Report - lavellecardwellqthft.pages.dev/

Report Overview

Visited public
2024-04-27 13:43:49
Tags
Submit Tags
URL
lavellecardwellqthft.pages.dev/
Finishing URL
lavellecardwellqthft.pages.dev/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
lavellecardwellqthft.pages.dev/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
postthieve.com	unknown	2024-04-23	2024-04-23 20:12:35	2024-04-26 13:36:20	2.4 kB	5.6 kB	192.243.61.227
supervisebradleyrapidly.com	unknown	2024-04-24	2024-04-25 12:43:33	2024-04-26 18:31:00	2.4 kB	5.6 kB	172.240.108.84
tse1.mm.bing.net	7917	1997-09-03	2014-03-13 15:42:52	2024-04-25 18:15:12	432 B	1.6 kB	204.79.197.200
lavellecardwellqthft.pages.dev	unknown	unknown	No data	No data	487 B	18 kB	188.114.97.1
suggestqueries.google.com	1239	1997-09-15	2012-06-27 13:07:55	2024-04-25 18:12:47	474 B	824 B	142.250.74.142
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2024-04-26 12:12:53	1.4 kB	320 kB	45.133.44.9
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04 23:39:03	2024-04-27 08:55:59	427 B	87 kB	188.114.97.1
ads.bisniskini.biz.id	unknown	2023-09-30	2024-02-24 10:59:39	2024-03-05 16:32:51	924 B	44 kB	104.21.86.41
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2024-04-26 18:32:22	461 B	437 B	35.158.46.84
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22 20:49:06	2024-04-26 11:34:06	457 B	13 kB	192.243.61.227
lessonworkman.com	unknown	2024-04-23	2024-04-23 17:28:56	2024-04-26 18:32:23	3.0 kB	89 kB	192.243.61.227
shayscholz.blogspot.com	unknown	2000-07-31	2024-03-16 20:44:12	2024-03-16 20:44:48	445 B	894 B	216.58.207.193
constructbrought.com	unknown	2024-04-24	2024-04-25 07:55:13	2024-04-26 18:41:56	501 B	467 B	192.243.61.227
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-04-27 08:31:55	993 B	28 kB	104.17.25.14
3.bp.blogspot.com	11048	2000-07-31	2012-05-21 18:26:21	2024-04-26 10:16:15	496 B	894 B	142.250.74.161
audiencegarret.com	unknown	2024-03-05	2024-03-05 14:13:36	2024-03-20 10:18:30	450 B	13 kB	192.243.61.227
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2024-04-27 10:14:09	750 B	423 B	192.243.61.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-27	medium	postthieve.com	Sinkholed
2024-04-27	medium	postthieve.com	Sinkholed
2024-04-27	medium	supervisebradleyrapidly.com	Sinkholed
2024-04-27	medium	supervisebradleyrapidly.com	Sinkholed
2024-04-27	medium	lessonworkman.com	Sinkholed
2024-04-27	medium	lessonworkman.com	Sinkholed
2024-04-27	medium	constructbrought.com	Sinkholed
2024-04-27	medium	unseenreport.com	Sinkholed
2024-04-27	medium	lessonworkman.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	From	Size	First Seen	Last Seen
	ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d	ScriptElement	293 B	2024-04-26	2024-08-20
Pretty URL ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d IP 104.21.86.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 14:35 Last Seen2024-08-20 02:34 Times Seen54 Hash 500accfab8797557b0f922957a9319dd 8d35e1a694c6b6425f79cda1bdc33684b3a05435 29631aedec51cdf985b9ea2e0a34a4d72f4382bac37b5c0f0388f8c9f51fd8e4 Loading...

	unknown	ScriptElement	145 B	2024-04-26	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 14:35 Last Seen2024-08-20 02:34 Times Seen54 Hash 8763daf8043ccc7fbb428269cf14e65a e5c81042dd360dc2b1a64e75e1f1e750db8f25c9 55ca7b56667545066eea7ed316508ba360ea29d2bd99e795a27ac612a5d4695b Loading...

	unknown	ScriptElement	145 B	2024-04-25	2025-06-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:55 Last Seen2025-06-23 14:56 Times Seen90 Hash 9d0f6078ea7be27de6a596c986048c41 3980200af5e925b33f6575c4e23cdb3e1b9ae982 6899c604401765cb185a930f4d4a83104dd3efac0ab0cb9257b04a1df8302587 Loading...

	lavellecardwellqthft.pages.dev/	ScriptElement	407 B	2024-03-16	2025-07-06
Pretty URL lavellecardwellqthft.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44 Last Seen2025-07-06 09:05 Times Seen569 Hash 033f01caf6d0f553ffc421cc2772f928 67876067762ac6818db46c43a14ed10d9c046a0c 873ff640f3ae1bde848bbd3a7156f7991cf3a34e1236471b8f83ab7608ccb51b Loading...

	cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js	ScriptElement	7.9 kB	2023-03-07	2025-07-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24 Last Seen2025-07-19 05:36 Times Seen2556 Hash 96201abb62283557a9d7b97b4cab14ab a72f33d920d0ab863df4cb60edf44ec140304cdb 46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98 Loading...

	lavellecardwellqthft.pages.dev/	ScriptElement	3 B	2023-03-07	2025-07-18
Pretty URL lavellecardwellqthft.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:09 Last Seen2025-07-18 04:02 Times Seen1665 Hash d2a16faace6f59c009a1dc045e086658 1335c7f603963b6f76f45a8045f12cce142f1175 009966d20c582967816f9721a10b558b07333c88849bff11176b5140e746191e Loading...

