melvinsienickiuudpi.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f25 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://melvinsienickiuudpi.pages.dev/
Effective URL:
https://melvinsienickiuudpi.pages.dev/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On October 03 via api (October 3rd 2024, 4:16:07 am UTC) from DE — Scanned from CA

Summary HTTP 32 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 11 IPs in 1 countries across 15 domains to perform 32 HTTP transactions. The main IP is 2606:4700:310c::ac42:2f25, located in United States and belongs to CLOUDFLARENET, US. The main domain is melvinsienickiuudpi.pages.dev.
TLS certificate: Issued by WE1 on September 30th 2024. Valid for: 3 months.

This is the only time melvinsienickiuudpi.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 8	2606:4700:310... 2606:4700:310c::ac42:2f25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:303... 2606:4700:3034::6815:2bf0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:310... 2606:4700:3108::ac42:28c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.240.108.68 172.240.108.68	7979 (SERVERS-COM) (SERVERS-COM)
2	3.219.148.210 3.219.148.210	14618 (AMAZON-AES) (AMAZON-AES)
2 6	192.243.61.225 192.243.61.225	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
3	172.240.253.132 172.240.253.132	7979 (SERVERS-COM) (SERVERS-COM)
1 3	172.240.108.76 172.240.108.76	7979 (SERVERS-COM) (SERVERS-COM)
1 2	192.243.61.227 192.243.61.227	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
32	11

8 2606:4700:310c::ac42:2f25 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

melvinsienickiuudpi.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3034::6815:2bf0 (United States)

ASN13335 (CLOUDFLARENET, US)

split.cordellvolante.biz.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.cordellvolante.biz.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3108::ac42:28c4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pop.dojo.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.240.108.68 (United States)

ASN7979 (SERVERS-COM, US)

sighhigherapprove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.219.148.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-219-148-210.compute-1.amazonaws.com

proftrafficcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.243.61.225 (Ashburn, United States) 2 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

obtaintrout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.240.253.132 (United States)

ASN7979 (SERVERS-COM, US)

www.topcreativeformat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.240.108.76 (United States) 1 redirects

ASN7979 (SERVERS-COM, US)

recordedthereby.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bathingdelicatedemise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.243.61.227 (Ashburn, United States) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

examplesclasp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	pages.dev 1 redirects melvinsienickiuudpi.pages.dev	21 KB
6	obtaintrout.com 2 redirects obtaintrout.com — Cisco Umbrella Rank: 24042	41 KB
5	cordellvolante.biz.id split.cordellvolante.biz.id ad.cordellvolante.biz.id	3 KB
3	topcreativeformat.com www.topcreativeformat.com — Cisco Umbrella Rank: 69968	34 KB
2	bathingdelicatedemise.com 1 redirects bathingdelicatedemise.com — Cisco Umbrella Rank: 23944	5 KB
2	examplesclasp.com 1 redirects examplesclasp.com — Cisco Umbrella Rank: 23857	5 KB
2	proftrafficcounter.com proftrafficcounter.com — Cisco Umbrella Rank: 15190	620 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	26 KB
2	dojo.cc 1 redirects pop.dojo.cc	5 KB
1	recordedthereby.com recordedthereby.com — Cisco Umbrella Rank: 16467	84 KB
1	sighhigherapprove.com sighhigherapprove.com	11 KB
0	enhancednetworkpc.com Failed enhancednetworkpc.com Failed
0	deepflowdiscovery.com Failed deepflowdiscovery.com — Cisco Umbrella Rank: 325065 Failed
0	bing.net Failed tse1.mm.bing.net Failed
0	google.com Failed suggestqueries.google.com Failed
32	15

	Domain	Requested by
8	melvinsienickiuudpi.pages.dev	1 redirects melvinsienickiuudpi.pages.dev
6	obtaintrout.com	2 redirects sighhigherapprove.com melvinsienickiuudpi.pages.dev
4	split.cordellvolante.biz.id	melvinsienickiuudpi.pages.dev
3	www.topcreativeformat.com	split.cordellvolante.biz.id
2	bathingdelicatedemise.com	1 redirects melvinsienickiuudpi.pages.dev
2	examplesclasp.com	1 redirects melvinsienickiuudpi.pages.dev
2	proftrafficcounter.com	sighhigherapprove.com www.topcreativeformat.com
2	cdnjs.cloudflare.com	melvinsienickiuudpi.pages.dev
2	pop.dojo.cc	1 redirects melvinsienickiuudpi.pages.dev
1	recordedthereby.com	obtaintrout.com
1	sighhigherapprove.com	ad.cordellvolante.biz.id
1	ad.cordellvolante.biz.id	melvinsienickiuudpi.pages.dev
0	enhancednetworkpc.com Failed	melvinsienickiuudpi.pages.dev
0	deepflowdiscovery.com Failed	melvinsienickiuudpi.pages.dev
0	tse1.mm.bing.net Failed	melvinsienickiuudpi.pages.dev
0	suggestqueries.google.com Failed	melvinsienickiuudpi.pages.dev
32	16

This site contains links to these domains. Also see Links.

Domain
one.exnesstrack.net

Subject Issuer	Validity	Valid
melvinsienickiuudpi.pages.dev WE1	`2024-09-30` - `2024-12-29`	3 months	crt.sh
cordellvolante.biz.id WE1	`2024-08-24` - `2024-11-22`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
sighhigherapprove.com R10	`2024-09-11` - `2024-12-10`	3 months	crt.sh
proftrafficcounter.com Amazon RSA 2048 M02	`2023-11-21` - `2024-12-19`	a year	crt.sh
obtaintrout.com R10	`2024-08-12` - `2024-11-10`	3 months	crt.sh
topcreativeformat.com R11	`2024-09-17` - `2024-12-16`	3 months	crt.sh
recordedthereby.com R11	`2024-09-06` - `2024-12-05`	3 months	crt.sh

This page contains 1 frames:

Frame: https://enhancednetworkpc.com/video-player-1/?domain=deepflowdiscovery.com
Frame ID: 0396BB938A809A1BF29704759BD07681
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://melvinsienickiuudpi.pages.dev/ HTTP 307
https://melvinsienickiuudpi.pages.dev/ Page URL
https://melvinsienickiuudpi.pages.dev/cdn-cgi/phish-bypass?atok=.x3k552Mz1CChVdxxsJgYz7OTw9LbtM_HwDyDzbggX4-172792... HTTP 301
https://melvinsienickiuudpi.pages.dev/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

