| actressdoleful.com/c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js | 172.240.253.132 | 200 OK | 30 kB |
URL GET HTTP/1.1actressdoleful.com/c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js IP172.240.253.132:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectactressdoleful.com Fingerprint2D:0E:60:B8:63:9F:B1:22:4F:1C:82:92:36:74:6A:09:CA:D4:58:8C ValiditySat, 23 Mar 2024 06:03:40 GMT - Fri, 21 Jun 2024 06:03:39 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashe83caab1c5eac86a4705382c5578850c ecf1f64955579c2fa293dd0391a2e6f6dead40a4 3956fc741d46245054a60c2329c9032d8563e609624c2f17f14ec0ea63a185f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /c3/31/f5/c331f53d8cb1f5b6cb7f7b13f9d18a13.js HTTP/1.1
Host: actressdoleful.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2931_layer=1; expires=Sun, 28 Apr 2024 14:30:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1926f849017aa4e3ba3deb30036e5e83
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| proftrafficcounter.com/stats | 18.185.247.192 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.247.192:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash256f2fbe9786789c7a52477f2fe949d4 3ee3e785e856fed2f8a272891763cd8aa27caebc 8e204ff719596298a3ce6a2a8d01071dcec767a4e49ea0a5fe2c8c1ec6dbec61
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://margarethewesme.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; expires=Mon, 24 Apr 2034 14:30:35 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| actressdoleful.com/47e256568502d808b0f4997433da285b/invoke.js | 172.240.253.132 | 200 OK | 12 kB |
URL GET HTTP/1.1actressdoleful.com/47e256568502d808b0f4997433da285b/invoke.js IP172.240.253.132:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectactressdoleful.com Fingerprint2D:0E:60:B8:63:9F:B1:22:4F:1C:82:92:36:74:6A:09:CA:D4:58:8C ValiditySat, 23 Mar 2024 06:03:40 GMT - Fri, 21 Jun 2024 06:03:39 GMT
File typeJavaScript source, ASCII text, with very long lines (31351), with no line terminators Hash8b50428dce4ae037cc6ebf7de91ef8c1 7011c33522844a1a755eaf63bf233c1d4f5d39e5 ff043bcac52f37fb262c7614c3cdb5da90a38dc42d342f820d54e8fe2f2b8cbd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /47e256568502d808b0f4997433da285b/invoke.js HTTP/1.1
Host: actressdoleful.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 19337036e2ada0599f6798c97a04a235
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| margarethewesme.pages.dev/ | 172.66.47.52 | 200 OK | 36 kB |
URL User Request GET HTTP/2margarethewesme.pages.dev/ IP172.66.47.52:443
CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (9499), with CRLF, LF line terminators Hash26eb792d71f22e1b822b985830743a18 cdec40bcc20701a2c695ac2d593ddcf03e4aaca0 956257aabd35562bdb4565fd78453f874b1c6dc3cb5514967be310522a553357
GET / HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d2128ffc13ea8cb64edd5ceaf8cb4a1c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bm72CSVkEiG9lgm7J%2BXlhpmcZ3g%2BawbUjx%2Fr4y7%2B9f4BQ60SG6BvNz5JMpANvd9hLetV7CTkIm59yoCMFDdOyKtf7lhKbsB0ERm%2Bee8f%2F6OM64xWr9vDmdDlITVBGULw6xQHWOBWmfvXlBvR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7457f093a5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| proftrafficcounter.com/stats | 18.185.247.192 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP18.185.247.192:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash256f2fbe9786789c7a52477f2fe949d4 3ee3e785e856fed2f8a272891763cd8aa27caebc 8e204ff719596298a3ce6a2a8d01071dcec767a4e49ea0a5fe2c8c1ec6dbec61
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Cookie: uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://margarethewesme.pages.dev
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| quicklymuseum.com/pixel/purst?dl=0&th=0&sc=0&rs=1355&rd=1355&fd=882&bv=24.4.7925&tmpl=70 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1quicklymuseum.com/pixel/purst?dl=0&th=0&sc=0&rs=1355&rd=1355&fd=882&bv=24.4.7925&tmpl=70 IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectquicklymuseum.com Fingerprint46:2B:BA:FF:1F:D7:9A:D9:BA:1C:E8:8F:54:9F:9F:CC:52:BB:F7:03 ValidityWed, 24 Apr 2024 15:07:42 GMT - Tue, 23 Jul 2024 15:07:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=1355&rd=1355&fd=882&bv=24.4.7925&tmpl=70 HTTP/1.1
Host: quicklymuseum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| hewomenentail.com/watch.1685413249211.js?key=47e256568502d808b0f4997433da285b&kw=%5B%22henka%22%2C%22kyrstin%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22henka%22%2C%22kyrstin%22%5D&refer=https%3A%2F%2Fmargarethewesme.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 | 192.243.61.225 | 307 Temporary Redirect | 0 B |
URL GET HTTP/1.1hewomenentail.com/watch.1685413249211.js?key=47e256568502d808b0f4997433da285b&kw=%5B%22henka%22%2C%22kyrstin%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22henka%22%2C%22kyrstin%22%5D&refer=https%3A%2F%2Fmargarethewesme.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjecthewomenentail.com Fingerprint14:95:EE:C0:C1:31:B6:1C:62:FC:81:55:8C:9C:5B:64:48:FD:65:AD ValidityWed, 24 Apr 2024 15:13:32 GMT - Tue, 23 Jul 2024 15:13:31 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1685413249211.js?key=47e256568502d808b0f4997433da285b&kw=%5B%22henka%22%2C%22kyrstin%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22henka%22%2C%22kyrstin%22%5D&refer=https%3A%2F%2Fmargarethewesme.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 HTTP/1.1
