happy-u.vip/bgv1
302 Found 314 B IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash b264c3657f4e94837bfc77d24534dc0c
401ed15616ea724280d5dde3dd1284b9b2a27d8c
5bff4ec3df8f4f9bdce7d923438013a4245acff1384ef6d8a5f30b09f373f8b8
Analyzer Verdict Alert fortinet Phishing
GET /bgv1 HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 07 Oct 2022 21:56:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-error-code: Found
x-amz-error-message: Resource Found
x-amz-request-id: PR5A9JXN341TFFBY
x-amz-id-2: iAe6U9cks+8xWDf3b531e3hgDP2pwtQ0v0ycTYfZ6IhI8oFeHK48vkf2Pby4c+4SuXjZK+LxIZw=
Location: /bgv1/
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RhGHee%2FD4GjSyk6dnIA6q%2FMRieFfa0UK1ymTXmXSq3bDPouP2AsNQe8BV0w68dBCxtBnqpiKDCOjs8bfY9HUJ9qPjvnmvSIdaDDP%2FdEHZwyM3A4DYlyPz7529lDPw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7569e2624c9bb51d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4870
Expires: Fri, 07 Oct 2022 23:17:11 GMT
Date: Fri, 07 Oct 2022 21:56:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PZoOcUcMcjIf4OekLekFZv2gO64J3lp6TkTM-DVQVds2Gckr44Hz_w==
Age: 194923
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3430
Expires: Fri, 07 Oct 2022 22:53:11 GMT
Date: Fri, 07 Oct 2022 21:56:01 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: UF4QAOtr9CCOp08sNkEn8yTgWtn9oIG6XSkzC6Njc3UL/0Qc6l2Ch4mLWQAvGDkmqmUAURgFqto=
x-amz-request-id: 4FBB67CE8K0PAWHT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 21:31:22 GMT
age: 1479
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
happy-u.vip/bgv1/
200 OK 9.1 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11464)
Hash d3a08b074241fe836e910e3a01c4b5a0
f31624745876fe9e5bbcc76eda5aece9115bebd9
ead658f0b25ee824c2a4ef4aa66ae9ae424440018cce56e1264b33e11e67d0d0
Analyzer Verdict Alert fortinet Phishing
GET /bgv1/ HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 21:56:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: e3F7F1OxsPPaFXaHxft62xDfN5PivkYFl1vMlGuUGMtRM1trLicNZGfuCv7zCyH5aH82mAR/EA8=
x-amz-request-id: 0863M0XZEGZM0K3X
Last-Modified: Wed, 24 Aug 2022 13:58:23 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SN8rz5YnIX9tpH2sddwGve2NpUl2JZm4cjJWllzorhEbX5w1HQ7rR2MBW5OQT5%2F4pWDUyluvbZkjkYnU3cONfVTjiSKdqw46U%2BtO4WnPa6OdHypRMwqDt%2BZ2LIJlWg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7569e2646ef7b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fslot-spin.gif
200 OK 74 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fslot-spin.gif
IP
File type GIF image data, version 89a, 410 x 279\012- data
Hash 20c1e25bf5d1de526cef9a215cc9f996
67a934664e96950e3ba1722fbaae8ce024789cc0
3fd606b3ec90e6e1e9babfa90bcf35aef37607df5083f42c2285113f8137d39c
GET /bgv1%2Fimages%2Fslot-spin.gif HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/gif
content-length: 73808
x-amz-id-2: i2hIQphYpQs/qTrzk/iYoYmjEBuJewFGJ9ag+F5+ymw2+r+JE533sY9iQClHHWxWYHq7LRW7ydQ=
x-amz-request-id: 0864ATPY1R885TZA
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "20c1e25bf5d1de526cef9a215cc9f996"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1QvA%2FakEWQsnJU3WJmg1P1wMqVeXYOPA93w%2Bphe3xqq1ovNIN9O%2BkOEGluEdDV4s9ycEH%2FGOl5absnLHdMzutM6EOwJXjY1YERPQY2B%2BXNQP2parCFBhC7Y3%2BMmhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba680b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fred-arrow-left.png
200 OK 493 B URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fred-arrow-left.png
IP
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 5db20018a0fac6b541260df23929db91
3f438440cc0e414f7f7c47fd6be642a9abda85ba
138800c53f456513cc20c3a21110f5cc9b984de9ce6652adc9e7bcd7d9b3c8b7
GET /bgv1%2Fimages%2Fred-arrow-left.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 493
x-amz-id-2: Dary1++lUKGjiCWhiQmEGuLthO4ITi3mcr9XWVc8c6eHPOkX1Zk4ocWvw/oVKfsAGAlYU9X0Ab0=
x-amz-request-id: 0867BKRQRDB79NHR
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "5db20018a0fac6b541260df23929db91"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b4femEkyMWzlwSEQ0YrvZJeiC3QwvwZodnb9uvufKqmZiv405%2Fav275H5rSZGE6YETWuXmZI4u%2FKtpCt4UQDGXQVTQcPM%2BrhGtxrdx0T7pRGssbGdTZBGoctfSS2OA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba630b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fslot-start.png
200 OK 22 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fslot-start.png
IP
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 244e8f79da0526379203f0429ed8ae1f
73f652c94f5089ca3feeea0946331b711d8efa37
1e11461e5c27dd50a536a8ec0674b627168d061654ceae7f82fa9c7834b525a6
GET /bgv1%2Fimages%2Fslot-start.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 22059
x-amz-id-2: 8lp1SIt5K+nMxI309WSJJwEUgemYV0hCoApuyUpgkjOzhoHG54WzNUCTJboTyKGPIyXj75xMJ60=
x-amz-request-id: 086AHJQNMGGV75QA
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "244e8f79da0526379203f0429ed8ae1f"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T01Dk5QMuJl6ZTOj9Cto8pA3fzlnn6RrvO2xOmtnV9bsYh05GPEsYvOVBPJhGawNbZnVeosELgkgRIdrQBiPmQaddMUIbWksKPL9vv4in6%2F4qcPsxLMfsiB2o45%2BMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba670b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2FKqX499j.png
200 OK 1.1 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2FKqX499j.png
IP
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash dd3ca7519448be324f8c3223a276f813
3c5570882d2fcd4d3b1791114a8558df71ef4183
f6b611eebed4c2780c8619e862ddfb71e35e5aeab502640d910fc9f248063dbf
GET /bgv1%2Fimages%2FKqX499j.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 1109
x-amz-id-2: wAzkA67pVu/b2RxYeIMypypNG66n9eEpiUWWirtx0O4d62ty7lISOUno7kbxGuaF36W7RPrBA8I=
x-amz-request-id: 0863PKWP4K3C2MX9
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "dd3ca7519448be324f8c3223a276f813"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ivCKv4T5myL%2BHUCAvE%2BvnMukosJdBLJ2H9eVFfPJr7i%2BSfATqDCP3rLUUzQZDs4XO3HlhZ4rT0e4hFe0xAOXdLbDhDO3R1trjZNlDQpGh5thYSwVgx6RbYwc39FXSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba5c0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fslot-result-1.png
200 OK 18 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fslot-result-1.png
IP
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash ec844a2e36c13835d34f1bac0db0498c
8b334e469dfbe6ebae1b3c58d6567efc654c5fa9
5038f4c7ab64de7b0a0523253a60f0ac5af53ce9b522d67ed6b8dcd28cd9a07c
GET /bgv1%2Fimages%2Fslot-result-1.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 17883
x-amz-id-2: CnaZhzM9CWEZ/QUsNoL4DxdsHIxGRHpDa+NaR6svxKuXMAXoxGszSGD+EnYDkLWdOEXknHFx8ds=
x-amz-request-id: 086EGRJC5AJQ7PT3
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "ec844a2e36c13835d34f1bac0db0498c"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6oYDSCjq3o9FOHrasvAQsDaLZqvufDaHXlz9n5wZpn14xQoeq61aZA1HkN8DPQSFqg%2FoIbM1tTGgSdNnGYJ8KrFr0pW6O3sPLtqzMPne7vYz6wkbyizlrxkPUJHyRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba690b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2FyWwCB4c.jpg
200 OK 1.9 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2FyWwCB4c.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash d1b07f775527dbe2e3f4a63cf2bedc56
591e43ae55c2c6596b850a9ba6e3fa62dcde9c06
9b5f9beceae5873611200a408662ef812bbc682bd6996db552e066bfc0f41639
GET /bgv1%2Fimages%2FyWwCB4c.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1871
x-amz-id-2: mjzwYMhl+raSzNPyA7YFwr2p6/HVRzwOyhB63K9Ocb/Oh1WhpRyhfKIJitZKjX2mMJmHiOlAfrU=
x-amz-request-id: 086CB29RRC8MP290
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "d1b07f775527dbe2e3f4a63cf2bedc56"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oG4RBgom4Fu81D8y0R3zDABQQcy64CrCiHkE8F6ZY5wO3kdfnKuwzH9SSa4%2B%2BK2AuFKZggIBrfBEjw5m4O10KXdubB7P1XLiCcNybhHI9GAIwFclckYf81%2FdfuAPqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba520b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fstatus.png
200 OK 404 B URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fstatus.png
IP
File type PNG image data, 92 x 21, 8-bit colormap, non-interlaced\012- data
Hash 2cda8294f2c9ac8680e7630478cf44c6
d35e94e38fb6f8da59106684dc51e4f4a3e6cc84
8ffc78a93ca6bd7774c34203a2f38d9df70990c98d5dda238c40f7940e1c3247
GET /bgv1%2Fimages%2Fstatus.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 404
x-amz-id-2: 28WuZzQs4Guxv6kcO0yLE34bBPNgd3siWcSK6rm57DPFerrtpViUgOCXd+L5VXpjvvcgKLl6hY8=
x-amz-request-id: 0865RHPSBVW9AJ4X
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "2cda8294f2c9ac8680e7630478cf44c6"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TG%2FxXKmM%2FNsr43HgXWdXEd5AVJTMvVwddT3065cQmMqH%2BUZweKNYVo05JZqDkGvncqdC5od1bW%2BPAGQfJi%2F2LpO3SboSdw8m%2Flz9iGVqvs5i4u9T5gPuZvTLzNjpYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba600b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2F9PH2QqX.jpg
200 OK 1.6 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2F9PH2QqX.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 102933136ea4fe862f931bb364ad8c51
b0f114f9d39fd228827a75b25c408a4a2adab61b
d62bdcc9ca536db0ec677242f218332ebf4a0f0372e6f57ddf19ef9a5d1aa2f1
GET /bgv1%2Fimages%2F9PH2QqX.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1623
x-amz-id-2: /OsMZMKm30NhoTlnfkFIEVfdF8Eq9ynn3azw58MBq/oApTGKl8bOQQ8DZdubzJ/2HQxEaScs1MI=
x-amz-request-id: 08632YQW2TNV8GZ6
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "102933136ea4fe862f931bb364ad8c51"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2pPvpswrhiKGVyJQqr2Bsf%2Bc7zRQUQKPIb73EVMHC7MbllaO7qtja3TUZ%2Fze%2B73pSvfY5DKJ2Z6XwDHxvNXMw9r08DhSebk%2BhymoH1y%2F%2FIElDIkqywomGrbzExUBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba580b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2FplR22yu.jpg
200 OK 1.0 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2FplR22yu.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, components 3\012- data
Hash 8eaf167dee1c0b4384b854fd68836eb4
be410ab820048230ee32948da6345dbc3c6a2a94
d2ca60af74992ff458ac141945706d2178267d69692a9cd6bdbcfa8d2780a3b2
GET /bgv1%2Fimages%2FplR22yu.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1001
x-amz-id-2: KcaI401Nrv2x0ixj2xuixqWuJ0iykXEnfzk5qlDdpbMmxho4u5DoGNXozvsvdVZhNUkRVPA/1IE=
x-amz-request-id: 086EJAPHAXD1C342
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "8eaf167dee1c0b4384b854fd68836eb4"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BBMPc3L3EZp5VGTjD4ayoXofIP4Xgm88p%2BuxdED1bM0VBvUQXglrZqoc48s2Qi7Vkl5NXBuRZpl%2Fo3Tg12o%2Bs%2BanIzQiA8ef%2B3vSYbSh1BfcIC6qsV8UGo%2FTy1W52A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba5e0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2FDsrKpkj.jpg
200 OK 1.5 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2FDsrKpkj.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Hash 0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
GET /bgv1%2Fimages%2FDsrKpkj.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1506
x-amz-id-2: zzDJjV8Ov6GzuyYmraTnNJleqmW6dd1uCVPkQGWGkrYmE6seNyIvGGsXipfTGdkz73I6h0aEk9M=
x-amz-request-id: 0865HR5M56RES94B
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "0d0f29abfcedc7dfffe3811a5100a6cd"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcPcFG02BtXnIPlGtaJn7eyeV3n3WNptuVkoWNWU6Rvdk8tUz26mBxqIKP2vwLJy9USUwB2MkDbJgMeZtlam6zWpTPrYxzw8clAYpir9doOW3DiphtwWJ9FRYn5PTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba5d0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2F7wSpKDu.jpg
200 OK 1.5 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2F7wSpKDu.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 16d14205120c13b9bb5b64a91a927f47
de90436381960ab243a332b97dbfd661347fe9f1
9452ab566725c6cacae9ab39c1481bdcc1205fb07ae3709b946d8e73072b5324
GET /bgv1%2Fimages%2F7wSpKDu.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1547
x-amz-id-2: RrKCZazGhobYvVIhfvHfeUJdSL65GhSAkfqBazra5iqGjLQKfCraLueRW1JKSfX0070G48+tj1o=
x-amz-request-id: 0861ENM256G22BJR
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "16d14205120c13b9bb5b64a91a927f47"
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exV4UITua0w%2FE6FYL0Wg40CTDCOKi4SKq9arhbk%2FbMHzsduroUmb%2F26KswkreoqHijw5mSITAOPnaFYQNuoDK1M6hxRkl7J7CHOo6iYA4OMeURti0DKGgW16%2B4CH1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba560b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fimg1.jpg
200 OK 1.3 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fimg1.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
GET /bgv1%2Fimages%2Fimg1.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1315
x-amz-id-2: Cu19tNlgbhhOb5e3Ry5QYLRAmt3XAVBBVDcBCgeTBBlEmTKmUVX7xeHgBdq/UShta4TzrpeyBus=
x-amz-request-id: PR5F0QKVB0TJY7GT
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "c3c59916d3b4977017c89125dc42b664"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NG0jyHrRblnS8%2B3yV2elIj%2FXT%2FVeqHn1P7WUzplR12N01ujhRH8LU33s41XZNTYkLoR%2Bl%2B5rtBEos0Dmtag5TVZp4rjdYWDYZF6JV6DnHpenMiMBwHTVjvOpLSGg6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba4a0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fimg2.jpg
200 OK 1.3 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fimg2.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205
GET /bgv1%2Fimages%2Fimg2.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1297
x-amz-id-2: axG6kAxAR6IwKCTqjd+3UbexhG6xV/m4cZ2gIOCXpDDtOlj/C4e4QyFlrNUn76bTER5w6Bz3TbI=
x-amz-request-id: PR56JGRF737Z6312
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "92b944714cea3e478a8e50dea1a80b26"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNNi4GHf0%2BtnFe8if%2BrCFX32%2B951mpqR7lZoWAMpzVKmJpXbqnIWoG7npFGZ29cIimqYSkr54MM%2BloNu09O90F0vKD0VxyKExAGvPOS%2FEX%2B%2BFJ5RD34YbWNtTfMYGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba500b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fred-arrow-right.png
200 OK 495 B URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fred-arrow-right.png
IP
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash f4f08e109654f7b401d113816dff5e2c
3cd201d6460e432ff5d8934c1554eeeb32ba02f4
88b4c9e5c7abeaed6e442d233266272e8048f035434fe3af5edcda9052f138ac
GET /bgv1%2Fimages%2Fred-arrow-right.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 495
x-amz-id-2: 0HjvLYV2ppub/RcpmQUv2lVquVYGzBR+wTN1m/MtvBx5guX2wntwQvhyc83h+vVjO9UhbXNQSCs=
x-amz-request-id: PR55C85R3674W02P
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "f4f08e109654f7b401d113816dff5e2c"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xZv5eZSlZgCkUvLSqqhzKMmn6ZSLLTLNzn3SLhHWfaRifqS4Ux3azr%2BScdgRpB2fX36yZn2oJbWfJnVb8y1fCGO4o468StvAGrIjPKRK1LSrAxmV2hPKScFysfDIxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba650b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Flogo.png
200 OK 243 B URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Flogo.png
IP
File type PNG image data, 16 x 16, 4-bit colormap, non-interlaced\012- data
Hash 66c23a105121bf693e5fda5aa232cd2c
5b7688e4db7f216de02ffa8fdb7d33cf684fe7f1
0d0d7c6b70ad170073dad654669a7fcdaaddb46929d6fa5567e9ed93f5680d8f
GET /bgv1%2Fimages%2Flogo.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 243
x-amz-id-2: 5Ie5WpbrZy1DcLph86Y9HqcZ6fBd4ihfJsb3jnIccsEdOPQwC2i1hzwojNwBXCLmoNIXKQecGQU=
x-amz-request-id: PR530YHC0049PQ8W
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "66c23a105121bf693e5fda5aa232cd2c"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LnmaiQEs57E6VW14PnmE6U7V4BXcb%2FnLiZ0VXV6%2BXk8gAYuJuBeskdLkfq8lYO%2BFAskchHVHLQ%2Fj38qjbBiDwZWk2gN%2Brf2MTZRfXeUxWd%2BKSheoWUjEe1BHPHBDgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba5f0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2F3temv7e.jpg
200 OK 1.2 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2F3temv7e.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
GET /bgv1%2Fimages%2F3temv7e.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1169
x-amz-id-2: 0ev8NZBC5+9EX6oGZD8FSH5c2/CdL6hJheQyfhIvmqn8hBTwvKW8uy9nPlOyD5dKKRPsronQiE4=
x-amz-request-id: PR51E8GT7F4KJRFQ
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "a848711320a9df61e6457f65b0dfa9fb"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F5JodDI6i82PWHBOdd9Bptiwd8GX%2ByvPw76xwKOacJiX9j%2FUqdL5iJMIFgqB9wWccyBPDEkSO8NPkCFwnJClIgr4tN1iZLkCmiy42SKqvM9lGBKre9ScQt7XP2wSnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba540b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.countryflags.com/thumbs/bulgaria/flag-button-square-250.png
200 OK 2.1 kB URL HTTP/2 cdn.countryflags.com/thumbs/bulgaria/flag-button-square-250.png
IP
File type PNG image data, 250 x 250, 8-bit colormap, non-interlaced\012- data
Hash 3f0bf22f5b1b69cfbceac506951d3afc
edd3361f44f2971f96af94cff3ea35a485061dfa
2c6c2c194cbcf3b0b62d748b79e5c09d3d0ecc4021f23182966272219939e2e1
GET /thumbs/bulgaria/flag-button-square-250.png HTTP/1.1
Host: cdn.countryflags.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 2091
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "82b-5426c8e5e5000"
last-modified: Tue, 29 Nov 2016 08:41:36 GMT
cache-control: max-age=2678400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=muttns5Wl%2FEgNNPToDbjNWbfFDrzX2d93l%2BUPqzGcCvJHobu%2Fg%2FM2VQvv4K1bA8%2B%2FrelXhtiji4DfwrByR7K%2BR1p9UHCof7B4PQSX%2FKHscb9yYkEs6EjfFekJKsPh4%2B3uQLDypK5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266d813b50c-OSL
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fcheckin.png
200 OK 457 B URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fcheckin.png
IP
File type PNG image data, 92 x 21, 8-bit colormap, non-interlaced\012- data
Hash 796fc192fcda87bf7bb11977b21c6ee8
3b982842c71acc6c5df6bacade53b9a52c2a77e6
736416d5fe9fbc1e6904232cd5777b8855e846302a1c4994a4dae0996cb28519
GET /bgv1%2Fimages%2Fcheckin.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 457
x-amz-id-2: 9KnxSIl0jzHTYtf76tObMDCxCrryTioFaSEZGrhzX8fsOOONi2yOcBlfbMTwR5IJ7+LmU5yahG8=
x-amz-request-id: PR51CX4TEXMHMZ1V
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "796fc192fcda87bf7bb11977b21c6ee8"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WMiwUM7%2BYPLZwnBP%2BhQIWl7An58bYdgpB04sCpWisjn%2B9Vi8SbvDVEnTQ9Yx7Sk7NWhpKJqxt24g%2B2EFJqzHHbmu5S4U467QDiMwut1fUMaaJibtHuTiS2ZEbQcFPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba620b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Ficon-search.png
200 OK 3.6 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Ficon-search.png
IP
File type PNG image data, 65 x 22, 8-bit colormap, non-interlaced\012- data
Hash a53737d0c1e722c790cdb73e8a40fae4
58d8cf39a72f15a335190a3a285386edea776526
6034859360e67a648165e4f71cd36da3712a564905318a9145b19e500dd6a369
GET /bgv1%2Fimages%2Ficon-search.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 3579
x-amz-id-2: VBMegVDUwC9+LC6wGQ9jtEuyxlrvmz0s4mFbMfZD4UKgyncyRLG7PflaeAqnpsqPx1WCs4bnJc8=
x-amz-request-id: PR52PPGRX63BBA4D
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "a53737d0c1e722c790cdb73e8a40fae4"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69mG6K4AKAA8FaokalLMn%2F%2BudPS%2BhomVzrd7xaGk8LTOtcOWlaPjOBYw77yQmSG2nsaU%2FWTm%2Bl0W9hekBL57LBvDled7lpDRGRcP4KXg6BwE3kNzdDXHt8WMXEbUUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba4d0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fphoto.png
200 OK 372 B URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fphoto.png
IP
File type PNG image data, 92 x 21, 4-bit colormap, non-interlaced\012- data
Hash e353bbf718baf082a548932439b6a8ee
18bc9fb3b1a00a7732173a6aad1ebbb608248bf3
c2c7afb9a455ea1a40b187fc3ac78170834905ee5db39820870843ddd3028544
GET /bgv1%2Fimages%2Fphoto.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 372
x-amz-id-2: XxVd7H2ei3CmHcP+ULylcFovEesQqCtESsbEcZ6gNHKsUiYF22Jm3tabBw8xGcl2kWj170yj4QQ=
x-amz-request-id: PR5DH1MA94AK02ZF
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "e353bbf718baf082a548932439b6a8ee"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ZIMVnCwS9I81ME27i14l62SrzB%2B3WiKf6DzuCVtq8glIy25XGliHjN3Phb3yM0IQlD8LUr1O4DMKo2KPoPQv9Ueq9JfPW7k2yjsuoXspLkmn2oyO4jv%2FTAoKQKnEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba610b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2FEKZrmbS.jpg
200 OK 1.7 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2FEKZrmbS.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 36219a038e38decf224738dc56870d0e
824a4648f22839e5fb23184229bbbad3487140be
118e8968971eff8afa6d0ae7ca340f256b661b5096ca3b43f90737c02faade50
GET /bgv1%2Fimages%2FEKZrmbS.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1717
x-amz-id-2: bPUWdcUYgGklKmsrjXYl2A1k2HBxeRzXx5syjZ0MtlN+FbhghDKPOTJ5IOtVSjivPzIJabSOkyk=
x-amz-request-id: PR52AM1NTJ2MBRNM
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "36219a038e38decf224738dc56870d0e"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1993pZgbnBbfIp7o1kE9D49DOX9PtukLCNRxrbIzGpwZB7brdjD5sGICS7hnnjzpZcNx56KLW%2BWmiN7%2FB1hwt7cZ%2FU8Ki%2BKiLwXGuKoXS%2FiN557XfWTSY5MPZNd4FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba590b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2FyEUMY3v.jpg
200 OK 1.6 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2FyEUMY3v.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
GET /bgv1%2Fimages%2FyEUMY3v.jpg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/jpeg
content-length: 1608
x-amz-id-2: u0dPYY4HkNxI0A8D/vvUmBdOPlbcPx2EuTElRuh5WCn6bk4d3kUjP8H+cIUcGNBjduDCfXFgnGE=
x-amz-request-id: PR53RWEWR4PNDF12
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "5da3831556c780010e0e5c5b967e43ce"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ayj%2Ftg9wYEJ0dAWOJ01CviZVXTfdM%2BbMrru3HtJfcgRqYtjc0MQSv17V1zm2DDMYPyTi9p6wVzOV1nFcgVoaaMThd%2B%2FSci8506li6r9yeZvmZ98IwxfeixpQwvB9wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba5b0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Ficon-account.png
200 OK 251 B URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Ficon-account.png
IP
File type PNG image data, 65 x 22, 8-bit colormap, non-interlaced\012- data
Hash e33b90b3b0967a02d7c9ae8ff6b60f30
47eb5ad0ad785fee87d0621ed776ffe82adc697f
d6168ef356b0aeaeb195b450de21edf25284b7f2c6a2810258ae5603a39e43f9
GET /bgv1%2Fimages%2Ficon-account.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 251
x-amz-id-2: ukLv29IgUfRgsq5Joec8y/UItbBsKSHlXgzEnBhk5oD9Q97lp8k3SqUSk7ZOU4FOn2WFyess81A=
x-amz-request-id: PR52EAK7DZV2ZHFN
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "e33b90b3b0967a02d7c9ae8ff6b60f30"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=la3XZHjJKl2Q4sp3vpu2Z4Q3VZWWZDZjIO%2FWypODxKDSprvibu%2BDlEJqQ5ysg0NILJeqIFSVocUrml%2Fx6PNUVPA0PE6niWL%2Bml5pxcyB7S5cymDnboHtVZw3aoncVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba4e0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fslot-win.png
200 OK 14 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fslot-win.png
IP
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash ad463090b233af33d543c66279082ef7
c5c076022496220069ada53b61e360115d633ec1
3f3ba843f8336a629438b345bfd4e85a17745c9941105fe2bc96081c01860050
GET /bgv1%2Fimages%2Fslot-win.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 13522
x-amz-id-2: qRF+UTbCIs4/HoUvVtnw/p5kGITBvyuGk1ABm/vhGeM1vXEk98q7bAEzG1e5oNbrRawzgJMvTj8=
x-amz-request-id: PR53B96RZGAWN6QB
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "ad463090b233af33d543c66279082ef7"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Rt5SON1%2FUTHh%2Fu5wmHR0KfJEVTPGQ%2FFH2WoE%2F9wPn1iqBoYt8Cg%2FE2DpCZwxBmAOkWVW1oBd9QbHK8tJGzipoSLqn3wTEUmQ7ArOh4oojAFziE0FI%2FoFPQ0EdpERw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba480b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fimages%2Fslot-result-2.png
200 OK 23 kB URL HTTP/2 happy-u.vip/bgv1%2Fimages%2Fslot-result-2.png
IP
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 2510ea89d6674e700170ea8438045cbb
f26b53e2875b396f3b208a15052133a06ace1f2f
4fb6cef2f7a06048bec380e22f1ab9b70c45672e59cbe83dda68763406340103
GET /bgv1%2Fimages%2Fslot-result-2.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: image/png
content-length: 22914
x-amz-id-2: qAh9FUNHS8ZRUWCD6eH0n6GsPnwnowZSVpmBg38xyzrs9w1o+/zSZVt7AM4fT0eGT0OKohiEF+s=
x-amz-request-id: PR5EXQ766ZT1VM4N
last-modified: Tue, 14 Sep 2021 10:23:05 GMT
etag: "2510ea89d6674e700170ea8438045cbb"
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=irrt%2FzAshuvJfNacxcJz5GBMj9jhAkkPdId8k75Tg9b8oxULRTVyDUgzbheLW1nGYyEQMz4hn9plhhNPRr9QXJ%2BkvvUBX0Q5I7jqYqX4YiJXQVJjumBAkUPkJ4okdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba470b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 15754887d13c84589a5e5339b1237b0b
cfbee675b4877b70fa2bd3f069dddd55a9796db5
826f89038e94457b538e56c66745947a5cd79909a4e55c52327a7466452fd3c0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 21:56:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 08:32:16 GMT
Expires: Wed, 12 Oct 2022 08:32:15 GMT
Etag: "cfbee675b4877b70fa2bd3f069dddd55a9796db5"
Cache-Control: max-age=383173,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7569e267bb53b50b-OSL
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash c1a3019c135db71cb259a25f0f31165a
39438385780d70fe7d6869937d5964ba64341c0e
3a6f2517895806dafa643404a12d0992ae67381480b38d9539324dc944f43931
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 07 Oct 2022 21:56:01 GMT
Server: ECS (dcb/7F18)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UZ5cTOs9IGL7B5eomrFr7rUvhktEbcbMr09_GBjzpui8EYQNwfcjxA==
assets.landerlab.io/base.css
200 OK 8.7 kB URL HTTP/2 assets.landerlab.io/base.css
IP
File type ASCII text, with very long lines (8731)
Hash 7f6de4e86d84bcbfd919f155e7545439
e7d9a7a418519c3fbce6de3c85775087cba93b49
8d8c59c2712df25a26ecd01739496e49c3514a9341fa3cd21cfa98627ba6efa2
GET /base.css HTTP/1.1
Host: assets.landerlab.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 8732
last-modified: Sat, 29 May 2021 19:05:04 GMT
x-amz-version-id: 0sEXTlrAazg9KkJm7sv1lqt808WfgxiL
accept-ranges: bytes
server: AmazonS3
date: Fri, 07 Oct 2022 02:55:29 GMT
etag: "7f6de4e86d84bcbfd919f155e7545439"
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BvFtarYvrEZAtaV4i6H72b7pqmKSQI1giYQ8MK-2fZagogM21pCjGQ==
age: 68433
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5690c00c386c753af6de22646db06434
aa5b0574bf8aa58bc5608d593e7dcba23100b454
741af8ab8cb30aac3a08fe0ae823577cb602c717416f9bcd52cef5b830b5fb0e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 21:56:02 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 06 Oct 2022 18:25:20 GMT
Expires: Thu, 13 Oct 2022 18:25:19 GMT
Etag: "aa5b0574bf8aa58bc5608d593e7dcba23100b454"
Cache-Control: max-age=505157,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7569e2674aecb50b-OSL
propeller-tracking.com/fv.js?t=74797
200 OK 2.5 kB URL HTTP/2 propeller-tracking.com/fv.js?t=74797
IP
Hash 71edd5a89a2be51d76a55b108ad5ff3a
96630440499809fbd9a6f67e3afec4330956dcfc
e265c01ae6ed07eac10fdf78f80b217d33d3f9e1a5e1524b26a844d832c78129
GET /fv.js?t=74797 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: e95191c6f96b50cfacfa13a7f7f45d70
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
my.rtmark.net/p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a
200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a
IP
Hash bd33725f56da891692dff0ac7583d37d
2f5c7d6865087971dd4645d30d6fff57b64fa3fd
66411aa8478bd069ad8a9aa0f2159279c3693da7a7e1fb3b1e53c751e580cfeb
GET /p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:02 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e3454d100a6561609eda860c38bbb438
def0307772733d234bb0849213e399727c334fe8
a3dfeda36a6e2582561a378581f7af796ab064e00a5297a26f2e6574d477b8ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3DFEDA36A6E2582561A378581F7AF796AB064E00A5297A26F2E6574D477B8AD"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7666
Expires: Sat, 08 Oct 2022 00:03:48 GMT
Date: Fri, 07 Oct 2022 21:56:02 GMT
Connection: keep-alive
happy-u.vip/bgv1/sounds/spin.mp3
404 Not Found 356 B URL HTTP/1.1 happy-u.vip/bgv1/sounds/spin.mp3
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 9d35d8f3e7f28f7f938d7b807ea96897
5fab4cb38ed8c83bf601d564bbed89bb8086913d
d2fbfe83dc53a04b538972cf97ff23b47c5a5c40cf0004cd2b82141f7a86668e
Analyzer Verdict Alert fortinet Phishing
GET /bgv1/sounds/spin.mp3 HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://happy-u.vip/bgv1/
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 21:56:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: RRH07FFG8A43Z812
x-amz-id-2: +b/7HZFuzsUXki5CpG6TPmoZ5p8R1xFJpg1/TTZcVn0Ovss5tZSIet6MBp8aQaiY20KhSfh0dAg=
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7nX8SxhTDg9KxlbIjqGCnXO%2FWnuonCjnRUGNrPwQYbWRWoTWaH%2BfyuR9tIdJGlLCkq8ZTJj2i5cuH6DVJ%2BwXw3%2FgwmkzUhuoaeS5eVzyUqMAmeoDXoAtKT7KW1Mbw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7569e269ac500b61-OSL
alt-svc: h2=":443"; ma=60
happy-u.vip/bgv1/sounds/alert.ogg
404 Not Found 357 B URL HTTP/1.1 happy-u.vip/bgv1/sounds/alert.ogg
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash e857d05d1f4a403728522e00ee8e081f
2aa6dce09f92a51d269e62bd8adb70c79ac40665
1791db18dbaf67e1f2f4adbe646501bd8ce8da8443a661ae2376f995c6058e01
Analyzer Verdict Alert fortinet Phishing
GET /bgv1/sounds/alert.ogg HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://happy-u.vip/bgv1/
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 21:56:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: RRHA20CVN65ZSE97
x-amz-id-2: 2BIudaZWPEhEr1o9Fk9uvMw2b1wu3DsQp+b9m8hnqCiWKI1PsTMf8LgcIeu6DB9Xtj6HvL43wVI=
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d8rdvRqMBPWIuQihIoxXl3JVv11Ul7J35cVN1mKYZvJKRryMSm%2BF8GSbJ%2B9iBr0YAcVXYEhcBHONdhJfgsOGeIsD2oC365z6ZXwREjr44kpj4FBPOBTiCnC1VkaSaw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7569e269ad0fb51d-OSL
alt-svc: h2=":443"; ma=60
happy-u.vip/bgv1/sounds/win.mp3
404 Not Found 355 B URL HTTP/1.1 happy-u.vip/bgv1/sounds/win.mp3
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash b3b6051ba14101876bc3b1ecdcec88dd
c1a1ed194806643d0d1b843ea9c9f4b60b60e6d2
7bf3e89bdd579b7753ff65509b2a6fe95fbab6dd84ed35295011622558bd3d7d
Analyzer Verdict Alert fortinet Phishing
GET /bgv1/sounds/win.mp3 HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://happy-u.vip/bgv1/
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 21:56:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: RRH5P1FQ5FZAB4TB
x-amz-id-2: 7h2rKPfYsiSzF4PFk8w5DcjnnRA8207nrmjs6v4nd/nuOVVsu5WwN29iB0U/ANSxwhLHI42c4XA=
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wi9GEkqMqVttW%2FSgqJlBXdC9JFiBXeowPAPQCYDolFcdeD3OGjBc5Ae0sKIPGg4a09rpdB4PZsznjo1Y6qbj0uS9PAz1FlfhslUN%2FvrYWRbH6Iyx%2BpJm8ONJ5%2F1Csw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7569e269acbcb503-OSL
alt-svc: h2=":443"; ma=60
track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=f71017d58f7dc15674b0bce93a8d7970
200 OK 0 B URL HTTP/2 track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=f71017d58f7dc15674b0bce93a8d7970
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/606dc316bd12e800113ca177?lander_id=f71017d58f7dc15674b0bce93a8d7970 HTTP/1.1
Host: track.landerlab.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:02 GMT
content-length: 0
cache-control: no-cache
set-cookie: worker_cookie=N4Igdgpg7g+gFgSwC4wQExALhABggRgGYBDYgFgDMBaAVgCYBjANirIHYdCqAOb4nKhDrcIaAEZtCATikVCIADQgAbggDOyVBmzcKdNGTRp8VNlLERWTOtV1TiVQkwg0IhboRoUGZRSvWaSAgAthBqSMTBAA5YIHQ4dHRU+AI4bAAqdPiYNEyYCQB0+Nz4AFp+qhpIAPYATlqxeoZ0TAxsVExkEJZkNPjUxPj8VJz4YnQQFBYQUhB+DJFRxAgA5mAN2Ew4TGgMhPhMYsYT3Dg4+EQL+GxsfmDVaBAwDHDLYFgA2gC6SuowkFAsBRiAAbNQQAC+QA; Expires=Sat, 08 Oct 2022 21:56:02 GMT; Domain=track.landerlab.io; Path=/; SameSite=None; Secure
__cf_bm=_YkRAFLQEpUEKGRRe3qMnQTKWC9L8kCKahNiNcx26rM-1665179762-0-Ac6tk+a3RU5euitGzNbjlt/54HYvLB3UtthOL7RtuWOTbnpJL4xdIhTI2F83AQ98fxTB6E29P4EqyCtmwihqN/8YYGVz6QF7R3yCERn63RDR; path=/; expires=Fri, 07-Oct-22 22:26:02 GMT; domain=.track.landerlab.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e2699adfb4f1-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d6c404502c7987174a84d8f0a3efab23
fc3a3f6d63acab3f659fb3536b65fd8564ec8628
94b5693df873bd923ffbf31f576fff01d2628e5796af4c6b91306a743e27d19b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6493
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 21:56:02 GMT
Last-Modified: Fri, 07 Oct 2022 20:07:49 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
deefauph.com/pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js
200 OK 40 kB URL HTTP/1.1 deefauph.com/pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash f180b770897d6441bb79cb05ef5655b6
0a1ecab3bd50af2c0930f1ebadeb5ae449b52489
35ca5d4fa63b7895631bbe796dc91e83e0a76ba1a6d6b04c4c2962b7c1fb5a4e
GET /pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2022 21:56:02 GMT
Content-Type: application/javascript
Last-Modified: Tue, 27 Sep 2022 13:19:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6332f869-1a5ed"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 671e371ca656241a058e39f941f52b91
e2f8c597830dbf6798c6e67563b25f8f2c5b9761
c8cf9147235e2f68fb2a2aa6aaab3d8934bb8e1a2a19e94e8c9ef6310ffdf88a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8CF9147235E2F68FB2A2AA6AAAB3D8934BB8E1A2A19E94E8C9EF6310FFDF88A"
Last-Modified: Wed, 05 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=494
Expires: Fri, 07 Oct 2022 22:04:16 GMT
Date: Fri, 07 Oct 2022 21:56:02 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0e8d7b5a1203e32a5f78d69da05200a0
0ef40d114318087e74e3bd3d2aa51ec9f6112345
0cdef76d6af0d8f98494790d977faaf00bf1b4cf6fccd000de0864f8df10a200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0CDEF76D6AF0D8F98494790D977FAAF00BF1B4CF6FCCD000DE0864F8DF10A200"
Last-Modified: Wed, 05 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2333
Expires: Fri, 07 Oct 2022 22:34:55 GMT
Date: Fri, 07 Oct 2022 21:56:02 GMT
Connection: keep-alive
happy-u.vip/bgv1/sounds/alert.mp3
404 Not Found 357 B URL HTTP/1.1 happy-u.vip/bgv1/sounds/alert.mp3
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f548b559121876a0a303227467a704af
b31642fd76356157bafa1c17d4fa35321190b65a
3e1e15e7d3e63bdee192c41f39ac3074c2317ae58ccc73381b2479773274d58a
Analyzer Verdict Alert fortinet Phishing
GET /bgv1/sounds/alert.mp3 HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://happy-u.vip/bgv1/
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 21:56:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: RRH6NZ8A4715KVGQ
x-amz-id-2: 2ASRapopKhUjKPPe4e0AcIcwdtwCyhv3IenPMbGVLfQ1cWc6AoprLWT0t5rtslwpeKLM1njLKBI=
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fM870GZa0Yp4vcKcf%2FVvd8vsjSeG9%2Bi4mcojRYmpKaqnfGqocrWejoEMWVO63WRoV%2FLGphYZtg2lGssgfneR6kr0CaSqEc%2Bl7S11oHQXJNbqfWbJjVG88Er8voipag%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7569e26a6d170b61-OSL
alt-svc: h2=":443"; ma=60
unphionetor.com/vctx?t=74797
204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=74797
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=74797 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 21:56:02 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: ae2f8e135d68b412422ca78f2d5034d5
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=74797
204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=74797
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=74797 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 21:56:02 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2c33fffef1dbc2b309482f686bb6c033
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
notix.io/settings?appId=10044f74f614078bbe1e394a55f7e43
200 OK 92 B URL HTTP/2 notix.io/settings?appId=10044f74f614078bbe1e394a55f7e43
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 418cfd3f4f2183761c35028cf1636c30
d73501e798b75ec1e9c259d3284f4fcde2267f7a
473759afeea2324f27fad63787eefdef24cde70ae23574326b68a3dd5216fd46
GET /settings?appId=10044f74f614078bbe1e394a55f7e43 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://happy-u.vip/
Origin: http://happy-u.vip
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: application/json; charset=utf-8
content-length: 92
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=74797&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 21:56:02 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 57eda60fc34d03f76b8fc8f79f92356f
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=74797&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 21:56:02 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 92495231c6e98cb0f1766ef4f962791d
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
notix.io/event
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://happy-u.vip/
Origin: http://happy-u.vip
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
notix.io/event
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://happy-u.vip/
Origin: http://happy-u.vip
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
notix.io/event
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://happy-u.vip/
Origin: http://happy-u.vip
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
notix.io/event
200 OK 15 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
POST /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 63
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
notix.io/event
200 OK 15 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
POST /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1233
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
happy-u.vip/favicon.ico
404 Not Found 266 B IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f8a8bc4d106289d7f7df12fe8b8b83f2
b130f9cc908e5833b2e4e50155f133d0f68ea6f2
bf68dee4ffb755ce2c7896b5af7ec85b2d22d8a1cd44bbecb99233dda139f7f1
GET /favicon.ico HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/bgv1/
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 21:56:02 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: RRHDZ6RZA7Y63S7K
x-amz-id-2: LitzlygdS1OZfzsteUSaSLi7Dx4WVJyKS7kxvo+dyWONuQ28bHeYsvwwilnWkHhUHs2L2Qj0AaM=
Cache-Control: max-age=2592000
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2BwmfGgxRtJgzQIxjoIbhY7RG4A8Hua09w8zq6%2Be3GnglL4eX6jZu8hiDLCN26FmfgNb6juZUBOdP0OdFbb4I8vj159Jukl5H7fzGWQU45Mp%2BcBfeV41g0ogI5kzZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7569e26bae480b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
notix.io/event
200 OK 15 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 28ec1eee5f4049e3c4f2135069c1d2c8
3505519507ca1c2a089c46e100b80408ca278421
edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b
POST /event HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 68
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: application/json; charset=utf-8
content-length: 15
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VRXyzit9fAEYlOk4C0WxJA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BEPUGY+qGJs/vXUCNvav7XLBPoo=
my.rtmark.net/img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv1%2F
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv1%2F
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv1%2F HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:02 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=d1a7413434e94a0f9ed4061fcad96fe8; expires=Sat, 07 Oct 2023 21:56:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4250
Expires: Fri, 07 Oct 2022 23:06:53 GMT
Date: Fri, 07 Oct 2022 21:56:03 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4250
Expires: Fri, 07 Oct 2022 23:06:53 GMT
Date: Fri, 07 Oct 2022 21:56:03 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4250
Expires: Fri, 07 Oct 2022 23:06:53 GMT
Date: Fri, 07 Oct 2022 21:56:03 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4250
Expires: Fri, 07 Oct 2022 23:06:53 GMT
Date: Fri, 07 Oct 2022 21:56:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70128380-51a1-430f-bca1-5212a3dd8807.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70128380-51a1-430f-bca1-5212a3dd8807.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c712a8d12119cdef4376b6055f3493c
e040dc81a71c6a94dc600ecb61bf0c8f1a086e85
6a2c6384e05dae0013a2890ad63c91af7d2f04a0d706ce496f44defc7b209fa7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70128380-51a1-430f-bca1-5212a3dd8807.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11618
x-amzn-requestid: 5a8e397a-41df-41a1-a71e-25cedc35b063
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R5H9aoAMFyew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-3286ff464612a56158b81f4e;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: exgvxCz0xzr_iWe29iXJx8gzCDdejMsZdvflrWVrvXKhUc6c0bz2lQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:39:48 GMT
age: 975
etag: "e040dc81a71c6a94dc600ecb61bf0c8f1a086e85"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d2aa46d-cfbd-49e3-8f25-0498668c50a9.jpeg
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d2aa46d-cfbd-49e3-8f25-0498668c50a9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a15dc9ba26fe131b3b4833fb309155cd
334a9163f63c76e4379912c1f2f955f5362de899
36725a6aca89237de25a2234d01472f0100a6bbc09093ee638c9ef0fe3226a07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d2aa46d-cfbd-49e3-8f25-0498668c50a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6963
x-amzn-requestid: 85900f7a-41ed-483e-92f5-a214e79cbfea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZolXeG_YoAMFlpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63401c2f-5fdd70c5679fcf26476383a5;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 12:31:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: y5WAY20QAO4OlpbwetBtvhxEA93lTq-NEUFz0ZuYeyja-BaOV1IYsg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:39:48 GMT
etag: "334a9163f63c76e4379912c1f2f955f5362de899"
content-type: image/jpeg
age: 975
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc28ec4d4-ad94-4fbc-83a3-2675118e5987.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc28ec4d4-ad94-4fbc-83a3-2675118e5987.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e282fb952c8c81b3369d747b9fa837c8
038e45c00f7f0c55c4160b6d3fa25fd129ff9ef8
735fd68ef05cdcae00eaeac826b0fb291daad2b35bbad07a8a67745f1799b211
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc28ec4d4-ad94-4fbc-83a3-2675118e5987.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10137
x-amzn-requestid: 23b13773-c294-497d-971c-9fe56f88d5dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R4Fm9IAMFbbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-7fc0b69250f718693a8aeec0;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: J5qJIh9Eq17ONk9gm62j-SUa29Ivrso78FBoH1VCz2lQlyK-M4-D-Q==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:39:48 GMT
age: 975
etag: "038e45c00f7f0c55c4160b6d3fa25fd129ff9ef8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: JYDg0-KelCPr__4bKtpARLrwiE1CHGICcFI6I9_TFCMcmESbykNhXQ==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 22:08:50 GMT
age: 85633
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
notix.io/ent/current/enot.min.js
200 OK 26 kB URL HTTP/2 notix.io/ent/current/enot.min.js
IP
Hash cadc019a4025a450cde03c505d6ebc00
058c853da2b04a67562136321e6a063251b4c409
ec16034e5f83f2c23b91208c70eb216fee03a2c8d3421b6380289696a63fd78e
GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:00 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 12:14:24 GMT
etag: W/"632da320-11e42"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbd06f32-7565-4b80-b355-05bbca48d9f5.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbd06f32-7565-4b80-b355-05bbca48d9f5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bc242b7ed099f0062cdcb31e116437f1
24ec1ada9651f3d8b5c57ce8e55ec2f3d62038e1
e29b443e1f51b37616ceab5b102cd9764ab52d2cc86f3412bbe1cac04dce70f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbd06f32-7565-4b80-b355-05bbca48d9f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6616
x-amzn-requestid: e185e11f-35a9-41dc-a523-cb78582caaa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R4HTwoAMFubg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-6ff864494e3fd767495461b3;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2QodhjKhrkm33q_rgaxa66Too5FYfE4gUqsXaXTBR9f7AoY5E00K4w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:39:48 GMT
etag: "24ec1ada9651f3d8b5c57ce8e55ec2f3d62038e1"
content-type: image/jpeg
age: 975
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3569
204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3569
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=74797&bid=undefined&aid=undefined&tp=3569 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 21:56:04 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: fd5720ac17d5bf61cb9e2a61ea863ab3
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3570
204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3570
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=74797&bid=undefined&aid=undefined&tp=3570 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 07 Oct 2022 21:56:04 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 7fd7bb9b1f6ba197598ba87e1b2f0412
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
walter-larence.com/hp
200 OK 0 B IP
Analyzer Verdict Alert fortinet Malware
GET /hp HTTP/1.1
Host: walter-larence.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:01 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
happy-u.vip/bgv1%2Fcss%2Fs.css
200 OK 0 B URL HTTP/2 happy-u.vip/bgv1%2Fcss%2Fs.css
IP
GET /bgv1%2Fcss%2Fs.css HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 07 Oct 2022 21:56:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8130
etag: W/"26557b7cc6a3228ebc4b17921ad44ea3"
last-modified: Tue, 14 Sep 2021 10:23:04 GMT
x-amz-id-2: rlHqB3rFZHJXaHU002R2pr37G+skGWsn7wu+Bx2wYE+B3eE5DZTKxa5TJuhabYlmfdtJ2fXhSs0=
x-amz-request-id: 086FTBWYTNJDPYYP
cache-control: max-age=2592000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XuJSJrt0%2BQu6nwzDM8Aem5fYq4DO2InqNGnmp3m3vHXuwRmJAsjg8HdJQW%2FmAzJTB7KBrGU3rlQPMlDdr%2B4X2iHhvHW0L0EyrB83QxqS9QDEimOT9o6Qqfj%2B5i8ieA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7569e266ba460b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
propeller-tracking.com/fv.js?t=74797
200 OK 0 B URL HTTP/2 propeller-tracking.com/fv.js?t=74797
IP
GET /fv.js?t=74797 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 21:56:02 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 6257b7cec6527e0fd4151e79b56ce3d5
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
104.21.93.229
34.210.158.59
139.45.197.240
104.18.16.6
23.36.76.226
18.193.146.82