Overview

URL 54.winprizes654.monster/eng/phindexn2.html
IP45.76.148.82
ASNAS-CHOOPA
Location Singapore
Report completed2022-11-24 19:36:31 UTC
StatusLoading report..
urlquery Alerts Scam / Brand infringement


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-24 2 54.winprizes654.monster/eng/phindexn2.html Phishing
2022-11-24 2 54.winprizes654.monster/eng/js/app.js?id=0601d5f2aaa1656cef1f Phishing
2022-11-24 2 54.winprizes654.monster/eng/phindexn2.html Phishing
2022-11-24 2 54.winprizes654.monster/eng/img/fb-like.svg Phishing
2022-11-24 2 54.winprizes654.monster/eng/css/landers/prizewheel-fb/app.css?id=cd41123a11 (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (9)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS 54.winprizes654.monster (18) 0 No data No data 45.76.148.82 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.38.146.2
mnemonic passive DNS r3.o.lencr.org (8) 344 No data No data 23.36.77.32
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-24 05:36:55 UTC 34.102.187.140
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-24 05:30:55 UTC 34.117.237.239
mnemonic passive DNS img-getpocket.cdn.mozilla.net (4) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mnemonic passive DNS fiwhibse.com (2) 183284 2021-01-19 23:11:45 UTC 2022-11-24 16:21:04 UTC 139.45.197.250


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.76.148.82

Date UQ / IDS / BL URL IP
2022-11-29 04:57:26 +0000
0 - 0 - 20 58.winprizes658.monster/engaff/phaff2022n4.html 45.76.148.82
2022-11-29 01:10:09 +0000
0 - 0 - 19 58.winprizes658.monster/engaff/phaff2022n4.ht (...) 45.76.148.82
2022-11-29 00:56:44 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82
2022-11-28 22:14:10 +0000
0 - 0 - 16 58.winprizes658.monster/engaff/phaff2022n4.ht (...) 45.76.148.82
2022-11-28 15:57:04 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82

Last 5 reports on ASN: AS-CHOOPA

Date UQ / IDS / BL URL IP
2022-11-29 07:57:03 +0000
0 - 0 - 1 49.winprizes249.monster/es4/coppn2.html 217.69.14.8
2022-11-29 05:57:27 +0000
0 - 0 - 6 online-school.club/es/land2/ 144.202.22.16
2022-11-29 05:19:55 +0000
0 - 0 - 74 www.damamhardware.com/ 139.180.220.219
2022-11-29 04:57:26 +0000
0 - 0 - 20 58.winprizes658.monster/engaff/phaff2022n4.html 45.76.148.82
2022-11-29 04:55:52 +0000
0 - 0 - 8 www.acwoetopc.shop/jp 167.179.74.78

Last 5 reports on domain: winprizes654.monster

Date UQ / IDS / BL URL IP
2022-11-26 12:15:37 +0000
0 - 0 - 6 54.winprizes654.monster/eng/phengnotix22.html 45.76.148.82
2022-11-26 00:56:40 +0000
0 - 0 - 4 54.winprizes654.monster/eng/phengnotix22.html (...) 45.76.148.82
2022-11-25 21:57:29 +0000
0 - 0 - 1 54.winprizes654.monster/ph1/eng1ppn2.html?cit (...) 45.76.148.82
2022-11-25 00:55:53 +0000
0 - 0 - 4 54.winprizes654.monster/ph1/eng1ppn2.html 45.76.148.82
2022-11-24 19:36:31 +0000
13 - 0 - 5 54.winprizes654.monster/eng/phindexn2.html 45.76.148.82

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-29 01:10:09 +0000
0 - 0 - 19 58.winprizes658.monster/engaff/phaff2022n4.ht (...) 45.76.148.82
2022-11-28 22:14:10 +0000
0 - 0 - 16 58.winprizes658.monster/engaff/phaff2022n4.ht (...) 45.76.148.82
2022-11-28 13:59:59 +0000
0 - 0 - 5 jazeerel.xyz/go/068da395-8644-4828-9aaa-f92e7 (...) 3.70.16.242
2022-11-28 03:56:32 +0000
0 - 0 - 19 track.buller-matuma.com/0697586d-8b86-4486-9f (...) 18.195.128.171
2022-11-27 16:01:29 +0000
0 - 0 - 3 65.winprizes265.monster/engaff2/ngaff2022n4.h (...) 217.69.14.8


JavaScript

Executed Scripts (9)


Executed Evals (1)

#1 JavaScript::Eval (size: 80, repeated: 1) - SHA256: 45e4b58cc27021e2a969b1a18d86131a9a05c424e1ae1a2e9afdfdb88c84644b

                                        (() => {
    const a = async
    function name() {};
    window['7eqaje7olli'] = true;
})()
                                    

Executed Writes (0)



HTTP Transactions (39)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5290
Expires: Thu, 24 Nov 2022 21:04:30 GMT
Date: Thu, 24 Nov 2022 19:36:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4679
Cache-Control: max-age=144770
Date: Thu, 24 Nov 2022 19:36:20 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:49:10 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /eng/phindexn2.html HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.76.148.82
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Thu, 24 Nov 2022 19:36:20 GMT
Content-Length: 433
Connection: keep-alive
Location: https://54.winprizes654.monster/eng/phindexn2.html


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   433
Md5:    9eaea160812986d388fa7742764c9d9c
Sha1:   89e64779adcf9c35c5778e96620e78e59d3e76b3
Sha256: 24aa262b2d8b8590717702ef7d014eac0ab117293d5273b13eeb7e571caa4ccd

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7157
Expires: Thu, 24 Nov 2022 21:35:37 GMT
Date: Thu, 24 Nov 2022 19:36:20 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 19:17:19 GMT
cache-control: public,max-age=3600
age: 1141
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    567df7db606cf5d0871aa5bc9311b6da
Sha1:   4263faac7cbab2fcaf6661911dcad5091c06be17
Sha256: e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: VhPWCsdremQehcIHYjMqRUxOMIFeyzVRA01WX16EDzr6L0Ekm23uELZBFbcQCHOtRAYH+iE+3k8=
x-amz-request-id: M41EX79E6SGEB2NQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 18:43:30 GMT
age: 3170
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:20 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 19:11:11 GMT
cache-control: public,max-age=3600
age: 1510
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6156
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 19:36:21 GMT
Last-Modified: Thu, 24 Nov 2022 17:53:45 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /eng/img/landers/prizewheel-fb/notification.png HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
content-length: 449
last-modified: Sun, 13 Nov 2022 04:24:55 GMT
etag: "1c1-5ed5281444a3f"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 30 x 28, 8-bit colormap, non-interlaced\012- data
Size:   449
Md5:    bd5203f2cc9e7a9125e4575e029541b0
Sha1:   9fa565ab2f4b55da4735b79e529562252b3c9afe
Sha256: db94c8ae725f947f20e12df29e6b6c8ade5ffcd5a7dc9ffd9be0351d963f826f

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "17B5FA30F160A1472075C14ED6730A04594AF4DABA7CB24A6E6624EED09C2D86"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Thu, 24 Nov 2022 20:43:32 GMT
Date: Thu, 24 Nov 2022 19:36:21 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vSFwb71YIDWTgqIQTDS5dg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.38.146.2
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9wnE7p5vVPvfuGjdL8YgBijUMiE=

                                        
                                            GET /eng/img/landers/prizewheel-fb/prizewheel_spinner.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
content-length: 32496
last-modified: Sun, 13 Nov 2022 04:24:55 GMT
etag: "7ef0-5ed52814728a0"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1002x1002, components 3\012- data
Size:   32496
Md5:    d4655cba21d806e849eed4e4119fbe1a
Sha1:   6453039d85005643e9d65074ca022f63b5d47cdd
Sha256: 90f2363aaebaf03f06fb20c6c02fb2e97497d7cd54b611281303ce7e10335ee7

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/prizes/iphone-12-pro-max/default@0.5x.png HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
content-length: 35519
last-modified: Sun, 13 Nov 2022 04:24:56 GMT
etag: "8abf-5ed528158bca6"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   35519
Md5:    3425f87a8def62d878b3fbf8f930dee2
Sha1:   961688eb1d3c97e9ed61199b0fcd32e60d1d3467
Sha256: 7f9f5fb4a3340704664a8adba3c74c63d425c92999aed97e078bc3b87d06b64d

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/landers/prizewheel-fb/loader.gif HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
content-length: 5083
last-modified: Sun, 13 Nov 2022 04:24:55 GMT
etag: "13db-5ed52814459df"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 50 x 50\012- data
Size:   5083
Md5:    ed786659a534e0d183c09a90c50abc9d
Sha1:   a6c3d90bfaa86a7cda490bc5d04c8939c31a414e
Sha256: cbaeb154dcb93bff5f6e382cede5d51a11175a2295e56bb2790611910280ba97

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/landers/prizewheel-fb/prizewheel_static.png HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 3370
last-modified: Sun, 13 Nov 2022 04:24:55 GMT
etag: "d2a-5ed52814728a0"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1002 x 1002, 4-bit colormap, non-interlaced\012- data
Size:   3370
Md5:    dc484e0043b5ff6191b1880c8779863c
Sha1:   a5b67e3dff3dea3940eed090431aecbb36611b1d
Sha256: 30bc059973d84a6e1d22d16747bce062025561f2555cdd9cec012a87866abcb6

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/profiles/african/female/3@0.25x.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 2727
last-modified: Sun, 13 Nov 2022 04:24:58 GMT
etag: "aa7-5ed528171f1ce"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2727
Md5:    2790f79b7e764407ae4b87a9dc30734b
Sha1:   30f0a1e4d30ac25108f2d0487f49944fbe630b72
Sha256: 8970ba9af5b39727ac25d42ab540c42ae7f58de4011fadb8efd2f5f317a8d575

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/profiles/african/male/3@0.25x.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 2518
last-modified: Sun, 13 Nov 2022 04:24:59 GMT
etag: "9d6-5ed5281824d54"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2518
Md5:    2c188d082f97b0a5b29c92dbaf7a9787
Sha1:   f2a3828b68ba4d06d450832a977c48a22360d5eb
Sha256: afc758b894177d4003b5d02d80cd023429c99cfc3cd880804570d237cf6a96f0

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/profiles/african/male/10@0.25x.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 2302
last-modified: Sun, 13 Nov 2022 04:24:59 GMT
etag: "8fe-5ed52817f7e93"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2302
Md5:    2ec37a714ba9202b2492cc1eff504041
Sha1:   29d005604784110044c80c13610ec1fe946a7d83
Sha256: 278b0f8b52650d39e549fc69ea49d62d3bdd0c41b3ffd939da265842b6e40369

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/js/app.js?id=0601d5f2aaa1656cef1f HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
vary: Accept-Encoding
last-modified: Sun, 13 Nov 2022 04:24:54 GMT
etag: W/"3d1-5ed528132681a"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (977), with no line terminators
Size:   3208
Md5:    abfa78fec23719d219040cdd3fa3fcc5
Sha1:   35f5946b229e0b77ecae7cfe1b70ac8f8f58ac19
Sha256: 2f8e1b5515749a08d88b1cddc3cc4a0c05aae175bdacde3c2ef429dc3d01e91b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /eng/img/profiles/african/male/9@0.25x.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 3146
last-modified: Sun, 13 Nov 2022 04:24:59 GMT
etag: "c4a-5ed5281824d54"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   3146
Md5:    4c30d4f61201b822adcfa58dbe32389c
Sha1:   9d9edd23a3b074135d9e043b5d1e52d8dbe29c91
Sha256: 19d491c137daf159170ed6d6340c33b11806347b18b2e89840989b914346d9f4

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/prizes/iphone-12-pro-max/proof.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 23152
last-modified: Sun, 13 Nov 2022 04:24:56 GMT
etag: "5a70-5ed528158bca6"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 339x450, components 3\012- data
Size:   23152
Md5:    029d38095e06ced0688fd67a58e70781
Sha1:   b5bdaddeb39b947c35f883f001f34dd163bcb362
Sha256: 5e41534f027f676ce89db3b87319ffbdc1a1e7515e379f80f476e0989fa4bcc1

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/profiles/african/female/5@0.25x.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 1960
last-modified: Sun, 13 Nov 2022 04:24:58 GMT
etag: "7a8-5ed52817339ef"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   1960
Md5:    732da0e5f3968ec3d9014a6bbb62c04a
Sha1:   5d306c8778fdcac19f03542fccaf31df1cb8a783
Sha256: d3eefd5709b25e1bb1129cccb1da22e54816cb2d15a2ed4cfa045b57579a7ef8

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/img/profiles/african/female/1@0.25x.jpg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
content-length: 2781
last-modified: Sun, 13 Nov 2022 04:24:58 GMT
etag: "add-5ed5281708a6e"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2781
Md5:    9ef452251daa9ff9fbdc5fe827a35061
Sha1:   2cb40a02efce5fd8772f57b8e9737018fed3f9ba
Sha256: 355126576c7a0bdbbe771a2b039d093c855efe6805941a36456324a2076e2ce1

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /eng/phindexn2.html HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
vary: Accept-Encoding
last-modified: Sun, 13 Nov 2022 04:24:52 GMT
etag: W/"3057-5ed528118d531"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1005)
Size:   5458
Md5:    85643bb94aa77f4f53719005a92f17a3
Sha1:   957783c64ea32e706d66c6471ae56c9587c4a904
Sha256: 01f79d535046c2d0a4a1d54029b6187c2f264df233228a20f9fc15cbd29effdb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 19:36:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 19:36:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 19:36:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 19:36:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 19:36:22 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
age: 78556
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /eng/img/fb-like.svg HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:22 GMT
vary: Accept-Encoding
last-modified: Sun, 13 Nov 2022 04:24:53 GMT
etag: W/"1213-5ed5281284656"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (4627), with no line terminators
Size:   7054
Md5:    57459226274eca59cf9ebfafe5c73490
Sha1:   37f4b05830b64a5a325eac9e44a004d5b59d4b40
Sha256: 35bf48722acf81cb96aab70f7cf7152f25f1a2754028b92d744dc290d5dd9958

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:22 GMT
age: 44460
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6789
Md5:    d9d93b2a6875d446c3467eb49767eef5
Sha1:   303c571b13b05fcf27ee1159d8fdf6369aaef0a2
Sha256: 2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:14:07 GMT
age: 44535
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    841a4b110022a99ddea6f7bf66df0fa1
Sha1:   126771b86638108050cf57c0d12faa27f80f0edb
Sha256: 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:03:54 GMT
age: 77548
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7462
Md5:    b4157f2c5c3c77ce699324ecb08f47c7
Sha1:   a7d9135f9d01ba13c3cdaf8b038c70212f159297
Sha256: 2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
                                        
                                            GET /eng/css/landers/prizewheel-fb/app.css?id=cd41123a11e97e0f2444 HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
vary: Accept-Encoding
last-modified: Sun, 13 Nov 2022 04:24:54 GMT
etag: W/"da7-5ed52813a575c"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3495), with no line terminators
Size:   14837
Md5:    580410ad1b075a1e2ce7b0003c8c91c0
Sha1:   a9acff7cee63d2c338571c3ea7d14a1be2597048
Sha256: c9e9979179e75e421c660f658a1f1ed14b6a9a35aaa53948c3d2320b0d9a3f40

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /zone?&pub=0&zone_id=4281465&is_mobile=false&domain=54.winprizes654.monster&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1 
Host: fiwhibse.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://54.winprizes654.monster
Connection: keep-alive
Referer: https://54.winprizes654.monster/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         139.45.197.250
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:29 GMT
content-length: 0
x-trace-id: 199123bcb0b907826cd7ba22ce0c342c
access-control-allow-origin: https://54.winprizes654.monster
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

                                        
                                            GET /pfe/current/micro.tag.min.js?z=4281465&sw=/sw-check-permissions-eb920.js HTTP/1.1 
Host: fiwhibse.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-12fca"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /eng/js/landers/prizewheel-fb/app.js?id=da05cdf35760d77e97e5 HTTP/1.1 
Host: 54.winprizes654.monster
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://54.winprizes654.monster/eng/phindexn2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 24 Nov 2022 19:36:21 GMT
vary: Accept-Encoding
last-modified: Sun, 13 Nov 2022 04:24:58 GMT
etag: W/"24ab5-5ed52816d3ead"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---