Report - notusedcodesforrobloxrobuxcards.blogspot.li/

Report Overview

Submitted URL
notusedcodesforrobloxrobuxcards.blogspot.li/
IP
142.250.74.65
ASN
#15169 GOOGLE
Submitted
2023-02-25 19:36:31
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T18:12:07Z	2.8 kB	5.6 kB	142.250.74.131
images-na.ssl-images-amazon.com	842	2012-10-30T03:08:43Z	2023-03-14T05:53:15Z	463 B	62 kB	143.204.54.16
www.blogger.com	8975	2012-05-22T09:35:03Z	2023-03-14T05:10:55Z	419 B	158 kB	216.58.207.233
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-14T05:10:25Z	418 B	2.6 kB	104.17.25.14
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-14T05:24:24Z	384 B	2.9 kB	151.101.1.229
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-14T07:31:50Z	497 B	68 kB	188.114.99.234
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-14T08:49:03Z	504 B	20 kB	142.250.74.35
notusedcodesforrobloxrobuxcards.blogspot.com	unknown	2022-08-14T17:17:56Z	2023-03-01T09:27:30Z	850 B	59 kB	142.250.74.65
s10.histats.com	15211	2012-05-21T19:14:14Z	2023-03-14T05:44:34Z	360 B	4.7 kB	46.105.201.240
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	42 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-14T05:09:37Z	413 B	5.9 kB	34.160.144.191
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-14T05:09:04Z	3.4 kB	8.9 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T18:13:28Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-14T05:09:37Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-14T05:09:38Z	606 B	127 B	54.187.247.157
bux.wellter.de	unknown	2022-12-12T15:54:44Z	2023-03-08T23:51:32Z	18 kB	1.2 MB	104.21.4.139
mtevor.com	unknown	2019-11-04T01:42:52Z	2023-03-14T05:33:35Z	399 B	518 B	172.96.187.226
notusedcodesforrobloxrobuxcards.blogspot.li	unknown	2023-02-25T18:11:06Z	2023-02-25T18:11:06Z	375 B	641 B	142.250.74.65

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-25	medium	notusedcodesforrobloxrobuxcards.blogspot.li/	Phishing
2023-02-25	medium	notusedcodesforrobloxrobuxcards.blogspot.com/	Phishing
2023-02-25	medium	notusedcodesforrobloxrobuxcards.blogspot.com/	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery-3.2.1.js	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery-ui.min.js	Phishing
2023-02-25	medium	bux.wellter.de/images/sweetalert2.min.js	Phishing
2023-02-25	medium	bux.wellter.de/images/scripts.js	Phishing
2023-02-25	medium	bux.wellter.de/images/fancyselect.js	Phishing
2023-02-25	medium	bux.wellter.de/images/com.js	Phishing
2023-02-25	medium	bux.wellter.de/images/main.js	Phishing
2023-02-25	medium	bux.wellter.de/images/sticky.js	Phishing
2023-02-25	medium	bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd	Phishing
2023-02-25	medium	bux.wellter.de/images/validator.min.js	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery.magnific-popup.min.js	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery.countto.js	Phishing
2023-02-25	medium	bux.wellter.de/images/form-scripts.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	bux.wellter.de/images/sticky.js	20 kB	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/sticky.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen395 Hash 1180d3ea8d2544bb6bec4dacb60526d2 d2788f5423575404112a66853e0f274960d743e0 bb88a49c99d278abff743baf1f0f492382031afd4212fb27b33a23068723f86e Loading...

	bux.wellter.de/images/main.js	34 kB	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/main.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen393 Hash b4a27b956eccd646f3bc2b2b2b6503c5 6df97b44c507a440a3c1dd6873b44fbc95e92fb1 948fe10b1ea0b581c4871ae90f94882ed8945bd19c9ce0352b20ac0467dc145a Loading...

	bux.wellter.de/images/scripts.js	196 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/scripts.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen378 Hash 30110b3852b1800156f09776b7f8abc3 b3016d5bcc5d32713d4841b7430e8a36a08f4d82 c7b5716b450a19a471d68d99302a1aefc97409ad09b5248b7493052fb515f9ef Loading...

	notusedcodesforrobloxrobuxcards.blogspot.com/	399 B	2023-03-07	2023-10-22
Pretty URL notusedcodesforrobloxrobuxcards.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:38 Last Seen2023-10-22 02:52:47 Times Seen62 Hash 25a1f0de72abc7f3ffd48989c40a7f2a a76e04e463088a3ecd311c69635d5413743e2a30 22e1561ed0d9a562b15e9d38548ab87cd6f6d5a2a6569055d863980ddbd981e5 Loading...

	notusedcodesforrobloxrobuxcards.blogspot.com/	869 B	2023-03-07	2024-04-24
Pretty URL notusedcodesforrobloxrobuxcards.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-04-24 17:37:12 Times Seen817 Hash 2d135a9971cce583f36e336907b140a4 bb2a8980127c917dea27895d821319b61aaf443a c7c0b7788d6eb04848fd22d443c99f284ff71b87adebaf4cc69b872892b42d80 Loading...

	notusedcodesforrobloxrobuxcards.blogspot.com/js/cookienotice.js	6.5 kB	2023-03-07	2024-04-25
Pretty URL notusedcodesforrobloxrobuxcards.blogspot.com/js/cookienotice.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:24 Last Seen2024-04-25 00:52:51 Times Seen113333 Hash a705132a2174f88e196ec3610d68faa8 3bad57a48d973a678fec600d45933010f6edc659 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568 Loading...

	cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js	5.1 kB	2023-03-07	2024-02-26
Pretty URL cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-26 23:33:16 Times Seen286 Hash 5ca725d76acf5fc62e1e419e50031fd7 94c9b12c4d33f3f4e7b22a6f6e1420e5c90003c4 e3c6d1c8195fe393af47c014346ebdcd629556a6365ea1f5a671cd507f914ce1 Loading...