Host: hewomenentail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:36 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margarethewesme.pages.dev
Access-Control-Allow-Origin: https://margarethewesme.pages.dev
Access-Control-Allow-Credentials: true
Location: https://hewomenentail.com/watch.1685413249211.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22henka%22%2C%22kyrstin%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22henka%22%2C%22kyrstin%22%5D&pst=1714141896&refer=https%3A%2F%2Fmargarethewesme.pages.dev%2F&res=14.2071&rmtc=t&shu=6325436578c84168acd15068ae731d47138badef50c965125b6074f5d594c207558129495c8e0f0b3b22bd8eaa0c2b0423f0bec14935f317ca3f180276994307f71d7f257299aa207496f24949d1904025391a47f32524240b8e5e2a666aac&tz=0&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1
Set-Cookie: u_pl=16337114; expires=Sat, 27 Apr 2024 14:30:36 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjMzNzExNCwiayI6IjQ3ZTI1NjU2ODUwMmQ4MDhiMGY0OTk3NDMzZGEyODViIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzg0OTA0LCJwaWQiOjk1ODkzLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6NSwicHQiOjQsInBrIjoicGt6Z2Rpc2RzIiwiY3BrcyI6eyIyOCI6IjM3ZWIzYzg4MDE5Yjg1OGZhYWZhMmZiMWQ5ODIwNDRlIiwiMjkiOiI3NmIxZTYwYTA3NzQxMTA2YWI1NTFjODE4Njc5MTIzOCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9tYXJnYXJldGhld2VzbWUucGFnZXMuZGV2LyIsImFyIjpbXX19.WeX5llgugTrNpFlTPSCmUGm_hz17Wx-6ZYqatRd8YjY; expires=Fri, 26 Apr 2024 14:31:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f7e0473c6b42d48f03d3a8170256949
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| hewomenentail.com/76/b1/e6/76b1e60a07741106ab551c8186791238.js | 192.243.61.225 | 200 OK | 16 kB |
URL GET HTTP/1.1hewomenentail.com/76/b1/e6/76b1e60a07741106ab551c8186791238.js IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjecthewomenentail.com Fingerprint14:95:EE:C0:C1:31:B6:1C:62:FC:81:55:8C:9C:5B:64:48:FD:65:AD ValidityWed, 24 Apr 2024 15:13:32 GMT - Tue, 23 Jul 2024 15:13:31 GMT
File typeJavaScript source, ASCII text, with very long lines (44057), with no line terminators Hashbad9fd3885c1fafbfefde6eca86eaad1 8b38df23cd2ad120b216831873258e0de4876d20 c645f7600875025b9045b906259b923615efa579d868e34275cda345cf3eb7a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /76/b1/e6/76b1e60a07741106ab551c8186791238.js HTTP/1.1
Host: hewomenentail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe69572890c0456ae4a0462dde22a8a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| capaciousdrewreligion.com/advertisers.js | 172.240.253.132 | 200 OK | 0 B |
URL GET HTTP/1.1capaciousdrewreligion.com/advertisers.js IP172.240.253.132:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectcapaciousdrewreligion.com Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:36 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: baac5088d749fb78958d85743d57eeb0
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| hewomenentail.com/watch.1685413249211.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22henka%22%2C%22kyrstin%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22henka%22%2C%22kyrstin%22%5D&pst=1714141896&refer=https%3A%2F%2Fmargarethewesme.pages.dev%2F&res=14.2071&rmtc=t&shu=6325436578c84168acd15068ae731d47138badef50c965125b6074f5d594c207558129495c8e0f0b3b22bd8eaa0c2b0423f0bec14935f317ca3f180276994307f71d7f257299aa207496f24949d1904025391a47f32524240b8e5e2a666aac&tz=0&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 | 192.243.61.225 | 200 OK | 2.0 kB |
URL GET HTTP/1.1hewomenentail.com/watch.1685413249211.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22henka%22%2C%22kyrstin%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22henka%22%2C%22kyrstin%22%5D&pst=1714141896&refer=https%3A%2F%2Fmargarethewesme.pages.dev%2F&res=14.2071&rmtc=t&shu=6325436578c84168acd15068ae731d47138badef50c965125b6074f5d594c207558129495c8e0f0b3b22bd8eaa0c2b0423f0bec14935f317ca3f180276994307f71d7f257299aa207496f24949d1904025391a47f32524240b8e5e2a666aac&tz=0&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjecthewomenentail.com Fingerprint14:95:EE:C0:C1:31:B6:1C:62:FC:81:55:8C:9C:5B:64:48:FD:65:AD ValidityWed, 24 Apr 2024 15:13:32 GMT - Tue, 23 Jul 2024 15:13:31 GMT
File typeJavaScript source, ASCII text, with very long lines (2449) Hashd66a1fc97fa10591319b0103e3186e93 ea572dd4694dff2cdcf92496fb41f1139d96535d d239200cc73357ae0b1abe956db215c8069a304f00f38b160e5b1de21bcc5ca9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /watch.1685413249211.js?dev=e&key=47e256568502d808b0f4997433da285b&kw=%5B%22henka%22%2C%22kyrstin%22%2C%22-%22%2C%22explore%22%2C%22ideas%22%2C%22tips%22%2C%22guide%22%2C%22and%22%2C%22info%22%2C%22henka%22%2C%22kyrstin%22%5D&pst=1714141896&refer=https%3A%2F%2Fmargarethewesme.pages.dev%2F&res=14.2071&rmtc=t&shu=6325436578c84168acd15068ae731d47138badef50c965125b6074f5d594c207558129495c8e0f0b3b22bd8eaa0c2b0423f0bec14935f317ca3f180276994307f71d7f257299aa207496f24949d1904025391a47f32524240b8e5e2a666aac&tz=0&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 HTTP/1.1
Host: hewomenentail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://margarethewesme.pages.dev
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=16337114; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjMzNzExNCwiayI6IjQ3ZTI1NjU2ODUwMmQ4MDhiMGY0OTk3NDMzZGEyODViIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzg0OTA0LCJwaWQiOjk1ODkzLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjMsImFpZCI6NSwicHQiOjQsInBrIjoicGt6Z2Rpc2RzIiwiY3BrcyI6eyIyOCI6IjM3ZWIzYzg4MDE5Yjg1OGZhYWZhMmZiMWQ5ODIwNDRlIiwiMjkiOiI3NmIxZTYwYTA3NzQxMTA2YWI1NTFjODE4Njc5MTIzOCJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9tYXJnYXJldGhld2VzbWUucGFnZXMuZGV2LyIsImFyIjpbXX19.WeX5llgugTrNpFlTPSCmUGm_hz17Wx-6ZYqatRd8YjY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margarethewesme.pages.dev
