happy-u.vip/bgv2?cep=fGTfKgNK6_RjivoBATdcrND_1zWfTw4qxg_IdhOZVmmZv5bCezY7O8Jj6ih1z2z-7-3_It6Mssm3us6lJa-QEFKk0ER4iHqBnDArjH0WVW3u4iyDnGDOz_-iee09DHuK45MH4kMHeor8lFST7yygmUsHT2uYCqe7nyEdghsV_Qmrh3MWWt-jikV7kOMiTBu2yofX5mEHmBIgacN06AwFfZR2L9yMkQlfAG6SALwyhBqMhIG1BrMeijDSGMkQIp9Oe6X3c1E5CUPZ1FK4Y5Z5PzY1W_BObxhRr-8MNHbj3K4Cq5Gy-gvJ3peqmOXn1yw7GwQ0lz8owpHc1WeVx_0P_FMNtHujf0pqNOxYUi01bJa9ASJE7ASpZR2LTVnzEvm9&lptoken=16987511344943376936
104.21.93.229302 Found 314 B URL HTTP/1.1 happy-u.vip/bgv2?cep=fGTfKgNK6_RjivoBATdcrND_1zWfTw4qxg_IdhOZVmmZv5bCezY7O8Jj6ih1z2z-7-3_It6Mssm3us6lJa-QEFKk0ER4iHqBnDArjH0WVW3u4iyDnGDOz_-iee09DHuK45MH4kMHeor8lFST7yygmUsHT2uYCqe7nyEdghsV_Qmrh3MWWt-jikV7kOMiTBu2yofX5mEHmBIgacN06AwFfZR2L9yMkQlfAG6SALwyhBqMhIG1BrMeijDSGMkQIp9Oe6X3c1E5CUPZ1FK4Y5Z5PzY1W_BObxhRr-8MNHbj3K4Cq5Gy-gvJ3peqmOXn1yw7GwQ0lz8owpHc1WeVx_0P_FMNtHujf0pqNOxYUi01bJa9ASJE7ASpZR2LTVnzEvm9&lptoken=16987511344943376936
IP 104.21.93.229:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash c5d61682109d5a3e57bf51835ea042d6
2daec230d806bb37b35c8174234549fab7d3d418
554cc5e8f6356cee00505a0d16b96fd0ee7c70f7e9ba7e26e73a17dfb9f767ef
GET /bgv2?cep=fGTfKgNK6_RjivoBATdcrND_1zWfTw4qxg_IdhOZVmmZv5bCezY7O8Jj6ih1z2z-7-3_It6Mssm3us6lJa-QEFKk0ER4iHqBnDArjH0WVW3u4iyDnGDOz_-iee09DHuK45MH4kMHeor8lFST7yygmUsHT2uYCqe7nyEdghsV_Qmrh3MWWt-jikV7kOMiTBu2yofX5mEHmBIgacN06AwFfZR2L9yMkQlfAG6SALwyhBqMhIG1BrMeijDSGMkQIp9Oe6X3c1E5CUPZ1FK4Y5Z5PzY1W_BObxhRr-8MNHbj3K4Cq5Gy-gvJ3peqmOXn1yw7GwQ0lz8owpHc1WeVx_0P_FMNtHujf0pqNOxYUi01bJa9ASJE7ASpZR2LTVnzEvm9&lptoken=16987511344943376936 HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 12:56:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-error-code: Found
x-amz-error-message: Resource Found
x-amz-request-id: N9NKJX73YKYZ5ZQD
x-amz-id-2: hek6HnX3EH/G8f3iFyWNs798TQDsvP8ZYBfhUi2lhvnbIxMTT+GRU4mt0xtSMlM4fzHqVo2qW+s=
Location: /bgv2/
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxnBnKg%2F0K160NNvqcmJF1JNG8jeoofw8JpHrOZmH9RJTHdeRF47mUREKypuCzZd6bIYdq4N2%2B7yH9ksrhZHvn94E2Re6UwvQwc2l1cS2bkMdAqwnvFtQ4vsoPL1kw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7933165b2be2b512-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5220
Expires: Thu, 02 Feb 2023 14:23:31 GMT
Date: Thu, 02 Feb 2023 12:56:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3499
Expires: Thu, 02 Feb 2023 13:54:50 GMT
Date: Thu, 02 Feb 2023 12:56:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 12:43:31 GMT
content-type: application/json
age: 780
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8466
Expires: Thu, 02 Feb 2023 15:17:37 GMT
Date: Thu, 02 Feb 2023 12:56:31 GMT
Connection: keep-alive
happy-u.vip/bgv2/
104.21.93.229200 OK 12 kB IP 104.21.93.229:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12404)
Hash 59d54b2cbaa6c7637b5c362ae86fd272
62a4d0154c302289d1d20ce1bee74b88ab40ec1f
56a84fe31ff3e27047b408ff284bc7ed768cd7fec5cf394432ca83d8c2e04b56
GET /bgv2/ HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:56:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 4Jegz4YTN7WMFxCsKyvrCiGuEg8BOrwDtjfeLDKy1mwKsIsQi7sm7zgUO3nlMExQwjaNQfUmiNI=
x-amz-request-id: 24ZCCWE6HWD3Q848
Last-Modified: Wed, 24 Aug 2022 13:56:19 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 16
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hNUjvpsXdapu2bUpymzZC9fz53QxXALyFam4Jc4Hi5%2Bc3zU9Q3XNz%2FTTf8igY8QzpUJbpSdDxh6POSEzkJCjZCXu%2Bn2%2BVF%2FIlNh0VUvLyO4j15fAWlsiLO%2FRavPJrw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7933165d0f5ab512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mXl9Z7uGpu7pzL+dycsYAcmrEnkPzPh9A+nucscnhLUAubwxo9iFwIatJNzLaqPAPstQHvXKDZqmuQLRTmr8sA==
x-amz-request-id: 7K79NANEP8XK3SYG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 12:51:59 GMT
age: 272
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 16
Cache-Control: max-age=117676
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:56:31 GMT