	bux.wellter.de/images/form-scripts.js	1.0 kB	2023-03-07	2024-02-11
Pretty URL bux.wellter.de/images/form-scripts.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-11 16:42:06 Times Seen200 Hash 7d7a87d79b5343d3f04fed2cc2bef2e3 021cc4c45ce7872041b7af085a4cf13f423c01e8 7a05b1e911af071c10812d790155447a62d4445db99b2d43872202bfcaded5ae Loading...

	notusedcodesforrobloxrobuxcards.blogspot.com/	319 B	2023-03-14	2023-03-26
Pretty URL notusedcodesforrobloxrobuxcards.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 11:15:57 Last Seen2023-03-26 03:01:36 Times Seen2 Hash f426774e761e3e9c31ad4c78b4a6dd2d de0221188d0caedd4a75a5808e58ec50ab0e79c0 e539780fce65645719083ecd408671c13b0623b199d77a07be6104e53b0951de Loading...

	bux.wellter.de/images/jquery-3.2.1.js	139 kB	2023-03-07	2023-10-31
Pretty URL bux.wellter.de/images/jquery-3.2.1.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-10-31 00:50:02 Times Seen397 Hash 0b39dc8f94398407369f2c6f32042bac 8c4abc797c784a78061373a0aa078be14c7931b1 41f59ec5d59f17850334323c174baef773d00ed5bb48e3739d77bb41b3c59c00 Loading...

	bux.wellter.de/images/jquery.magnific-popup.min.js	21 kB	2023-03-07	2024-04-24
Pretty URL bux.wellter.de/images/jquery.magnific-popup.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-24 12:02:58 Times Seen2403 Hash be3333626c57af03599abcb59b325e09 3824067348f6485d6b07d3a43660804e3731b21a ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc Loading...

	bux.wellter.de/images/sweetalert2.min.js	20 kB	2023-03-07	2024-02-10
Pretty URL bux.wellter.de/images/sweetalert2.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-02-10 04:05:40 Times Seen448 Hash 0ad69b0e70b7da1bb8f8a96e9e6b5d9a 7d21a0c1f43d3edb47dd9e69b05243f3fcb53152 4051f26691def4eafcae32928be110c13d1819e544a12b0a9b95378bfaf9859b Loading...

	bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd	325 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 5644d012be9e47b1ae7bf89c80633745 e0fe867b75dd9c9ac03056fd960eb91512808860 477c2e410825c537de3848a9b47bb422f9aea7328dac8fc7395b2f8aa9f8e51e Loading...

	bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd	514 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 09933286614ed7eb9801cf06011a4c9d fa97803d9532c6922800b799c7e43039f003f33d 68d3e0ce6a8a98aa641fc113c014919e27ccff17a6c7f286cfc325693f730e09 Loading...

	s10.histats.com/js15_as.js	11 kB	2023-03-07	2024-03-25
Pretty URL s10.histats.com/js15_as.js IP 46.105.201.240 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-03-25 09:24:29 Times Seen1978 Hash e959fbdd13def4b9a9d0a5fc9a7de4d4 1e39712307e3673b40c0bdb8c7d3e86a3e8b60a0 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Loading...

	s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1677353856062&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-abs.js=cecepyudi\|template=Brosense-V2.1.xml\|cecepyudi=notusedcodesforrobloxrobuxcards.blogspot.com\|notusedcodesforrobloxrobuxcards.blogspot.com=direct\|ref=direct\|tags=roblox-abs.js&@ohttps%3A%2F%2Fnotusedcodesforrobloxrobuxcards.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:43370943&@b3:1677353856&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd&@w	52 B	2023-03-14	2023-03-14
Pretty URL s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1677353856062&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-abs.js=cecepyudi\|template=Brosense-V2.1.xml\|cecepyudi=notusedcodesforrobloxrobuxcards.blogspot.com\|notusedcodesforrobloxrobuxcards.blogspot.com=direct\|ref=direct\|tags=roblox-abs.js&@ohttps%3A%2F%2Fnotusedcodesforrobloxrobuxcards.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:43370943&@b3:1677353856&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd&@w IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 11:15:56 Last Seen2023-03-14 11:15:57 Times Seen1 Hash 60dbce5474cb906171654359773d1d2d 5660ddc9b55f2e15aeab96f45d3c1ef100a7fe95 47e37bee250c66cd02598cb607854de18f01fc367f905a51a7f6bb114fdc3727 Loading...

	notusedcodesforrobloxrobuxcards.blogspot.com/	94 kB	2023-03-07	2023-09-23
Pretty URL notusedcodesforrobloxrobuxcards.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:01:38 Last Seen2023-09-23 07:34:12 Times Seen63 Hash ce9a0985b023e458af29232b61d41d94 ec1fa8352534dd3124b78a0aa88d40a75f2a74a3 4c220feb439ce40181293db8d50ac44e3ccd2b0879932182fb2c5572c64bf91f Loading...

	mtevor.com/cluster-v2/roblox-abs.js	9.6 kB	2023-03-10	2023-04-05
Pretty URL mtevor.com/cluster-v2/roblox-abs.js IP 172.96.187.226 ASN #32475 SINGLEHOP-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:15:03 Last Seen2023-04-05 02:08:41 Times Seen84 Hash 37c4baf0276c39a6a1d8fed66a3a59c9 06eda0581ba4f60e697081ddf7f4f0350e68810b 7624eedcaff7f6340508d87dc7fb8c60ce2c98bd3b7da0bbc61e91237649fa3e Loading...