	lavellecardwellqthft.pages.dev/	ScriptElement	2.7 kB	2024-03-16	2025-06-23
Pretty URL lavellecardwellqthft.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44 Last Seen2025-06-23 14:56 Times Seen383 Hash 372cd0e8ad89ee27fefebce4470d5a08 e70fccac5381673af0c002f5172fde78f8f71de0 393c63070292b13107be81d5ce120b72e6a002a2ac0183c1c28ab6159fb6cf74 Loading...

	lavellecardwellqthft.pages.dev/	ScriptElement	658 B	2024-03-16	2025-07-06
Pretty URL lavellecardwellqthft.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44 Last Seen2025-07-06 09:05 Times Seen1035 Hash 9d3d818ca9f81a71b4da9fa707cafb6a 5d49232709a360c05ec5721f7e1e3b2d7a899ee0 bf346b7f785a552ee4c436e06f3c5388b4229f91ee5eda32e75a6c234e66ca52 Loading...

	lavellecardwellqthft.pages.dev/	ScriptElement	1.6 kB	2024-03-16	2025-06-23
Pretty URL lavellecardwellqthft.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44 Last Seen2025-06-23 14:56 Times Seen380 Hash 2d8da26e690c8f38327ea27b6b3de976 5f3690feb3394fe91eb9a5c5516feb125d74b79c 25cc80ecbfcdad55f15bb883126a93c5e986544b5b925121e7b73cc6008ffc18 Loading...

	www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js	ScriptElement	31 kB	2024-08-20	2024-08-20
Pretty URL www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash 926a76d40c012d08f410ef6248f7f93a 1605c77206d94a086dde067660c168ded0451211 d3e5e6b1209a1e964de079b8172129bd613564850275d1fd938abc7515546352 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash b4b5d11d52731b1674be792d0ae8f4f8 1bddb64a81b3d259ca9f3b98024826ee020eed5b 83598844555115f6591f4b30c279433a8bdbfe5944802bb92caed117bab841c1 Loading...

	lessonworkman.com/ab/89/b0/ab89b08e92a89522cfaaa55f01967096.js	ScriptElement	82 kB	2024-08-20	2024-08-20
Pretty URL lessonworkman.com/ab/89/b0/ab89b08e92a89522cfaaa55f01967096.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash 9148886934b94fa219b8c110876aa4fe 8661444c082c836e86edd456817d28e6986f617a 0c4d86ed39922b04b9b9b58451f1e5fb607206e0c17b62632b182243746c2aff Loading...

	www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js	ScriptElement	31 kB	2024-08-20	2024-08-20
Pretty URL www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash d554880ba5b65ceab88ee78bcd3a11f4 0de9a8ea4d403ea94aa7c6e344627946f556cdc4 6a3c48f9b1f5718f8ebf727c46887b67870f368149d667236849fc00c3d5fbf7 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js	ScriptElement	72 kB	2023-03-07	2025-07-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02 Last Seen2025-07-19 20:58 Times Seen6515 Hash 1276065911521c5c22037a31365d179d d1c6704e94efe2d465fc161b6381e127d35acd81 bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512 Loading...

	downstairsnegotiatebarren.com/sfp.js	ScriptElement	86 kB	2024-03-29	2024-08-21
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13 Last Seen2024-08-21 22:41 Times Seen2254 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash 4143b46e42e70912f791a4983f1fdcce b132013cd6cc0b4b4c7bb3b1373e12fe891dbb11 1820b2ff1ea2d84329de9434175716a696968b704245f5a891aa51b8eeb73bfc Loading...

	suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=	ScriptElement	20 B	2023-05-14	2025-07-06
Pretty URL suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q= IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-14 08:59 Last Seen2025-07-06 09:05 Times Seen1238 Hash fdbaede1a8136a6bd589d54e2f69fff8 883905e057c9b758a95c9ece940d089e3af85e0a 5ffae3c0e627b6a2083d67639bfa32ecfe695671ee25f8e1315d2067a4e28df4 Loading...

	lavellecardwellqthft.pages.dev/	ScriptElement	424 B	2024-03-16	2025-06-23
Pretty URL lavellecardwellqthft.pages.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:44 Last Seen2025-06-23 14:56 Times Seen387 Hash 931ef0af690b9f574a888dd47f5fe6a6 98971ca06dba745aa4f8b6d735b6f628d9668e98 747ca94860b1741ad0a224703fb741208b72c16a173a7a79d411cb69ea886712 Loading...

	unknown	ScriptElement	196 B	2024-04-25	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:55 Last Seen2024-08-20 02:44 Times Seen35 Hash 0b568652b21a3af0ff6a69d68ba2a0e9 f339e224cbd073e3f267e123660e653fc9dd75b4 bbeb606c42babe993716a7dbeece55f3c32f2394582d66297efb4186153e8974 Loading...

	ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f	ScriptElement	285 B	2024-04-25	2024-08-20
Pretty URL ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f IP 104.21.86.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:55 Last Seen2024-08-20 02:44 Times Seen35 Hash c0e1b77df4288c03932bc23f1d885efe c7971c25f0d41398a80d940c2777ab32ce1acf99 8a7707bc548035f2defdb108b79086b852563eda0767bb6b749c471f2bdd557e Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash 13c40fd9d27e2ebad80ac2a99f3627cf 0e3b1168fd24e6c35420b5aa68c4f7d2bfc7230e f3fe11ecd50ce6c4ac9f9e2c3bdfc1ae0d65c850ec4cadd525fc4d467294e3a4 Loading...

	audiencegarret.com/f396b5dd94d11c9a9a03ec4fedf9ea48/invoke.js	ScriptElement	31 kB	2024-08-20	2024-08-20
Pretty URL audiencegarret.com/f396b5dd94d11c9a9a03ec4fedf9ea48/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash 47473566a7dba576333e01d9eba79ccc 357f90a84dc75dd0b79d71ee0f3aaf7dbb64d9f6 e351c0e00092a756046b64e3c4f9e97372361c6976d21ba2df0eab1803b517ce Loading...