Etag: "63dadb9b-116"
Expires: Fri, 03 Feb 2023 21:37:47 GMT
Last-Modified: Wed, 01 Feb 2023 21:37:31 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 16
Cache-Control: max-age=117676
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:56:31 GMT
Etag: "63dadb9b-116"
Expires: Fri, 03 Feb 2023 21:37:47 GMT
Last-Modified: Wed, 01 Feb 2023 21:37:31 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 16
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:56:31 GMT
Etag: "63dadb9b-116"
Last-Modified: Thu, 02 Feb 2023 12:56:15 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
happy-u.vip/bgv2%2Fimages%2Fred-arrow-left.png
104.21.93.229200 OK 1.3 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fred-arrow-left.png
IP 104.21.93.229:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 92d3e482cacea857c5dfaf9fa3a21dfb
3f12c410c77d763cc4719ec367a18417b8300758
4a688dc66588e8e86e98ccadb318fa2aca3fd6e2444aac783278b982f3e47eef
GET /bgv2%2Fimages%2Fred-arrow-left.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/png
content-length: 1334
x-amz-id-2: xUnMGTfDJN91DI2FhGiWrX8IWMUl6nZ+Yia0hIMKG+8C23xf1MggFRxaL6Li9ZZlcz+1ZT3C8Bs=
x-amz-request-id: XW0HCQKF11JRE3B5
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "92d3e482cacea857c5dfaf9fa3a21dfb"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4gUPn99M7HEh4SQzIPyKCegBn8nPJuPcOjkemGpzdbiYD0FmpTK%2B8PWfQtgd3mcIyn5mW3bjXyrXe0gXGZzP1L6znTV%2FXadfiiKnS%2Bg3Ufcu%2BUNA1L8OUmhUqQcbSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eaa16b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-start.png
104.21.93.229200 OK 26 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-start.png
IP 104.21.93.229:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash f491647556e492de92530b48827690aa
6296c44299f5acb17cb2c06e37391a70672b1fd3
efb819d37f19ec7505d9602488ce97868d84e1c7929ce83e308e23f02d97b95d
GET /bgv2%2Fimages%2Fslot-start.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/png
content-length: 26084
x-amz-id-2: j+yxnQ1NrAb/8L9uG9/Yn5JSFnh779NWYWoBMSJmqgzWy4lNsmTcnRdAobWeEuF0B51Ff8PM1Ss=
x-amz-request-id: XW0XH3NPCG3104V0
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "f491647556e492de92530b48827690aa"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AOSNOFbQH6Djj8aOhK6bo%2BCcBPy7jBJOE4y7E2EyCZUo5G80d74zAOzzWuMrZh%2F9dRoM5%2Byq3SPPImpVPRMG1ufbQpB3tqA9qd107bN0P333BatPvVUd57JxniErVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eaa21b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-win.png
104.21.93.229200 OK 14 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-win.png
IP 104.21.93.229:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 939b6a73c96383ac0842317037f3a0f0
0654b62431c8ba522833950b8166d7a16e2a6b56
b8f1ec0ac028bd024af2cf57b63b07069b2f4a41e61c1577e968ca5d7ba72837
GET /bgv2%2Fimages%2Fslot-win.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/png
content-length: 14391
x-amz-id-2: IlMMpeRyJ/vGzkQw1W4DvoJO042OJ3ZQDOCKE/22+EXdtPexMjG20IKWezbb1CqeUCu5kGJyzxI=
x-amz-request-id: BAV6KBSDT1047WH3
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "939b6a73c96383ac0842317037f3a0f0"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6wzebJLzr%2BElJJ9A1SNMjQwflDKHR%2BVP9LKrl%2BFjRA%2BOifiTQyLrBqcRwjsJMnTblw2T67kKKdBTpK1vbKXYsCKlFDnjM7u9vUxKily8qn%2FgWB5sl9Y7%2FUXNbkYK1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165e9a11b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=117660
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:56:31 GMT
Etag: "63dadb9b-116"
Expires: Fri, 03 Feb 2023 21:37:31 GMT
Last-Modified: Wed, 01 Feb 2023 21:37:31 GMT
Server: nginx
Content-Length: 278
happy-u.vip/bgv2%2Fimages%2Fslot-result-1.png
104.21.93.229200 OK 20 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-result-1.png
IP 104.21.93.229:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 1fbd2b26e61236d5bcfdfeb6adbd2c8c