Access-Control-Allow-Origin: https://margarethewesme.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; expires=Fri, 03 May 2024 14:30:36 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 27 Apr 2024 14:30:36 GMT; secure; SameSite=None
uncs=1; expires=Sat, 27 Apr 2024 14:30:36 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 27 Apr 2024 14:30:36 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 27 Apr 2024 14:30:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: feafdb6d9a2ef56664446a91f0f4afc4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| margarethewesme.pages.dev/favicon.ico | 172.66.47.52 | 200 OK | 121 kB |
URL GET HTTP/3margarethewesme.pages.dev/favicon.ico IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (9499), with CRLF, LF line terminators Size121 kB (120638 bytes) Hash26eb792d71f22e1b822b985830743a18 cdec40bcc20701a2c695ac2d593ddcf03e4aaca0 956257aabd35562bdb4565fd78453f874b1c6dc3cb5514967be310522a553357
GET /favicon.ico HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1; pp_main_c331f53d8cb1f5b6cb7f7b13f9d18a13=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:36 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d2128ffc13ea8cb64edd5ceaf8cb4a1c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OEb2dprKnvYffxU%2BWaw5i61n9buRawkbuQb81n6YpD%2FQH%2F7MKh4TNdlEO6CAIuM5USYXZw8AU8cOIoj49zTtpPj%2BU91D5JWue5BnACkH0NYJVyXf6mAdE2DLuut39bWj2Dyxc7JEoO97qEL7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7458d2b63712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/bootstrap-masonry.js?ver=1.0 | 172.66.47.52 | 200 OK | 44 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/bootstrap-masonry.js?ver=1.0 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeJavaScript source, ASCII text, with very long lines (23966) Hash520e46df77727aaf3d5e799ef241be02 d20252cf76c3be8af37a8415d13ad368c762b4d8 367d6afdfc741fb48d2d9310e47c3924b693459a74c882c0fc545ec5ed7d55d2
GET /wp-content/themes/z-platform/assets/js/bootstrap-masonry.js?ver=1.0 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"8a0af5333bf09f3426b1d9bcd39772fa"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1lMiYqY5gs1Yr1Pqf19XWoTYNx%2FSi3kgliy9Njoo6cXPpdkS9CBNbteFkUEjQLGFHiY211PRz3DAACcy36wWKmIPZaNpxwjhBxmd%2FjJgtoOK7%2FuYo%2BVc3n%2Bb4EPv9RVUgZBrCuNSe8IOQFeZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745822bc5712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| unseenreport.com/pxf.gif?uuid=4aaae168-2d39-4b1b-816c-d742499da1e8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=76b1e60a07741106ab551c8186791238&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 | 192.243.61.225 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=4aaae168-2d39-4b1b-816c-d742499da1e8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=76b1e60a07741106ab551c8186791238&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=4aaae168-2d39-4b1b-816c-d742499da1e8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=76b1e60a07741106ab551c8186791238&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0bc6f4f24afb54974942a37dca2dbd06
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=4aaae168-2d39-4b1b-816c-d742499da1e8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=c331f53d8cb1f5b6cb7f7b13f9d18a13&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 | 192.243.61.225 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=4aaae168-2d39-4b1b-816c-d742499da1e8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=c331f53d8cb1f5b6cb7f7b13f9d18a13&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=4aaae168-2d39-4b1b-816c-d742499da1e8&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=c331f53d8cb1f5b6cb7f7b13f9d18a13&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 12052f6d1aedef38b1c0e4faa581e3cc
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.3 | 200 OK | 1.3 kB |
URL GET HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.3:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.barscreative1.com FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3 ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT
File typeHTML document, ASCII text Hashf6990569c7ffeac1f4a3f6d9eee5da44 e7d5e37acf89a8faee252c36fc2c9d6615501d76 cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:37 GMT
content-type: text/html; charset=utf-8
content-length: 1325
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: "6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Fri, 26 Apr 2024 15:30:37 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| likescenesfocused.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuunuztgw%2BUeArCCB4iurNdPbPdM%2BYQjOvK4ppdk4heRKq7ambLre5qqvrH7FxcDEguwiB4731mN4saJLmFgEFmAwoLQsbTHtyL%2F0GEnGXGwdH3UO%2F71vMWPO%2Fz1JcH%2BTnxkLOztff1QCrFVlYbbv3yx5ReqW%2FKJO%2FX%2B23%2FU791pW6KNzt%2Bw32t%2Fq6IdvWK51LXpS6tr0sjurq%2FMgUh03sd2ui4jZbXoKst9M1%2Fe5s7sMwBL87Ji5B8svTEuQgZjZHE99eE3c10%2BsY7ca5Ypg0KfvxhspvoMkG8KLvGQTc5nk9D26frj6GToxld6OKfwVBOiPPzY4TJ8ZwkwuJwxjNUEAlC%2Fj%2BUxRhCjSHZGJG%2BDcmfEiDiuL6FJL57XZuS7f2Nsik6IUvP%2F4QsJ2Tp94tI4h%2BuKdmv39Qqz6ROLPrdCrI%2FhuyNkeYnyAY1yPIEUfYFJP%2BVrDzfRBIfblmlIfnZqy3GmKB%2Be9njzc5yK6Thcpv60TIPWl6r0%2BGMivZMICnHkN0xlBiC2Rpy6yCXDvKugzx1EPOzekQpDVweMbfdiaImD0Toc5eyoEsZdf028mi6wxBZOkSkhojMPlKzj105hMl%2Fgt2pYHkNNpsQ54PPUfAKpSAoLUHJCEpJUGYEZVEdcWU9W93lyuYhnWdvnpvVSGe9A3aks55ICJgZwvDqID0nL0xFdD55%2BAy74qwe%2BCEVvsvcIGhR6vosXF2lUZu2%2FaBDvWYbVlaQtgZmHQzkhLz0yi9Ip8YW3yBkJ7DqBJG8AJa%2FDFZWYDsVBsnDiMVCKckGhlnFGinrCdvgogDXFdJsCdmec6DOyaWZpRtbDyCi06t%2FNGeByFRITYXP5BOCnrozuqFLcnhDl5Y82EozGcsBm9p9M2OZuPDde2Kv1IZvrNnht29FU2Ba3rslbLbJEi6TniXfX5OcC7OuTSTIjxv2IxFu53bnWm6SPN3cfnt9I06NsFbqZAw2XfCZQSQn5P%2BXbs1%2B8uVH25BmDJNXiPNTMg9IPUaU7sOmC%2F5WExi1mAlTB2VejYwXLi6VJFBi0bOwgv1XHy7qkWHT10xWB%2FYOeqYGlt1GElcoTIVCVWBqCJtfGGWpOb3625xGqGqjUJnaYaiM%2Bnom8%2FS4DyvP6kGz6TK%2Fs0qDgIkgbHntrk85Y17L93yfNZHZSff1R1%2F9BQAA%2F%2F8BAAD%2F%2F9oePRKjBAAA | 172.240.108.84 | 200 OK | 7 B |
URL GET HTTP/1.1likescenesfocused.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuunuztgw%2BUeArCCB4iurNdPbPdM%2BYQjOvK4ppdk4heRKq7ambLre5qqvrH7FxcDEguwiB4731mN4saJLmFgEFmAwoLQsbTHtyL%2F0GEnGXGwdH3UO%2F71vMWPO%2Fz1JcH%2BTnxkLOztff1QCrFVlYbbv3yx5ReqW%2FKJO%2FX%2B23%2FU791pW6KNzt%2Bw32t%2Fq6IdvWK51LXpS6tr0sjurq%2FMgUh03sd2ui4jZbXoKst9M1%2Fe5s7sMwBL87Ji5B8svTEuQgZjZHE99eE3c10%2BsY7ca5Ypg0KfvxhspvoMkG8KLvGQTc5nk9D26frj6GToxld6OKfwVBOiPPzY4TJ8ZwkwuJwxjNUEAlC%2Fj%2BUxRhCjSHZGJG%2BDcmfEiDiuL6FJL57XZuS7f2Nsik6IUvP%2F4QsJ2Tp94tI4h%2BuKdmv39Qqz6ROLPrdCrI%2FhuyNkeYnyAY1yPIEUfYFJP%2BVrDzfRBIfblmlIfnZqy3GmKB%2Be9njzc5yK6Thcpv60TIPWl6r0%2BGMivZMICnHkN0xlBiC2Rpy6yCXDvKugzx1EPOzekQpDVweMbfdiaImD0Toc5eyoEsZdf028mi6wxBZOkSkhojMPlKzj105hMl%2Fgt2pYHkNNpsQ54PPUfAKpSAoLUHJCEpJUGYEZVEdcWU9W93lyuYhnWdvnpvVSGe9A3aks55ICJgZwvDqID0nL0xFdD55%2BAy74qwe%2BCEVvsvcIGhR6vosXF2lUZu2%2FaBDvWYbVlaQtgZmHQzkhLz0yi9Ip8YW3yBkJ7DqBJG8AJa%2FDFZWYDsVBsnDiMVCKckGhlnFGinrCdvgogDXFdJsCdmec6DOyaWZpRtbDyCi06t%2FNGeByFRITYXP5BOCnrozuqFLcnhDl5Y82EozGcsBm9p9M2OZuPDde2Kv1IZvrNnht29FU2Ba3rslbLbJEi6TniXfX5OcC7OuTSTIjxv2IxFu53bnWm6SPN3cfnt9I06NsFbqZAw2XfCZQSQn5P%2BXbs1%2B8uVH25BmDJNXiPNTMg9IPUaU7sOmC%2F5WExi1mAlTB2VejYwXLi6VJFBi0bOwgv1XHy7qkWHT10xWB%2FYOeqYGlt1GElcoTIVCVWBqCJtfGGWpOb3625xGqGqjUJnaYaiM%2Bnom8%2FS4DyvP6kGz6TK%2Fs0qDgIkgbHntrk85Y17L93yfNZHZSff1R1%2F9BQAA%2F%2F8BAAD%2F%2F9oePRKjBAAA IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuunuztgw%2BUeArCCB4iurNdPbPdM%2BYQjOvK4ppdk4heRKq7ambLre5qqvrH7FxcDEguwiB4731mN4saJLmFgEFmAwoLQsbTHtyL%2F0GEnGXGwdH3UO%2F71vMWPO%2Fz1JcH%2BTnxkLOztff1QCrFVlYbbv3yx5ReqW%2FKJO%2FX%2B23%2FU791pW6KNzt%2Bw32t%2Fq6IdvWK51LXpS6tr0sjurq%2FMgUh03sd2ui4jZbXoKst9M1%2Fe5s7sMwBL87Ji5B8svTEuQgZjZHE99eE3c10%2BsY7ca5Ypg0KfvxhspvoMkG8KLvGQTc5nk9D26frj6GToxld6OKfwVBOiPPzY4TJ8ZwkwuJwxjNUEAlC%2Fj%2BUxRhCjSHZGJG%2BDcmfEiDiuL6FJL57XZuS7f2Nsik6IUvP%2F4QsJ2Tp94tI4h%2BuKdmv39Qqz6ROLPrdCrI%2FhuyNkeYnyAY1yPIEUfYFJP%2BVrDzfRBIfblmlIfnZqy3GmKB%2Be9njzc5yK6Thcpv60TIPWl6r0%2BGMivZMICnHkN0xlBiC2Rpy6yCXDvKugzx1EPOzekQpDVweMbfdiaImD0Toc5eyoEsZdf028mi6wxBZOkSkhojMPlKzj105hMl%2Fgt2pYHkNNpsQ54PPUfAKpSAoLUHJCEpJUGYEZVEdcWU9W93lyuYhnWdvnpvVSGe9A3aks55ICJgZwvDqID0nL0xFdD55%2BAy74qwe%2BCEVvsvcIGhR6vosXF2lUZu2%2FaBDvWYbVlaQtgZmHQzkhLz0yi9Ip8YW3yBkJ7DqBJG8AJa%2FDFZWYDsVBsnDiMVCKckGhlnFGinrCdvgogDXFdJsCdmec6DOyaWZpRtbDyCi06t%2FNGeByFRITYXP5BOCnrozuqFLcnhDl5Y82EozGcsBm9p9M2OZuPDde2Kv1IZvrNnht29FU2Ba3rslbLbJEi6TniXfX5OcC7OuTSTIjxv2IxFu53bnWm6SPN3cfnt9I06NsFbqZAw2XfCZQSQn5P%2BXbs1%2B8uVH25BmDJNXiPNTMg9IPUaU7sOmC%2F5WExi1mAlTB2VejYwXLi6VJFBi0bOwgv1XHy7qkWHT10xWB%2FYOeqYGlt1GElcoTIVCVWBqCJtfGGWpOb3625xGqGqjUJnaYaiM%2Bnom8%2FS4DyvP6kGz6TK%2Fs0qDgIkgbHntrk85Y17L93yfNZHZSff1R1%2F9BQAA%2F%2F8BAAD%2F%2F9oePRKjBAAA HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d3eaed5e043062477a3b977f3360c793
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=87 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=87 IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=87 HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 104.21.70.253 | 200 OK | 591 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP104.21.70.253:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:37 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6225930
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZRzCOKDuogFyoMWHZxfVviJRDrX%2FJ30k%2BVWQuAyOFDEvhCBmjvoNS2U1mYe8CWYxJ88%2BlEI8jNUfkJuQKeIR4Z%2F6RAQKk8xv4oO3v0zYv7voVO%2BYYyUNTy8XhUGzHeKSx44dfcv0LYG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745945fc75694-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| margarethewesme.pages.dev/wp-content/themes/z-platform/style.css?ver=1.0.0 | 172.66.47.52 | 200 OK | 25 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/themes/z-platform/style.css?ver=1.0.0 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeASCII text, with very long lines (561) Hash65733793f4011ecc4cb2f95bb1131640 b118351dc4ea0ab3251235c41a9bb23db42a29fc 2cb28a91aa8bb83917512ec420838066f18f9d21a15344b090294a9999a8e417
GET /wp-content/themes/z-platform/style.css?ver=1.0.0 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"8670f690eb4af9fd560648376ed2801e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9ovULPiUodpKE27hbR5XwP9Tp28mZsAISlPG7svMzY4UnPX40HyZj%2BWcs6aNzdOrVIbe8A89XLrtidV%2Fmzt6LNjZgpoZgwJstvzhZsjR6RaXGE3SbB0AFv9%2BET7L4xdq8vqAr0piL3ZIY%2BF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745821b96712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 104.21.70.253 | 200 OK | 961 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP104.21.70.253:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash039a6734d79ed9aa51cf81c52479c5fe 9cf29c4ea1a3880681d50c7228374f8073b7778b a15bad73fc8907795285b78a4a1a1bf5e7f68b4d39988b9bb165444819cf9eb1
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:37 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFiKRHSKZM0g173Vnu3gVRdP8rYdrzBMd6TFNfDc6IcHdrSfRDaSJmJKMpSUN%2BnEawhtiVRiq6WraVm2NDUCESxzcLDpkGymhRFMW2eYhQ%2FB3ul2MT0GTTLZxCZ31aHw0V2f1D9DBMRR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a74593cece5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=340 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=340 IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=340 HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=335 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=335 IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=335 HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33 ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0 Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 05:55:49 GMT
expires: Sat, 26 Apr 2025 05:55:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 30889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/jquery-match-height.js?ver=1.0 | 172.66.47.52 | 200 OK | 19 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/jquery-match-height.js?ver=1.0 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeJavaScript source, ASCII text, with CRLF line terminators Hash71cfea9a968d037265d49e71ab86927f 8bd1e94980360f7c182e945f2b9283934c7a69fc 48908485393323cbbe8faf1ac5797466e52eac32448a4449048cd9ccd9ee4e9c
GET /wp-content/themes/z-platform/assets/js/jquery-match-height.js?ver=1.0 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7babcf61c1056c8e76b7552ee8bef89f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NslqC%2BfNqHToKxhHG285sgEM9TQKlq2sIjml1H%2FXh4GEVKllXiI8yV5%2BTjVBHymT1z4jU5LKP9Mg%2BJUCb1vgxphcqBgIAgUzTCNw9Kup3lFkqT3mYlXlUosjK79lWFrYoKVGLsPe2ZWEzFQR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745822bb3712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| likescenesfocused.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYtcxRet15ndD36gxFUQWnAR0el51d9tFsEYRwbHTEwiuhGpr%2B6UU%2B%2FVo%2Bp9dHpjMCDZCI3g%2Fs3pSQY1SLILAYP0BBQGhLSrWTgb%2F4MIWUu3ja13UffeOrfg3HPqy73shNSRseOL79uRNoZttGph9ezHlJ6rbus4G1aH3fan7ea5qsvf7LVr4WvVd5XYtRv1kIYhDWl1UzvVt8ONOQid3OvRWi%2BsNes12mpi6P7b%2ByyAZwFkfkJehJaztSfBaWgxRRzdv6j8bmqTN96JMsNS65DLgw%2Fj3dgWMaJV2XcB%2BvHBchrWP918DBvfWdCFzf8Z5HpGgp8fg8cHS5Lg%2Bf6CJzdQMbj8H4p8CmWm0GwKYW9By6cEEBKXdhBHdy9ZV7Abf6Nsjs7I2vM%2FoYsZWfv9NOLohwtGD6tXrclSbWOPYb%2BEHk6hB1Mk2SHSUQW6OIRIv4CWv5KN59uIo%2F0dbyy0PH61yRhTtN1dr8tGb73JKV%2Fv0rZYl51mvdnrSUZVdyGQ1lPo%2FhRGjcF8BZkPkOkAWT9AlgSI5HFVUEo7oRQs7PaEaMiO4m0ZUtbpU0bDdheZmO8wRpqMIcwYwt1E4m5iV4%2Fhsp%2Fgr5fwsgKfzkjwwefIZYlCERSeoGAEhSYoUoIiL%2B9I4%2Bu%2BvCuNzzhd5voyN8qJTQd77I5NByomYG4MJ8u95IS8MBcx%2BOThM%2Byq42qnzalqhyzsdJqUhm3GWy0qurTb7vRovdGF1yW0r4D5ACM9Iy%2B98guSubH5N%2BDsEN4cQuhTYNnLYEUJdr3EKH4oWKSM0WzkmDeslrCB8jWpckhbIknXkN4I9swJObOwdGvnAZQ4Ov9HYxEQrkTiSnymnxAMzO3JFVuQ%2FSu28OTBTpLqSI%2FY3O6rKUvVqe%2FeUzcK6%2BTWRT%2F%2B9i0xB%2BblvWvKp9ssljoeePL9BS2lcpvWCUV%2B3PIfKX4589cvZC7Oku3Lb29uRYlT3msbT8HmCz5zEHpG%2Fn%2Fm2uInn310GdpN4bISUXZElgFtpxDJTfhkxd9bAmdWMzwJUGTlxNX56tJoAqNWPeMl%2FL96vqonjs1fM13u%2BdsYuApYegtxVCJ3JXJTgpkxfHZqkibu6PxvSxrcVCbcuMo%2BN858vZB5ftyH18fVRig7XPVVh6tmq9lXQvJWi4eiL3hDdrsCqZ%2F1X3%2F01V8AAAD%2F%2FwEAAP%2F%2FWsro%2BqMEAAA%3D | 172.240.108.84 | 200 OK | 7 B |
URL GET HTTP/1.1likescenesfocused.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYtcxRet15ndD36gxFUQWnAR0el51d9tFsEYRwbHTEwiuhGpr%2B6UU%2B%2FVo%2Bp9dHpjMCDZCI3g%2Fs3pSQY1SLILAYP0BBQGhLSrWTgb%2F4MIWUu3ja13UffeOrfg3HPqy73shNSRseOL79uRNoZttGph9ezHlJ6rbus4G1aH3fan7ea5qsvf7LVr4WvVd5XYtRv1kIYhDWl1UzvVt8ONOQid3OvRWi%2BsNes12mpi6P7b%2ByyAZwFkfkJehJaztSfBaWgxRRzdv6j8bmqTN96JMsNS65DLgw%2Fj3dgWMaJV2XcB%2BvHBchrWP918DBvfWdCFzf8Z5HpGgp8fg8cHS5Lg%2Bf6CJzdQMbj8H4p8CmWm0GwKYW9By6cEEBKXdhBHdy9ZV7Abf6Nsjs7I2vM%2FoYsZWfv9NOLohwtGD6tXrclSbWOPYb%2BEHk6hB1Mk2SHSUQW6OIRIv4CWv5KN59uIo%2F0dbyy0PH61yRhTtN1dr8tGb73JKV%2Fv0rZYl51mvdnrSUZVdyGQ1lPo%2FhRGjcF8BZkPkOkAWT9AlgSI5HFVUEo7oRQs7PaEaMiO4m0ZUtbpU0bDdheZmO8wRpqMIcwYwt1E4m5iV4%2Fhsp%2Fgr5fwsgKfzkjwwefIZYlCERSeoGAEhSYoUoIiL%2B9I4%2Bu%2BvCuNzzhd5voyN8qJTQd77I5NByomYG4MJ8u95IS8MBcx%2BOThM%2Byq42qnzalqhyzsdJqUhm3GWy0qurTb7vRovdGF1yW0r4D5ACM9Iy%2B98guSubH5N%2BDsEN4cQuhTYNnLYEUJdr3EKH4oWKSM0WzkmDeslrCB8jWpckhbIknXkN4I9swJObOwdGvnAZQ4Ov9HYxEQrkTiSnymnxAMzO3JFVuQ%2FSu28OTBTpLqSI%2FY3O6rKUvVqe%2FeUzcK6%2BTWRT%2F%2B9i0xB%2BblvWvKp9ssljoeePL9BS2lcpvWCUV%2B3PIfKX4589cvZC7Oku3Lb29uRYlT3msbT8HmCz5zEHpG%2Fn%2Fm2uInn310GdpN4bISUXZElgFtpxDJTfhkxd9bAmdWMzwJUGTlxNX56tJoAqNWPeMl%2FL96vqonjs1fM13u%2BdsYuApYegtxVCJ3JXJTgpkxfHZqkibu6PxvSxrcVCbcuMo%2BN858vZB5ftyH18fVRig7XPVVh6tmq9lXQvJWi4eiL3hDdrsCqZ%2F1X3%2F01V8AAAD%2F%2FwEAAP%2F%2FWsro%2BqMEAAA%3D IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYtcxRet15ndD36gxFUQWnAR0el51d9tFsEYRwbHTEwiuhGpr%2B6UU%2B%2FVo%2Bp9dHpjMCDZCI3g%2Fs3pSQY1SLILAYP0BBQGhLSrWTgb%2F4MIWUu3ja13UffeOrfg3HPqy73shNSRseOL79uRNoZttGph9ezHlJ6rbus4G1aH3fan7ea5qsvf7LVr4WvVd5XYtRv1kIYhDWl1UzvVt8ONOQid3OvRWi%2BsNes12mpi6P7b%2ByyAZwFkfkJehJaztSfBaWgxRRzdv6j8bmqTN96JMsNS65DLgw%2Fj3dgWMaJV2XcB%2BvHBchrWP918DBvfWdCFzf8Z5HpGgp8fg8cHS5Lg%2Bf6CJzdQMbj8H4p8CmWm0GwKYW9By6cEEBKXdhBHdy9ZV7Abf6Nsjs7I2vM%2FoYsZWfv9NOLohwtGD6tXrclSbWOPYb%2BEHk6hB1Mk2SHSUQW6OIRIv4CWv5KN59uIo%2F0dbyy0PH61yRhTtN1dr8tGb73JKV%2Fv0rZYl51mvdnrSUZVdyGQ1lPo%2FhRGjcF8BZkPkOkAWT9AlgSI5HFVUEo7oRQs7PaEaMiO4m0ZUtbpU0bDdheZmO8wRpqMIcwYwt1E4m5iV4%2Fhsp%2Fgr5fwsgKfzkjwwefIZYlCERSeoGAEhSYoUoIiL%2B9I4%2Bu%2BvCuNzzhd5voyN8qJTQd77I5NByomYG4MJ8u95IS8MBcx%2BOThM%2Byq42qnzalqhyzsdJqUhm3GWy0qurTb7vRovdGF1yW0r4D5ACM9Iy%2B98guSubH5N%2BDsEN4cQuhTYNnLYEUJdr3EKH4oWKSM0WzkmDeslrCB8jWpckhbIknXkN4I9swJObOwdGvnAZQ4Ov9HYxEQrkTiSnymnxAMzO3JFVuQ%2FSu28OTBTpLqSI%2FY3O6rKUvVqe%2FeUzcK6%2BTWRT%2F%2B9i0xB%2BblvWvKp9ssljoeePL9BS2lcpvWCUV%2B3PIfKX4589cvZC7Oku3Lb29uRYlT3msbT8HmCz5zEHpG%2Fn%2Fm2uInn310GdpN4bISUXZElgFtpxDJTfhkxd9bAmdWMzwJUGTlxNX56tJoAqNWPeMl%2FL96vqonjs1fM13u%2BdsYuApYegtxVCJ3JXJTgpkxfHZqkibu6PxvSxrcVCbcuMo%2BN858vZB5ftyH18fVRig7XPVVh6tmq9lXQvJWi4eiL3hDdrsCqZ%2F1X3%2F01V8AAAD%2F%2FwEAAP%2F%2FWsro%2BqMEAAA%3D HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:38 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88e53a7b140fe2eccb14aab35e4d90cb