	bux.wellter.de/images/jquery-ui.min.js	200 kB	2023-03-07	2024-03-22
Pretty URL bux.wellter.de/images/jquery-ui.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:47 Last Seen2024-03-22 19:16:45 Times Seen485 Hash 234f1553c7d27cce512062c59800a9a8 b48e01c35c1e6ad622386b9a3161bd1bf02723c8 d87043ac816dbfadae73fcc32f84eadb9a665cf97ae938bea9702a27d3e9a54a Loading...

	bux.wellter.de/images/com.js	15 kB	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/com.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 04:24:01 Times Seen65 Hash 466cf8a36ac32eb927568e8c63d94f80 fbff8ca922aba7d561ba63cba4582026020fa76c 05b0cf64ba783827ded5c5dcd31e88670cf507a588d73371d304cb8c482ea39f Loading...

	bux.wellter.de/images/fancyselect.js	4.6 kB	2023-03-07	2024-02-11
Pretty URL bux.wellter.de/images/fancyselect.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-11 16:42:07 Times Seen194 Hash fc20f6fcbceda58609e8ec93ed8972a6 346672aba10658ebe11580ff7fec4b70663c2e0f b92360cf3455f4f375b7c8cc3b601061686d92b9ffd4624004f420c9d09996d8 Loading...

	bux.wellter.de/images/jquery.countto.js	2.4 kB	2023-03-07	2024-02-11
Pretty URL bux.wellter.de/images/jquery.countto.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-11 16:42:07 Times Seen206 Hash 2997f7484c171da3ffd1f9f7bf8b9056 be8d289c00db0f7c5975938a147181a772e0f6b6 0c3bb5ecb9b684b6efb1524648c7cf632511260270fa846369f27115ce269070 Loading...

	bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd	622 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 7c5cdfb6321019cf9fd448815ff5db0d 88e72d5a1cbc98fb8abec7d7f271be3750f49ffd 247598654d9b470c026aef9f5ff263a7cb7ce6f9ebc3216c9b02809de308a6c6 Loading...

	notusedcodesforrobloxrobuxcards.blogspot.com/	59 B	2023-03-07	2024-04-24
Pretty URL notusedcodesforrobloxrobuxcards.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-04-24 17:37:12 Times Seen822 Hash b18a6685f56e044e25a9c3b083b03a61 46c5d39e4b863a8498b2e955a39fcd565a17b563 1ab5a10cefea9e0f69eb94f4eb72dc7d02dc83469a69a5b4e395df38ce0e33ae Loading...

	www.blogger.com/static/v1/widgets/3455050996-widgets.js	157 kB	2023-03-14	2023-03-14
Pretty URL www.blogger.com/static/v1/widgets/3455050996-widgets.js IP 216.58.207.233 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 08:25:24 Last Seen2023-03-14 16:49:52 Times Seen1 Hash e6ce13a1ababdfe296856b162daa4161 3891fe26727eb0b1f678ce46b84fc15183b0976d 8949bc9ccc884e72a4e01641de6d291b7a41110106c790b1ed95332a58dacfad Loading...

	bux.wellter.de/images/validator.min.js	6.1 kB	2023-03-07	2024-04-12
Pretty URL bux.wellter.de/images/validator.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-12 19:45:27 Times Seen915 Hash 81df0465f243a2e7b7b06b8ad6015173 996eb26bb4bdb44ed5257d048cedaf3ed0a6f90c c31a654938abf168fca328d9663ea83999b87ff36d18b016ea8aace1a9cb2cb1 Loading...

HTTP Transactions (65)

URL IP Response Size

notusedcodesforrobloxrobuxcards.blogspot.li/

142.250.74.65

302 Moved Temporarily

191 B

URL HTTP/1.1
notusedcodesforrobloxrobuxcards.blogspot.li/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
191 B (191 bytes)
Hash
203b6e12b8e53976eb7607744712bb35
4615de4f01d470f741b4ee2f9bd2100a0db3f6f9
b75477c73c860fab3296df9150c502dd631ce05a3e10c9e09250476ce6202373

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: notusedcodesforrobloxrobuxcards.blogspot.li
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Location: http://notusedcodesforrobloxrobuxcards.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 25 Feb 2023 19:36:20 GMT
Expires: Sat, 25 Feb 2023 19:36:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 191
Server: GSE

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7a57f620f4b5b83c5c9520e881269446
d46ca3756afc5d9775c1e48c78b39d11574d507a
8417deae76018365ad55aabd7950ed99f429e02c3915626137695f90c955215b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8417DEAE76018365AD55AABD7950ED99F429E02C3915626137695F90C955215B"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7363
Expires: Sat, 25 Feb 2023 21:39:03 GMT
Date: Sat, 25 Feb 2023 19:36:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8083775b7a6637d27672cc4a2581fa2d
023420d026fbf2cd0f69d5606524094011375202
66664ed1d36948fe99498950e3525d03c1797689c9186c4cd0bd5ded531b3bac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66664ED1D36948FE99498950E3525D03C1797689C9186C4CD0BD5DED531B3BAC"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4626
Expires: Sat, 25 Feb 2023 20:53:26 GMT
Date: Sat, 25 Feb 2023 19:36:20 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Feb 2023 19:07:48 GMT
content-type: application/json
age: 1712
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
29cfccb9238759ed21dbb0d92cae75f8
f41ad1b02e353cd2b33af7618c71cc16fae2886e
91e392e78e584e8a82762dab0d5615aa1af3893237d601db3d45bb6fad488580