		Size	First Seen	Last Seen
	#1 Eval - e515457576948f837d230a7369fd7e88	2.1 kB	2024-08-20 02:21	2024-08-20 02:21
Pretty Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash e515457576948f837d230a7369fd7e88 554a88d18a2da9987254ae3d1b05ee47e0c24981 cd64dbfb2d3932f76f8c1da55526f992017ae3b5f3f90acdd3a2a5ce31b1b649 Loading...

	#2 Eval - e27c62bccce1eb7edd725df57dc71d6a	2.1 kB	2024-08-20 02:21	2024-08-20 02:21
Pretty Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash e27c62bccce1eb7edd725df57dc71d6a 09b5befb8a553ece7c4c83c7ca1411f746287b25 94f283fc31a034fb92e6eb848667951bc096cd89b54ef3d2ee27f691cda77490 Loading...

	#3 Eval - 34aecae062d7be1b567c7cc1166e7d3a	2.1 kB	2024-08-20 02:21	2024-08-20 02:21
Pretty Observations First Seen2024-08-20 02:21 Last Seen2024-08-20 02:21 Times Seen1 Hash 34aecae062d7be1b567c7cc1166e7d3a 057d99fce7eb6566875f6a0c150297558e3a233d b468f14ccf7a13740eec8fca914c5917856ccbfa1d2ac954a48c50638ae07981 Loading...

		Size	First Seen	Last Seen
	#1 Write - 811a7da70e54c8c50a76774257dad93a	138 B	2024-03-16 20:44	2025-07-06 09:05
Pretty Observations First Seen2024-03-16 20:44 Last Seen2025-07-06 09:05 Times Seen1275 Hash 811a7da70e54c8c50a76774257dad93a cece740ca0320764b2f43cb2df97d1c54ea55974 2b51ee1a7ee63d01e92e50a183e8c8473a4d2549c28010ff65a1e086903ecf1d Loading...

	#2 Write - 4fb59aec06fe8fdfc14fa52576fea41d	117 B	2024-04-26 14:35	2024-08-20 02:34
Pretty Observations First Seen2024-04-26 14:35 Last Seen2024-08-20 02:34 Times Seen54 Hash 4fb59aec06fe8fdfc14fa52576fea41d 8799e5e931732e56fb86efe4098e26fe2200e1eb 74abc6075898f200175533a18f75cafa75d7509958bb6a595c7043c34af55288 Loading...

	#3 Write - d7e23481eeebe4f924b67a9787693ffb	110 B	2024-04-25 19:55	2024-08-20 02:44
Pretty Observations First Seen2024-04-25 19:55 Last Seen2024-08-20 02:44 Times Seen35 Hash d7e23481eeebe4f924b67a9787693ffb 337ece47a7f34458a5264c67d46588edd5f638a6 13d1e7e514dcc428022c2f9fa2b0d3975b205da1d128f72f3801fcc807f07c27 Loading...

HTTP Transactions (25)

URL IP Response Size

GET cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js

104.17.25.14

200 OK

3.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7862)
Size
3.2 kB (3150 bytes)
Hash
96201abb62283557a9d7b97b4cab14ab
a72f33d920d0ab863df4cb60edf44ec140304cdb
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

HTTP Headers

GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
Origin: https://lavellecardwellqthft.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1025634
expires: Thu, 17 Apr 2025 13:43:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2B9xOSwxvGa2ErZF5FCQiCPH4NSsozOtqGFPrRVUqaVT6UXSQAAiZY6GarXbQwJ%2BTQp6de9WljYWiQruFKBIxHAo4uPACQJX8a7WlBQv1JgqsmQTbHi57tu6jCiisshO2DF7Xlvg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87af3dc609b50b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js

104.17.25.14

200 OK

22 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65241)
Size
22 kB (22329 bytes)
Hash
1276065911521c5c22037a31365d179d
d1c6704e94efe2d465fc161b6381e127d35acd81
bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
Origin: https://lavellecardwellqthft.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 13085677
expires: Thu, 17 Apr 2025 13:43:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1PfKAqwzKYcRBnuSD47V0LrK3gZxQ7pwB9IjD%2BQYZQIvWFPZYgwVDFF%2FqD6GYz3rQFkwbQ7LD2OdBdqH3WDqerbwiQJoqmq8Cwbh9KXPSII9i8SIw1fHi6gbZQWAtVjpUwRfj30d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87af3dc609b40b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif

142.250.74.161

200 OK

362 B

URL GET HTTP/2
3.bp.blogspot.com/-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint08:43:CF:E7:9C:1F:30:EA:9B:AD:8A:4E:2D:73:57:EA:80:DC:5B:E0
ValidityMon, 08 Apr 2024 07:01:25 GMT - Mon, 01 Jul 2024 07:01:24 GMT

File type
GIF image data, version 89a, 52 x 15
Size
362 B (362 bytes)
Hash
fd2c05a8c327ace309722b0a5fc4faf3
f446e97c43f8830be9f60644563dd846abe6b8e8
0450e2e1aa3c8b5435690d841f3e573c4f521864e1f8e01a5b6dbcdac922c8b4

HTTP Headers

GET /-ZZSacDHLWlM/VhvlKTMjbLI/AAAAAAAAF2M/UDzU4rrvcaI/s1600/btn_close.gif HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="btn_close.gif"
x-content-type-options: nosniff
server: fife
content-length: 362
x-xss-protection: 0
date: Sat, 27 Apr 2024 13:24:29 GMT
expires: Sun, 28 Apr 2024 13:24:29 GMT
cache-control: public, max-age=86400, no-transform
age: 1134
etag: "v1764"
content-type: image/gif
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f