c9034272d28dab018b73f1967a679c734f987a1f
c402c36eb8d623b618261d40846e63c130de1e78720ab5578eae1d645198c963
GET /bgv2%2Fimages%2Fslot-result-1.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/png
content-length: 20370
x-amz-id-2: 1WnqKYAuEcrOmFbrsr7JI/SMIPEXfet0K4iNMRpnexOUMAyOkdmj9ri5MVPBeOQ2OiYmqkKHTZY=
x-amz-request-id: BAV2B09D726WTJDK
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "1fbd2b26e61236d5bcfdfeb6adbd2c8c"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1ji4XDoiu7j4zKAc%2BX3YdO7JUoJMKVsK4WY5sApFLydFlm%2BpaxfZ84hU8wPZQEEr5z8aMOaWtxAWYXNkrN00fU1vHmy80zS%2BywBV3KD%2BeoMPTQkQy9P6CPyDiVIuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eaa1eb512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-spin.gif
104.21.93.229200 OK 88 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-spin.gif
IP 104.21.93.229:0
File type GIF image data, version 89a, 410 x 279\012- data
Hash 617c16c5e04c8603dd7f157862b1c682
1306296f9a666a7fc50f339a2a924ce8a3a18169
7f8e36cf7ac437d7c42440ef5f522c8e27adb06348b573192308038fa7c1dc7e
GET /bgv2%2Fimages%2Fslot-spin.gif HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/gif
content-length: 87599
x-amz-id-2: Wlo1yes0n3PNT9IEDHdBdBvZtRkdcg1aLj4/PbS2sue2gd4RrjMY1lqrEImJKuqWAVnZRpxsIyg=
x-amz-request-id: XW0R4T2ATBJFFA66
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "617c16c5e04c8603dd7f157862b1c682"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=scWV5dBh8ndAOVr6Z8sEyDbSNfYojWUTsoHKnZDWE0TRfsv%2FHjSP31At5he95gea8tVs0Pgbo0xzu0l4jG7qul6rNpCSupLgP%2F%2FSKUcVb7CXrNMGEvS%2BFjdyWC4o3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eaa24b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fred-arrow-right.png
104.21.93.229200 OK 1.4 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fred-arrow-right.png
IP 104.21.93.229:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 881bdc037be8895ba5d8d53456890e7e
4e105c89e2a1475520bb74c9c20bf2f9e906fcb3
9f8160d6380fef91c8eadecc6e8e59e93e3f5c40be7963018c8104bef4354d8f
GET /bgv2%2Fimages%2Fred-arrow-right.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/png
content-length: 1362
x-amz-id-2: ZyV3RZx2wJN2v3n0Wr69962KjUzOJJiJkJDA/bumgxFtK9z+/srFKtTL2doQk54Hp8zN6oJngLs=
x-amz-request-id: BAV0ZRH8WP2FAX21
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "881bdc037be8895ba5d8d53456890e7e"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1%2FvIDHKN1BrEgAMZDJ2SHmvSd7Vg7RXExp7ovhypPQRsTN1uz6KeeUUC5VuEBCdzsENI9Hob8v0nyXQwR%2BSBrVK1Cpl26pN2zSjOnnnE%2BNmbyb2ypDHSH026O6sug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eaa1bb512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-result-2.png
104.21.93.229200 OK 27 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-result-2.png
IP 104.21.93.229:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash b6ca0bfea4d0cec334f128f5c2c44cff
f6dc006902542a929187af718d9f6a244e5472b5
b09b477eb93ed896b8e52a2f746e435695dbef2a1259987bae4fbea3c35b5435
GET /bgv2%2Fimages%2Fslot-result-2.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/png
content-length: 26733
x-amz-id-2: 7x9M1Bc2u07jVyX1d533Ss+HdmK3O6CLBggyak/V1jK4HgZ+oCoscBMf9cDZGnfwByL8HOYymr8=
x-amz-request-id: BAVEBNYD0QMXQ3SD
last-modified: Tue, 14 Sep 2021 10:36:57 GMT
etag: "b6ca0bfea4d0cec334f128f5c2c44cff"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GfQeP2pqzvww%2BYdd4RusZYFxYZai%2FC3NkDjiqPA5vnCTUVs2Y6mT1KDL2Vvg7iSovxGPc0f4Okm9HMhHxWPy%2BELS34IUCZeo%2FgF1Sni8Io8VGWcGEe3VM6wb0hSszA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eaa2cb512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 30bc46ed298b02aebea504207f3b4cfe
d81fe45f94eb24127a8543f48d2eecf11778963a
3c86115c7c476a8c8ec222e2f758d3a03c2fc7963fd0c4e3864b87a1a54482e9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3334
Cache-Control: max-age=102257
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:56:31 GMT
Etag: "63da926a-118"
Expires: Fri, 03 Feb 2023 17:20:48 GMT
Last-Modified: Wed, 01 Feb 2023 16:25:14 GMT
Server: ECS (amb/6B91)
X-Cache: HIT
Content-Length: 280
walter-larence.com/hp
18.193.146.82200 OK 382 B IP 18.193.146.82:0
File type ASCII text, with very long lines (381)
Hash 10263a40a9d604e06e31e20f0b213918
524c7e3d46f4c3b19319ff3315ba6adfafd5eb3b
1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee
Analyzer Verdict Alert fortinet Malware
GET /hp HTTP/1.1
Host: walter-larence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:31 GMT
content-length: 382
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 16
Cache-Control: max-age=117676
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:56:31 GMT
Etag: "63dadb9b-116"
Expires: Fri, 03 Feb 2023 21:37:47 GMT
Last-Modified: Wed, 01 Feb 2023 21:37:31 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
cdn.countryflags.com/thumbs/bulgaria/flag-button-square-250.png
104.26.15.30200 OK 2.1 kB URL HTTP/2 cdn.countryflags.com/thumbs/bulgaria/flag-button-square-250.png
IP 104.26.15.30:0
File type PNG image data, 250 x 250, 8-bit colormap, non-interlaced\012- data
Hash 3f0bf22f5b1b69cfbceac506951d3afc
edd3361f44f2971f96af94cff3ea35a485061dfa
2c6c2c194cbcf3b0b62d748b79e5c09d3d0ecc4021f23182966272219939e2e1
GET /thumbs/bulgaria/flag-button-square-250.png HTTP/1.1
Host: cdn.countryflags.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: image/png
content-length: 2091
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "82b-5426c8e5e5000"
last-modified: Tue, 29 Nov 2016 08:41:36 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNmiAuxFvtGILQQEJCbCDTqWYVP7Ga7ewoTZYtZvFi7PjH0RSi61%2FBdHYEnf2M3d4Athw8aZJfriMKmyG9zZPi2kQ9khoE8xPHG9667%2Bd2ITP%2FKQqxy%2F8LPhHKF1h%2BFnhzKyVpkm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165efe5f0afe-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 05295a6ef6a1e08350820742ca84d4cd
829cfdfb5f40a5cf0a9b80d787d46652df0ffdec
2864347c8cafc993e298b6c80a7e34b0c49710b9e8e35af6815ef685d4efdaf2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2864347C8CAFC993E298B6C80A7E34B0C49710B9E8E35AF6815EF685D4EFDAF2"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11197
Expires: Thu, 02 Feb 2023 16:03:08 GMT
Date: Thu, 02 Feb 2023 12:56:31 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash bd77b0ce6227313b58b12ef9e56b6971
bec5fd298d45b3f63f77294678220808caa57032
32b6b0c3128db1a27ada330dcdda3659db3ac39bd12ad32e2f55c0b5e8a4b261
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 12:56:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 20:20:02 GMT
Expires: Wed, 08 Feb 2023 20:20:01 GMT
Etag: "bec5fd298d45b3f63f77294678220808caa57032"
Cache-Control: max-age=544409,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7933165f0c8b0b4d-OSL
my.rtmark.net/p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a
IP 139.45.195.8:0
Hash bd33725f56da891692dff0ac7583d37d
2f5c7d6865087971dd4645d30d6fff57b64fa3fd
66411aa8478bd069ad8a9aa0f2159279c3693da7a7e1fb3b1e53c751e580cfeb
GET /p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 67d700154d75602f11c9737cddbd2276
490decbfdd242deefa9fbf092bd256d31402d73b
935941e71355a1991f0159b44473a728ca64f86efab9f81fcec08dcacf285471
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 02 Feb 2023 12:56:31 GMT
Etag: "63da530e-1d7"
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IwU6flGhOuLsKp6HOyHI_KjAtxiEaxvYIdJgGw_hB-Bd6l0-it-nig==
assets.landerlab.io/base.css
54.230.111.7200 OK 8.7 kB URL HTTP/2 assets.landerlab.io/base.css
IP 54.230.111.7:0
File type ASCII text, with very long lines (8731)
Hash 7f6de4e86d84bcbfd919f155e7545439
e7d9a7a418519c3fbce6de3c85775087cba93b49
8d8c59c2712df25a26ecd01739496e49c3514a9341fa3cd21cfa98627ba6efa2
GET /base.css HTTP/1.1
Host: assets.landerlab.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 8732
last-modified: Sat, 29 May 2021 19:05:04 GMT
x-amz-version-id: 0sEXTlrAazg9KkJm7sv1lqt808WfgxiL
accept-ranges: bytes
server: AmazonS3
date: Thu, 02 Feb 2023 05:06:28 GMT
etag: "7f6de4e86d84bcbfd919f155e7545439"
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bxn6FEOeTXCjubea5EH5jUgAHxyM_FEr8nlkZY78MBR5IATZPlx-NA==
age: 28204
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 0ee5b16a991598f5e5873021f6b1231a
a17f9267eb4ea0f5d9c348ea16a91f1bcaf42f1f
ee621500464e573168aa29156f694a8dbb7e5b7d7e01403bb50606f5a47f733b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=131308
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 12:56:32 GMT
Etag: "63db10ec-118"
Expires: Sat, 04 Feb 2023 01:25:00 GMT
Last-Modified: Thu, 02 Feb 2023 01:25:00 GMT
Server: nginx
Content-Length: 280
bigrourg.net/pfe/current/micro.tag.min.js?z=4519794&sw=/sw-check-permissions-047d6.js
139.45.197.251200 OK 14 kB URL HTTP/1.1 bigrourg.net/pfe/current/micro.tag.min.js?z=4519794&sw=/sw-check-permissions-047d6.js
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (41091), with no line terminators
Hash 002d32199f9116c7429c84ef9d7849bb
328e4f6b8bdfb247e311b58cddab5eaa21d5b4e3
8b9b2a4d4da7ff539e51c4bb298f0587b0c14ed4158294bfa003cb8b6893d1dc
GET /pfe/current/micro.tag.min.js?z=4519794&sw=/sw-check-permissions-047d6.js HTTP/1.1
Host: bigrourg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 12:56:32 GMT
Content-Type: application/javascript
Last-Modified: Fri, 27 Jan 2023 11:03:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63d3af98-a083"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a38fab9935d471e375ef640d6ac4e667
017ff26d808eff453da628e880e04ce6beee3654
7e1b3c60cd7d45623686b73da1d2f6c92b7de281691b2ae5700da4728b8967ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E1B3C60CD7D45623686B73DA1D2F6C92B7DE281691B2AE5700DA4728B8967EF"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3952
Expires: Thu, 02 Feb 2023 14:02:24 GMT
Date: Thu, 02 Feb 2023 12:56:32 GMT
Connection: keep-alive
track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=51b4888facefcf31461709e6561caaa1
104.18.17.6200 OK 0 B URL HTTP/2 track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=51b4888facefcf31461709e6561caaa1
IP 104.18.17.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/606dc316bd12e800113ca177?lander_id=51b4888facefcf31461709e6561caaa1 HTTP/1.1
Host: track.landerlab.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:32 GMT
content-length: 0
cache-control: no-cache
set-cookie: worker_cookie=N4Igdgpg7g+gFgSwC4wQExALhAdhwNgCYBWAMwAYBGAWgA4BmAY2OoBYHS76BOW6gI3zdKEcv3IRWEDABoQANwQBnZKgzZG/QgEN6pSjmr69bCDggCt5OmnblSU8g3wg5ilSiQIAthCVJtbwAHLBBCckJ6agjowgAVSkJMYnxMekIAOkpWSgAtVwVlZAB7ACc1UKocQghSfG1qRlZCPlZ6VgbaCG5GanpaRnxycnoxemJCAsZAoO0EAHMwCuwh/DRGekp8fjREiFphykombQMcArBitAgYRjg5sCwAbQBdOWUYSCgsUm0AGyUEAAvkA=; Expires=Fri, 03 Feb 2023 12:56:32 GMT; Domain=track.landerlab.io; Path=/; SameSite=None; Secure
__cf_bm=UEvZx9rnRp.omLqoyEWWxnc1DYGgz.2DJwtbFYazHj0-1675342592-0-AWtsgNmWsrZvwvGh9+8yZpuQAZLExQxVB4cFxpi3eNI/462PS6XpiDPA+UXwlRwvEX1HDdobnQlfLdeKqIw8g74=; path=/; expires=Thu, 02-Feb-23 13:26:32 GMT; domain=.track.landerlab.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 79331660d85fb517-OSL
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=74797
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=74797
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=74797 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: fdc89d74d04de3ab11b96854b5da3e0f
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 12:49:05 GMT
age: 447
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=74797
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=74797
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=74797 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: cdcf71f03d3733c4889280ad469ea10d
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
deefauph.com/pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js
139.45.197.251200 OK 14 kB URL HTTP/1.1 deefauph.com/pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (41091), with no line terminators
Hash 002d32199f9116c7429c84ef9d7849bb
328e4f6b8bdfb247e311b58cddab5eaa21d5b4e3
8b9b2a4d4da7ff539e51c4bb298f0587b0c14ed4158294bfa003cb8b6893d1dc
GET /pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 12:56:32 GMT
Content-Type: application/javascript
Last-Modified: Fri, 27 Jan 2023 11:03:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63d3af98-a083"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
d3rxaij56vjege.cloudfront.net/form-serialize/0.3/serialize.min.js
54.230.245.102200 OK 1.2 kB URL HTTP/1.1 d3rxaij56vjege.cloudfront.net/form-serialize/0.3/serialize.min.js
IP 54.230.245.102:0
File type ASCII text, with very long lines (1197), with no line terminators
Hash 7d3e5f83849d8d66381fd41ac97eb5a1
bf52c33777d86cd1498dd166eb43d7ee16ea35f2
bd5127d88d20bfc74fb94869e2026ddfbb9119934c6b441b12ed7762a948a702
GET /form-serialize/0.3/serialize.min.js HTTP/1.1
Host: d3rxaij56vjege.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1197
Connection: keep-alive
Last-Modified: Mon, 02 Nov 2015 22:04:54 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 02 Feb 2023 05:22:11 GMT
ETag: "7d3e5f83849d8d66381fd41ac97eb5a1"
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ECjmNIv9-Sk6ZNvX1GSoHYYqg8rI3jmeuCQsc3IhcqgvOsP-PQlhPw==
Age: 27262
happy-u.vip/favicon.ico
104.21.93.229404 Not Found 268 B IP 104.21.93.229:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8b589696c64f06ee6e75d1381c6763b4
495dfd9219ea581c775ec0523274fcb73081dbec
e1e1bc600d176bf75b7b6ee306b4d8827165f25499bfad34ccba540d1e501239
GET /favicon.ico HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/bgv2/
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 12:56:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: TV6CTBSE2ATJ3GV7
x-amz-id-2: IUr/ypCbFO+ZD3LraHOShht5rU2hMoS4QdygU9ROyMIdg8fIvQcc4ZKulrRs5PI6hVVACAczPA4=
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 16
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RoqQe7udS%2FaF%2B%2FJqSU%2BgT6dMqFJjN%2Bn1%2BmBVAeWY3xK9kO5Dg5ZflOzJhDHq%2BqBBX7b1yyyODiT2ZSFgRJG7erRm9wQ8l5BlnbI%2F1AsHCzD%2FJ6ToHPf1fnHCSWuVHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79331661b812b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7af240f24e16e5807c4e364f012df4b4
58c497843afeb9086346ebd8ee51b772422c6752
e7cd1c64c7a8c0414001cdf707af55723f8348f208f9cbb9373a1a83aacc9dd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E7CD1C64C7A8C0414001CDF707AF55723F8348F208F9CBB9373A1A83AACC9DD7"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Thu, 02 Feb 2023 15:48:01 GMT
Date: Thu, 02 Feb 2023 12:56:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10886
Expires: Thu, 02 Feb 2023 15:57:58 GMT
Date: Thu, 02 Feb 2023 12:56:32 GMT
Connection: keep-alive
bigrourg.net/zone?&pub=0&zone_id=4519794&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 bigrourg.net/zone?&pub=0&zone_id=4519794&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4519794&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: bigrourg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
content-length: 0
x-trace-id: 4669d274fd2916f0da645523dbc44e6a
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=74797&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: f6a5c981671ba3c541881da82292bcab
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=74797&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9d80c73cac55ef92451c70e435967a82
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6a83f1cda10b24856cd1be686e5cff48
9176a8eebc8d2457d201e195da4c4f76688f5a16