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| likescenesfocused.com/pixel/sbs?c=1 | 192.243.61.225 | 200 OK | 0 B |
URL GET HTTP/1.1likescenesfocused.com/pixel/sbs?c=1 IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbs?c=1 HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:38 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| cdn.cloudimagesb.com/cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png | 45.133.44.10 | 200 OK | 108 kB |
URL GET HTTP/2cdn.cloudimagesb.com/cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 300 x 250, 8-bit/color RGB, non-interlaced Size108 kB (107711 bytes) Hashd5d8bc18ba152c6e850417cdf9dfbbff 888bf155775a9879f26faf0e7faaff5803296e8e b481f86a9731573e3cfd04880209d5ecb5c163caa0e2656a9f740321c5e637c8
GET /cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:36 GMT
content-type: image/png
content-length: 107711
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:51:18 GMT
etag: "61080666-1a4bf"
expires: Sun, 28 Apr 2024 14:30:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| margarethewesme.pages.dev/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 | 172.66.47.52 | 200 OK | 14 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeJavaScript source, ASCII text, with very long lines (13479) Hash9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ff416357a541c2641e2808b797569af3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UeUFkJmIB7Ryc23IEloHmgNuKru55a4OSMV%2FIK2sZL%2F9X0ZHDsPYOGrartNhuw6bOpRMw14J3cNLh1eRPmuncuDhz9LE8Rkt0GkNiJXipK1tqvYAtNJEFnQuKIjLgD4r83%2BfxEVt01UNh9hc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745821b9e712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| margarethewesme.pages.dev/wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1 | 172.66.47.52 | 200 OK | 3.9 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeJavaScript source, ASCII text, with very long lines (4077), with no line terminators Hash0107360725310915a1fd69ea43e81151 f8c18be2fe6c9fa7e412254387f614d2b8b05b54 18da3b371350a20b6fd8f70d0b6541c2826076fbd3f5663bc238dde7ac76142a
GET /wp-content/plugins/wp-meta-and-date-remover/assets/js/inspector.js?ver=1.1 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"155e673a0ef0fa0671bf62a6b4137ed9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zYikSiNCVlAOFU29l0lDRummtXtkUe9kWsqEcG5hyTFZDNCB9zwO2fzNG3o30Kq7fjggmTUZahU5YZczBgkcjKiHq%2BPUR49kAlzqom6CJtpcVZe22ml4bCiMVxPbIRF9FDxjr%2BxLHZkqdElV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745821bab712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 7.0 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50 ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File typeASCII text, with very long lines (7193), with no line terminators Hash16b49a99486594c0b42d9bd7821deb2c 2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a 3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 14:30:37 GMT
date: Fri, 26 Apr 2024 14:30:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png | 45.133.44.10 | 200 OK | 16 kB |
URL GET HTTP/2cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png IP45.133.44.10:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectcdn.cloudimagesb.com FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0 ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash14cf262fabfd850855c42847d14fe775 2fafa28f167f018a0fb1f261f47380c8810803c9 972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:37 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sun, 28 Apr 2024 14:30:37 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| margarethewesme.pages.dev/wp-content/themes/z-platform/assets/css/animate.css?ver=6.4.3 | 172.66.47.52 | 200 OK | 100 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/themes/z-platform/assets/css/animate.css?ver=6.4.3 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeASCII text, with CRLF line terminators Hash5196254819c00beb7d47f2e619c91b23 585facdbaea876144a9e2830a25aed32aff012c7 843bbe95de846af80e6874924b521abae8ab90a61fc293844366d53c2718f90c
GET /wp-content/themes/z-platform/assets/css/animate.css?ver=6.4.3 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b76b3d9df34d5a63b2a95e0ce22eabf4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OetSJsuBeE5U%2Bm4MQEfMIM7zW4G72G5UJgpBck2kXQonRmcAJnM43wAhhldqOilEm3T3L8tm8wQpdK3KSeDvl4gmtCL9Td1DwJMGPMiEm6KqXxyp66xRye1gAcWrMXLekgqNenRiXfD6E5mH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745820b8f712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/bootstrap.bundle.js?ver=5.1.3 | 172.66.47.52 | 200 OK | 208 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/bootstrap.bundle.js?ver=5.1.3 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