32
Requests

72 %
HTTPS

40 %
IPv6

15
Domains

16
Subdomains

11
IPs

1
Countries

225 kB
Transfer

426 kB
Size

25
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://one.exnesstrack.net/a/anurevdn
Title: Download

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://melvinsienickiuudpi.pages.dev/ HTTP 307
https://melvinsienickiuudpi.pages.dev/ Page URL
https://melvinsienickiuudpi.pages.dev/cdn-cgi/phish-bypass?atok=.x3k552Mz1CChVdxxsJgYz7OTw9LbtM_HwDyDzbggX4-1727928932-0.0.1.1-%2F HTTP 301
https://melvinsienickiuudpi.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://melvinsienickiuudpi.pages.dev/ HTTP 307
https://melvinsienickiuudpi.pages.dev/

Request Chain 7

https://pop.dojo.cc/8163.js HTTP 302
https://pop.dojo.cc/5648.js

Request Chain 20

https://obtaintrout.com/watch.1367912678537.js?key=841551df4ace4771a26423c5508e1f6a&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1 HTTP 307
https://obtaintrout.com/watch.1367912678537.js?dev=r&key=841551df4ace4771a26423c5508e1f6a&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=c7a9ffdb4574270699e552ca9454b1727a90d9f269e62ad660f45ef97b9d05cedc1603a08ad84d48d36aa0e5643231f45dc44a21cefff705045a17540ad2066ba74b6e2e908ae658ec5ca9d3c18b4575bd08a022726856f31cb5&tz=-7&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1

Request Chain 23

https://examplesclasp.com/watch.1613816990193.js?key=b3b93aca483f1d9a2adb8be6c9552870&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1 HTTP 307
https://examplesclasp.com/watch.1613816990193.js?dev=r&key=b3b93aca483f1d9a2adb8be6c9552870&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=e14117ef69cf49e4c958010dc0ab787a887ec8a21bc4a6b0618c6f81b420bc785a9aae54e2ed46263b31b4ac4545e23bab62606af34e84dba39bbb42f2fd976f31656fc68c78f7ca5a2b3b043033a550e27d38fb476bf68ced51&tz=-7&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1

Request Chain 25

https://obtaintrout.com/watch.606996665906.js?key=d0ad831df891127170674f7100bd3428&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1 HTTP 307
https://obtaintrout.com/watch.606996665906.js?dev=r&key=d0ad831df891127170674f7100bd3428&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=4b2a6ebcefa77cb41d269ee252319a0040b15f9552293173769175189314c5e086bfc0bbecc74bc9d7174a25360115d3f35ca9f957d4a380bd60d05028df4fedf4daa11dfd466a4638505f81f139786bdca67ea17534a715ef04&tz=-7&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1

Request Chain 26

https://bathingdelicatedemise.com/watch.585003125423.js?key=5c5c6ef5a97b0b7e4cb5be2a1545aeb3&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1 HTTP 307
https://bathingdelicatedemise.com/watch.585003125423.js?dev=r&key=5c5c6ef5a97b0b7e4cb5be2a1545aeb3&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=b5551c8382b36e4b8e97100396552ef0975b9ef9d27761ce698e46adb32dcf8c5c9ce54356187e123825f12d6c5b6f9c8570d40add1307bc706bfa1c26fae015344152113af3186394e007fe584e0efd0ef51abfb973ad42776e67&tz=-7&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1

Request Chain 31

https://deepflowdiscovery.com/index?cid=dc67405721ff2e974272&extclickid=4316600d2144a5170922b0b76870abc5&t1=18931059&t2=3137986&type=default&publisher=158858&advertiser=57051&campaign_id=1134188&zoneid=2404084&category=Movies&cost=0.700000 HTTP 307
https://enhancednetworkpc.com/video-player-1/?domain=deepflowdiscovery.com

32 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
melvinsienickiuudpi.pages.dev/
Redirect Chain

http://melvinsienickiuudpi.pages.dev/
https://melvinsienickiuudpi.pages.dev/

4 KB
2 KB

216ms
43ms

Document
text/html

2606:4700:310c::ac42:2f25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://melvinsienickiuudpi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea9ab2263614c839c6f0d5b4c4c16c65ecb7490eadfc3d9822b5658c84beb194

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-ray: 8cca1c92ed41546d-YYZ
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 03 Oct 2024 04:15:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2F8aCfSj%2BfTHRRSsQq6KeMXbPjUcvWTkjI7SfuMi%2FoI%2BtrTGiu2tyVOqwByIS3luD6gl%2BtJmhlQ3rKVZsc0%2FZyutmbB75yN6dZZOY%2Bp7xGohSI5m95pfRaoCd6nAZf8%2BlLnMQRpSuKXLkkdpTmP6n6XKkoiUg8GQoQQT1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://melvinsienickiuudpi.pages.dev/
Non-Authoritative-Reason: HSTS

GET
H3 200 speculation
melvinsienickiuudpi.pages.dev/cdn-cgi/ 2 B
417 B 42ms
41ms Other
application/speculationrules+json 2606:4700:310c::ac42:2f25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://melvinsienickiuudpi.pages.dev/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://melvinsienickiuudpi.pages.dev
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iM%2FX692bXBMear3JovUHYCR18MiE80oam6WDCb9svux34VcJ3dP0MdUbso5GL2VBqY9fD8VDsgsOYXA4NnQkE1EWx8gf9SESoZAGE0PIqjETzSNO%2F2NAEsK83l6krEmgH%2FZMDSbCfgLAT580%2F8uYlJqzB%2BubJHuKtRWc5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cca1c934d6d546d-YYZ
content-length: 2
date: Thu, 03 Oct 2024 04:15:32 GMT
content-type: application/speculationrules+json
vary: Accept-Encoding
server: cloudflare

GET
H3 200 cf.errors.css
melvinsienickiuudpi.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 40ms
40ms Stylesheet
text/css 2606:4700:310c::ac42:2f25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://melvinsienickiuudpi.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"66f525a7-5df3"
x-content-type-options: nosniff
cf-ray: 8cca1c934d6f546d-YYZ
expires: Thu, 03 Oct 2024 06:15:32 GMT
date: Thu, 03 Oct 2024 04:15:32 GMT
content-type: text/css
last-modified: Thu, 26 Sep 2024 09:13:11 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
melvinsienickiuudpi.pages.dev/cdn-cgi/images/ 452 B
634 B 38ms
38ms Image
image/png 2606:4700:310c::ac42:2f25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://melvinsienickiuudpi.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "66f525a7-1c4"
x-content-type-options: nosniff
cf-ray: 8cca1c939d86546d-YYZ
expires: Thu, 03 Oct 2024 06:15:32 GMT
accept-ranges: bytes
content-length: 452
date: Thu, 03 Oct 2024 04:15:32 GMT
content-type: image/png
last-modified: Thu, 26 Sep 2024 09:13:11 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 favicon.ico
melvinsienickiuudpi.pages.dev/ 16 KB
6 KB 241ms
240ms Other
text/html 2606:4700:310c::ac42:2f25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://melvinsienickiuudpi.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fb8f76af9f69203004f58643a2283f8bafa5f0cadd1216113b044ffbb93f275