104.21.86.41

200 OK

12 kB

URL GET HTTP/2
ads.bisniskini.biz.id/get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f
IP
104.21.86.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with CRLF line terminators
Size
12 kB (12015 bytes)
Hash
c0e1b77df4288c03932bc23f1d885efe
c7971c25f0d41398a80d940c2777ab32ce1acf99
8a7707bc548035f2defdb108b79086b852563eda0767bb6b749c471f2bdd557e

HTTP Headers

GET /get/site/js/9049b3a33fc36afe5806bf92a1b0bc1f HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:24 GMT
content-type: application/javascript
set-cookie: PHPSESSID=lu0smsnhhj4nkb39lupfd78h5i; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nmFMXlB2fLX8OrReHydLIBe%2Bq69x%2FJ19m8liDmxgza96j9nrPbJiLwRwhVvA%2BFKdOHOJM1Zt8Ok6WSawLAn7Jv13qzLoXYq7sEaxjDAF3XVhOvuSbVY8q7usa48DGMYJX1riES1YTRo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87af3dc64d1b56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3f6c521a019ae40fd92f2819a8c70256
c0756ae56313ebf0a5c8ca272e8d149580a34489
dfa8e42d51075604f4fe5afa81e5e443ff8d7501deaedc74af4b22b8754c4040

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
Origin: https://lavellecardwellqthft.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://lavellecardwellqthft.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=054f38e5-b29f-40e3-b47c-1686c493e334:1:1; expires=Tue, 25 Apr 2034 13:43:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31318), with no line terminators
Size
12 kB (11850 bytes)
Hash
926a76d40c012d08f410ef6248f7f93a
1605c77206d94a086dde067660c168ded0451211
d3e5e6b1209a1e964de079b8172129bd613564850275d1fd938abc7515546352

HTTP Headers

GET /3dc4ca87e07d09e08b5aa5d2105c033d/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 332334ee03f7bd3a7f3e636a7a12c0c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET postthieve.com/watch.248114202973.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1

192.243.61.227

307 Temporary Redirect

0 B

URL GET HTTP/1.1
postthieve.com/watch.248114202973.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectpostthieve.com
Fingerprint4C:B5:73:17:36:A5:52:8C:0D:CC:8E:C4:1B:A3:F7:CC:16:70:06:41
ValidityTue, 23 Apr 2024 10:57:03 GMT - Mon, 22 Jul 2024 10:57:02 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.248114202973.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1 HTTP/1.1
Host: postthieve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
Origin: https://lavellecardwellqthft.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Origin: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Credentials: true
Location: https://postthieve.com/watch.248114202973.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=689c44de9ba8d141cbe0dc8fc75af9d02308dbd96beebee207ed35973f5df29764919e52983872366d229070035f6bb6273a14f8b08df97db22b9af00cdcb56416faf671dd86895fc8e154967ef1c470c9921674704027ac2f77c5404485a87a4e7d81&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
Set-Cookie: u_pl=17761257; expires=Sun, 28 Apr 2024 13:43:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xhdmVsbGVjYXJkd2VsbHF0aGZ0LnBhZ2VzLmRldi8iLCJhciI6W119fQ.xcSPSgqDlx-F9KthyH1PK5ELcswUxJOuFAtf4nLJM0c; expires=Sat, 27 Apr 2024 13:44:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8e11916a387146c9fd31e925bf313eee
Strict-Transport-Security: max-age=0; includeSubdomains

GET postthieve.com/watch.248114202973.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=689c44de9ba8d141cbe0dc8fc75af9d02308dbd96beebee207ed35973f5df29764919e52983872366d229070035f6bb6273a14f8b08df97db22b9af00cdcb56416faf671dd86895fc8e154967ef1c470c9921674704027ac2f77c5404485a87a4e7d81&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1

192.243.61.227

200 OK

2.0 kB

URL GET HTTP/1.1
postthieve.com/watch.248114202973.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=689c44de9ba8d141cbe0dc8fc75af9d02308dbd96beebee207ed35973f5df29764919e52983872366d229070035f6bb6273a14f8b08df97db22b9af00cdcb56416faf671dd86895fc8e154967ef1c470c9921674704027ac2f77c5404485a87a4e7d81&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectpostthieve.com
Fingerprint4C:B5:73:17:36:A5:52:8C:0D:CC:8E:C4:1B:A3:F7:CC:16:70:06:41
ValidityTue, 23 Apr 2024 10:57:03 GMT - Mon, 22 Jul 2024 10:57:02 GMT

File type
JavaScript source, ASCII text, with very long lines (2452)
Size
2.0 kB (1991 bytes)
Hash
411c16bc103ffd30cec7f1930c84e175
2fc4bf47425ca08d0c65404ff57b5ac549140fc9
972a8b5a7afea6679c02c0c04395aa80e9c244f3f09f34d0ec18fc10f1fdf7a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.248114202973.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=689c44de9ba8d141cbe0dc8fc75af9d02308dbd96beebee207ed35973f5df29764919e52983872366d229070035f6bb6273a14f8b08df97db22b9af00cdcb56416faf671dd86895fc8e154967ef1c470c9921674704027ac2f77c5404485a87a4e7d81&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1 HTTP/1.1
Host: postthieve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lavellecardwellqthft.pages.dev
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xhdmVsbGVjYXJkd2VsbHF0aGZ0LnBhZ2VzLmRldi8iLCJhciI6W119fQ.xcSPSgqDlx-F9KthyH1PK5ELcswUxJOuFAtf4nLJM0c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Origin: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=054f38e5-b29f-40e3-b47c-1686c493e334:1:1; expires=Sat, 04 May 2024 13:43:25 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 28 Apr 2024 13:43:25 GMT; secure; SameSite=None
uncs=1; expires=Sun, 28 Apr 2024 13:43:25 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 28 Apr 2024 13:43:25 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 28 Apr 2024 13:43:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e821cc40c6ad7c45ca52c5ea2e391c16
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET supervisebradleyrapidly.com/watch.214206143210.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1