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91E392E78E584E8A82762DAB0D5615AA1AF3893237D601DB3D45BB6FAD488580"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11788
Expires: Sat, 25 Feb 2023 22:52:48 GMT
Date: Sat, 25 Feb 2023 19:36:20 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: G2KDMKRynxyBZrnZMI7Y7qIlXqQbShmvAma/NC52LHLV6/6pjBra2w95GmQCZ2CT1LxgnqZEImo=
x-amz-request-id: 7GX2MF99B0YDASVQ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Feb 2023 19:13:24 GMT
age: 1376
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 19:36:20 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

notusedcodesforrobloxrobuxcards.blogspot.com/

142.250.74.65

301 Moved Permanently

191 B

URL HTTP/1.1
notusedcodesforrobloxrobuxcards.blogspot.com/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
191 B (191 bytes)
Hash
d36cc4cded87510149f708fb38f62050
3cfca80e8f52804a94fe1f35756b7176133be513
24c4f24c2944b93ca73cceeb02a9afe885f490e09d71646e46c85be5e533fe2f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: notusedcodesforrobloxrobuxcards.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Location: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 25 Feb 2023 19:36:20 GMT
Expires: Sat, 25 Feb 2023 19:36:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 191
Server: GSE

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ca619a0df24370f509aa8ce638c5fbf
290ae27044b3602b4ffc26e9320337129fe86390
7769614d2b53384be0088275a784317afa578e7332942d0e59d674872525bef0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Cache-Control, Backoff, Pragma, Expires, Last-Modified, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Feb 2023 19:03:34 GMT
age: 1966
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b1d73c7d1e3e594a7be10b7ac62176ac
46105f3b581c409f00524674825c08343e4d71d1
7b31674705946d30e1822ddca8008520258d81a32cb11fadeded012dac2b0d13

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B31674705946D30E1822DDCA8008520258D81A32CB11FADEDED012DAC2B0D13"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8752
Expires: Sat, 25 Feb 2023 22:02:13 GMT
Date: Sat, 25 Feb 2023 19:36:21 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fc91980e4635ecc08e4bd5f11284526f
77498253ba096c3e8c8876063119e1b08a395791
d4be9f3f25e40f0a682897f44dc8c19fe976f2f3a7d815e865ff6a0745f615f8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

notusedcodesforrobloxrobuxcards.blogspot.com/

142.250.74.65

200 OK

58 kB

URL HTTP/2
notusedcodesforrobloxrobuxcards.blogspot.com/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (32403)
Size
58 kB (58294 bytes)
Hash
77532594e95466c865a2e720d9589fc2
3dfdbea5718244eba85aed502010cfea3921f443
66936b10cd5403c13c7f17743817e007287b83e489e90466261b97159222665d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: notusedcodesforrobloxrobuxcards.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 25 Feb 2023 19:36:21 GMT
date: Sat, 25 Feb 2023 19:36:21 GMT
cache-control: private, max-age=0
last-modified: Thu, 23 Feb 2023 03:41:04 GMT
etag: W/"7d60a67943690d0259ddea37eb4e491df9259b818f94a3cd718fc6cd6e4c026d"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 58294
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

images-na.ssl-images-amazon.com/images/I/51Ql4n8R2eL._SS500_.jpg

143.204.54.16

200 OK

62 kB

URL HTTP/2
images-na.ssl-images-amazon.com/images/I/51Ql4n8R2eL._SS500_.jpg
IP
143.204.54.16:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
62 kB (61735 bytes)
Hash
137bf703df7fb9f6acb53fd9c8c62c04
2493dcacf814b950b947f8d774761ceddf0ce01c
981910660c6b21de75e8f8143e54da9cb38913e9837774949c6a3d3a2e452f32

HTTP Headers

GET /images/I/51Ql4n8R2eL._SS500_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 61735
server: Server
date: Mon, 13 Feb 2023 05:55:51 GMT
x-amz-ir-id: 6e53c703-609c-4132-89db-e8b4c946d717
expires: Sun, 08 Feb 2043 05:55:51 GMT
cache-control: max-age=630720000,public
surrogate-key: x-cache-646 /images/I/51Ql4n8R2eL
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
edge-cache-tag: x-cache-646,/images/I/51Ql4n8R2eL
access-control-allow-origin: *
last-modified: Tue, 07 Nov 2017 09:36:18 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
age: 1086030
server-timing: provider;desc="cf"
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1tB9-TSdbqlppOZtpDIJwZmKu8SLRYkK6ub7UkOPXmlH306OCikUGA==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
79962c4870e7da8513f29777e5d79f15
df9702b246bc468e6cdd7f8015a28b19e53da4da
09bea9e5e6eecddf7bd063144fe24584aea0f6fa55ffff57bfe6ba0e75ce384e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.blogger.com/static/v1/widgets/3455050996-widgets.js

216.58.207.233

200 OK

157 kB

URL HTTP/2
www.blogger.com/static/v1/widgets/3455050996-widgets.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2221)
Size
157 kB (157235 bytes)
Hash
e6ce13a1ababdfe296856b162daa4161
3891fe26727eb0b1f678ce46b84fc15183b0976d
8949bc9ccc884e72a4e01641de6d291b7a41110106c790b1ed95332a58dacfad

HTTP Headers

GET /static/v1/widgets/3455050996-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 157235
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 02:09:57 GMT
expires: Fri, 23 Feb 2024 02:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 23 Feb 2023 01:53:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 235584
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
79962c4870e7da8513f29777e5d79f15
df9702b246bc468e6cdd7f8015a28b19e53da4da
09bea9e5e6eecddf7bd063144fe24584aea0f6fa55ffff57bfe6ba0e75ce384e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

54.187.247.157

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.187.247.157:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vVtX4U49VMe9h/WWZafkjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ksIfUnaz02iZ/qNdzBQy0luFjsg=

ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c50eb7d54774a9133bc950f2233d5dd1
409c992d3cd996e3e5294e1b93c29dba5e5f7cca
a596501254b44f4bbf4396865636698f372870890634e57af5dbc607d3b12235

HTTP Headers

POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bux.wellter.de/images/ft-1.png

104.21.4.139

200 OK

3.3 kB

URL HTTP/2
bux.wellter.de/images/ft-1.png
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3340 bytes)
Hash
e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f

HTTP Headers

GET /images/ft-1.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDFLYUtpXBG%2FwlfjfvwQdiXpDcBmIBWgPnAvjLX1NsQpv9%2BF2GHX5MHwSunTpReorvshApuqnhrpqgPzQVklUOFcVrJgdLRtHf%2BeQW4FLvh04CCcdq%2B2UuwmtmexbRlkuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa95b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/header.png

104.21.4.139

200 OK

131 kB

URL HTTP/2
bux.wellter.de/images/header.png
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
131 kB (131285 bytes)
Hash
35e93538f31d67876a2cb38bf94279d8
49bf97732e9bffb5371ad60d024901b09d83651b
95c1de9315834de2ff3608a2dc048a6aedc273e665f9b54eb956523a81fc91df

HTTP Headers

GET /images/header.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: image/png
content-length: 131285
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-200d5"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyTZlCtv7BgT%2Bjf9NONKlYTA4QwHIofqJsX1YsX4FXvuFr0IKWGBfhB0Nq2quSfZH5Iqmhy2XSlixrwZbPAegnWRwLKQP0ow%2BA4l5TcPac5OulQR0nPnt8mOKhOtaN1Z9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa94b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/gamebaglogo.png

104.21.4.139

200 OK

3.3 kB

URL HTTP/2
bux.wellter.de/images/gamebaglogo.png
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3340 bytes)
Hash
e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f

HTTP Headers

GET /images/gamebaglogo.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMOX%2BRuxb3vfhsbxkwOLYJ%2FCIJ76Cnoz40fcJLjoWOYLdOWWz2BWgQI0%2B0BQxF7ZoaaVaKj1b%2B4TxcaSw6at7bKzPVymuYY1vnHcGSfPthlNKrBp%2BwQn08fARv6dH0g3PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa91b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css

104.17.25.14

200 OK

1.5 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3201), with no line terminators
Size
1.5 kB (1541 bytes)
Hash
8e09ceb5490863a66cd2e83ca3d7e524
35e3d074516ec70c508d748f7ae01827bc0c28ba
cccbb374fd4cb6dcbac9df64456b49cb11530e7bafdac6c6c7e67ff2ed350db9

HTTP Headers

GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css; charset=utf-8
content-length: 1541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-c81"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3197186
expires: Thu, 15 Feb 2024 19:36:21 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtpQFPGfOikaBySNA0%2Fv9I6nuxnA%2BacsPiBh0o78qjzFLwF4wbjIQCbcdNV3ttACVrsnsMGb%2F7cptLORSGIzAtiM1G5Ge8QOkMHq5f8gl2R05mQzm5IHI6Ps2bV0weZgfU3aLEXM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79f2e3b13f631bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c50eb7d54774a9133bc950f2233d5dd1
409c992d3cd996e3e5294e1b93c29dba5e5f7cca
a596501254b44f4bbf4396865636698f372870890634e57af5dbc607d3b12235

HTTP Headers

POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js

151.101.1.229

200 OK

2.1 kB

URL HTTP/2
cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (4802)
Size
2.1 kB (2068 bytes)
Hash
18914b05d782cca37716837edf14fa8a
c563d127cf718dd86389fdd007b4c51b6bb58dc3
4bded663a5f9ccaa1eb7c1692c1c7df756a7d0e037d19466979fb90c56fbefdf

HTTP Headers

GET /npm/js-base64@3.7.2/base64.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.7.2
x-jsd-version-type: version
etag: W/"1405-lMmxLE0z8/TnsipvbhQg5ckAA8Q"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 25 Feb 2023 19:36:22 GMT
age: 299734
x-served-by: cache-fra-eddf8230050-FRA, cache-bma1628-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2068
X-Firefox-Spdy: h2

bux.wellter.de/images/fancyselect.css

104.21.4.139

200 OK

2.3 kB

URL HTTP/2
bux.wellter.de/images/fancyselect.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3595), with no line terminators
Size
2.3 kB (2252 bytes)
Hash
9a03beb43d95b22b9130bb4b8e2dd9f6
00229d08714ed8186ad4ca4678963f1930a28c95
92e24334d358c29f2b7e056afbd6573f20cf24caf6ad3e63cc2c0e97e34f7d5b

HTTP Headers

GET /images/fancyselect.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4253
etag: W/"5d9ca488-109d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlM3IaxxNId%2BtFHS4O%2FZ3sK2AQ5bbTDlObvZsudTQL6yFu1rRgVLuwrdRRldAbdEWE1pQIG2DKFqgsSI7wQwSHxVcYgluYm%2BqeyqWYM3V6TMc4z54ZpsCR0MffRaHuBuIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ea81b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700

104.21.4.139

200 OK

839 kB

URL HTTP/2
bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (701), with no line terminators
Size
839 kB (838605 bytes)
Hash
b4c113124da172f7f71b7113394448b1
4e655d0ad2aa47823b44911c7cb67dc32259198b
ed912427c10deeb8b04eae31a75356e1704b80433e65855579d4e10547587035

HTTP Headers

GET /images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700 HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=773
etag: W/"5d9ca488-305"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6c6ctvCFsh6sTa8BpflDuoAmokvVxuZV3MY%2BbvpGK%2BBR%2F%2BXL317Pd%2Fv4g6tmZPH%2B%2BfIjfylH8U%2BR4whpYLwCSZgwlSRItHy%2Fs%2FK3emZhfl%2F1Vl%2ByYiYrsJ1d0qYuhMR5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ca60b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/jquery-3.2.1.js

104.21.4.139

200 OK

68 kB

URL HTTP/2
bux.wellter.de/images/jquery-3.2.1.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1237)
Size
68 kB (68499 bytes)
Hash
8f24b001d0066a4214161128eaca9ab7
2903ea00849bd9d6f8819943d7dc99b9a7ed0632
8f8c54ca10fb53db3d6ca4fa2167bf56c0979367056eaadf284561929e05f14d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery-3.2.1.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=268039
etag: W/"5d9ca488-41707"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9b%2FPcGkqKR%2BD3a93aQa%2FonCAtRRk%2FhHsm9%2B%2FwCH77S9Q%2B8dGWzOtt3fFfzGDexbs%2FwSH44BP8ghtbaU64rVYc4q8F%2FybB%2B9TVOA06M4UuFq24LH38Y0OYmV%2FQdeWWDXuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa9eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/font-awesome.min.css

104.21.4.139

200 OK

8.2 kB

URL HTTP/2
bux.wellter.de/images/font-awesome.min.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (27546)
Size
8.2 kB (8214 bytes)
Hash
7b4ea848188e3824e0830da18274164c
35d28bef95ed9a22e7eb5d68a7b7f66b4a088d03
a218c0fea0e6ae665477d7ca89e85eee335e3aac6acc2b75524fe18980515966

HTTP Headers

GET /images/font-awesome.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-6c3d"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPeKWiBCDO67OTU867ikR%2BA7TDCoCIXez74ekh6wYDaqPb2NV8tVLCqIkAFRRm%2BbVi1TBJnCJFkpif2MF8Wz5K3lgNnty6zuTYZe1LCI0cPiZqngdVZew2tMpyn7Zgk9fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ca64b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

188.114.99.234

200 OK

67 kB

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP
188.114.99.234:0
ASN
#0

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:22 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2592a65eb99a2e0b1589fa2d13a6191c
cdn-cache: HIT
cf-cache-status: HIT
age: 93372
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79f2e3b2aeebb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/jquery-ui.min.js

104.21.4.139

200 OK

71 kB

URL HTTP/2
bux.wellter.de/images/jquery-ui.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (563)
Size
71 kB (70563 bytes)
Hash
e9cd69971b25d3ac6cdad20a9091bd4c
9b3271c0e56ad91ab9371baadb179a154b291637
e70062201b19e798e18dfb8992f4260a41bbcdc3b40d47e399ba5672834bba1a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery-ui.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-30da8"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wSM3afjvq1Lnj00%2BAKd6%2B86Dz1QcimMUD4PlNXGdV9qlpZ%2BWWSi6RoLRX5HDabKRIxD9R5g40jcFZPQmoVsIPYmz%2BsCszU8c0EOS6zkEiF47DAfF%2FYJdJ%2BNdJLMCmsRQzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa9fb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6dbbf8a99f14aa5c8b76354b0a8ea3e2
3435f4c413860589d0650ba43cc30b0056f9a3f7
069ba4e9cdcb97a7ce504c51018753af78e643f7c0c65f799faba8ed2daeac7a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf

142.250.74.35

200 OK

19 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansBold1.10;1ASC;OpenSans-BoldOpen Sans BoldVersion 1.10OpenSans-Boldhttp://www.apache.org\012- data
Size
19 kB (18604 bytes)
Hash
5498784000b038638befe230ea392271
efef80115bdabd927501563197827a7ae837a19f
5848ca5f4af491c37907f2e4cb0e240166572edc90615a96d4702f2dce34800b

HTTP Headers

GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Feb 2023 10:12:26 GMT
expires: Sat, 24 Feb 2024 10:12:26 GMT
cache-control: public, max-age=31536000
age: 120236
last-modified: Wed, 14 Jun 2017 16:46:24 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bux.wellter.de/images/sweetalert2.min.css

104.21.4.139

200 OK

21 kB

URL HTTP/2
bux.wellter.de/images/sweetalert2.min.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (13988), with no line terminators
Size
21 kB (21147 bytes)
Hash
8a86d1cb5d91a701886fd4fde86f4f1f
64cfb0620ae9fe91adbb06bc2384ac84ebed4b14
3f2bf27cb68cf799a01c6969ceec0afe03eb5ab19b17e20f935e68c66ebf5ff9

HTTP Headers

GET /images/sweetalert2.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-36a4"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjVHzRCLtaSbNOhZ6ufQ4wiPKOFkW%2Bl1GxUmcWisT3xcdbNB8d51c6FL4uHN8h%2Bp4O9z1IsE35PohdcgnV5Y%2B8mGHgMgDekKKHKQi01vfibM2orgHNT2mEhG6LJAVnI1kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da6bb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/sweetalert2.min.js

104.21.4.139

200 OK

7.1 kB

URL HTTP/2
bux.wellter.de/images/sweetalert2.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (20305), with no line terminators
Size
7.1 kB (7126 bytes)
Hash
d01ca47199eba298974f07f98280bba8
bee7f3422609655a3ac31a8999f21813cb13fba9
d17c006c76e05925c337ff0bce2a991c0c4670621aa5e1dcb20815e63589c5d2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/sweetalert2.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-4f51"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SHGIWu2vYCf0k7bMd%2FoXJ3pCXCnT9J1fGnBHkV7qW%2B39Fy6Uc7B7WBSbcJGOt0eUpEUtppin02jFAY8hJzfRZjOLXg4Li8Ha44cpC1IS%2FgpAxr4MqfZisk7zEDY4Jf5fog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac7b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d34d62c1b25d882e260e5638c353472c
2518cf7a90df0729df734a40fc089cf6bf1b4160
82a7125f2789e8de64c9e8d7bd139157b06135b501317ad50b227bd065bac9f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82A7125F2789E8DE64C9E8D7BD139157B06135B501317AD50B227BD065BAC9F4"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4286
Expires: Sat, 25 Feb 2023 20:47:48 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive

s10.histats.com/js15_as.js

46.105.201.240

200 OK

4.4 kB

URL HTTP/2
s10.histats.com/js15_as.js
IP
46.105.201.240:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with very long lines (11440), with no line terminators
Size
4.4 kB (4364 bytes)
Hash
ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1

HTTP Headers

GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:35:13 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 364052790
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9610 bytes)
Hash
a1598be3f85d30c5999ee301f974603a
f74df5e6145c1a10d64dd1f5a09bd90363a8eb59
57f179081f7cf17e985b0628cd07bacc744fcea97131594bb03b11c2a8b52d7c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9610
x-amzn-requestid: defacc06-ccad-4190-9442-9b603acbe6d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9M6EnsoAMFx4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbeb-651f70531153842f6f431d69;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:34:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0rbTTBo65VZcX_9i1P_tu4xfDdGhauiJMBxtxLJ2QBnpmegxn85N2A==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 79285
etag: "f74df5e6145c1a10d64dd1f5a09bd90363a8eb59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5269 bytes)
Hash
f5c457f02a50b085b748b7e806f166f7
a7b75438ba91b71e023e2e6e355563ac2635bf25
7607c112a56f9893b0c491cad54d7d83be0fa414e69dd44c251e074e15877f6a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5269
x-amzn-requestid: e6460273-d038-41fa-9915-5f5762feecab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiUFqhIAMF5sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-6c3baead0e2b8845557bf7e9;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 07pNAHZlG7fP3dgG0eb-onMglfj9-wP2RAFShvr3b-MkOECPQZaSdA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:40:19 GMT
age: 78963
etag: "a7b75438ba91b71e023e2e6e355563ac2635bf25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.5 kB (2472 bytes)
Hash
07de4b2f670ddb3d7188529f2a663e32
6eb14318c585598c0ee9e7e5d694eb190f2cfbbc
6f6c649e01b654856df8a17db50787b7888dc063a4d68a337ce8bfad275bcadd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2472
x-amzn-requestid: 8666c3f8-25a1-4204-8a9e-717f95bc6f60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AqYMpF96IAMFRcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f4071d-3e4dce5a5b119a44096124ff;Sampled=0
x-amzn-remapped-date: Mon, 20 Feb 2023 23:49:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s0lEI3Louq5N7FwRFgTmXEChzb0SHOvk2nSKDp_xIHeTuvxGL1CVwQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 18:00:26 GMT
age: 5756
etag: "6eb14318c585598c0ee9e7e5d694eb190f2cfbbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9093 bytes)
Hash
2a5f3d376fe6a3a78a5d1fe136f962fb
3e9b03cc296e954d63526a4e7e75beea3130fc3b
c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 3fd9f8c8-cf10-4222-a2cc-5f18ff7b2e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9D3HqmoAMFeBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb2-352315613cc0c2bc7eb28e05;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S8s54RJtScNtsl6uEFtBEHnTj4lb3l5xIWR96Kvr_SdwQQQMgSKNxA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 79285
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.4 kB (2433 bytes)
Hash
94622f58aa91b60efcab072bbfc1b8fc
481c511819075f80bacc5cca0b50c3650b5789d1
767c220ed09fbb28216023785c3609993185463dea0fcdc6cb355d6d00acd6b0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2433
x-amzn-requestid: 1eb77631-515a-41f7-ac18-59c8cd22c4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ax_KCHgAoAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7123f-051da60474344e58658cc980;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 07:14:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KStkU8id8VhC4s3kYYvxctpem7798i9K7jNQUVNahm_mycuGOaE72g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 07:44:04 GMT
age: 42738
etag: "481c511819075f80bacc5cca0b50c3650b5789d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6979 bytes)
Hash
d434142b05e07062707138da8999445e
d4796a582b28b1afcb1d7c8d06d78664a62bc880
0baf0e2b4c5975bac7d8543156bdb412cb8a703a768c765a90eedb95fb8ab1ec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6979
x-amzn-requestid: 19ffbbf5-7950-405e-b558-43c6c011785c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9M7FrMIAMFzCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbec-7c65361d479d30c129f9d1d0;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:34:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uAlLA8M3mpkJ6q6lSztfNbhSpQu3pFgjZ53BjU-jkLAVX3DoTHH2vA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 00:10:20 GMT
age: 69962
etag: "d4796a582b28b1afcb1d7c8d06d78664a62bc880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bux.wellter.de/images/scripts.js

104.21.4.139

200 OK

16 kB

URL HTTP/2
bux.wellter.de/images/scripts.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
16 kB (16115 bytes)
Hash
862e1aa6af91e35df15080cb9019c608
a56d4d42aad8956acdec66db9cb0ddb7385955f3
1716c84c30be5f884abc68ec7711161359ad3495e32433f86a70b69c818339ec

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=225
etag: W/"5d9ca488-e1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TA4sQ3cXr1MBbj8bSP1o4URREMhHyTidFdsZuPR67HHlGUqYk%2Bj6kYKhEA2rEDmimByNFc6XlwqPnMymHFNkRtVSefYZJ1G%2BEf0cqVV3rMo8SMUtcFL24GFlWDFmwPxNRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b13af1b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mtevor.com/cluster-v2/roblox-abs.js

