Submitted URL: https://alumni.man1kotapekanbaru.sch.id/public/?elgacor=sengtoto-promo
Effective URL: https://kiwi4dwin.lol/?ref=vipuser
Submission Tags: @phish_report
Submission: On November 20 via api from FI — Scanned from SG

Summary

This website contacted 10 IPs in 3 countries across 10 domains to perform 23 HTTP transactions. The main IP is 172.67.155.252, located in United States and belongs to CLOUDFLARENET, US. The main domain is kiwi4dwin.lol.
TLS certificate: Issued by WE1 on November 20th 2024. Valid for: 3 months.
This is the only time kiwi4dwin.lol was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 45.143.81.123 47583 (AS-HOSTIN...)
6 172.217.194.132 15169 (GOOGLE)
2 142.251.12.95 15169 (GOOGLE)
2 74.125.24.94 15169 (GOOGLE)
1 194.59.165.76 47583 (AS-HOSTIN...)
1 104.21.83.69 13335 (CLOUDFLAR...)
1 172.67.215.101 13335 (CLOUDFLAR...)
1 162.159.140.237 13335 (CLOUDFLAR...)
5 172.67.155.252 13335 (CLOUDFLAR...)
23 10
Domain Requested by
6 cdn.ampproject.org alumni.man1kotapekanbaru.sch.id
cdn.ampproject.org
www.zpa77.com
5 kiwi4dwin.lol kiwi4dwin.lol
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com alumni.man1kotapekanbaru.sch.id
1 pub-1d0e494942a4484aaa172bfbe9598c91.r2.dev www.zpa77.com
1 www.zpa77.com
1 www.svgrepo.com
1 www.koneksistudio.com alumni.man1kotapekanbaru.sch.id
1 alumni.man1kotapekanbaru.sch.id
0 itadoriyuji.xyz Failed alumni.man1kotapekanbaru.sch.id
www.zpa77.com
23 10

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com
Subject Issuer Validity Valid
alumni.man1kotapekanbaru.sch.id
R10
2024-09-27 -
2024-12-26
3 months crt.sh
misc-sni.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
upload.video.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.gstatic.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
koneksistudio.com
R11
2024-10-03 -
2025-01-01
3 months crt.sh
svgrepo.com
WE1
2024-10-27 -
2025-01-25
3 months crt.sh
www.zpa77.com
WE1
2024-11-08 -
2025-02-06
3 months crt.sh
*.r2.dev
E5
2024-09-29 -
2024-12-28
3 months crt.sh
kiwi4dwin.lol
WE1
2024-11-20 -
2025-02-18
3 months crt.sh

This page contains 1 frames:

Primary Page: https://kiwi4dwin.lol/?ref=vipuser
Frame ID: 0ED0A8360D61FD5E0C8B1FE9AB85A257
Requests: 23 HTTP requests in this frame

Screenshot

Page Title

Attention Required! | Cloudflare

Page URL History Show full URLs

  1. https://alumni.man1kotapekanbaru.sch.id/public/?elgacor=sengtoto-promo Page URL
  2. https://www.zpa77.com/lompat/ Page URL
  3. https://kiwi4dwin.lol/?ref=vipuser Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Page Statistics

23
Requests

87 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

10
IPs

3
Countries

1167 kB
Transfer

1651 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://alumni.man1kotapekanbaru.sch.id/public/?elgacor=sengtoto-promo Page URL
  2. https://www.zpa77.com/lompat/ Page URL
  3. https://kiwi4dwin.lol/?ref=vipuser Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
alumni.man1kotapekanbaru.sch.id/public/
7 KB
3 KB
Document
General
Full URL
https://alumni.man1kotapekanbaru.sch.id/public/?elgacor=sengtoto-promo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.143.81.123 Singapore, Singapore, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY),
Reverse DNS
srv176.niagahoster.com
Software
LiteSpeed / PHP/7.4.33
Resource Hash
302b0a1adec918e548252ed54a549d3eff734cfcb31b237414b2d9c04c2db2d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
2400
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 23:16:08 GMT
platform
hostinger
server
LiteSpeed
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-powered-by
PHP/7.4.33
x-xss-protection
1; mode=block
v0.js
cdn.ampproject.org/
278 KB
72 KB
Script
General
Full URL
https://cdn.ampproject.org/v0.js
Requested by
Host: alumni.man1kotapekanbaru.sch.id
URL: https://alumni.man1kotapekanbaru.sch.id/public/?elgacor=sengtoto-promo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f132.1e100.net
Software
sffe /
Resource Hash
e1df1ea5eb3649c271f9251dd0f522f71583f47396dbf6495bb6507ed06c84ed
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://alumni.man1kotapekanbaru.sch.id/

Response headers

content-encoding
br
etag
"6cd5bd85d22351ce"
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:16:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 23:16:08 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
private, max-age=3000, stale-while-revalidate=1206600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
73112
x-xss-protection
0
server
sffe
css2
fonts.googleapis.com/
6 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&display=swap
Requested by
Host: alumni.man1kotapekanbaru.sch.id
URL: https://alumni.man1kotapekanbaru.sch.id/public/?elgacor=sengtoto-promo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.95 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f95.1e100.net
Software
ESF /
Resource Hash
67064be46625115d4c5e1d9511b2013827f2c0717efb43092a1ba1044e8a0374
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://alumni.man1kotapekanbaru.sch.id/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:16:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 23:16:08 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 20 Nov 2024 22:01:45 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
laku.gif
itadoriyuji.xyz/img/
0
0

o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2
fonts.gstatic.com/s/notosans/v37/
35 KB
35 KB
Font
General
Full URL
https://fonts.gstatic.com/s/notosans/v37/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f94.1e100.net
Software
sffe /
Resource Hash
6e8bbeec8e0be38e87689dde975487ba4132eb5219686f193ce84fd61f034632
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://alumni.man1kotapekanbaru.sch.id
Referer
https://fonts.googleapis.com/

Response headers

age
331733
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Mon, 17 Nov 2025 03:07:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 03:07:15 GMT
last-modified
Wed, 06 Nov 2024 17:35:25 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
35768
x-xss-protection
0
server
sffe
grayscale-D.jpg
www.koneksistudio.com/images/studio/
635 KB
636 KB
Image
General
Full URL
https://www.koneksistudio.com/images/studio/grayscale-D.jpg
Requested by
Host: alumni.man1kotapekanbaru.sch.id
URL: https://alumni.man1kotapekanbaru.sch.id/public/?elgacor=sengtoto-promo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
194.59.165.76 Singapore, Singapore, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY),
Reverse DNS
Software
nginx /
Resource Hash
dfb243e45fe058d3b11a72a04cfc22caa0a075409069155d6b6d6d1d799af94f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://alumni.man1kotapekanbaru.sch.id/

Response headers

Cache-Control
max-age=315360000
ETag
"661f828b-9ecff"
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Accept-Ranges
bytes
Content-Length
650495
Keep-Alive
timeout=60
Date
Wed, 20 Nov 2024 23:16:08 GMT
Content-Type
image/jpeg
Last-Modified
Wed, 17 Apr 2024 08:04:27 GMT
Server
nginx
amp-auto-lightbox-0.1.js
cdn.ampproject.org/rtv/012410292120000/v0/
8 KB
3 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012410292120000/v0/amp-auto-lightbox-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f132.1e100.net
Software
sffe /
Resource Hash
abe6c341a1a7d3678e52ea41abbd3c1dd739819dcc686ec6f568009ae2f67dbf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://alumni.man1kotapekanbaru.sch.id
Referer
https://alumni.man1kotapekanbaru.sch.id/

Response headers

content-encoding
br
etag
"f0f2b169fa87a905"
age
262197
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Mon, 17 Nov 2025 22:26:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 22:26:11 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
2970
x-xss-protection
0
server
sffe
amp-loader-0.1.js
cdn.ampproject.org/rtv/012410292120000/v0/
12 KB
4 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012410292120000/v0/amp-loader-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f132.1e100.net
Software
sffe /
Resource Hash
7326dfdb6af366b254ec02068d53c0a781e9ed98487a9fb05dad9d15bfcd237b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://alumni.man1kotapekanbaru.sch.id
Referer
https://alumni.man1kotapekanbaru.sch.id/

Response headers

content-encoding
br
etag
"b22012622c63a36b"
age
229688
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Tue, 18 Nov 2025 07:28:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 07:28:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
3929
x-xss-protection
0
server
sffe
slots.svg
www.svgrepo.com/show/439322/
9 KB
3 KB
Other
General
Full URL
https://www.svgrepo.com/show/439322/slots.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.83.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2072ebf0b1a0943c81a7d63777c17a323b13b5b74fdff956c0a970f60db39d5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://alumni.man1kotapekanbaru.sch.id/

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"63bb6786-2319"
age
8583230
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tUeU7etWFbwzJTf1MdCSPgwZSVCyjO6KwwZQRmlqk4tEtFaqOIYLvlj277VO6q3l51fA2NrJ9mcDrCsu%2FrPdtn5k7pieCXNMP82g6pRQWmkhici98pyN4hAAkIEDbs9W5BM%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 12 Sep 2024 14:47:59 GMT
server-timing
cfL4;desc="?proto=TCP&rtt=1451&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3941&recv_bytes=2249&delivery_rate=3052705&cwnd=253&unsent_bytes=0&cid=fc3e5876c3e361ab&ts=19&x=0"
date
Wed, 20 Nov 2024 23:16:08 GMT
content-type
image/svg+xml
last-modified
Mon, 09 Jan 2023 01:01:58 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e5c25600fae4a65-SIN
server
cloudflare
x-vercel-id
iad1::kcvc6-1723560479146-84dea52b8fd9
/
www.zpa77.com/lompat/
7 KB
3 KB
Document
General
Full URL
https://www.zpa77.com/lompat/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff79e9158aad759254b2b0f12ac59d45eb77db1214a761d44a3706a40cd2eb65
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://alumni.man1kotapekanbaru.sch.id/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8e5c25662cb19cb0-SIN
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 20 Nov 2024 23:16:09 GMT
link
<https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&display=swap>; rel="preload"; as=style
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jQo%2BSE5VAuxA%2B4WMkdcGDEcL8ymqPKXPhn4nVKqeYV5OvaqilgkJd9kmfYqqM8t0%2FF%2FfeRyIcC%2BF4go6YsE95SDFGXEKgEBSlqhmeGH5on9zRUEP0GhFi%2FccMmtkS%2Fir"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=3132&sent=14&recv=11&lost=0&retrans=0&sent_bytes=4363&recv_bytes=5760&delivery_rate=19663&cwnd=12000&unsent_bytes=0&cid=84b8b37b1c716b85&ts=56&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding
x-content-type-options
nosniff
css2
fonts.googleapis.com/
6 KB
0
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.95 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f95.1e100.net
Software
ESF /
Resource Hash
67064be46625115d4c5e1d9511b2013827f2c0717efb43092a1ba1044e8a0374
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zpa77.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:16:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 23:16:09 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 20 Nov 2024 22:09:03 GMT
x-frame-options
SAMEORIGIN
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
v0.js
cdn.ampproject.org/
278 KB
72 KB
Script
General
Full URL
https://cdn.ampproject.org/v0.js
Requested by
Host: www.zpa77.com
URL: https://www.zpa77.com/lompat/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f132.1e100.net
Software
sffe /
Resource Hash
e1df1ea5eb3649c271f9251dd0f522f71583f47396dbf6495bb6507ed06c84ed
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zpa77.com/

Response headers

content-encoding
br
etag
"6cd5bd85d22351ce"
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 23:16:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 23:16:09 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
private, max-age=3000, stale-while-revalidate=1206600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
73112
x-xss-protection
0
server
sffe
laku.gif
itadoriyuji.xyz/img/
0
0

o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2
fonts.gstatic.com/s/notosans/v37/
35 KB
35 KB
Font
General
Full URL
https://fonts.gstatic.com/s/notosans/v37/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f94.1e100.net
Software
sffe /
Resource Hash
6e8bbeec8e0be38e87689dde975487ba4132eb5219686f193ce84fd61f034632
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zpa77.com
Referer
https://fonts.googleapis.com/

Response headers

age
331734
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Mon, 17 Nov 2025 03:07:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 03:07:15 GMT
last-modified
Wed, 06 Nov 2024 17:35:25 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
35768
x-xss-protection
0
server
sffe
seo-bukan.png
pub-1d0e494942a4484aaa172bfbe9598c91.r2.dev/
279 KB
279 KB
Image
General
Full URL
https://pub-1d0e494942a4484aaa172bfbe9598c91.r2.dev/seo-bukan.png
Requested by
Host: www.zpa77.com
URL: https://www.zpa77.com/lompat/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.237 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bb5ec60d11d2427ab86f050a84ff034e31443b787b74efab647c6dcb433b8ea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.zpa77.com/

Response headers

ETag
"406184335768eee0a4753c0ac1dd9c35"
Connection
keep-alive
CF-RAY
8e5c25672f9da02a-SIN
Accept-Ranges
bytes
Content-Length
285579
Date
Wed, 20 Nov 2024 23:16:09 GMT
Content-Type
image/png
Last-Modified
Tue, 22 Oct 2024 22:34:28 GMT
Vary
Accept-Encoding
Server
cloudflare
amp-auto-lightbox-0.1.js
cdn.ampproject.org/rtv/012410292120000/v0/
8 KB
3 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012410292120000/v0/amp-auto-lightbox-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f132.1e100.net
Software
sffe /
Resource Hash
abe6c341a1a7d3678e52ea41abbd3c1dd739819dcc686ec6f568009ae2f67dbf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zpa77.com
Referer
https://www.zpa77.com/

Response headers

content-encoding
br
etag
"f0f2b169fa87a905"
age
262198
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Mon, 17 Nov 2025 22:26:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 22:26:11 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
2970
x-xss-protection
0
server
sffe
amp-loader-0.1.js
cdn.ampproject.org/rtv/012410292120000/v0/
12 KB
4 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012410292120000/v0/amp-loader-0.1.js
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f132.1e100.net
Software
sffe /
Resource Hash
7326dfdb6af366b254ec02068d53c0a781e9ed98487a9fb05dad9d15bfcd237b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.zpa77.com
Referer
https://www.zpa77.com/

Response headers

content-encoding
br
etag
"b22012622c63a36b"
age
229689
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Tue, 18 Nov 2025 07:28:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 07:28:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
3929
x-xss-protection
0
server
sffe
Primary Request /
kiwi4dwin.lol/
4 KB
2 KB
Document
General
Full URL
https://kiwi4dwin.lol/?ref=vipuser
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.155.252 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acbf98aa1a0e54d41bdcdc6eed3bd969454aa54804e39b051a4ac2589758b3a1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.zpa77.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=15
cf-ray
8e5c256858ea4487-SIN
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 23:16:09 GMT
expires
Wed, 20 Nov 2024 23:16:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6nDgV2p%2Bbf8UbOoEcd7YttFxzHmdkuy4YRb1Jag9M3dKtNv5%2BlCTKnS3H2K%2F5VT6xyM296i1qFijadcl5QgUfWCu%2F55IFrCOTp7u0KU5CL3gVxzeDMGrXE1M9WkfvHVQ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=3318&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4210&recv_bytes=4507&delivery_rate=196667&cwnd=12000&unsent_bytes=0&cid=6498095f4e56414d&ts=17&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
slots.svg
www.svgrepo.com/show/439322/
0
0

cf.errors.css
kiwi4dwin.lol/cdn-cgi/styles/
23 KB
5 KB
Stylesheet
General
Full URL
https://kiwi4dwin.lol/cdn-cgi/styles/cf.errors.css
Requested by
Host: kiwi4dwin.lol
URL: https://kiwi4dwin.lol/?ref=vipuser
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.155.252 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://kiwi4dwin.lol/?ref=vipuser

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
content-encoding
gzip
etag
W/"67379e96-5df3"
x-content-type-options
nosniff
cf-ray
8e5c256879054487-SIN
expires
Thu, 21 Nov 2024 01:16:09 GMT
date
Wed, 20 Nov 2024 23:16:09 GMT
content-type
text/css
last-modified
Fri, 15 Nov 2024 19:18:46 GMT
server
cloudflare
x-frame-options
DENY
browser-bar.png
kiwi4dwin.lol/cdn-cgi/images/
715 B
898 B
Image
General
Full URL
https://kiwi4dwin.lol/cdn-cgi/images/browser-bar.png?1376755637
Requested by
Host: kiwi4dwin.lol
URL: https://kiwi4dwin.lol/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.155.252 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://kiwi4dwin.lol/cdn-cgi/styles/cf.errors.css

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
etag
"67379e96-2cb"
x-content-type-options
nosniff
cf-ray
8e5c256899174487-SIN
expires
Thu, 21 Nov 2024 01:16:09 GMT
accept-ranges
bytes
content-length
715
date
Wed, 20 Nov 2024 23:16:09 GMT
content-type
image/png
last-modified
Fri, 15 Nov 2024 19:18:46 GMT
server
cloudflare
x-frame-options
DENY
cf-no-screenshot-error.png
kiwi4dwin.lol/cdn-cgi/images/
3 KB
3 KB
Image
General
Full URL
https://kiwi4dwin.lol/cdn-cgi/images/cf-no-screenshot-error.png
Requested by
Host: kiwi4dwin.lol
URL: https://kiwi4dwin.lol/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.155.252 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://kiwi4dwin.lol/cdn-cgi/styles/cf.errors.css

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
etag
"67379e96-c8d"
x-content-type-options
nosniff
cf-ray
8e5c256899184487-SIN
expires
Thu, 21 Nov 2024 01:16:09 GMT
accept-ranges
bytes
content-length
3213
date
Wed, 20 Nov 2024 23:16:09 GMT
content-type
image/png
last-modified
Fri, 15 Nov 2024 19:18:46 GMT
server
cloudflare
x-frame-options
DENY
favicon.ico
kiwi4dwin.lol/
4 KB
2 KB
Other
General
Full URL
https://kiwi4dwin.lol/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.155.252 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05ae1487fdc4bbf1dd881bf7c3341d37587cdc445008c33ce6c1599d8b328654
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://kiwi4dwin.lol/?ref=vipuser

Response headers

cache-control
max-age=15
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1EZ%2BZkn4471VjAKEvNgE8NuG8JP5T%2B9f8QD56mLwIJmQAIk%2FFOQr4%2FrwMs047ck9zBNpuqCHcYQgyFw%2BbFzzUqH%2BuLKRAVNojHpnpxPjORcKSIimNRty9zVwLoWQp%2FzT"}],"group":"cf-nel","max_age":604800}
referrer-policy
same-origin
cf-ray
8e5c2568b9244487-SIN
expires
Wed, 20 Nov 2024 23:16:24 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=3957&sent=28&recv=20&lost=0&retrans=0&sent_bytes=16096&recv_bytes=6195&delivery_rate=1124153&cwnd=12000&unsent_bytes=0&cid=6498095f4e56414d&ts=78&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 23:16:09 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
x-frame-options
SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
itadoriyuji.xyz
URL
https://itadoriyuji.xyz/img/laku.gif
Domain
itadoriyuji.xyz
URL
https://itadoriyuji.xyz/img/laku.gif
Domain
www.svgrepo.com
URL
https://www.svgrepo.com/show/439322/slots.svg

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _cf_translation

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://kiwi4dwin.lol/?ref=vipuser
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://kiwi4dwin.lol/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alumni.man1kotapekanbaru.sch.id
cdn.ampproject.org
fonts.googleapis.com
fonts.gstatic.com
itadoriyuji.xyz
kiwi4dwin.lol
pub-1d0e494942a4484aaa172bfbe9598c91.r2.dev
www.koneksistudio.com
www.svgrepo.com
www.zpa77.com
itadoriyuji.xyz
www.svgrepo.com
104.21.83.69
142.251.12.95
162.159.140.237
172.217.194.132
172.67.155.252
172.67.215.101
194.59.165.76
45.143.81.123
74.125.24.94
05ae1487fdc4bbf1dd881bf7c3341d37587cdc445008c33ce6c1599d8b328654
1c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0
302b0a1adec918e548252ed54a549d3eff734cfcb31b237414b2d9c04c2db2d3
67064be46625115d4c5e1d9511b2013827f2c0717efb43092a1ba1044e8a0374
6e8bbeec8e0be38e87689dde975487ba4132eb5219686f193ce84fd61f034632
7326dfdb6af366b254ec02068d53c0a781e9ed98487a9fb05dad9d15bfcd237b
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db
9bb5ec60d11d2427ab86f050a84ff034e31443b787b74efab647c6dcb433b8ea
abe6c341a1a7d3678e52ea41abbd3c1dd739819dcc686ec6f568009ae2f67dbf
acbf98aa1a0e54d41bdcdc6eed3bd969454aa54804e39b051a4ac2589758b3a1
dfb243e45fe058d3b11a72a04cfc22caa0a075409069155d6b6d6d1d799af94f
e1df1ea5eb3649c271f9251dd0f522f71583f47396dbf6495bb6507ed06c84ed
f2072ebf0b1a0943c81a7d63777c17a323b13b5b74fdff956c0a970f60db39d5
ff79e9158aad759254b2b0f12ac59d45eb77db1214a761d44a3706a40cd2eb65