9cb7ea8c3301debfe14b8f13ee01254c080238169ba13f0c030ea870d36c70cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9CB7EA8C3301DEBFE14B8F13EE01254C080238169BA13F0C030EA870D36C70CD"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2283
Expires: Thu, 02 Feb 2023 13:34:35 GMT
Date: Thu, 02 Feb 2023 12:56:32 GMT
Connection: keep-alive
deefauph.com/zone?&pub=0&zone_id=4188429&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 deefauph.com/zone?&pub=0&zone_id=4188429&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4188429&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
content-length: 0
x-trace-id: d26aa8bd587c790438f7c1ab8abf0f18
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv2%2F
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv2%2F
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv2%2F HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f7eedf5cd21e4ff8a9971754c104406c; expires=Fri, 02 Feb 2024 12:56:32 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.186.188.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.188.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xp9n7beUXk3/MxhZ7FsfwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: P94oqmRVlNskGgAogfvzf4QRq1A=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4832
Expires: Thu, 02 Feb 2023 14:17:05 GMT
Date: Thu, 02 Feb 2023 12:56:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4832
Expires: Thu, 02 Feb 2023 14:17:05 GMT
Date: Thu, 02 Feb 2023 12:56:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4832
Expires: Thu, 02 Feb 2023 14:17:05 GMT
Date: Thu, 02 Feb 2023 12:56:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4832
Expires: Thu, 02 Feb 2023 14:17:05 GMT
Date: Thu, 02 Feb 2023 12:56:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f1d06527f75868ea84da730b7c8b5660
6c0cb65a477d6bc7d013529411d5735bd39e3d46
2ff4fb12b9ac4dff67bf89cc69f1bfce3ffa738696f904172044a5a537a704c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6783
x-amzn-requestid: 5ab60169-ec65-483a-828b-3312c74ee4b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BGjqoAMFV6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-73a465244f89adaa27626246;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EnMwKHnlZQbvGDjPKuFqW9G8CBaRAV6QKzJ2VFOtRPDm3EIgVUpmYQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:29 GMT
age: 53945
etag: "6c0cb65a477d6bc7d013529411d5735bd39e3d46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fjs%2Fjquery.min.js
104.21.93.229200 OK 40 kB URL HTTP/2 happy-u.vip/bgv2%2Fjs%2Fjquery.min.js
IP 104.21.93.229:0
File type ASCII text, with very long lines (32063)
Hash e4f489a0ed3f7dd70290f8ba6221ea28
ab8cfa4def40981b298d0f871da07d345b3862ab
a925544160687c2f7db9b7948387bb2bdd1576842c05a9fae3216c30130ad7d4
GET /bgv2%2Fjs%2Fjquery.min.js HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: application/javascript
x-amz-id-2: Jb+YvPUjjAb7J5MlbRMuvm3rwmSo7onzLhV071Y3IIAoYmyjlQPxi/3irjwXb77C98HSWzHz/Dk=
x-amz-request-id: BAVDMD505YYE2VDF
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: W/"723e11a50995eef960d59451910e2cb4"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaiawpKwoZsfVUMZziVHhDxo7vuAUvMLO3n9Diz0Fwg51WWcweXmviLnwjnY12s1oK3aPXuz%2FopJt0p%2BZFNzeS8yXMV%2BpeD1Dsh0mTf0k%2Bzw3KbY2Le%2FaQb8%2B4BL5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eda6eb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1ea9f44-4a0b-4366-b041-d2bd88c5fcb5.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1ea9f44-4a0b-4366-b041-d2bd88c5fcb5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604c573da6f79effa2a81e711c14ad9e
322a3a510ca73e124d78e31b49d676ec891a6762
8d2b897fe4251106be9183fa2a6a3b0918cd1f4dcc5f814aa88a630a77b4045c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc1ea9f44-4a0b-4366-b041-d2bd88c5fcb5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7960
x-amzn-requestid: 774cebdf-b2bf-4a98-9d2b-e2abd4bd1a2b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BG-hoAMFTSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-234163873ca67e934d684a1d;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uBOoIV3qLgPgjOas4bG9LnzvJyW5AmcxMm7xqxI2keBg3er2G3MldA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:01:31 GMT
etag: "322a3a510ca73e124d78e31b49d676ec891a6762"
content-type: image/jpeg
age: 53703
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C1kqthy0eZop0UZfG3_op5xeBOVGiPLYfia4uS1l4-kchEzV6ccE9w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:16:08 GMT
age: 20426
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ybz4mmNUwsKOkpz6GFm4nLz7iGX5gJ--EiUjqrs8G92GBLn6qaF7IQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:51 GMT
age: 53923
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc092e5e-3a14-4d43-9814-99fd9d49d6c8.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc092e5e-3a14-4d43-9814-99fd9d49d6c8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 41c44051cc3b4c69924df66048e7566b
5c6a12595c3f6005fec4baa84b16575951e72178
72dff70bcb417c088aba013a486e1dbabe099b40fb718a283f1ba220b142b848
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc092e5e-3a14-4d43-9814-99fd9d49d6c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: 1b3ef150-9b12-4b8b-94e6-0d6debbd24ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTDFmPoAMF-UQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-0fea883b0ce1a1b933dc2be8;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qON7fRZ1XPCkl7ldiGagd0UcPynLKMzysXr8LZSRvS1ily9cN5w_wA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:22:55 GMT
age: 52419
etag: "5c6a12595c3f6005fec4baa84b16575951e72178"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3161
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3161
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=74797&bid=undefined&aid=undefined&tp=3161 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 12:56:34 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: e5f4a51dcc57c7505d0917f529e0f588
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3162
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3162
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=74797&bid=undefined&aid=undefined&tp=3162 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 12:56:34 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 05b7ea4312e6fc9622cbb3ec816fa72d
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fcss%2Fstyle.css
104.21.93.229200 OK 0 B URL HTTP/2 happy-u.vip/bgv2%2Fcss%2Fstyle.css
IP 104.21.93.229:0
GET /bgv2%2Fcss%2Fstyle.css HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=13222
etag: W/"538445a521226e69b9c4231a52ad5e79"
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
x-amz-id-2: ePBQvHpot5OHxZvLFQBD89aNm0cnioe75cy5uMwcq6dKUjveyTSKTypEviEGVEjQHNjVnPp21lU=
x-amz-request-id: BAVEG0A3QJXJY96B
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Czby3Fy%2BjlEWkQirvU1t2bh%2B%2BW36SNeKp1TDWaKsUu9vqsLm20C88Wr7ey44xbLfVIYq8kA7KPlt4C49xpKXpeHb%2FiDNeOXU%2BTAwFtnxns1zEFnB7t0e95WkOv%2FedQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7933165eaa2db512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
propeller-tracking.com/fv.js?t=74797
139.45.197.240200 OK 0 B URL HTTP/2 propeller-tracking.com/fv.js?t=74797
IP 139.45.197.240:0
GET /fv.js?t=74797 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:31 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 341e8708c67d54ad6ca343fa25665dc2
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
propeller-tracking.com/fv.js?t=74797
139.45.197.240200 OK 0 B URL HTTP/2 propeller-tracking.com/fv.js?t=74797
IP 139.45.197.240:0
GET /fv.js?t=74797 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 12:56:32 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 7463cc2147f42a0de8694d41bfcbb590
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2