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lo54XgrMTnQtFXciIIhnrxnRcbUqDuUJZviuTZqhZX28NR0PWKS0Fc4Ng7hvfM10CnhwIsTK6J%2BZboAgZzkInNXqD7NCn%2F3je10XK%2FXPiXdd%2B6WfudfNxxl%2BOgJ26mmzMWvBsZHG8rvDCI2lDnjGJhg1RVblJbJd01fpfA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8cca1c93dd9b546d-YYZ
access-control-allow-origin: *
date: Thu, 03 Oct 2024 04:15:32 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H3

200

Primary Request / Show response
melvinsienickiuudpi.pages.dev/
Redirect Chain

https://melvinsienickiuudpi.pages.dev/cdn-cgi/phish-bypass?atok=.x3k552Mz1CChVdxxsJgYz7OTw9LbtM_HwDyDzbggX4-1727928932-0.0.1.1-%2F
https://melvinsienickiuudpi.pages.dev/

16 KB
6 KB

56ms
55ms

Document
text/html

2606:4700:310c::ac42:2f25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://melvinsienickiuudpi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f25 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fb8f76af9f69203004f58643a2283f8bafa5f0cadd1216113b044ffbb93f275

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://melvinsienickiuudpi.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8cca1cb33c62546d-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 03 Oct 2024 04:15:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mZFFQDWwRtdp38Zu6raXUhT%2BdiLWC93Fp2nrvIe0kPzjha1%2FFNRB7O1anHYnyi1XshiL%2BA0HaC2UA2TAwDSALrjOvOpC2VBDjjzSqtEXIBTDQOofTonFUrYvOAPQ3u1mxu5C8dfrMv58HhsQ1xi8rb6ALPqqGSK1UAG4nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

cache-control: private, no-cache
cf-ray: 8cca1cb2fc44546d-YYZ
content-length: 167
content-type: text/html
date: Thu, 03 Oct 2024 04:15:37 GMT
location: https://melvinsienickiuudpi.pages.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 speculation
melvinsienickiuudpi.pages.dev/cdn-cgi/ 2 B
418 B 43ms
42ms Other
application/speculationrules+json 2606:4700:310c::ac42:2f25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://melvinsienickiuudpi.pages.dev/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://melvinsienickiuudpi.pages.dev
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KSi4CMLwtkHCAdcfHB4P4TFaCeSGshuZcitQ%2Bs0ANZoK4NVixCvBkS1Yz0J0jc43YO5oMQV3%2Fc1onu7BU%2BpFj%2FjtGp1TTH1Y7P0vcGVv4IHME7jIcPSbs%2BFNeE8Pn94u5LH72LZewfBVYgH9pmvZQvN8UQ9ZOhv8glwSFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cca1cb3ac94546d-YYZ
content-length: 2
date: Thu, 03 Oct 2024 04:15:37 GMT
content-type: application/speculationrules+json
vary: Accept-Encoding
server: cloudflare

GET
H2 200 79ee6540a4b7a1babeebf56e1c23369e Show response
split.cordellvolante.biz.id/get/site/js/ 0
563 B 542ms
121ms Script
application/javascript 2606:4700:3034::6815:2bf0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://split.cordellvolante.biz.id/get/site/js/79ee6540a4b7a1babeebf56e1c23369e
Requested by: Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:2bf0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w84BttGpEB7JBC%2FcUpizx7O4cP4yC1HxhONpBNB2D1B%2FEPhxdgv3%2F5ZCFg5nFaTEYuaaUjERKHk9z5Yq3AY0vAfQVn1DmxvYpo19lqo3JHGs79Lb%2Fj90DeOmFAdO13cdqbfgutUbxKKlB57zwDhxzbzmwaGfOUCIlU0%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cca1cb64a60aacd-YYZ
expires: Thu, 19 Nov 1981 08:52:00 GMT
date: Thu, 03 Oct 2024 04:15:38 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H3

200

5648.js Show response
pop.dojo.cc/
Redirect Chain

https://pop.dojo.cc/8163.js
https://pop.dojo.cc/5648.js

13 KB
5 KB

106ms
106ms

Script
application/javascript

2606:4700:3108::ac42:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pop.dojo.cc/5648.js

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

Server

2606:4700:3108::ac42:28c4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e5f273a6d2f5ae29fa3a18e0fe79328b0c3e7ebaa94824e7e6fd13daf0b2a7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cache-control: no-cache, private
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=srob0fCH3UIO1TvKJxGMq%2FPVlm4B4n%2BO6zSamAdVyhV0UlaUjQZPhaBgFhegiQUNzXQnVCjy6nAwJmlmir%2BhazrJZHVgnVSUxM7vQsfQZDaCOLwil7YhUdniNxZyQIJCrT46Sc2mXMfnsA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8cca1cb4ff8bac46-YYZ
date: Thu, 03 Oct 2024 04:15:37 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

Redirect headers

cache-control: no-cache, private
location: https://pop.dojo.cc/5648.js
cf-cache-status: BYPASS
speculation-rules: "/cdn-cgi/speculation"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uavPdDuMnByBzHjih%2FVS9xpTytyQiQ84FyKNAFXJ1wR4baAXBoWAcbaYETuZLjaBCWWJ3zXw5WU0bk5ws2JqdEf22hPhp%2B%2Bx%2FhGbM9ORxs1a0zvbCDNN%2Fq0Dw%2FeJHAK3X2%2FlS7oLyfvazQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8cca1cb44f15ac46-YYZ
date: Thu, 03 Oct 2024 04:15:37 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H2 200 adsterra.js Show response
ad.cordellvolante.biz.id/ 346 B
841 B 498ms
67ms Script
text/javascript 2606:4700:3034::6815:2bf0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.cordellvolante.biz.id/adsterra.js

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2bf0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecc5c1ab28c8dcdb80c88cb750d6d3ca9f3f4414680850c9a8fb8423d51a785

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"6697ac07-15a"
age: 76528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cwRcRMxIgIIfSjp4mTbZaYhT35FdPyWAF7blCuLAsQu9lbFdFoaPW%2BFG%2Fe1uPfAjHEApiEcyw7CqNUGvKw%2FP6xl6cKnlYIxcrYQRV%2BSRr6YqVUwh%2Bjd1hVhoTluPYnpqxypiHKuK0QlwL%2BeryEpvMMJZwacKaag%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 07:00:09 GMT
date: Thu, 03 Oct 2024 04:15:37 GMT
content-type: text/javascript
last-modified: Wed, 17 Jul 2024 11:33:27 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8cca1cb65b1aac54-YYZ
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 903e38ba3def814bfdf82f592d030444 Show response
split.cordellvolante.biz.id/get/site/js/ 291 B
554 B 552ms
132ms Script
application/javascript 2606:4700:3034::6815:2bf0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://split.cordellvolante.biz.id/get/site/js/903e38ba3def814bfdf82f592d030444
Requested by: Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:2bf0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c721588b5b617400c3c81d6a5e619f674559869d1945ed3e0b2e56ded21ee39a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2FtpjcRQZ2uUEAi4jx7Je8kxuHlf7E3BmBR7X1XD%2FWeeVQIk2v9vvFi7JEcRCa%2FOtrt4QISOHqVZsNVOIV2dWjIfWBmHRDTio9PVKEQLmBQ63y%2FHKPAXfRNhbtStzVm3h0qLloUwr9C3C5iQjc62aMnKYjVhJ8D%2F2CM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cca1cb64a5baacd-YYZ
expires: Thu, 19 Nov 1981 08:52:00 GMT
date: Thu, 03 Oct 2024 04:15:38 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 7cd1794e0bc3ccf6aa9f22ff065bfd1f Show response
split.cordellvolante.biz.id/get/site/js/ 291 B
579 B 551ms
133ms Script
application/javascript 2606:4700:3034::6815:2bf0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://split.cordellvolante.biz.id/get/site/js/7cd1794e0bc3ccf6aa9f22ff065bfd1f
Requested by: Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:2bf0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6d96bec3225aafd281eff213d8b429a4b2f415a2c05acfb3b3acb48d15f6aa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bnXP0zR%2FX4u3cc1LRwCjJoqKsBHuYxqr%2B1fmRtoWxg3jgOI9h%2BQF9A40mpNlDgv8tpoWRVwC6sJFGLcDGuwF2XpwNF%2FW%2FzP7bO1Rngt1XuhZxxKj%2BMfBGoVxc0wZJD4V2LBLn316MFEwAOy1wmjHfCS9jo5%2FYOaxDc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cca1cb64a5caacd-YYZ
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 03 Oct 2024 04:15:38 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 153763eee93b533c73da23fe4546f2e8 Show response
split.cordellvolante.biz.id/get/site/js/ 291 B
558 B 548ms
130ms Script
application/javascript 2606:4700:3034::6815:2bf0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://split.cordellvolante.biz.id/get/site/js/153763eee93b533c73da23fe4546f2e8
Requested by: Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:2bf0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f364cbb0435cf32cdf6b12944c960604dc887f66517ecf3aa7d9cacdbbdcc7cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cache-control: no-store, no-cache, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ko20%2FERrY6nrZNxXvqc4VXiLAAc6%2F2YAYOlWId74DhKL5%2Btf5yHxKTBbBjF%2F1XoXOYyfy8LmK04Ddv%2F73DfloHbmA%2FrmMP4%2BrqqcGe%2FmDlPGghH1BuFMGubnty0Ly2Ka%2Bdhz%2F025QSQfrk5Ax24VxRMFP88TiHIlDFc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8cca1cb64a5eaacd-YYZ
expires: Thu, 19 Nov 1981 08:52:00 GMT
date: Thu, 03 Oct 2024 04:15:38 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H3 200 jquery.slim.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 71 KB
22 KB 155ms
46ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://melvinsienickiuudpi.pages.dev
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "603e8adc-11ab4"
age: 7328370
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GyOSYf6%2BsO6T7zbGNf9SmO%2Bhcgf9x8ZV94QtFpVXOmIyaUTezsqG1CXn4ckqFDgNsk3Se5UUU%2BZX%2BHG7eksjPnkA%2Bie6qnYhHTu38%2Fv88doBJYnFCLFu%2FmbzNd%2F6Cf0C0QB5nuVCsb%2F4ukcjkHiPb96n"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 23 Sep 2025 04:15:37 GMT
date: Thu, 03 Oct 2024 04:15:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cca1cb45d3236a3-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22329
server: cloudflare

GET
H3 200 lazysizes.min.js Show response
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/ 8 KB
4 KB 190ms
82ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://melvinsienickiuudpi.pages.dev
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5ff0b799-1ed1"
age: 30548
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnQdy3yMLoESivRIClKO05I%2FW%2BQ4o3xWzXpPdmaFxRqaeN74W0ILAmUXalqH3eYR%2Fnu0O1pnoCScH4ZWieWoPsi4N3AWlpal8s2x5mu3Jrw4yd4H4mS%2B3PSDzU%2BhqyZbKt6KX%2FDO8%2Blo5HqTTx1G8Xu1"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 23 Sep 2025 04:15:37 GMT
date: Thu, 03 Oct 2024 04:15:37 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cca1cb45d3436a3-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3150
server: cloudflare

GET
H/1.1 200
OK invoke.js Show response
sighhigherapprove.com/841551df4ace4771a26423c5508e1f6a/ 23 KB
11 KB 382ms
95ms Script
application/javascript 172.240.108.68
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://sighhigherapprove.com/841551df4ace4771a26423c5508e1f6a/invoke.js

Requested by

Host: ad.cordellvolante.biz.id
URL: https://ad.cordellvolante.biz.id/adsterra.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.240.108.68 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

84c488ca032f35769ee1699df9821d9b34982be3005542f965b9f025304a3324

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: bfff058022b7e26a07f5045f8396e051
Cache-Control: no-cache, max-age=0, private, no-cache
Content-Encoding: gzip
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:38 GMT
Content-Type: application/javascript
Host: sighhigherapprove.com
Server: nginx/1.21.6

GET
H2 200 stats Show response
proftrafficcounter.com/ 40 B
311 B 388ms
108ms XHR
text/html 3.219.148.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://proftrafficcounter.com/stats
Requested by: Host: sighhigherapprove.com
URL: https://sighhigherapprove.com/841551df4ace4771a26423c5508e1f6a/invoke.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.148.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-148-210.compute-1.amazonaws.com
Software: fasthttp /
Resource Hash: 669210451cfe1dc6f103127736e692fdeeca797c8412dbd788ff1d9fc846a1e4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

access-control-allow-origin: https://melvinsienickiuudpi.pages.dev
content-length: 40
date: Thu, 03 Oct 2024 04:15:38 GMT
content-type: text/html; charset=UTF-8
vary: Origin
server: fasthttp
access-control-allow-credentials: true

GET
H/1.1 200
OK 875f85d98e0187160dadef1129088a1c.js Show response
obtaintrout.com/87/5f/85/ 93 KB
34 KB 378ms
109ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://obtaintrout.com/87/5f/85/875f85d98e0187160dadef1129088a1c.js

Requested by

Host: sighhigherapprove.com
URL: https://sighhigherapprove.com/841551df4ace4771a26423c5508e1f6a/invoke.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

6bde0ee18e03ce1ddccccb4c1de3aaaaa74373e6b5b66d1bbd7ed65d1ec271d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: 5d410eb011d31e1a25c66b01ff5d75c4
Cache-Control: no-cache, max-age=0, private, no-cache
Content-Encoding: gzip
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:38 GMT
Content-Type: application/javascript
Host: obtaintrout.com
Server: nginx/1.21.6

GET
H/1.1 200
OK invoke.js Show response
www.topcreativeformat.com/d0ad831df891127170674f7100bd3428/ 23 KB
11 KB 346ms
96ms Script
application/javascript 172.240.253.132
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://www.topcreativeformat.com/d0ad831df891127170674f7100bd3428/invoke.js

Requested by

Host: split.cordellvolante.biz.id
URL: https://split.cordellvolante.biz.id/get/site/js/903e38ba3def814bfdf82f592d030444

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.240.253.132 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

c5d2ea3fd256e784a585a43da3e215004978b235294a50d98a0661b724b22b1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: c41c328e3eb78b04911db09f3228a47f
Cache-Control: no-cache, max-age=0, private, no-cache
Content-Encoding: gzip
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:38 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.21.6

GET
H2 200 stats Show response
proftrafficcounter.com/ 40 B
309 B 93ms
85ms XHR
text/html 3.219.148.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://proftrafficcounter.com/stats
Requested by: Host: www.topcreativeformat.com
URL: https://www.topcreativeformat.com/d0ad831df891127170674f7100bd3428/invoke.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.148.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-148-210.compute-1.amazonaws.com
Software: fasthttp /
Resource Hash: 405bb40124179868041e9247a5e6401c5590d1ee88fb8b4d25abb3f24ddf5f54

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

access-control-allow-origin: https://melvinsienickiuudpi.pages.dev
content-length: 40
date: Thu, 03 Oct 2024 04:15:38 GMT
content-type: text/html; charset=UTF-8
vary: Origin
server: fasthttp
access-control-allow-credentials: true

GET
H/1.1 200
OK invoke.js Show response
www.topcreativeformat.com/b3b93aca483f1d9a2adb8be6c9552870/ 23 KB
11 KB 77ms
77ms Script
application/javascript 172.240.253.132
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://www.topcreativeformat.com/b3b93aca483f1d9a2adb8be6c9552870/invoke.js

Requested by

Host: split.cordellvolante.biz.id
URL: https://split.cordellvolante.biz.id/get/site/js/7cd1794e0bc3ccf6aa9f22ff065bfd1f

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.240.253.132 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

bd724ed4700b2271b594a12bb90f9e48ddfc11c975d8f708eb1ae21d77c984b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: c1c15784a60fc4f50165f3ece4182f8b
Cache-Control: no-cache, max-age=0, private, no-cache
Content-Encoding: gzip
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:38 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.21.6

GET
H/1.1

200
OK

watch.1367912678537.js Show response
obtaintrout.com/
Redirect Chain

https://obtaintrout.com/watch.1367912678537.js?key=841551df4ace4771a26423c5508e1f6a&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=c0eb03f0-f0b4-4d88-961a...
https://obtaintrout.com/watch.1367912678537.js?dev=r&key=841551df4ace4771a26423c5508e1f6a&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=c7a9ffdb...

0
1 KB

316ms
245ms

XHR
text/html

192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://obtaintrout.com/watch.1367912678537.js?dev=r&key=841551df4ace4771a26423c5508e1f6a&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=c7a9ffdb4574270699e552ca9454b1727a90d9f269e62ad660f45ef97b9d05cedc1603a08ad84d48d36aa0e5643231f45dc44a21cefff705045a17540ad2066ba74b6e2e908ae658ec5ca9d3c18b4575bd08a022726856f31cb5&tz=-7&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

HTTP/1.1

Server

192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

X-Request-ID: 29ee2bc0da7c53537c30f622bd013461
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:39 GMT
Content-Type: text/html
Host: obtaintrout.com
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Content-Length: 0
Server: nginx/1.21.6

Redirect headers

X-Request-ID: f22f7d18e5347aedd8ea9b88a4aef664
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:38 GMT
Content-Type: text/html
Host: obtaintrout.com
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Location: https://obtaintrout.com/watch.1367912678537.js?dev=r&key=841551df4ace4771a26423c5508e1f6a&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=c7a9ffdb4574270699e552ca9454b1727a90d9f269e62ad660f45ef97b9d05cedc1603a08ad84d48d36aa0e5643231f45dc44a21cefff705045a17540ad2066ba74b6e2e908ae658ec5ca9d3c18b4575bd08a022726856f31cb5&tz=-7&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Content-Length: 0
Server: nginx/1.21.6

GET
H/1.1 200
OK sfp.js Show response
recordedthereby.com/ 83 KB
84 KB 315ms
75ms Script
application/javascript 172.240.108.76
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://recordedthereby.com/sfp.js

Requested by

Host: obtaintrout.com
URL: https://obtaintrout.com/87/5f/85/875f85d98e0187160dadef1129088a1c.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.240.108.76 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: ea0f68869d9cd9e2f77fc9a8035f5f59
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Access-Control-Allow-Origin: *
Content-Length: 85378
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:39 GMT
Content-Type: application/javascript; charset=utf-8
Host: recordedthereby.com
Server: nginx/1.21.6

GET
H/1.1 200
OK purst
obtaintrout.com/pixel/ 0
492 B 341ms
129ms Image
text/plain 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obtaintrout.com/pixel/purst?dl=0&th=0&sc=0&rs=1476.3999996185303&rd=1476.3999996185303&fd=415.8999996185303&bv=24.8.8162&tmpl=70
Requested by: Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

Cache-Control: no-cache
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Access-Control-Allow-Origin: *
Content-Length: 0
Date: Thu, 03 Oct 2024 04:15:39 GMT
Host: obtaintrout.com
Server: nginx/1.21.6
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests

GET
H/1.1

200
OK

watch.1613816990193.js Show response
examplesclasp.com/
Redirect Chain

https://examplesclasp.com/watch.1613816990193.js?key=b3b93aca483f1d9a2adb8be6c9552870&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=c0eb03f0-f0b4-4d88-96...
https://examplesclasp.com/watch.1613816990193.js?dev=r&key=b3b93aca483f1d9a2adb8be6c9552870&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=e14117...

2 KB
2 KB

115ms
115ms

XHR
text/html

192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://examplesclasp.com/watch.1613816990193.js?dev=r&key=b3b93aca483f1d9a2adb8be6c9552870&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=e14117ef69cf49e4c958010dc0ab787a887ec8a21bc4a6b0618c6f81b420bc785a9aae54e2ed46263b31b4ac4545e23bab62606af34e84dba39bbb42f2fd976f31656fc68c78f7ca5a2b3b043033a550e27d38fb476bf68ced51&tz=-7&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

HTTP/1.1

Server

192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

8665ceb214ef5b45e2eab264ba5159b01b056c633607c6a0e0dbad9185953066

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

X-Request-ID: 1b916475993273a54f16e0964008e9e7
Content-Encoding: gzip
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:39 GMT
Content-Type: text/html
Host: examplesclasp.com
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Server: nginx/1.21.6

Redirect headers

X-Request-ID: eeae644ecdedd71c01ebebe2266dea3c
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:39 GMT
Content-Type: text/html
Host: examplesclasp.com
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Location: https://examplesclasp.com/watch.1613816990193.js?dev=r&key=b3b93aca483f1d9a2adb8be6c9552870&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=e14117ef69cf49e4c958010dc0ab787a887ec8a21bc4a6b0618c6f81b420bc785a9aae54e2ed46263b31b4ac4545e23bab62606af34e84dba39bbb42f2fd976f31656fc68c78f7ca5a2b3b043033a550e27d38fb476bf68ced51&tz=-7&uuid=c0eb03f0-f0b4-4d88-961a-247bf0ea7349%3A3%3A1
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Content-Length: 0
Server: nginx/1.21.6

GET
H/1.1 200
OK invoke.js Show response
www.topcreativeformat.com/5c5c6ef5a97b0b7e4cb5be2a1545aeb3/ 23 KB
11 KB 74ms
73ms Script
application/javascript 172.240.253.132
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://www.topcreativeformat.com/5c5c6ef5a97b0b7e4cb5be2a1545aeb3/invoke.js

Requested by

Host: split.cordellvolante.biz.id
URL: https://split.cordellvolante.biz.id/get/site/js/153763eee93b533c73da23fe4546f2e8

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.240.253.132 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

7e552c7fa4e50460fb6c7296f45e8f4b6bed717a3fe3bedddc0c9af78b81f8ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=0; includeSubdomains
X-Request-ID: 39f613aa290712edb4324a2a0ef18ad8
Cache-Control: no-cache, max-age=0, private, no-cache
Content-Encoding: gzip
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:38 GMT
Content-Type: application/javascript
Host: www.topcreativeformat.com
Server: nginx/1.21.6

GET
H/1.1

200
OK

watch.606996665906.js Show response
obtaintrout.com/
Redirect Chain

https://obtaintrout.com/watch.606996665906.js?key=d0ad831df891127170674f7100bd3428&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=454a860e-38c0-4cea-b2e1-...
https://obtaintrout.com/watch.606996665906.js?dev=r&key=d0ad831df891127170674f7100bd3428&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=4b2a6ebce...

0
1 KB

231ms
204ms

XHR
text/html

192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://obtaintrout.com/watch.606996665906.js?dev=r&key=d0ad831df891127170674f7100bd3428&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=4b2a6ebcefa77cb41d269ee252319a0040b15f9552293173769175189314c5e086bfc0bbecc74bc9d7174a25360115d3f35ca9f957d4a380bd60d05028df4fedf4daa11dfd466a4638505f81f139786bdca67ea17534a715ef04&tz=-7&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

HTTP/1.1

Server

192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

X-Request-ID: cf5c38af7831884d22a6f9fed738e312
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:39 GMT
Content-Type: text/html
Host: obtaintrout.com
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Content-Length: 0
Server: nginx/1.21.6

Redirect headers

X-Request-ID: 1da642fdbad1a484edaee3f2994d5bec
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:38 GMT
Content-Type: text/html
Host: obtaintrout.com
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Location: https://obtaintrout.com/watch.606996665906.js?dev=r&key=d0ad831df891127170674f7100bd3428&kw=%5B%5D&pst=1727928998&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=4b2a6ebcefa77cb41d269ee252319a0040b15f9552293173769175189314c5e086bfc0bbecc74bc9d7174a25360115d3f35ca9f957d4a380bd60d05028df4fedf4daa11dfd466a4638505f81f139786bdca67ea17534a715ef04&tz=-7&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Content-Length: 0
Server: nginx/1.21.6

GET
H/1.1

200
OK

watch.585003125423.js Show response
bathingdelicatedemise.com/
Redirect Chain

https://bathingdelicatedemise.com/watch.585003125423.js?key=5c5c6ef5a97b0b7e4cb5be2a1545aeb3&kw=%5B%5D&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&tz=-7&dev=r&res=14.31&uuid=454a860e-38c0-...
https://bathingdelicatedemise.com/watch.585003125423.js?dev=r&key=5c5c6ef5a97b0b7e4cb5be2a1545aeb3&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu...

2 KB
2 KB

92ms
92ms

XHR
text/html

172.240.108.76
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://bathingdelicatedemise.com/watch.585003125423.js?dev=r&key=5c5c6ef5a97b0b7e4cb5be2a1545aeb3&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=b5551c8382b36e4b8e97100396552ef0975b9ef9d27761ce698e46adb32dcf8c5c9ce54356187e123825f12d6c5b6f9c8570d40add1307bc706bfa1c26fae015344152113af3186394e007fe584e0efd0ef51abfb973ad42776e67&tz=-7&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1

Requested by

Host: melvinsienickiuudpi.pages.dev
URL: https://melvinsienickiuudpi.pages.dev/

Protocol

HTTP/1.1

Server

172.240.108.76 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.21.6 /

Resource Hash

4e0712a7c64209d6e943d628ae4622e841d13c251b493765592b86745648ff0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://melvinsienickiuudpi.pages.dev/

Response headers

X-Request-ID: 4fa8c4bf8350e7fbb5df96f25fa3e46a
Content-Encoding: gzip
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:39 GMT
Content-Type: text/html
Host: bathingdelicatedemise.com
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Server: nginx/1.21.6

Redirect headers

X-Request-ID: 5485ddc6ee6549350657c5a1bb375911
Expires: Thu, 01 Jan 1970 00:00:01 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 03 Oct 2024 04:15:39 GMT
Content-Type: text/html
Host: bathingdelicatedemise.com
Strict-Transport-Security: max-age=0; includeSubdomains
Cache-Control: no-cache, max-age=0, private, no-cache
Location: https://bathingdelicatedemise.com/watch.585003125423.js?dev=r&key=5c5c6ef5a97b0b7e4cb5be2a1545aeb3&kw=%5B%5D&pst=1727928999&refer=https%3A%2F%2Fmelvinsienickiuudpi.pages.dev%2F&res=14.31&rmtc=t&shu=b5551c8382b36e4b8e97100396552ef0975b9ef9d27761ce698e46adb32dcf8c5c9ce54356187e123825f12d6c5b6f9c8570d40add1307bc706bfa1c26fae015344152113af3186394e007fe584e0efd0ef51abfb973ad42776e67&tz=-7&uuid=454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Custom-Referer: https://melvinsienickiuudpi.pages.dev
Access-Control-Allow-Origin: https://melvinsienickiuudpi.pages.dev
Content-Length: 0
Server: nginx/1.21.6

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET search
suggestqueries.google.com/complete/ 0
0

GET th
tse1.mm.bing.net/ 0
0

GET index
deepflowdiscovery.com/ 0
0

GET

/
enhancednetworkpc.com/video-player-1/
Redirect Chain

https://deepflowdiscovery.com/index?cid=dc67405721ff2e974272&extclickid=4316600d2144a5170922b0b76870abc5&t1=18931059&t2=3137986&type=default&publisher=158858&advertiser=57051&campaign_id=1134188&zo...
https://enhancednetworkpc.com/video-player-1/?domain=deepflowdiscovery.com

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: suggestqueries.google.com
URL: https://suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=

Domain: tse1.mm.bing.net
URL: https://tse1.mm.bing.net/th?q=

Domain: deepflowdiscovery.com
URL: https://deepflowdiscovery.com/index?cid=dc67405721ff2e974272&extclickid=431b6f3f4de2304184ce6be022d2d3d5&t1=23958813&t2=3137986&type=default&publisher=1993551&advertiser=57051&campaign_id=1134188&zoneid=4027970&category=Other&cost=0.700000

Domain: enhancednetworkpc.com
URL: https://enhancednetworkpc.com/video-player-1/?domain=deepflowdiscovery.com

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.melvinsienickiuudpi.pages.dev/	1970-01-21 00:00:15	Name: __cf_mw_byp Value: .x3k552Mz1CChVdxxsJgYz7OTw9LbtM_HwDyDzbggX4-1727928932-0.0.1.1-/
proftrafficcounter.com/	1970-01-21 09:34:48	Name: uid_id2 Value: 454a860e-38c0-4cea-b2e1-adedadc8b581:3:1
melvinsienickiuudpi.pages.dev/	1970-01-21 00:08:53	Name: dom3ic8zudi28v8lr6fgphwffqoz0j6c Value: 454a860e-38c0-4cea-b2e1-adedadc8b581%3A3%3A1
obtaintrout.com/	1970-01-21 00:00:15	Name: u_pl Value: 23574961
obtaintrout.com/	1970-01-20 23:58:48	Name: ain Value: eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzU3NDk2MSwiayI6ImQwYWQ4MzFkZjg5MTEyNzE3MDY3NGY3MTAwYmQzNDI4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozOTYyMjI4LCJwaWQiOjE5MTI5NjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoibmJlZHNlajVxaSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNTc0NDU1MzMsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTM1MTE2LCJibiI6IkNocm9tZSIsImJ2IjoiMTI5Iiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MzksImMiOiJDQSIsIm4iOiJDYW5hZGEifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCZWxsIENhbmFkYSJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVsdmluc2llbmlja2l1dWRwaS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.kMX0Z01lY8R-welSgKCmD1FnrIzt-lgWpK9WYt4SAoM
obtaintrout.com/	1970-01-21 00:08:53	Name: uid_id2 Value: c0eb03f0-f0b4-4d88-961a-247bf0ea7349:3:1
examplesclasp.com/	1970-01-21 00:00:15	Name: u_pl Value: 23958813
examplesclasp.com/	1970-01-20 23:58:48	Name: ain Value: eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzk1ODgxMywiayI6ImIzYjkzYWNhNDgzZjFkOWEyYWRiOGJlNmM5NTUyODcwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo0MDI3OTcwLCJwaWQiOjE5OTM1NTEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoidzF1ZGRnN3UiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjU3NDQ1NTMzLCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjEzNTExNiwiYm4iOiJDaHJvbWUiLCJidiI6IjEyOSIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjM5LCJjIjoiQ0EiLCJuIjoiQ2FuYWRhIn0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmVsbCBDYW5hZGEifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL21lbHZpbnNpZW5pY2tpdXVkcGkucGFnZXMuZGV2LyIsImFyIjpbXX19.p9A_G52PvFcGOjkil70XVI1-e-BjaZvQaFJPQmBsWNo
bathingdelicatedemise.com/	1970-01-21 00:00:15	Name: u_pl Value: 18931059
bathingdelicatedemise.com/	1970-01-20 23:58:48	Name: ain Value: eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODkzMTA1OSwiayI6IjVjNWM2ZWY1YTk3YjBiN2U0Y2I1YmUyYTE1NDVhZWIzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDA0MDg0LCJwaWQiOjE1ODg1OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJxYWRheXQ1ZCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNTc0NDU1MzMsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTM1MTE2LCJibiI6IkNocm9tZSIsImJ2IjoiMTI5Iiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MzksImMiOiJDQSIsIm4iOiJDYW5hZGEifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCZWxsIENhbmFkYSJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbWVsdmluc2llbmlja2l1dWRwaS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.ZeQUMnhZoH9JF0ayEuPVlfHXJ1kx93EcaSvg553qpOI
examplesclasp.com/	1970-01-21 00:08:53	Name: uid_id2 Value: c0eb03f0-f0b4-4d88-961a-247bf0ea7349:3:1
examplesclasp.com/	1970-01-21 00:00:15	Name: iprc48b31e01df95acd4c0b98d43d7d4678a Value: 5589611
examplesclasp.com/	1970-01-21 00:00:15	Name: pdhtkv Value: true
examplesclasp.com/	1970-01-21 00:00:15	Name: uncs Value: 1
examplesclasp.com/	1970-01-21 00:00:15	Name: pdhtkv23 Value: true
examplesclasp.com/	1970-01-21 00:00:15	Name: uncs23 Value: 1
bathingdelicatedemise.com/	1970-01-21 00:08:53	Name: uid_id2 Value: 454a860e-38c0-4cea-b2e1-adedadc8b581:3:1
bathingdelicatedemise.com/	1970-01-21 00:00:15	Name: iprc48b31e01df95acd4c0b98d43d7d4678a Value: 5589611
bathingdelicatedemise.com/	1970-01-21 00:00:15	Name: pdhtkv Value: true
bathingdelicatedemise.com/	1970-01-21 00:00:15	Name: uncs Value: 1
bathingdelicatedemise.com/	1970-01-21 00:00:15	Name: pdhtkv23 Value: true
bathingdelicatedemise.com/	1970-01-21 00:00:15	Name: uncs23 Value: 1
deepflowdiscovery.com/	1970-01-21 08:44:24	Name: uclick Value: kL6CnV9eb901h+eiPWCYs/nQZOlwJMrHCjnjq/YJMs7K7Dy/jK5LEP4NNl4lzE8VBHalZJPf
deepflowdiscovery.com/	1970-01-21 08:44:24	Name: bcid Value: crv1kqohubcc73eurcrg
deepflowdiscovery.com/	1970-01-21 08:44:24	Name: cid Value: crv1kqohubcc73eurcrg

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://ad.cordellvolante.biz.id/adsterra.js(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://sighhigherapprove.com/841551df4ace4771a26423c5508e1f6a/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ad.cordellvolante.biz.id/adsterra.js(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://sighhigherapprove.com/841551df4ace4771a26423c5508e1f6a/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://split.cordellvolante.biz.id/get/site/js/903e38ba3def814bfdf82f592d030444(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.topcreativeformat.com/d0ad831df891127170674f7100bd3428/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://split.cordellvolante.biz.id/get/site/js/903e38ba3def814bfdf82f592d030444(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.topcreativeformat.com/d0ad831df891127170674f7100bd3428/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://split.cordellvolante.biz.id/get/site/js/7cd1794e0bc3ccf6aa9f22ff065bfd1f(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.topcreativeformat.com/b3b93aca483f1d9a2adb8be6c9552870/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://split.cordellvolante.biz.id/get/site/js/7cd1794e0bc3ccf6aa9f22ff065bfd1f(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.topcreativeformat.com/b3b93aca483f1d9a2adb8be6c9552870/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://split.cordellvolante.biz.id/get/site/js/153763eee93b533c73da23fe4546f2e8(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.topcreativeformat.com/5c5c6ef5a97b0b7e4cb5be2a1545aeb3/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://split.cordellvolante.biz.id/get/site/js/153763eee93b533c73da23fe4546f2e8(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.topcreativeformat.com/5c5c6ef5a97b0b7e4cb5be2a1545aeb3/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://melvinsienickiuudpi.pages.dev/(Line 285) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://melvinsienickiuudpi.pages.dev/(Line 285) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://suggestqueries.google.com/complete/search?jsonp=autoRelated&hl=en&client=firefox&q=, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.cordellvolante.biz.id
bathingdelicatedemise.com
cdnjs.cloudflare.com
deepflowdiscovery.com
enhancednetworkpc.com
examplesclasp.com
melvinsienickiuudpi.pages.dev
obtaintrout.com
pop.dojo.cc
proftrafficcounter.com
recordedthereby.com
sighhigherapprove.com
split.cordellvolante.biz.id
suggestqueries.google.com
tse1.mm.bing.net
www.topcreativeformat.com
deepflowdiscovery.com
enhancednetworkpc.com
suggestqueries.google.com
tse1.mm.bing.net
172.240.108.68
172.240.108.76
172.240.253.132
192.243.61.225
192.243.61.227
2606:4700:3034::6815:2bf0
2606:4700:3108::ac42:28c4
2606:4700:310c::ac42:2f25
2606:4700::6811:190e
3.219.148.210
2ecc5c1ab28c8dcdb80c88cb750d6d3ca9f3f4414680850c9a8fb8423d51a785
405bb40124179868041e9247a5e6401c5590d1ee88fb8b4d25abb3f24ddf5f54
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46112dbceed738f759d03f04b115d5256a7d73660b7795acb382192ad84d9f98
4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b
4e0712a7c64209d6e943d628ae4622e841d13c251b493765592b86745648ff0f
669210451cfe1dc6f103127736e692fdeeca797c8412dbd788ff1d9fc846a1e4
6bde0ee18e03ce1ddccccb4c1de3aaaaa74373e6b5b66d1bbd7ed65d1ec271d6
7e552c7fa4e50460fb6c7296f45e8f4b6bed717a3fe3bedddc0c9af78b81f8ff
84c488ca032f35769ee1699df9821d9b34982be3005542f965b9f025304a3324
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8665ceb214ef5b45e2eab264ba5159b01b056c633607c6a0e0dbad9185953066
8e5f273a6d2f5ae29fa3a18e0fe79328b0c3e7ebaa94824e7e6fd13daf0b2a7a
8fb8f76af9f69203004f58643a2283f8bafa5f0cadd1216113b044ffbb93f275
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbb7b9921ca2b61948753a6edb63c78443663dc45d1621d18e102e1dcb34e512
bd724ed4700b2271b594a12bb90f9e48ddfc11c975d8f708eb1ae21d77c984b0
c5d2ea3fd256e784a585a43da3e215004978b235294a50d98a0661b724b22b1f
c721588b5b617400c3c81d6a5e619f674559869d1945ed3e0b2e56ded21ee39a
d6d96bec3225aafd281eff213d8b429a4b2f415a2c05acfb3b3acb48d15f6aa7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea9ab2263614c839c6f0d5b4c4c16c65ecb7490eadfc3d9822b5658c84beb194
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f364cbb0435cf32cdf6b12944c960604dc887f66517ecf3aa7d9cacdbbdcc7cd

melvinsienickiuudpi.pages.dev Open in urlscan Pro 2606:4700:310c::ac42:2f25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

72 %HTTPS

40 %IPv6

15 Domains

16 Subdomains

11 IPs

1 Countries

225 kBTransfer

426 kBSize

25 Cookies

1 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

melvinsienickiuudpi.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

72 %
HTTPS

40 %
IPv6

15
Domains

16
Subdomains

11
IPs

1
Countries

225 kB
Transfer

426 kB
Size

25
Cookies

32 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!