Size208 kB (207852 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/z-platform/assets/js/bootstrap.bundle.js?ver=5.1.3 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"5657eadbae44adf795adc0ebbfaa2466"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CCq93e3c1BBQpxPFKVrlzCG17gthQKLDbjq%2Bp6Hy5tqknDN2inryedE6vBGzCgGSwbjBYE4wHKodSLjagDcqao1R26CkiHs%2Bv3trkjHDjetQgIywY9g43njCCld4MlcSOj8OBx%2Fo6PklznFo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745821bad712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| downstairsnegotiatebarren.com/sfp.js | 172.67.180.87 | 200 OK | 86 kB |
URL GET HTTP/3downstairsnegotiatebarren.com/sfp.js IP172.67.180.87:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44 ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:36 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 77e031af4bdd8cc9becf6c224b405a20
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 14:30:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTUM4VRiZDXu4l526o%2FeSVJtD4lGJV3mtoZ3nqDVi8XE4anNmfYZnGsrscb7WtYRaHs3GZ4S%2BmHF0RiGGM2B0SyKIYHW6KqA1Om6hpB2W8umQUGVqb8sS7eFLAUssq1309yN8Vh%2B3I4qH7IB7oNujA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7458c4fa47128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| margarethewesme.pages.dev/wp-content/plugins/advanced-random-posts-widget/assets/css/arpw-frontend.css?ver=6.4.3 | 172.66.47.52 | 200 OK | 275 B |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/plugins/advanced-random-posts-widget/assets/css/arpw-frontend.css?ver=6.4.3 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeASCII text, with very long lines (312), with no line terminators Hash58e671c19d0c80d4cd0dfc871532c81d 1236a814bc62bb0f3eaa97ff3b3464969211d835 6ee0f5e3cc7aff02c7f1ff31581494303213619f7f31004c7c2a748891592301
GET /wp-content/plugins/advanced-random-posts-widget/assets/css/arpw-frontend.css?ver=6.4.3 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"89495a62273346014c21c363f32c166b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cDJ6TFWONdqu2awrAcLTu3fTLs1iu0u0os80ONfgNtQKMYRIllCnGGrTguqNaix%2FQt736sPs0TqrGP%2Bto8Gtbot1v0oCrPacFGlk2u%2Fk9BInP%2F%2FJyai09zpRhCUzk6jSlacd2Sjruz5LQh2d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745821b98712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| margarethewesme.pages.dev/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 | 172.66.47.52 | 200 OK | 88 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"4faaa9d1e8ac6b951abd4ab674ea9ec1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EkXG4mxLzqtjU6Lnrh2R0Nls%2BmzopfWemvqsCOjEkI3ntYtaY1wXSWx2KF6mOOKdpmDNo9TAFHeq4FE5a5W5IfePZ%2BCwOeW9M%2FaFAZtd2IapvaHMpiV6jwkOkG3mp52AMnq3t3ZH1hqxZvL3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745821b99712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 104.21.70.253 | 200 OK | 84 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP104.21.70.253:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeJavaScript source, ASCII text, with very long lines (32025) Hash4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:37 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6225931
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BgMOvjzcwPQWB5UkFuGC0xLkq%2BdC39VsuDWYqkPfPjZHYSFtfFlMh27wMSZU54NS5f3ZB0xDC7hLMLHqcEHBv6wLLQ4lkV2nqOqSqxAxAbfTbhR4A44PkyX8tHz9DTx76ZC4va7RcElm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745945fd75694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| downstairsnegotiatebarren.com/sfp.js | 172.67.180.87 | 200 OK | 86 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP172.67.180.87:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44 ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:35 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c5dfaacd4e31d4bfc8ceb424138e36ef
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 14:30:35 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H3ClQ2NsWzXNZfkO7dYwGMG4ZtWbNckRIUKXTr3PEFrFJcSIFeEp6jj6FDCMMJgmqXJtMETGIKMiJ9UrxVkXTPu00%2FTufvZWrjEsS2zEfOchOvlueLUMqlrKuLH1hTcNS6WNbHkeqCK2n4AXPPTl6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745879e205696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| margarethewesme.pages.dev/page/2/ | 0.0.0.0 | | 0 B |
URL GET margarethewesme.pages.dev/page/2/ IP0.0.0.0:0
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /page/2/ HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1; pp_main_c331f53d8cb1f5b6cb7f7b13f9d18a13=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
|
| likescenesfocused.com/sbar.json?key=76b1e60a07741106ab551c8186791238&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 | 172.240.108.84 | 200 OK | 13 kB |
URL GET HTTP/1.1likescenesfocused.com/sbar.json?key=76b1e60a07741106ab551c8186791238&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
Hash62e56d11285d7706e4fe60697cae4eb1 0815be6533dd38922f5ce72bf94cca6898411958 5f72ad89509ce7edf39f9da1f5b656ee2157d976e8c230dbb315cabc0b442192
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sbar.json?key=76b1e60a07741106ab551c8186791238&uuid=4aaae168-2d39-4b1b-816c-d742499da1e8%3A2%3A1 HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://margarethewesme.pages.dev
Access-Control-Allow-Origin: https://margarethewesme.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22919410; expires=Sat, 27 Apr 2024 14:30:37 GMT; secure; SameSite=None
uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; expires=Fri, 03 May 2024 14:30:37 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 27 Apr 2024 14:30:37 GMT; secure; SameSite=None
uncs=1; expires=Sat, 27 Apr 2024 14:30:37 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 27 Apr 2024 14:30:37 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 27 Apr 2024 14:30:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1eac0c91e767b4039502bc18e1ce5c79
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=326 | 172.240.108.84 | 200 OK | 0 B |
URL GET HTTP/1.1likescenesfocused.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=326 IP172.240.108.84:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerLet's Encrypt Subjectlikescenesfocused.com Fingerprint72:A0:54:62:05:83:62:37:5E:DE:D5:B2:E3:9B:DD:AD:EA:C5:EA:0E ValidityWed, 24 Apr 2024 15:04:39 GMT - Tue, 23 Jul 2024 15:04:38 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=326 HTTP/1.1
Host: likescenesfocused.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22919410; uid_id2=4aaae168-2d39-4b1b-816c-d742499da1e8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33 ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:02:10 GMT
expires: Sat, 26 Apr 2025 06:02:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 30508
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 104.21.70.253 | 200 OK | 962 B |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP104.21.70.253:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File typeASCII text, with very long lines (1015), with no line terminators Hash88523e22d10f0cbad31aa1d8276764fa 9238cd9499e01abdbeb33e68c550d26cfb6eaba5 d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:37 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B5sEZVcrVO22ksOZU1vbNrvnGEDKmOAN%2B7Cu2VNLTtH6KXe52m4jKIjeRHsIR11l5lqRyMHYdaEve96ECi%2ByZvHMlS9FnMVkyX1ZdYX7o3NsETbwibt6Rnyhq5TmRUQfUNz625Xdj9OC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a7459508d35694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| margarethewesme.pages.dev/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3 | 172.66.47.52 | 200 OK | 110 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
Size110 kB (110147 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.4.3 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"141cf6fd3e4b533eaa9c573b7c16bc31"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HfksBBIorfOjmGPQj2J0Ad8wWu95hgST30CYSxoEVIWhg4d8fUwubEG%2FWczgHjsawP9gJQRqH69f%2FLcO7zrZHOSMvXLpLsRdyF6EdJ3i0HotlWM0FmkaghPMsdC1ObPs%2Fn0dyZML7odiQ7ZN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745820b81712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/app.js?ver=1.0 | 172.66.47.52 | 200 OK | 4.7 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/themes/z-platform/assets/js/app.js?ver=1.0 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
File typeJavaScript source, ASCII text, with very long lines (4897), with no line terminators Hash86baa8f3ee2569e34eb38e83ef242dc6 c67000d9f0d16b7450990304e63ef05de227c676 f4143cf01f0d2ee8f135788a6eeb4570fc968b7cff945eef8a6232116670ed3f
GET /wp-content/themes/z-platform/assets/js/app.js?ver=1.0 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"fe28948e81cda61811cccbbafd30fa8b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0D93S%2BR6V7kHABpwg%2FuZX%2F4dIeM6SW5ou1I%2FzJYD9X8U0RCvzkyqLYy7ZNcUJUlTgHnx5tEGJh8RdIebvPKWOeT4FpbGwWbMqkpRhUBntgdlT03i2EIiQyEUnSaTjZUxhTD0nsxjHf6vVzXV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745822bba712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| margarethewesme.pages.dev/wp-content/themes/z-platform/assets/css/bootstrap.css?ver=6.4.3 | 172.66.47.52 | 200 OK | 281 kB |
URL GET HTTP/3margarethewesme.pages.dev/wp-content/themes/z-platform/assets/css/bootstrap.css?ver=6.4.3 IP172.66.47.52:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectmargarethewesme.pages.dev Fingerprint35:8F:8E:84:F6:3F:56:22:61:D6:4F:EA:1F:9C:F2:BF:94:46:FA:9C ValiditySat, 20 Apr 2024 13:49:07 GMT - Fri, 19 Jul 2024 13:49:06 GMT
Size281 kB (280813 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/z-platform/assets/css/bootstrap.css?ver=6.4.3 HTTP/1.1
Host: margarethewesme.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:34 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c0ca5765fd1beac544603112191319c6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9Yl6GzjSRnivbBoCoN2LAn6CX74e%2Fuf3VlVRUJKwqjinhEfFm%2B0wP9aprIozzCr8W6TlI27YNyOx98vruNGdMbI2dSfk8bHzswaPZY6NT1XiqrqNmzK%2BScsIngznTMAaVLunSfXss6VN7QY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a745820b86712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 104.21.70.253 | 200 OK | 79 kB |
URL GET HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP104.21.70.253:443
Requested byhttps://margarethewesme.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjectcreative-bars1.com Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13 ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash3d4123dbfb33d27a5cfdfcfa91df6783 e7d0eeeec54b848f0bc3da8685fa3bc88429d660 cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://margarethewesme.pages.dev/
Origin: https://margarethewesme.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:37 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLcjaTgJD%2Bmq2yQfE0bvv7TU8Pr1aL1vh%2FfX7SSiWnCQ%2BXD5P%2Fpv7Z0ry1lHcJPf7acOtHxyK30wb21IGWdUBbyh8xyquoEixkZ1X9aXqCcYq0vBHRdkwlsueILhal5UJskTpewHuelO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a74593bebd5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|