GMT
File typeJavaScript source, ASCII text, with very long lines (2653) Hash9ed45bb9d6e6f3439fcb07e3b54ffa1d acba6a9ab94b84398e2d618104277b51f8790ad4 8cfc55aa3544ad4fff9a79ee9efafff117a1f959420d2a3f89d3ac783c588cf0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.98491858123.js?dev=e&key=4f23ea6a7864a3f81303e7314c033c07&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=64a081a791d13b9d267af2ae37ea6f20dcb4d369a8a6f0e155ecdfef05dbd3184257f5303dadb193b2797711c04a91c49d4ad45493ea47c71e222d7f2009fb9ee4c1253ba413f6817f2c9c4d64aa6078b6655ecae45aca90783781c51da8dde8e8dcb6&tz=0&uuid=884f0c5f-1c09-4cf1-9e56-5c121458fd60%3A3%3A1 HTTP/1.1
Host: meetingrailroad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leifredicanaftf6.pages.dev
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21452032; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTQ1MjAzMiwiayI6IjRmMjNlYTZhNzg2NGEzZjgxMzAzZTczMTRjMDMzYzA3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjYwMDYxLCJwaWQiOjE0NDg1MDgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6InJza2ZlamY3ZzQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9sZWlmcmVkaWNhbmFmdGY2LnBhZ2VzLmRldi8iLCJhciI6W119fQ.5uNMdXxB3AT0xbxv2OH6P91lveZoGaaezNvw4Z3nY48
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 08 May 2024 17:50:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Origin: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=884f0c5f-1c09-4cf1-9e56-5c121458fd60:3:1; expires=Wed, 15 May 2024 17:50:55 GMT; secure; SameSite=None
iprc7bdf55f3aab20137936c7a9c94a05735=3569808; expires=Wed, 08 May 2024 21:50:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e70db3d022def92228e361842488b13e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| wansafeguard.com/watch.1339715033656.js?dev=e&key=a0f926b8a0f731895ba922eb5503279b&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=804899f2734caf257af635fa1534c86bacd143dc78d1732b8bc577dab2543b92a863fbd8eed4099309759ab1feef3983701672bdab54a3790d79037051b68fd46a69781d04b23d0f7b5d4d0d991ca43068fded67ad38dd81f93191d88e5fc3&tz=0&uuid=71443469-b33a-4af5-8103-afec2d86d6a1%3A3%3A1 | 192.243.59.12 | 200 OK | 2.1 kB |
URL GET HTTP/1.1wansafeguard.com/watch.1339715033656.js?dev=e&key=a0f926b8a0f731895ba922eb5503279b&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=804899f2734caf257af635fa1534c86bacd143dc78d1732b8bc577dab2543b92a863fbd8eed4099309759ab1feef3983701672bdab54a3790d79037051b68fd46a69781d04b23d0f7b5d4d0d991ca43068fded67ad38dd81f93191d88e5fc3&tz=0&uuid=71443469-b33a-4af5-8103-afec2d86d6a1%3A3%3A1 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjectwansafeguard.com Fingerprint83:00:BB:A8:D5:FE:57:11:E3:EF:6F:5E:2E:29:2F:7A:BC:DC:D5:3D ValidityMon, 06 May 2024 12:58:51 GMT - Sun, 04 Aug 2024 12:58:50 GMT
File typeJavaScript source, ASCII text, with very long lines (2628) Hashdf47ef77e2a6ad2fd4cd3e1c3a77f9be f5479485d7c7c812364b72ecc1fcdd2d7060965a 5f0b569586207e67fef089949a5f4ad9b5a93ed82599dcbf58227c5c52d365fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1339715033656.js?dev=e&key=a0f926b8a0f731895ba922eb5503279b&kw=%5B%5D&pst=1715190715&refer=https%3A%2F%2Fleifredicanaftf6.pages.dev%2F&res=14.2071&rmtc=t&shu=804899f2734caf257af635fa1534c86bacd143dc78d1732b8bc577dab2543b92a863fbd8eed4099309759ab1feef3983701672bdab54a3790d79037051b68fd46a69781d04b23d0f7b5d4d0d991ca43068fded67ad38dd81f93191d88e5fc3&tz=0&uuid=71443469-b33a-4af5-8103-afec2d86d6a1%3A3%3A1 HTTP/1.1
Host: wansafeguard.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leifredicanaftf6.pages.dev
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21451850; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTQ1MTg1MCwiayI6ImEwZjkyNmI4YTBmNzMxODk1YmE5MjJlYjU1MDMyNzliIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjYwMDYxLCJwaWQiOjE0NDg1MDgsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6NSwicHQiOjQsInBrIjoid3V5ejE0ZTEwbiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xlaWZyZWRpY2FuYWZ0ZjYucGFnZXMuZGV2LyIsImFyIjpbXX19.x_mhnqr4p2oKNIXRPHDLpYop0-9923jAAZKf_PC_c-o
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 May 2024 17:50:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Origin: https://leifredicanaftf6.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=71443469-b33a-4af5-8103-afec2d86d6a1:3:1; expires=Wed, 15 May 2024 17:50:55 GMT; secure; SameSite=None
iprcaa0dfe8c0238f97341afde5e51cfd5ae=3569806; expires=Wed, 08 May 2024 21:50:55 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
pdhtkv5=true; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
uncs5=1; expires=Thu, 09 May 2024 17:50:55 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 35ae3ac116d6def83a56242630d492bf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png | 45.133.44.10 | 200 OK | 106 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced Size106 kB (105910 bytes) Hasha36b92bb68d9b579458560ba9b94862a 782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6 9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:56 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Fri, 10 May 2024 17:50:56 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| shayscholz.blogspot.com/favicon.ico | 216.58.207.193 | | 412 B |
URL GET shayscholz.blogspot.com/favicon.ico IP216.58.207.193:0
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmisc-sni.blogspot.com FingerprintC4:7D:61:88:AB:F1:15:A1:36:2A:68:39:51:62:46:00:23:6D:39:00 ValidityTue, 16 Apr 2024 03:45:20 GMT - Tue, 09 Jul 2024 03:45:19 GMT
File typeMS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel Hash59a0c7b6e4848ccdabcea0636efda02b 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/x-icon
expires: Wed, 08 May 2024 17:50:56 GMT
date: Wed, 08 May 2024 17:50:56 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png | 45.133.44.10 | 200 OK | 144 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced Size144 kB (144379 bytes) Hash33c304429dc1a4408a96e6a74ffa2feb c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04 dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:56 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Fri, 10 May 2024 17:50:56 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| leifredicanaftf6.pages.dev/ | 172.66.47.163 | 200 OK | 17 kB |
URL User Request GET HTTP/2leifredicanaftf6.pages.dev/ IP172.66.47.163:443
CertificateIssuerGoogle Trust Services LLC Subjectleifredicanaftf6.pages.dev FingerprintB6:0E:D8:1B:75:8E:6E:9D:81:BF:54:F2:4E:45:12:EA:A8:10:0C:3C ValidityTue, 07 May 2024 13:05:32 GMT - Mon, 05 Aug 2024 13:05:31 GMT
File typeHTML document, ASCII text, with very long lines (7816) Hashc32393516dc2992808d54bd481d1da65 4364b55a99e4f1adf689ddb51ee4d1fa3c1fb80b dc8efb3a008bd2a6c2b947abd5461c362539a0247fff63f2b64cdf68c0e068be
GET / HTTP/1.1
Host: leifredicanaftf6.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:53 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7cfbe83f91a15bd149f104a75e4516e7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1PgjVmi7r4dx%2FAI%2B1Ccc9RR99GmcQbs2J3gvGEgWsvFtPKh34J5DQM9LDReUsDkVvqBKBtjQN22sqb26M5ULfGgoFrpRBuGU1keTPoN1s86RkgdoF6qJtksibZN3ToYIf9kfcT4bn%2FY9Q48sA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b4b70af75712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| iklanku.my.id/get/site/js/5f534d7cb48859f01a1895af6e25fcf3 | 188.114.96.1 | 200 OK | 292 B |
URL GET HTTP/2iklanku.my.id/get/site/js/5f534d7cb48859f01a1895af6e25fcf3 IP188.114.96.1:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectiklanku.my.id FingerprintA4:27:C0:C2:C6:E3:35:25:D2:B1:BA:02:9B:56:DC:96:10:A9:C1:BD ValidityMon, 25 Mar 2024 12:53:20 GMT - Sun, 23 Jun 2024 12:53:19 GMT
File typeASCII text, with very long lines (322), with no line terminators Hash11b1056dea4f292c94496683e995ecc0 3f49f268f521e1ae67338979016ba8adb871c841 cd7fa51a492fc09687a10613337249597fbcd5c2b3fd2b9fd41de8fb96c5b5db
GET /get/site/js/5f534d7cb48859f01a1895af6e25fcf3 HTTP/1.1
Host: iklanku.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:54 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=je8t8n2q5uoi3q0i229q0j4hm7; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJpGCVi9Hr4p%2BCLRJrwJH16HLGNK0AjuQGJkB5yvgKqEtkPR73VkSq9dopGFeTJERAcGfm35PinKl591vOPglP82OI4DNJdszbMLZVSg4EuAw6BfhwVOzyKiwrB%2Bm7z8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b4b74dbf156b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| iklanku.my.id/get/site/js/95bfc093a837ea602e4911c0e8a26cfe | 188.114.96.1 | 200 OK | 6 B |
URL GET HTTP/2iklanku.my.id/get/site/js/95bfc093a837ea602e4911c0e8a26cfe IP188.114.96.1:443
Requested byhttps://leifredicanaftf6.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectiklanku.my.id FingerprintA4:27:C0:C2:C6:E3:35:25:D2:B1:BA:02:9B:56:DC:96:10:A9:C1:BD ValidityMon, 25 Mar 2024 12:53:20 GMT - Sun, 23 Jun 2024 12:53:19 GMT
File typeASCII text, with no line terminators Hash868cf00b7238f7e7cf49bb4a0193344f 3fcd441f9e0b2fcc65019dcaed0aca57d5820b60 255e5cfe3d01c859651b9ff2ee3699bed292d57c9e399c38ee90e7396c4dfff2
GET /get/site/js/95bfc093a837ea602e4911c0e8a26cfe HTTP/1.1
Host: iklanku.my.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leifredicanaftf6.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:50:54 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=pr4o7lpo3540jcjcco4afaboqk; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVaFtm6nP04kniKuaI7AFzpq%2FdeMOFG20aH2b7roNh36CsDmIVyXC6CufrlPvABoiIc537aOIApmPh6yguTs8HflXCEP0pkq96tFNvvOJryyu%2BhKVwXpfMrQFk9991Nk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b4b74ec0b56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|