172.96.187.226

200 OK

0 B

URL HTTP/2
mtevor.com/cluster-v2/roblox-abs.js
IP
172.96.187.226:0
ASN
#32475 SINGLEHOP-LLC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cluster-v2/roblox-abs.js HTTP/1.1
Host: mtevor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-powered-by: PHP/5.6.40
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Feb 2023 19:36:21 GMT
server: LiteSpeed
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

bux.wellter.de/images/fancyselect.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/fancyselect.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/fancyselect.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6778
etag: W/"5d9ca488-1a7a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgLJkIHZ3VrhK%2BhN3mQ%2FkEtSMRJkRbLyHQnu1vJmaYtmfjl42REZnSUaEXDcZHN0VRMIAN3RsCFyjuLuarTAOdycP8ECSHlH%2BGiptuDXLBri96zvbFFlKA%2BOvZXzIsQiHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0faa0b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/com.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/com.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/com.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=17963
etag: W/"5d9ca488-462b"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=obunuUb%2FlLDU41z0ZweXf1RdS7VK03XX6%2F0vNZYecqPDr7T5kR8F6CtffW8lNTPY3pHz3JlrxkCPDhSqUWXskt1CBtLoA60kJIioxDcyRPqvL5z2qBi19RQKz59wGCSUyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac9b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/main.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/main.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/main.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38451
etag: W/"5d9ca488-9633"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pcgpyJPom0qH%2F3I%2BPIEThVRLIDi%2FTDKPidOsOhNguLlfF19ieCZoyoJRQ9ON9uZARXLbCMUG5ZDtrxu3RqLtMdl0U%2BOUTFSlPHIi%2B7lUHfNcjNuuTdCgVG54P9eekJgjpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12aeeb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/magnific-popup.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/magnific-popup.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/magnific-popup.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7946
etag: W/"5d9ca488-1f0a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LhB5ToLZXJa6slrZ2%2F8Y%2FAj1%2B%2Bwal0vVxTSq1P9rWe1lR90R7RQVXO4gDHd6G4iqnARRGHA2ntNbA%2BRQlRBdWWiqpzmT0zXtxprsSzjGleVezcY6LfQvoxjpvQd062t%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da6eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/sticky.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/sticky.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/sticky.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=20845
etag: W/"5d9ca488-516d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNgeJYV906kONv1SnORxmrFzwOQ0INlw%2FNGjiEL5joE1QMzZyUBhKKOsgaY29KwYrezpr5vxqVWxPBowjrLt93Fs8pFXGwCtqMwF4M%2FKH57llemzXK47hsIkMg4eX7t%2B%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12ae9b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/html
last-modified: Mon, 27 Jun 2022 12:44:26 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3p3fu%2F4jl2gGm%2BKUa2Aj5qeoAJ7yVDoXCoCSv1erPc8bMpnZHsoPiJ7ZAb8G0DFRb0BsOzuUdVSKPbjQdrM2DWUnHJQHR0Tu0PEd5y2RVRE52o2eEqYj%2Bc%2Bs0lvutv%2FUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f2e3b00994b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/animate.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/animate.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/animate.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=68796
etag: W/"5d9ca488-10cbc"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8LIjVQjwaBTGZQwDwKD9MVQ8oUSlQ4zAikTuIwYYGwsj%2FFRei1fuPCmg2akUMh58ffmEWdT9Fobh%2FZhu3HyE%2FCPrlucSbNj1WRc7Tm5tXXZlgtu%2BdOOeVlMAVS8GTBHRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da69b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/custom-css.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/custom-css.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/custom-css.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1790
etag: W/"5d9ca488-6fe"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Tx0VvRzPVG2LWozlAeaukH58P54%2FK8%2BvAe0rFi1AsZ9COXkEepVRghTPVp0tB8f1sXY1ay6CKFsjDtlP%2BXRskFGu%2BQgIF%2Bu0dmsPQOzX2dPQQik1eKqVzed4vv%2BKQs4mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ea87b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/validator.min.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/validator.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/validator.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-17a7"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2DKuvCATQiInqJfwgJV6760zimx9b8EhmhC21kQ5q5ToS4bhM85SbAZR7fnYuAvbjXPvo3p6ageKyDffjspLqvo6g1Q08YWt9%2F1frMyJSyxkge74qedQ4IUmkHBszgB3iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac8b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/jquery.magnific-popup.min.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/jquery.magnific-popup.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery.magnific-popup.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-5297"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4OS%2Bet307df%2FdzLifJrXLY9M233J4osIYyscMkVHh8rS%2FpTYYPm%2BuQsHT9RUkfbR2xYLzwJgyKnR0%2BKD6Nhvj9sCpk8mbkvcz6LiaRG6Ly5U%2B4GiVnaIVmmgVZtE0FuOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12ae8b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/bootstrap.min.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/bootstrap.min.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/bootstrap.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-1d990"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxYtuSxOJLL0JJF1LGJOh%2F2Op2THHfhdMAXm1ZoM8ENLKg7oJhTlE5LAzbPHPn8TcxcF0hPVE%2B8oIiaeUdgkEuaSE7nMvGdSsG2jU7E444b%2B6Iy%2F8Z%2FPDaLAZAOsILFVIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da66b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/style.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/style.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/style.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=50839
etag: W/"5d9ca488-c697"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uLeOAobDOHmtWvXzZyvCRImKO4RFjuAIrek9B%2FHbQ8FN5cir4PHox4aLLcVlKG%2FFhb9NNYdxvmgMaBLH2TvUNaaQdQtuMEVgvIyPDfp7eke9kxV%2Brg%2B0mOJBPJXeZyt7Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ea82b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/jquery.countto.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/jquery.countto.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery.countto.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3761
etag: W/"5d9ca488-eb1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gSkY215IVefriLdM3YA09jSJI9ZZVZ3cdCJEDqaruAMpw2J6h36cDWfp%2Fpu%2BcsCiznkJ0qGwAaVqw75ZUesClmfLQNsVG3ZbgHYFgblJUeyEZsfsMSy6YJkLjUiqobTYRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac4b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/form-scripts.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/form-scripts.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/form-scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1469
etag: W/"5d9ca488-5bd"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iv%2BEY4k3Tf%2FQTUxO%2BKx92o0lUYVU4MO0%2FVe1jZtROBdLEWXf%2BAfNTVngk9VmEcEq%2F8EbbJelQHo0ibCzGWHLSAZIoXSeuUQFffwd%2F%2BJfz8dUGMddjqFAKz%2FAT0dQ8DLPrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12ae7b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML