notusedcodesforrobloxrobuxcards.blogspot.li/
142.250.74.65302 Moved Temporarily 191 B URL HTTP/1.1 notusedcodesforrobloxrobuxcards.blogspot.li/
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 203b6e12b8e53976eb7607744712bb35
4615de4f01d470f741b4ee2f9bd2100a0db3f6f9
b75477c73c860fab3296df9150c502dd631ce05a3e10c9e09250476ce6202373
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: notusedcodesforrobloxrobuxcards.blogspot.li
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://notusedcodesforrobloxrobuxcards.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 25 Feb 2023 19:36:20 GMT
Expires: Sat, 25 Feb 2023 19:36:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 191
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7a57f620f4b5b83c5c9520e881269446
d46ca3756afc5d9775c1e48c78b39d11574d507a
8417deae76018365ad55aabd7950ed99f429e02c3915626137695f90c955215b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8417DEAE76018365AD55AABD7950ED99F429E02C3915626137695F90C955215B"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7363
Expires: Sat, 25 Feb 2023 21:39:03 GMT
Date: Sat, 25 Feb 2023 19:36:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8083775b7a6637d27672cc4a2581fa2d
023420d026fbf2cd0f69d5606524094011375202
66664ed1d36948fe99498950e3525d03c1797689c9186c4cd0bd5ded531b3bac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66664ED1D36948FE99498950E3525D03C1797689C9186C4CD0BD5DED531B3BAC"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4626
Expires: Sat, 25 Feb 2023 20:53:26 GMT
Date: Sat, 25 Feb 2023 19:36:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Feb 2023 19:07:48 GMT
content-type: application/json
age: 1712
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 29cfccb9238759ed21dbb0d92cae75f8
f41ad1b02e353cd2b33af7618c71cc16fae2886e
91e392e78e584e8a82762dab0d5615aa1af3893237d601db3d45bb6fad488580
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91E392E78E584E8A82762DAB0D5615AA1AF3893237D601DB3D45BB6FAD488580"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11788
Expires: Sat, 25 Feb 2023 22:52:48 GMT
Date: Sat, 25 Feb 2023 19:36:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: G2KDMKRynxyBZrnZMI7Y7qIlXqQbShmvAma/NC52LHLV6/6pjBra2w95GmQCZ2CT1LxgnqZEImo=
x-amz-request-id: 7GX2MF99B0YDASVQ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Feb 2023 19:13:24 GMT
age: 1376
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 19:36:20 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
notusedcodesforrobloxrobuxcards.blogspot.com/
142.250.74.65301 Moved Permanently 191 B URL HTTP/1.1 notusedcodesforrobloxrobuxcards.blogspot.com/
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash d36cc4cded87510149f708fb38f62050
3cfca80e8f52804a94fe1f35756b7176133be513
24c4f24c2944b93ca73cceeb02a9afe885f490e09d71646e46c85be5e533fe2f
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: notusedcodesforrobloxrobuxcards.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 25 Feb 2023 19:36:20 GMT
Expires: Sat, 25 Feb 2023 19:36:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 191
Server: GSE
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ca619a0df24370f509aa8ce638c5fbf
290ae27044b3602b4ffc26e9320337129fe86390
7769614d2b53384be0088275a784317afa578e7332942d0e59d674872525bef0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Cache-Control, Backoff, Pragma, Expires, Last-Modified, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Feb 2023 19:03:34 GMT
age: 1966
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b1d73c7d1e3e594a7be10b7ac62176ac
46105f3b581c409f00524674825c08343e4d71d1
7b31674705946d30e1822ddca8008520258d81a32cb11fadeded012dac2b0d13
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B31674705946D30E1822DDCA8008520258D81A32CB11FADEDED012DAC2B0D13"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8752
Expires: Sat, 25 Feb 2023 22:02:13 GMT
Date: Sat, 25 Feb 2023 19:36:21 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fc91980e4635ecc08e4bd5f11284526f
77498253ba096c3e8c8876063119e1b08a395791
d4be9f3f25e40f0a682897f44dc8c19fe976f2f3a7d815e865ff6a0745f615f8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
notusedcodesforrobloxrobuxcards.blogspot.com/
142.250.74.65200 OK 58 kB URL HTTP/2 notusedcodesforrobloxrobuxcards.blogspot.com/
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (32403)
Hash 77532594e95466c865a2e720d9589fc2
3dfdbea5718244eba85aed502010cfea3921f443
66936b10cd5403c13c7f17743817e007287b83e489e90466261b97159222665d
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: notusedcodesforrobloxrobuxcards.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 25 Feb 2023 19:36:21 GMT
date: Sat, 25 Feb 2023 19:36:21 GMT
cache-control: private, max-age=0
last-modified: Thu, 23 Feb 2023 03:41:04 GMT
etag: W/"7d60a67943690d0259ddea37eb4e491df9259b818f94a3cd718fc6cd6e4c026d"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 58294
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
images-na.ssl-images-amazon.com/images/I/51Ql4n8R2eL._SS500_.jpg
143.204.54.16200 OK 62 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/51Ql4n8R2eL._SS500_.jpg
IP 143.204.54.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 137bf703df7fb9f6acb53fd9c8c62c04
2493dcacf814b950b947f8d774761ceddf0ce01c
981910660c6b21de75e8f8143e54da9cb38913e9837774949c6a3d3a2e452f32
GET /images/I/51Ql4n8R2eL._SS500_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 61735
server: Server
date: Mon, 13 Feb 2023 05:55:51 GMT
x-amz-ir-id: 6e53c703-609c-4132-89db-e8b4c946d717
expires: Sun, 08 Feb 2043 05:55:51 GMT
cache-control: max-age=630720000,public
surrogate-key: x-cache-646 /images/I/51Ql4n8R2eL
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
edge-cache-tag: x-cache-646,/images/I/51Ql4n8R2eL
access-control-allow-origin: *
last-modified: Tue, 07 Nov 2017 09:36:18 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
age: 1086030
server-timing: provider;desc="cf"
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1tB9-TSdbqlppOZtpDIJwZmKu8SLRYkK6ub7UkOPXmlH306OCikUGA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79962c4870e7da8513f29777e5d79f15
df9702b246bc468e6cdd7f8015a28b19e53da4da
09bea9e5e6eecddf7bd063144fe24584aea0f6fa55ffff57bfe6ba0e75ce384e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/3455050996-widgets.js
216.58.207.233200 OK 157 kB URL HTTP/2 www.blogger.com/static/v1/widgets/3455050996-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Size 157 kB (157235 bytes)
Hash e6ce13a1ababdfe296856b162daa4161
3891fe26727eb0b1f678ce46b84fc15183b0976d
8949bc9ccc884e72a4e01641de6d291b7a41110106c790b1ed95332a58dacfad
GET /static/v1/widgets/3455050996-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 157235
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 02:09:57 GMT
expires: Fri, 23 Feb 2024 02:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 23 Feb 2023 01:53:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 235584
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79962c4870e7da8513f29777e5d79f15
df9702b246bc468e6cdd7f8015a28b19e53da4da
09bea9e5e6eecddf7bd063144fe24584aea0f6fa55ffff57bfe6ba0e75ce384e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.187.247.157101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.247.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vVtX4U49VMe9h/WWZafkjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ksIfUnaz02iZ/qNdzBQy0luFjsg=
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP 142.250.74.131:0
Hash c50eb7d54774a9133bc950f2233d5dd1
409c992d3cd996e3e5294e1b93c29dba5e5f7cca
a596501254b44f4bbf4396865636698f372870890634e57af5dbc607d3b12235
POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bux.wellter.de/images/ft-1.png
104.21.4.139200 OK 3.3 kB URL HTTP/2 bux.wellter.de/images/ft-1.png
IP 104.21.4.139:0
File type PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Hash e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f
GET /images/ft-1.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDFLYUtpXBG%2FwlfjfvwQdiXpDcBmIBWgPnAvjLX1NsQpv9%2BF2GHX5MHwSunTpReorvshApuqnhrpqgPzQVklUOFcVrJgdLRtHf%2BeQW4FLvh04CCcdq%2B2UuwmtmexbRlkuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa95b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/header.png
104.21.4.139200 OK 131 kB URL HTTP/2 bux.wellter.de/images/header.png
IP 104.21.4.139:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size 131 kB (131285 bytes)
Hash 35e93538f31d67876a2cb38bf94279d8
49bf97732e9bffb5371ad60d024901b09d83651b
95c1de9315834de2ff3608a2dc048a6aedc273e665f9b54eb956523a81fc91df
GET /images/header.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: image/png
content-length: 131285
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-200d5"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyTZlCtv7BgT%2Bjf9NONKlYTA4QwHIofqJsX1YsX4FXvuFr0IKWGBfhB0Nq2quSfZH5Iqmhy2XSlixrwZbPAegnWRwLKQP0ow%2BA4l5TcPac5OulQR0nPnt8mOKhOtaN1Z9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa94b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/gamebaglogo.png
104.21.4.139200 OK 3.3 kB URL HTTP/2 bux.wellter.de/images/gamebaglogo.png
IP 104.21.4.139:0
File type PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Hash e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f
GET /images/gamebaglogo.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMOX%2BRuxb3vfhsbxkwOLYJ%2FCIJ76Cnoz40fcJLjoWOYLdOWWz2BWgQI0%2B0BQxF7ZoaaVaKj1b%2B4TxcaSw6at7bKzPVymuYY1vnHcGSfPthlNKrBp%2BwQn08fARv6dH0g3PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa91b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
104.17.25.14200 OK 1.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (3201), with no line terminators
Hash 8e09ceb5490863a66cd2e83ca3d7e524
35e3d074516ec70c508d748f7ae01827bc0c28ba
cccbb374fd4cb6dcbac9df64456b49cb11530e7bafdac6c6c7e67ff2ed350db9
GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css; charset=utf-8
content-length: 1541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-c81"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3197186
expires: Thu, 15 Feb 2024 19:36:21 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtpQFPGfOikaBySNA0%2Fv9I6nuxnA%2BacsPiBh0o78qjzFLwF4wbjIQCbcdNV3ttACVrsnsMGb%2F7cptLORSGIzAtiM1G5Ge8QOkMHq5f8gl2R05mQzm5IHI6Ps2bV0weZgfU3aLEXM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79f2e3b13f631bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP 142.250.74.131:0
Hash c50eb7d54774a9133bc950f2233d5dd1
409c992d3cd996e3e5294e1b93c29dba5e5f7cca
a596501254b44f4bbf4396865636698f372870890634e57af5dbc607d3b12235
POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:21 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
151.101.1.229200 OK 2.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
IP 151.101.1.229:0
File type ASCII text, with very long lines (4802)
Hash 18914b05d782cca37716837edf14fa8a
c563d127cf718dd86389fdd007b4c51b6bb58dc3
4bded663a5f9ccaa1eb7c1692c1c7df756a7d0e037d19466979fb90c56fbefdf
GET /npm/js-base64@3.7.2/base64.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.7.2
x-jsd-version-type: version
etag: W/"1405-lMmxLE0z8/TnsipvbhQg5ckAA8Q"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 25 Feb 2023 19:36:22 GMT
age: 299734
x-served-by: cache-fra-eddf8230050-FRA, cache-bma1628-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2068
X-Firefox-Spdy: h2
bux.wellter.de/images/fancyselect.css
104.21.4.139200 OK 2.3 kB URL HTTP/2 bux.wellter.de/images/fancyselect.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (3595), with no line terminators
Hash 9a03beb43d95b22b9130bb4b8e2dd9f6
00229d08714ed8186ad4ca4678963f1930a28c95
92e24334d358c29f2b7e056afbd6573f20cf24caf6ad3e63cc2c0e97e34f7d5b
GET /images/fancyselect.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4253
etag: W/"5d9ca488-109d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlM3IaxxNId%2BtFHS4O%2FZ3sK2AQ5bbTDlObvZsudTQL6yFu1rRgVLuwrdRRldAbdEWE1pQIG2DKFqgsSI7wQwSHxVcYgluYm%2BqeyqWYM3V6TMc4z54ZpsCR0MffRaHuBuIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ea81b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
104.21.4.139200 OK 839 kB URL HTTP/2 bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
IP 104.21.4.139:0
File type ASCII text, with very long lines (701), with no line terminators
Size 839 kB (838605 bytes)
Hash b4c113124da172f7f71b7113394448b1
4e655d0ad2aa47823b44911c7cb67dc32259198b
ed912427c10deeb8b04eae31a75356e1704b80433e65855579d4e10547587035
GET /images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700 HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=773
etag: W/"5d9ca488-305"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6c6ctvCFsh6sTa8BpflDuoAmokvVxuZV3MY%2BbvpGK%2BBR%2F%2BXL317Pd%2Fv4g6tmZPH%2B%2BfIjfylH8U%2BR4whpYLwCSZgwlSRItHy%2Fs%2FK3emZhfl%2F1Vl%2ByYiYrsJ1d0qYuhMR5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ca60b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery-3.2.1.js
104.21.4.139200 OK 68 kB URL HTTP/2 bux.wellter.de/images/jquery-3.2.1.js
IP 104.21.4.139:0
File type ASCII text, with very long lines (1237)
Hash 8f24b001d0066a4214161128eaca9ab7
2903ea00849bd9d6f8819943d7dc99b9a7ed0632
8f8c54ca10fb53db3d6ca4fa2167bf56c0979367056eaadf284561929e05f14d
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery-3.2.1.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=268039
etag: W/"5d9ca488-41707"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9b%2FPcGkqKR%2BD3a93aQa%2FonCAtRRk%2FhHsm9%2B%2FwCH77S9Q%2B8dGWzOtt3fFfzGDexbs%2FwSH44BP8ghtbaU64rVYc4q8F%2FybB%2B9TVOA06M4UuFq24LH38Y0OYmV%2FQdeWWDXuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa9eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/font-awesome.min.css
104.21.4.139200 OK 8.2 kB URL HTTP/2 bux.wellter.de/images/font-awesome.min.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (27546)
Hash 7b4ea848188e3824e0830da18274164c
35d28bef95ed9a22e7eb5d68a7b7f66b4a088d03
a218c0fea0e6ae665477d7ca89e85eee335e3aac6acc2b75524fe18980515966
GET /images/font-awesome.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-6c3d"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPeKWiBCDO67OTU867ikR%2BA7TDCoCIXez74ekh6wYDaqPb2NV8tVLCqIkAFRRm%2BbVi1TBJnCJFkpif2MF8Wz5K3lgNnty6zuTYZe1LCI0cPiZqngdVZew2tMpyn7Zgk9fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ca64b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
188.114.99.234200 OK 67 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP 188.114.99.234:0
File type Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Hash db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:22 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2592a65eb99a2e0b1589fa2d13a6191c
cdn-cache: HIT
cf-cache-status: HIT
age: 93372
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79f2e3b2aeebb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery-ui.min.js
104.21.4.139200 OK 71 kB URL HTTP/2 bux.wellter.de/images/jquery-ui.min.js
IP 104.21.4.139:0
File type ASCII text, with very long lines (563)
Hash e9cd69971b25d3ac6cdad20a9091bd4c
9b3271c0e56ad91ab9371baadb179a154b291637
e70062201b19e798e18dfb8992f4260a41bbcdc3b40d47e399ba5672834bba1a
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery-ui.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-30da8"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wSM3afjvq1Lnj00%2BAKd6%2B86Dz1QcimMUD4PlNXGdV9qlpZ%2BWWSi6RoLRX5HDabKRIxD9R5g40jcFZPQmoVsIPYmz%2BsCszU8c0EOS6zkEiF47DAfF%2FYJdJ%2BNdJLMCmsRQzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0fa9fb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6dbbf8a99f14aa5c8b76354b0a8ea3e2
3435f4c413860589d0650ba43cc30b0056f9a3f7
069ba4e9cdcb97a7ce504c51018753af78e643f7c0c65f799faba8ed2daeac7a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
142.250.74.35200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
IP 142.250.74.35:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansBold1.10;1ASC;OpenSans-BoldOpen Sans BoldVersion 1.10OpenSans-Boldhttp://www.apache.org\012- data
Hash 5498784000b038638befe230ea392271
efef80115bdabd927501563197827a7ae837a19f
5848ca5f4af491c37907f2e4cb0e240166572edc90615a96d4702f2dce34800b
GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Feb 2023 10:12:26 GMT
expires: Sat, 24 Feb 2024 10:12:26 GMT
cache-control: public, max-age=31536000
age: 120236
last-modified: Wed, 14 Jun 2017 16:46:24 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bux.wellter.de/images/sweetalert2.min.css
104.21.4.139200 OK 21 kB URL HTTP/2 bux.wellter.de/images/sweetalert2.min.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (13988), with no line terminators
Hash 8a86d1cb5d91a701886fd4fde86f4f1f
64cfb0620ae9fe91adbb06bc2384ac84ebed4b14
3f2bf27cb68cf799a01c6969ceec0afe03eb5ab19b17e20f935e68c66ebf5ff9
GET /images/sweetalert2.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-36a4"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MjVHzRCLtaSbNOhZ6ufQ4wiPKOFkW%2Bl1GxUmcWisT3xcdbNB8d51c6FL4uHN8h%2Bp4O9z1IsE35PohdcgnV5Y%2B8mGHgMgDekKKHKQi01vfibM2orgHNT2mEhG6LJAVnI1kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da6bb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/sweetalert2.min.js
104.21.4.139200 OK 7.1 kB URL HTTP/2 bux.wellter.de/images/sweetalert2.min.js
IP 104.21.4.139:0
File type ASCII text, with very long lines (20305), with no line terminators
Hash d01ca47199eba298974f07f98280bba8
bee7f3422609655a3ac31a8999f21813cb13fba9
d17c006c76e05925c337ff0bce2a991c0c4670621aa5e1dcb20815e63589c5d2
Analyzer Verdict Alert fortinet Phishing
GET /images/sweetalert2.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-4f51"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SHGIWu2vYCf0k7bMd%2FoXJ3pCXCnT9J1fGnBHkV7qW%2B39Fy6Uc7B7WBSbcJGOt0eUpEUtppin02jFAY8hJzfRZjOLXg4Li8Ha44cpC1IS%2FgpAxr4MqfZisk7zEDY4Jf5fog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac7b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d34d62c1b25d882e260e5638c353472c
2518cf7a90df0729df734a40fc089cf6bf1b4160
82a7125f2789e8de64c9e8d7bd139157b06135b501317ad50b227bd065bac9f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82A7125F2789E8DE64C9E8D7BD139157B06135B501317AD50B227BD065BAC9F4"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4286
Expires: Sat, 25 Feb 2023 20:47:48 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:35:13 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 364052790
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7727
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 19:36:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1598be3f85d30c5999ee301f974603a
f74df5e6145c1a10d64dd1f5a09bd90363a8eb59
57f179081f7cf17e985b0628cd07bacc744fcea97131594bb03b11c2a8b52d7c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9610
x-amzn-requestid: defacc06-ccad-4190-9442-9b603acbe6d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9M6EnsoAMFx4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbeb-651f70531153842f6f431d69;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:34:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0rbTTBo65VZcX_9i1P_tu4xfDdGhauiJMBxtxLJ2QBnpmegxn85N2A==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 79285
etag: "f74df5e6145c1a10d64dd1f5a09bd90363a8eb59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5c457f02a50b085b748b7e806f166f7
a7b75438ba91b71e023e2e6e355563ac2635bf25
7607c112a56f9893b0c491cad54d7d83be0fa414e69dd44c251e074e15877f6a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5269
x-amzn-requestid: e6460273-d038-41fa-9915-5f5762feecab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiUFqhIAMF5sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-6c3baead0e2b8845557bf7e9;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 07pNAHZlG7fP3dgG0eb-onMglfj9-wP2RAFShvr3b-MkOECPQZaSdA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:40:19 GMT
age: 78963
etag: "a7b75438ba91b71e023e2e6e355563ac2635bf25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
34.120.237.76200 OK 2.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 07de4b2f670ddb3d7188529f2a663e32
6eb14318c585598c0ee9e7e5d694eb190f2cfbbc
6f6c649e01b654856df8a17db50787b7888dc063a4d68a337ce8bfad275bcadd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2472
x-amzn-requestid: 8666c3f8-25a1-4204-8a9e-717f95bc6f60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AqYMpF96IAMFRcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f4071d-3e4dce5a5b119a44096124ff;Sampled=0
x-amzn-remapped-date: Mon, 20 Feb 2023 23:49:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s0lEI3Louq5N7FwRFgTmXEChzb0SHOvk2nSKDp_xIHeTuvxGL1CVwQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 18:00:26 GMT
age: 5756
etag: "6eb14318c585598c0ee9e7e5d694eb190f2cfbbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a5f3d376fe6a3a78a5d1fe136f962fb
3e9b03cc296e954d63526a4e7e75beea3130fc3b
c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 3fd9f8c8-cf10-4222-a2cc-5f18ff7b2e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9D3HqmoAMFeBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb2-352315613cc0c2bc7eb28e05;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S8s54RJtScNtsl6uEFtBEHnTj4lb3l5xIWR96Kvr_SdwQQQMgSKNxA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 79285
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg
34.120.237.76200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94622f58aa91b60efcab072bbfc1b8fc
481c511819075f80bacc5cca0b50c3650b5789d1
767c220ed09fbb28216023785c3609993185463dea0fcdc6cb355d6d00acd6b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2433
x-amzn-requestid: 1eb77631-515a-41f7-ac18-59c8cd22c4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ax_KCHgAoAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7123f-051da60474344e58658cc980;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 07:14:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KStkU8id8VhC4s3kYYvxctpem7798i9K7jNQUVNahm_mycuGOaE72g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 07:44:04 GMT
age: 42738
etag: "481c511819075f80bacc5cca0b50c3650b5789d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d434142b05e07062707138da8999445e
d4796a582b28b1afcb1d7c8d06d78664a62bc880
0baf0e2b4c5975bac7d8543156bdb412cb8a703a768c765a90eedb95fb8ab1ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6979
x-amzn-requestid: 19ffbbf5-7950-405e-b558-43c6c011785c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9M7FrMIAMFzCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbec-7c65361d479d30c129f9d1d0;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:34:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uAlLA8M3mpkJ6q6lSztfNbhSpQu3pFgjZ53BjU-jkLAVX3DoTHH2vA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 00:10:20 GMT
age: 69962
etag: "d4796a582b28b1afcb1d7c8d06d78664a62bc880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bux.wellter.de/images/scripts.js
104.21.4.139200 OK 16 kB URL HTTP/2 bux.wellter.de/images/scripts.js
IP 104.21.4.139:0
File type ASCII text, with no line terminators
Hash 862e1aa6af91e35df15080cb9019c608
a56d4d42aad8956acdec66db9cb0ddb7385955f3
1716c84c30be5f884abc68ec7711161359ad3495e32433f86a70b69c818339ec
Analyzer Verdict Alert fortinet Phishing
GET /images/scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=225
etag: W/"5d9ca488-e1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TA4sQ3cXr1MBbj8bSP1o4URREMhHyTidFdsZuPR67HHlGUqYk%2Bj6kYKhEA2rEDmimByNFc6XlwqPnMymHFNkRtVSefYZJ1G%2BEf0cqVV3rMo8SMUtcFL24GFlWDFmwPxNRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b13af1b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mtevor.com/cluster-v2/roblox-abs.js
172.96.187.226200 OK 0 B URL HTTP/2 mtevor.com/cluster-v2/roblox-abs.js
IP 172.96.187.226:0
GET /cluster-v2/roblox-abs.js HTTP/1.1
Host: mtevor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: PHP/5.6.40
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Feb 2023 19:36:21 GMT
server: LiteSpeed
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
bux.wellter.de/images/fancyselect.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/fancyselect.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/fancyselect.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6778
etag: W/"5d9ca488-1a7a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgLJkIHZ3VrhK%2BhN3mQ%2FkEtSMRJkRbLyHQnu1vJmaYtmfjl42REZnSUaEXDcZHN0VRMIAN3RsCFyjuLuarTAOdycP8ECSHlH%2BGiptuDXLBri96zvbFFlKA%2BOvZXzIsQiHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0faa0b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/com.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/com.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/com.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=17963
etag: W/"5d9ca488-462b"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=obunuUb%2FlLDU41z0ZweXf1RdS7VK03XX6%2F0vNZYecqPDr7T5kR8F6CtffW8lNTPY3pHz3JlrxkCPDhSqUWXskt1CBtLoA60kJIioxDcyRPqvL5z2qBi19RQKz59wGCSUyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac9b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/main.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/main.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/main.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38451
etag: W/"5d9ca488-9633"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pcgpyJPom0qH%2F3I%2BPIEThVRLIDi%2FTDKPidOsOhNguLlfF19ieCZoyoJRQ9ON9uZARXLbCMUG5ZDtrxu3RqLtMdl0U%2BOUTFSlPHIi%2B7lUHfNcjNuuTdCgVG54P9eekJgjpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12aeeb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/magnific-popup.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/magnific-popup.css
IP 104.21.4.139:0
GET /images/magnific-popup.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7946
etag: W/"5d9ca488-1f0a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LhB5ToLZXJa6slrZ2%2F8Y%2FAj1%2B%2Bwal0vVxTSq1P9rWe1lR90R7RQVXO4gDHd6G4iqnARRGHA2ntNbA%2BRQlRBdWWiqpzmT0zXtxprsSzjGleVezcY6LfQvoxjpvQd062t%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da6eb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/sticky.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/sticky.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/sticky.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=20845
etag: W/"5d9ca488-516d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNgeJYV906kONv1SnORxmrFzwOQ0INlw%2FNGjiEL5joE1QMzZyUBhKKOsgaY29KwYrezpr5vxqVWxPBowjrLt93Fs8pFXGwCtqMwF4M%2FKH57llemzXK47hsIkMg4eX7t%2B%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12ae9b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://notusedcodesforrobloxrobuxcards.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/html
last-modified: Mon, 27 Jun 2022 12:44:26 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3p3fu%2F4jl2gGm%2BKUa2Aj5qeoAJ7yVDoXCoCSv1erPc8bMpnZHsoPiJ7ZAb8G0DFRb0BsOzuUdVSKPbjQdrM2DWUnHJQHR0Tu0PEd5y2RVRE52o2eEqYj%2Bc%2Bs0lvutv%2FUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f2e3b00994b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/animate.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/animate.css
IP 104.21.4.139:0
GET /images/animate.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=68796
etag: W/"5d9ca488-10cbc"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8LIjVQjwaBTGZQwDwKD9MVQ8oUSlQ4zAikTuIwYYGwsj%2FFRei1fuPCmg2akUMh58ffmEWdT9Fobh%2FZhu3HyE%2FCPrlucSbNj1WRc7Tm5tXXZlgtu%2BdOOeVlMAVS8GTBHRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da69b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/custom-css.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/custom-css.css
IP 104.21.4.139:0
GET /images/custom-css.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1790
etag: W/"5d9ca488-6fe"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Tx0VvRzPVG2LWozlAeaukH58P54%2FK8%2BvAe0rFi1AsZ9COXkEepVRghTPVp0tB8f1sXY1ay6CKFsjDtlP%2BXRskFGu%2BQgIF%2Bu0dmsPQOzX2dPQQik1eKqVzed4vv%2BKQs4mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ea87b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/validator.min.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/validator.min.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/validator.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-17a7"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2DKuvCATQiInqJfwgJV6760zimx9b8EhmhC21kQ5q5ToS4bhM85SbAZR7fnYuAvbjXPvo3p6ageKyDffjspLqvo6g1Q08YWt9%2F1frMyJSyxkge74qedQ4IUmkHBszgB3iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac8b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery.magnific-popup.min.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/jquery.magnific-popup.min.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery.magnific-popup.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-5297"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4OS%2Bet307df%2FdzLifJrXLY9M233J4osIYyscMkVHh8rS%2FpTYYPm%2BuQsHT9RUkfbR2xYLzwJgyKnR0%2BKD6Nhvj9sCpk8mbkvcz6LiaRG6Ly5U%2B4GiVnaIVmmgVZtE0FuOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12ae8b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/bootstrap.min.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/bootstrap.min.css
IP 104.21.4.139:0
GET /images/bootstrap.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-1d990"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxYtuSxOJLL0JJF1LGJOh%2F2Op2THHfhdMAXm1ZoM8ENLKg7oJhTlE5LAzbPHPn8TcxcF0hPVE%2B8oIiaeUdgkEuaSE7nMvGdSsG2jU7E444b%2B6Iy%2F8Z%2FPDaLAZAOsILFVIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0da66b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/style.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/style.css
IP 104.21.4.139:0
GET /images/style.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=50839
etag: W/"5d9ca488-c697"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uLeOAobDOHmtWvXzZyvCRImKO4RFjuAIrek9B%2FHbQ8FN5cir4PHox4aLLcVlKG%2FFhb9NNYdxvmgMaBLH2TvUNaaQdQtuMEVgvIyPDfp7eke9kxV%2Brg%2B0mOJBPJXeZyt7Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b0ea82b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery.countto.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/jquery.countto.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery.countto.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3761
etag: W/"5d9ca488-eb1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gSkY215IVefriLdM3YA09jSJI9ZZVZ3cdCJEDqaruAMpw2J6h36cDWfp%2Fpu%2BcsCiznkJ0qGwAaVqw75ZUesClmfLQNsVG3ZbgHYFgblJUeyEZsfsMSy6YJkLjUiqobTYRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b10ac4b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/form-scripts.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/form-scripts.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/form-scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJzLmpzIiwiY2VjZXB5dWRpIiwidGVtcGxhdGUiLCJCcm9zZW5zZS1WMi4xLnhtbCIsImNlY2VweXVkaSIsIm5vdHVzZWRjb2Rlc2ZvcnJvYmxveHJvYnV4Y2FyZHMuYmxvZ3Nwb3QuY29tIiwibm90dXNlZGNvZGVzZm9ycm9ibG94cm9idXhjYXJkcy5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFicy5qcyJd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:21 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1469
etag: W/"5d9ca488-5bd"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iv%2BEY4k3Tf%2FQTUxO%2BKx92o0lUYVU4MO0%2FVe1jZtROBdLEWXf%2BAfNTVngk9VmEcEq%2F8EbbJelQHo0ibCzGWHLSAZIoXSeuUQFffwd%2F%2BJfz8dUGMddjqFAKz%2FAT0dQ8DLPrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3b12ae7b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2