172.240.108.84

307 Temporary Redirect

0 B

URL GET HTTP/1.1
supervisebradleyrapidly.com/watch.214206143210.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsupervisebradleyrapidly.com
FingerprintB9:18:E3:8A:C9:DC:5E:0A:A3:8F:1C:44:1F:63:28:86:43:4F:A2:E2
ValidityWed, 24 Apr 2024 15:15:52 GMT - Tue, 23 Jul 2024 15:15:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.214206143210.js?key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1 HTTP/1.1
Host: supervisebradleyrapidly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
Origin: https://lavellecardwellqthft.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:25 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Origin: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Credentials: true
Location: https://supervisebradleyrapidly.com/watch.214206143210.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=c8e734509230aece5e2efb1053d3e83298b96df47a9dcbb2b78d538c6fda6beab987ee894b8f578c4380577ddf5bc94f54eb64c1b735c96e631a3d6e90b4ab9afb292128b8b5a3e80f0201bc1b5e4ba58ac34e09417597251a316a53a8f8edb0&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
Set-Cookie: u_pl=17761257; expires=Sun, 28 Apr 2024 13:43:25 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xhdmVsbGVjYXJkd2VsbHF0aGZ0LnBhZ2VzLmRldi8iLCJhciI6W119fQ.xcSPSgqDlx-F9KthyH1PK5ELcswUxJOuFAtf4nLJM0c; expires=Sat, 27 Apr 2024 13:44:25 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9b820de3db9f51de0b2ce31a3bdadfa8
Strict-Transport-Security: max-age=0; includeSubdomains

GET supervisebradleyrapidly.com/watch.214206143210.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=c8e734509230aece5e2efb1053d3e83298b96df47a9dcbb2b78d538c6fda6beab987ee894b8f578c4380577ddf5bc94f54eb64c1b735c96e631a3d6e90b4ab9afb292128b8b5a3e80f0201bc1b5e4ba58ac34e09417597251a316a53a8f8edb0&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1

172.240.108.84

200 OK

2.0 kB

URL GET HTTP/1.1
supervisebradleyrapidly.com/watch.214206143210.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=c8e734509230aece5e2efb1053d3e83298b96df47a9dcbb2b78d538c6fda6beab987ee894b8f578c4380577ddf5bc94f54eb64c1b735c96e631a3d6e90b4ab9afb292128b8b5a3e80f0201bc1b5e4ba58ac34e09417597251a316a53a8f8edb0&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectsupervisebradleyrapidly.com
FingerprintB9:18:E3:8A:C9:DC:5E:0A:A3:8F:1C:44:1F:63:28:86:43:4F:A2:E2
ValidityWed, 24 Apr 2024 15:15:52 GMT - Tue, 23 Jul 2024 15:15:51 GMT

File type
JavaScript source, ASCII text, with very long lines (2487)
Size
2.0 kB (2034 bytes)
Hash
5966b8d9449b352388849562bf92244f
acf805c7a436dc23a2c80fef836c9efbc30a0ac1
57184ffedd411f2dabfb106395df33a0aeb358a0e77eaade32de50beebbe85ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.214206143210.js?dev=e&key=3dc4ca87e07d09e08b5aa5d2105c033d&kw=%5B%5D&pst=1714225465&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=c8e734509230aece5e2efb1053d3e83298b96df47a9dcbb2b78d538c6fda6beab987ee894b8f578c4380577ddf5bc94f54eb64c1b735c96e631a3d6e90b4ab9afb292128b8b5a3e80f0201bc1b5e4ba58ac34e09417597251a316a53a8f8edb0&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1 HTTP/1.1
Host: supervisebradleyrapidly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lavellecardwellqthft.pages.dev
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17761257; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzc2MTI1NywiayI6IjNkYzRjYTg3ZTA3ZDA5ZTA4YjVhYTVkMjEwNWMwMzNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDEwODQ4LCJwaWQiOjQ2MTQ4NCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6InA0dmFnN3EwbSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xhdmVsbGVjYXJkd2VsbHF0aGZ0LnBhZ2VzLmRldi8iLCJhciI6W119fQ.xcSPSgqDlx-F9KthyH1PK5ELcswUxJOuFAtf4nLJM0c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Origin: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=054f38e5-b29f-40e3-b47c-1686c493e334:1:1; expires=Sat, 04 May 2024 13:43:26 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
uncs=1; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4513ca419fb4f73b6d46e566838cfccb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.cloudimagesb.com/cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png

45.133.44.9

200 OK

96 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced
Size
96 kB (96103 bytes)
Hash
0ba904126a4592e4866c657f761ddc25
6b40223686b8ce5bf58ec0375a09de7c0c3bec7a
f0e24a117d128140b403f57dc94cf263cf5e6ed39c757f7e0f39988cb32bc00b

HTTP Headers

GET /cti/c9/11/c0/c911c0a120ad25a0b0f51d2b42804521/1627915999.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:26 GMT
content-type: image/png
content-length: 96103
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:53:29 GMT
etag: "610806e9-17767"
expires: Mon, 29 Apr 2024 13:43:26 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/cti/0c/64/c9/0c64c955cb1d51da0e58e57419b66631/1708270232.jpg

45.133.44.9

200 OK

79 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/0c/64/c9/0c64c955cb1d51da0e58e57419b66631/1708270232.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:16 15:04:57], progressive, precision 8, 300x250, components 3
Size
79 kB (79010 bytes)
Hash
325d5a8fd98bd4abebe19e1ea0bfa6b5
724b06f3b7fd7b0e958b59c4c4afb2813a5f5c17
710e54e782c441ef1ce60c52642dae8084dbbaa413343ff13f86c1e53c981318

HTTP Headers

GET /cti/0c/64/c9/0c64c955cb1d51da0e58e57419b66631/1708270232.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:26 GMT
content-type: image/jpeg
content-length: 79010
server: nginx/1.21.6
last-modified: Sun, 18 Feb 2024 15:30:40 GMT
etag: "65d222a0-134a2"
expires: Mon, 29 Apr 2024 13:43:26 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET audiencegarret.com/f396b5dd94d11c9a9a03ec4fedf9ea48/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
audiencegarret.com/f396b5dd94d11c9a9a03ec4fedf9ea48/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectaudiencegarret.com
Fingerprint43:6A:D4:4A:B4:CB:53:69:42:6F:D0:8B:5C:3C:A2:33:C3:4D:96:0E
ValidityTue, 05 Mar 2024 12:12:59 GMT - Mon, 03 Jun 2024 12:12:58 GMT

File type
JavaScript source, ASCII text, with very long lines (31362), with no line terminators
Size
12 kB (11898 bytes)
Hash
47473566a7dba576333e01d9eba79ccc
357f90a84dc75dd0b79d71ee0f3aaf7dbb64d9f6
e351c0e00092a756046b64e3c4f9e97372361c6976d21ba2df0eab1803b517ce

HTTP Headers

GET /f396b5dd94d11c9a9a03ec4fedf9ea48/invoke.js HTTP/1.1
Host: audiencegarret.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c23db11c30c04a554a1347b6765f7762
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET tse1.mm.bing.net/th?q=

204.79.197.200

404 Not Found

727 B

URL GET HTTP/2
tse1.mm.bing.net/th?q=
IP
204.79.197.200:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerMicrosoft Corporation
Subjectwww.bing.com
Fingerprint3E:63:C2:B1:20:9D:0D:E8:68:D6:14:A0:1C:3C:24:7A:03:72:6E:06
ValiditySat, 27 Apr 2024 01:55:15 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 80x80, components 3
Size
727 B (727 bytes)
Hash
5116706c119475f5ae2fc135c3358037
7e5bdf3585153e317ebef05a9b8241d311e44cb3
7edda2585f580c167fd4e3a6c162534548cda437f8bef67c544f3aa9c162a17c

HTTP Headers

GET /th?q= HTTP/1.1
Host: tse1.mm.bing.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-cache
pragma: no-cache
content-length: 727
expires: -1
x-cache: TCP_MISS
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D7CB7C53BC964F79BC1F141E1B44BFC6 Ref B: OSL30EDGE0517 Ref C: 2024-04-27T13:43:26Z
date: Sat, 27 Apr 2024 13:43:25 GMT
X-Firefox-Spdy: h2

GET lessonworkman.com/watch.782013646059.js?key=f396b5dd94d11c9a9a03ec4fedf9ea48&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1

192.243.61.227

307 Temporary Redirect

0 B

URL GET HTTP/1.1
lessonworkman.com/watch.782013646059.js?key=f396b5dd94d11c9a9a03ec4fedf9ea48&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlessonworkman.com
FingerprintCD:A5:4F:8D:3C:FD:46:18:D6:1B:0E:BB:6E:B5:15:CA:2F:C9:F3:CB
ValidityTue, 23 Apr 2024 10:55:31 GMT - Mon, 22 Jul 2024 10:55:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.782013646059.js?key=f396b5dd94d11c9a9a03ec4fedf9ea48&kw=%5B%5D&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1 HTTP/1.1
Host: lessonworkman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
Origin: https://lavellecardwellqthft.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:26 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Origin: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Credentials: true
Location: https://lessonworkman.com/watch.782013646059.js?dev=e&key=f396b5dd94d11c9a9a03ec4fedf9ea48&kw=%5B%5D&pst=1714225466&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=f0bea5727d21fa5748e7dc0210c6752663d3d95c6360403a9c5d390f21e8d8e9a80f6a9e984c1a62a540fb8dc34be0b4e0b3f71caab82b7f295ae08452966c1c20222f2a3c7ff32107623b0a8b5b6ec05ab4b5cb84c1723d9e51d8a6f83fa3fa2a9e62&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
Set-Cookie: u_pl=17234073; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzIzNDA3MywiayI6ImYzOTZiNWRkOTRkMTFjOWE5YTAzZWM0ZmVkZjllYTQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODU0NzAwLCJwaWQiOjMwMzE3OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Inc5cXp2bTV1M3MiLCJjcGtzIjp7IjI4IjoiYWI4OWIwOGU5MmE4OTUyMmNmYWFhNTVmMDE5NjcwOTYiLCIyOSI6ImY0YzA5ZWQ2ZTIxZTc0ODk3OGVhOGNmNGE2YzgzN2FiIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xhdmVsbGVjYXJkd2VsbHF0aGZ0LnBhZ2VzLmRldi8iLCJhciI6W119fQ.u46jGWdmCd5Gugrmep1BJBfODb5S79HhBYtRqTCtz5A; expires=Sat, 27 Apr 2024 13:44:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91ef1ffad741d738af56a951e8e3c350
Strict-Transport-Security: max-age=0; includeSubdomains

GET ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d

104.21.86.41

200 OK

30 kB

URL GET HTTP/3
ads.bisniskini.biz.id/get/site/js/d6f51a1ed1d2f145512197f7cd7be46d
IP
104.21.86.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectbisniskini.biz.id
FingerprintCB:C5:50:71:58:97:D7:6D:B9:8F:63:0E:B9:30:B7:87:1D:05:E2:5A
ValiditySun, 14 Apr 2024 15:48:05 GMT - Sat, 13 Jul 2024 15:48:04 GMT

File type
ASCII text, with CRLF line terminators
Size
30 kB (30228 bytes)
Hash
500accfab8797557b0f922957a9319dd
8d35e1a694c6b6425f79cda1bdc33684b3a05435
29631aedec51cdf985b9ea2e0a34a4d72f4382bac37b5c0f0388f8c9f51fd8e4

HTTP Headers

GET /get/site/js/d6f51a1ed1d2f145512197f7cd7be46d HTTP/1.1
Host: ads.bisniskini.biz.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 13:43:25 GMT
content-type: application/javascript
set-cookie: PHPSESSID=v7igegiom6o0tv6v7895mhttdf; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hg6Gfu7GE3chWJL8O%2Fiw5gYCIRvmlQg5fU4g37tB%2B8rgHDYCtHVpenWclK4qEswH4GhnI6TJejGJancBGCI%2BbKAHMV9HvRZz%2BVmX9%2BCRYxW8b0IaSZBLr%2B44LHnrtbDwCQiV5Myp8RM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87af3dccba437130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET lessonworkman.com/watch.782013646059.js?dev=e&key=f396b5dd94d11c9a9a03ec4fedf9ea48&kw=%5B%5D&pst=1714225466&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=f0bea5727d21fa5748e7dc0210c6752663d3d95c6360403a9c5d390f21e8d8e9a80f6a9e984c1a62a540fb8dc34be0b4e0b3f71caab82b7f295ae08452966c1c20222f2a3c7ff32107623b0a8b5b6ec05ab4b5cb84c1723d9e51d8a6f83fa3fa2a9e62&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1

192.243.61.227

200 OK

2.1 kB

URL GET HTTP/1.1
lessonworkman.com/watch.782013646059.js?dev=e&key=f396b5dd94d11c9a9a03ec4fedf9ea48&kw=%5B%5D&pst=1714225466&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=f0bea5727d21fa5748e7dc0210c6752663d3d95c6360403a9c5d390f21e8d8e9a80f6a9e984c1a62a540fb8dc34be0b4e0b3f71caab82b7f295ae08452966c1c20222f2a3c7ff32107623b0a8b5b6ec05ab4b5cb84c1723d9e51d8a6f83fa3fa2a9e62&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlessonworkman.com
FingerprintCD:A5:4F:8D:3C:FD:46:18:D6:1B:0E:BB:6E:B5:15:CA:2F:C9:F3:CB
ValidityTue, 23 Apr 2024 10:55:31 GMT - Mon, 22 Jul 2024 10:55:30 GMT

File type
JavaScript source, ASCII text, with very long lines (2671)
Size
2.1 kB (2120 bytes)
Hash
8aae11ca672f60d0ee0c9df487667c74
ddea29e90434899fca10b2a7bad2362beb5b769e
5f626610420aa671adb3437f3b7b802ad1a9d17d92c731523c4f1e94fc7921dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.782013646059.js?dev=e&key=f396b5dd94d11c9a9a03ec4fedf9ea48&kw=%5B%5D&pst=1714225466&refer=https%3A%2F%2Flavellecardwellqthft.pages.dev%2F&res=14.2071&rmtc=t&shu=f0bea5727d21fa5748e7dc0210c6752663d3d95c6360403a9c5d390f21e8d8e9a80f6a9e984c1a62a540fb8dc34be0b4e0b3f71caab82b7f295ae08452966c1c20222f2a3c7ff32107623b0a8b5b6ec05ab4b5cb84c1723d9e51d8a6f83fa3fa2a9e62&tz=0&uuid=054f38e5-b29f-40e3-b47c-1686c493e334%3A1%3A1 HTTP/1.1
Host: lessonworkman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lavellecardwellqthft.pages.dev
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=17234073; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzIzNDA3MywiayI6ImYzOTZiNWRkOTRkMTFjOWE5YTAzZWM0ZmVkZjllYTQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODU0NzAwLCJwaWQiOjMwMzE3OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Inc5cXp2bTV1M3MiLCJjcGtzIjp7IjI4IjoiYWI4OWIwOGU5MmE4OTUyMmNmYWFhNTVmMDE5NjcwOTYiLCIyOSI6ImY0YzA5ZWQ2ZTIxZTc0ODk3OGVhOGNmNGE2YzgzN2FiIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xhdmVsbGVjYXJkd2VsbHF0aGZ0LnBhZ2VzLmRldi8iLCJhciI6W119fQ.u46jGWdmCd5Gugrmep1BJBfODb5S79HhBYtRqTCtz5A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Origin: https://lavellecardwellqthft.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=054f38e5-b29f-40e3-b47c-1686c493e334:1:1; expires=Sat, 04 May 2024 13:43:26 GMT; secure; SameSite=None
iprc3e94d3f80c35f036ee2c461d0ad8180e=3569806; expires=Sat, 27 Apr 2024 17:43:26 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
uncs=1; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 28 Apr 2024 13:43:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 278efd6af38f1f598cce2f6c99d753f3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.9

200 OK

144 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:26 GMT
content-type: image/png
content-length: 144379
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Mon, 29 Apr 2024 13:43:26 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET shayscholz.blogspot.com/favicon.ico

216.58.207.193

412 B

URL GET
shayscholz.blogspot.com/favicon.ico
IP
216.58.207.193:0
ASN
#15169 GOOGLE

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint08:43:CF:E7:9C:1F:30:EA:9B:AD:8A:4E:2D:73:57:EA:80:DC:5B:E0
ValidityMon, 08 Apr 2024 07:01:25 GMT - Mon, 01 Jul 2024 07:01:24 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: shayscholz.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
expires: Sat, 27 Apr 2024 13:43:27 GMT
date: Sat, 27 Apr 2024 13:43:27 GMT
cache-control: private, max-age=86400
last-modified: Fri, 08 Mar 2024 19:12:27 GMT
etag: W/"53e1bb00e6929e879a040ee00d8ddd9c6a9b1f6c6c79cd1077a9390901619218"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET constructbrought.com/pixel/purst?dl=0&th=0&sc=0&rs=3369&rd=3369&fd=576&bv=24.4.6923&tmpl=70

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
constructbrought.com/pixel/purst?dl=0&th=0&sc=0&rs=3369&rd=3369&fd=576&bv=24.4.6923&tmpl=70
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectconstructbrought.com
Fingerprint53:AF:08:11:E0:E0:18:FA:8A:82:83:16:B7:C2:3D:C1:13:AC:4B:5C
ValidityWed, 24 Apr 2024 15:05:23 GMT - Tue, 23 Jul 2024 15:05:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3369&rd=3369&fd=576&bv=24.4.6923&tmpl=70 HTTP/1.1
Host: constructbrought.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET unseenreport.com/pxf.gif?uuid=054f38e5-b29f-40e3-b47c-1686c493e334&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=ab89b08e92a89522cfaaa55f01967096&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=054f38e5-b29f-40e3-b47c-1686c493e334&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=ab89b08e92a89522cfaaa55f01967096&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=054f38e5-b29f-40e3-b47c-1686c493e334&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=ab89b08e92a89522cfaaa55f01967096&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:27 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b3f3ba72ac1a60d2c3c90dbb28cec5a8
Strict-Transport-Security: max-age=0; includeSubdomains

GET lavellecardwellqthft.pages.dev/

188.114.97.1

200 OK

17 kB

URL User Request GET HTTP/2
lavellecardwellqthft.pages.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlavellecardwellqthft.pages.dev
FingerprintEF:B2:9E:39:49:B2:D5:C8:6F:D4:A5:FF:FA:FB:57:E9:22:4B:C1:AB
ValidityFri, 26 Apr 2024 16:32:33 GMT - Thu, 25 Jul 2024 16:32:32 GMT

File type
HTML document, ASCII text, with very long lines (7816)
Size
17 kB (17326 bytes)
Hash
7c48eaf7c50d3eb526fbb32d73354018
d8f45ff82ddbb3be88eb9aabd40f973ee5a39b89
c593decde677504061c7e55d32fba0a7c1491dfee01ba903200e37f35a0d3552

HTTP Headers

GET / HTTP/1.1
Host: lavellecardwellqthft.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:23 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ac29431f54492cbda858a72d47fb1d10"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wjB16HxTykmdYBw0bkgAkb0jVTLctqseTgq%2F70HIxyURVuThCkkbJgYfLWiDZF0l5mXV2Y9%2B4uaJkvu17FeAhwVqxfZiVNfzLNOJbIe0746jxnHO4uI%2BQLjL%2FzOnDcfqH9XR7Voch5v7tMKIgLuL2v4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87af3dc46ed6569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=

142.250.74.142

200 OK

20 B

URL GET HTTP/2
suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=
IP
142.250.74.142:443
ASN
#15169 GOOGLE

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
a1b72ded50d7e2b047cd0d3966b148ab
8ff9743451774724c183efa801b999ecce23821a
4d9063bb918234965c25e4a0844d20c1cb01dae120c181c92f39a33b869be23f

HTTP Headers

GET /complete/search?jsonp=autoRelated&hl=en&client=firefox&q= HTTP/1.1
Host: suggestqueries.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:26 GMT
pragma: no-cache
expires: -1
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-pWYD9a-F6Vuv2UC8d90sHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: gws
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 13:43:27 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: bf412fba16e402778f85693b61258e8d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 27 Apr 2024 13:43:25 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YMZp%2BnNLXvZxhaqCmLqc0Xo5iVe3WX8QV2FV%2BntVxHGaeR3iaNKVFpi%2F9m8sE92IqVQZI8Ysc%2BDYXIGBOquI99lsjE3qUumU8AaGpPd6V%2FBx8gTDizwg7BINQI1RAdFlZ0k%2BAf8stpyf%2BliuWEQspg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87af3dd9de727130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET lessonworkman.com/ab/89/b0/ab89b08e92a89522cfaaa55f01967096.js

192.243.61.227

200 OK

82 kB

URL GET HTTP/1.1
lessonworkman.com/ab/89/b0/ab89b08e92a89522cfaaa55f01967096.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://lavellecardwellqthft.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectlessonworkman.com
FingerprintCD:A5:4F:8D:3C:FD:46:18:D6:1B:0E:BB:6E:B5:15:CA:2F:C9:F3:CB
ValidityTue, 23 Apr 2024 10:55:31 GMT - Mon, 22 Jul 2024 10:55:30 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
82 kB (82145 bytes)
Hash
9148886934b94fa219b8c110876aa4fe
8661444c082c836e86edd456817d28e6986f617a
0c4d86ed39922b04b9b9b58451f1e5fb607206e0c17b62632b182243746c2aff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ab/89/b0/ab89b08e92a89522cfaaa55f01967096.js HTTP/1.1
Host: lessonworkman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lavellecardwellqthft.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 27 Apr 2024 13:43:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2931_layer=0; expires=Mon, 29 Apr 2024 13:43:26 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b60888efae24297bd1ed71915200646b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations