Overview

URL 42.winprizes542.digital/th1paff/thaff22n4.html?city=Mountain%20View&model=Android%2010.0&brand=Generic&isp=Google%20Cloud&browser=Firefox%20Focus&cep=KkfS0NhpkmV255cKlrO_WvM4wm50O6LfaHwGyhQBi3gAKt87wP_LNFCNt_YBtM0R1lbFoK5jr0FL7gvZ-2Avay_8xeycVN6Jo4jW7b8RZpVyNPpOBWC6HY5-wwWVTMwVqzkI46vRMFz7OpI5Qn3ZIijbiprtkRrHsIz4iBQF8VvkSGieX1851GSTa9lHVaO1V_Kxnha8Mba7w8nLAetEZm8aMtXvHiEBix0tZPN_6Wc51alQiVja764MO3SUaL5hQ3mNlz2Ukjep7hCvAtEAD1AvEbOrbEdGske1nfca-U0oAyADA0ukLS5tCRkrOqgw9ho-SfxhszKUxLNbcC6VUib0Es79jrVM553vE8irtytgaM8ojf6e3RANNQpg-aVZshXYdoSXIUgNRwLe2J4IJ18f7bSXf0Al5IucakYT694&lptoken=165f69fb314c80a104eb
IP45.76.148.82
ASNAS-CHOOPA
Location Singapore
Report completed2022-11-24 18:57:15 UTC
StatusLoading report..
urlquery Alerts Scam / Brand infringement
Scam / Brand infringement


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (9)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-24 05:36:55 UTC 34.102.187.140
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.187.31.159
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (6) 344 No data No data 23.36.77.32
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-24 05:30:55 UTC 34.117.237.239
mnemonic passive DNS 42.winprizes542.digital (22) 0 No data No data 45.76.148.82 Unknown ranking
mnemonic passive DNS push.winprizes542.digital (1) 0 No data No data 67.212.173.74 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.76.148.82

Date UQ / IDS / BL URL IP
2022-11-29 04:57:26 +0000
0 - 0 - 20 58.winprizes658.monster/engaff/phaff2022n4.html 45.76.148.82
2022-11-29 01:10:09 +0000
0 - 0 - 19 58.winprizes658.monster/engaff/phaff2022n4.ht (...) 45.76.148.82
2022-11-29 00:56:44 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82
2022-11-28 22:14:10 +0000
0 - 0 - 16 58.winprizes658.monster/engaff/phaff2022n4.ht (...) 45.76.148.82
2022-11-28 15:57:04 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82

Last 5 reports on ASN: AS-CHOOPA

Date UQ / IDS / BL URL IP
2022-11-29 07:57:03 +0000
0 - 0 - 1 49.winprizes249.monster/es4/coppn2.html 217.69.14.8
2022-11-29 05:57:27 +0000
0 - 0 - 6 online-school.club/es/land2/ 144.202.22.16
2022-11-29 05:19:55 +0000
0 - 0 - 74 www.damamhardware.com/ 139.180.220.219
2022-11-29 04:57:26 +0000
0 - 0 - 20 58.winprizes658.monster/engaff/phaff2022n4.html 45.76.148.82
2022-11-29 04:55:52 +0000
0 - 0 - 8 www.acwoetopc.shop/jp 167.179.74.78

Last 5 reports on domain: winprizes542.digital

Date UQ / IDS / BL URL IP
2022-11-29 00:56:44 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82
2022-11-28 15:57:04 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82
2022-11-28 13:54:01 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82
2022-11-28 08:55:24 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82
2022-11-28 08:54:47 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-29 07:54:29 +0000
1 - 0 - 1 track.rendan-compto.com/05862fc2-5ff3-4156-b9 (...) 18.195.128.171
2022-11-29 06:53:53 +0000
1 - 0 - 1 track.rendan-compto.com/11e12742-05d2-4bad-8d (...) 18.195.128.171
2022-11-29 05:54:09 +0000
1 - 0 - 1 track.rendan-compto.com/49f6fa60-6b66-4771-a1 (...) 18.195.128.171
2022-11-29 01:09:50 +0000
1 - 0 - 1 track.rendan-compto.com/1aee6222-540a-43f9-b0 (...) 18.195.128.171
2022-11-29 00:56:44 +0000
1 - 0 - 0 42.winprizes542.digital/th1paff/thaff22n4.htm (...) 45.76.148.82


JavaScript

Executed Scripts (13)


Executed Evals (0)


Executed Writes (6)

#1 JavaScript::Write (size: 0, repeated: 1) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    

#2 JavaScript::Write (size: 12, repeated: 1) - SHA256: e90c64359a561f3c752912b0b3b058ec52aa4af143372f280d8225ea0d8cbb3b

                                        22 $(4 2 "
                                    

#3 JavaScript::Write (size: 12, repeated: 1) - SHA256: 5547d51df26a284a9265b39e4cdb0b41a03bb774024edde98bfceb15163f3d25

                                        21 $(4 2 "
                                    

#4 JavaScript::Write (size: 12, repeated: 1) - SHA256: 0dfb14ebb0182f359d57f1e571c0993439e85da3a496ddcb442491639ec1c680

                                        20 $(4 2 "
                                    

#5 JavaScript::Write (size: 30, repeated: 1) - SHA256: c9040a64188ae900165e86968c1b5e78dc301b06623e17e830176e3618a72a15

                                        '1$+1*5, 24 $(42" 2022
                                    

#6 JavaScript::Write (size: 11, repeated: 1) - SHA256: 1344cdb2314c6d1394dce683c56b873c2c6f35723ec9f1181b0ec625aaa6154b

                                        '1$+1*5
                                    


HTTP Transactions (42)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7646
Expires: Thu, 24 Nov 2022 21:04:30 GMT
Date: Thu, 24 Nov 2022 18:57:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1770
Cache-Control: max-age=144217
Date: Thu, 24 Nov 2022 18:57:04 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:00:41 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3831
Expires: Thu, 24 Nov 2022 20:00:55 GMT
Date: Thu, 24 Nov 2022 18:57:04 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 18:17:19 GMT
cache-control: public,max-age=3600
age: 2385
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: VhPWCsdremQehcIHYjMqRUxOMIFeyzVRA01WX16EDzr6L0Ekm23uELZBFbcQCHOtRAYH+iE+3k8=
x-amz-request-id: M41EX79E6SGEB2NQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 18:43:30 GMT
age: 814
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:04 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 18:11:11 GMT
cache-control: public,max-age=3600
age: 2753
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /th1paff/thaff22n4.html?city=Mountain%20View&model=Android%2010.0&brand=Generic&isp=Google%20Cloud&browser=Firefox%20Focus&cep=KkfS0NhpkmV255cKlrO_WvM4wm50O6LfaHwGyhQBi3gAKt87wP_LNFCNt_YBtM0R1lbFoK5jr0FL7gvZ-2Avay_8xeycVN6Jo4jW7b8RZpVyNPpOBWC6HY5-wwWVTMwVqzkI46vRMFz7OpI5Qn3ZIijbiprtkRrHsIz4iBQF8VvkSGieX1851GSTa9lHVaO1V_Kxnha8Mba7w8nLAetEZm8aMtXvHiEBix0tZPN_6Wc51alQiVja764MO3SUaL5hQ3mNlz2Ukjep7hCvAtEAD1AvEbOrbEdGske1nfca-U0oAyADA0ukLS5tCRkrOqgw9ho-SfxhszKUxLNbcC6VUib0Es79jrVM553vE8irtytgaM8ojf6e3RANNQpg-aVZshXYdoSXIUgNRwLe2J4IJ18f7bSXf0Al5IucakYT694&lptoken=165f69fb314c80a104eb HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.76.148.82
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Thu, 24 Nov 2022 18:57:04 GMT
Content-Length: 1021
Connection: keep-alive
Location: https://42.winprizes542.digital/th1paff/thaff22n4.html?city=Mountain%20View&model=Android%2010.0&brand=Generic&isp=Google%20Cloud&browser=Firefox%20Focus&cep=KkfS0NhpkmV255cKlrO_WvM4wm50O6LfaHwGyhQBi3gAKt87wP_LNFCNt_YBtM0R1lbFoK5jr0FL7gvZ-2Avay_8xeycVN6Jo4jW7b8RZpVyNPpOBWC6HY5-wwWVTMwVqzkI46vRMFz7OpI5Qn3ZIijbiprtkRrHsIz4iBQF8VvkSGieX1851GSTa9lHVaO1V_Kxnha8Mba7w8nLAetEZm8aMtXvHiEBix0tZPN_6Wc51alQiVja764MO3SUaL5hQ3mNlz2Ukjep7hCvAtEAD1AvEbOrbEdGske1nfca-U0oAyADA0ukLS5tCRkrOqgw9ho-SfxhszKUxLNbcC6VUib0Es79jrVM553vE8irtytgaM8ojf6e3RANNQpg-aVZshXYdoSXIUgNRwLe2J4IJ18f7bSXf0Al5IucakYT694&lptoken=165f69fb314c80a104eb


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (688)
Size:   1021
Md5:    807a8b84931e6e98739192cf8240cc3b
Sha1:   2fcecf9f8ed30ceb478eebc5304187e57d5def88
Sha256: 669ff002487bd6f904ce65ee98a8ca09f13c541bc35320bdb823c2505a958ceb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5550
Cache-Control: max-age=142935
Date: Thu, 24 Nov 2022 18:57:04 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:39:19 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZnNkcmzioTq1Trebd0eJaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.187.31.159
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: E36JXGCaQRReEZSLDPWOBRF95BE=

                                        
                                            GET /js/pub.min.js HTTP/1.1 
Host: push.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         67.212.173.74
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 1482
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
vary: Accept-Encoding
etag: "631b2780-5ca"
content-encoding: gzip
expires: Fri, 25 Nov 2022 18:57:05 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2752)
Size:   1482
Md5:    31c303586c1b78e33984bd252b8e2644
Sha1:   8083e2aad4cbf8242a4e6fb53657d49552b85f82
Sha256: d2c713c2734353dc0ef2896d057021e9b04f35bb7c851d920d390941769c66be
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13398
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 18:57:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13398
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 18:57:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13398
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 18:57:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13398
Expires: Thu, 24 Nov 2022 22:40:24 GMT
Date: Thu, 24 Nov 2022 18:57:06 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YJuHCuUgkLuFFiQUlrPWgv9grHznufMTU08hi4ZMpQTBmou6BGWrhQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:52 GMT
age: 76154
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:08:16 GMT
age: 74930
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7462
Md5:    b4157f2c5c3c77ce699324ecb08f47c7
Sha1:   a7d9135f9d01ba13c3cdaf8b038c70212f159297
Sha256: 2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rrs7G6Wto6iY0rT6KsKwKAOPJjehXqD0jHZrR_eaiqpepQILFr7Dtw==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:07 GMT
age: 76079
etag: "89accd230fba95fe0049678070817b36ead015fa"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5070
Md5:    0856fdb55f19f03a1bec38b3d6e0ac77
Sha1:   89accd230fba95fe0049678070817b36ead015fa
Sha256: 17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:04:28 GMT
age: 49958
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    841a4b110022a99ddea6f7bf66df0fa1
Sha1:   126771b86638108050cf57c0d12faa27f80f0edb
Sha256: 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DYBcunpyI0FBJsJGh1kKpFI3X8kzCkO3mCxzUtWnaMKBT-Bv-zkq3Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:59:18 GMT
age: 75468
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13882
Md5:    64d79191f005c9876b952c5f948aa0f7
Sha1:   1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
Sha256: 00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:10:24 GMT
age: 42402
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6789
Md5:    d9d93b2a6875d446c3467eb49767eef5
Sha1:   303c571b13b05fcf27ee1159d8fdf6369aaef0a2
Sha256: 2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
                                        
                                            GET /th1paff/menu_2x.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://42.winprizes542.digital/th1paff/clean.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 124
last-modified: Mon, 25 Apr 2022 03:21:08 GMT
etag: "7c-5dd72113ed2b6"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 40 x 36, 8-bit gray+alpha, non-interlaced\012- data
Size:   124
Md5:    8f68efd9388ccd80b43759b2ed542305
Sha1:   9f2cf96efe3bdec2ab64bc51856619cc02958fe6
Sha256: 455b82fa1e54fc88fe0699eabecb02155f1d6228e0ae3d7f72e1abe92dae8f3c

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/notify_2x.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://42.winprizes542.digital/th1paff/clean.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 229
last-modified: Mon, 25 Apr 2022 03:21:08 GMT
etag: "e5-5dd7211403a16"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 36 x 32, 8-bit gray+alpha, non-interlaced\012- data
Size:   229
Md5:    988234626ae7a880ed9c6a92f6336c0f
Sha1:   173967c2b59baed4a06997d874aba32ab65da201
Sha256: 4566dd8f59a09f51415a7c8955f48f75298522fc6db554bc1a59ad79c3e3e314

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/spin_prize2.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://42.winprizes542.digital/th1paff/clean.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 2814
last-modified: Mon, 25 Apr 2022 03:21:10 GMT
etag: "afe-5dd721150e3bc"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 142 x 173, 8-bit colormap, non-interlaced\012- data
Size:   2814
Md5:    f278c8d30fc51b72e0774b9ecb49214c
Sha1:   03b574db82b31ee5758eb5093fda8ea25d1b00d8
Sha256: 43f3e6d7e7b011430b39020bc5ff8fe6be2947100c597de44ca549ea96a0fd7c

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/action_icons_20px_2x.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://42.winprizes542.digital/th1paff/clean.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 1726
last-modified: Mon, 25 Apr 2022 03:21:06 GMT
etag: "6be-5dd72111551a8"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 40 x 360, 8-bit colormap, non-interlaced\012- data
Size:   1726
Md5:    b699975b5fe73b087e711a33ff24ee1e
Sha1:   0e33cc5c32a5e7d18440751e3946076664caaf53
Sha256: 4e06866c22bb275c6c4f01265e1f3e9f00fe9face9739f6531371d688a8e7a7e
                                        
                                            GET /th1paff/comment_action_2x.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://42.winprizes542.digital/th1paff/clean.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 641
last-modified: Mon, 25 Apr 2022 03:21:06 GMT
etag: "281-5dd72111a04c9"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 24 x 120, 8-bit colormap, non-interlaced\012- data
Size:   641
Md5:    e9b3872b3e63e19728176d45f0aa6986
Sha1:   b638f89d5d80c4cd65327da973c52f778e30bd55
Sha256: a3f59e07404f1745bed88a314113a86da376526e7e1e555c99b3e249178c6ba5

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/prizewheel11.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 604427
last-modified: Mon, 25 Apr 2022 03:21:09 GMT
etag: "9390b-5dd721144cdf8"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1002 x 1002, 8-bit/color RGBA, non-interlaced\012- data
Size:   604427
Md5:    666bd514461839dc5d796c0c1061c677
Sha1:   a6ac8413ef5375b0d35a85bf167b4b771c1c323b
Sha256: 5d37922d8303b80fdf20e8eabafee70f0d3adcafe56bb285d00190014201e845

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/i11black.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 241130
last-modified: Mon, 25 Apr 2022 03:21:08 GMT
etag: "3adea-5dd721137ed13"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 828 x 828, 8-bit/color RGBA, non-interlaced\012- data
Size:   241130
Md5:    13d47dc9e6696f67342dd750753a4f9c
Sha1:   0939480dc263b6d311ec872929e6e0cdfbbabc93
Sha256: a6d1f1fa19e933c9da1306cbda5e0528ea1f73d0d9afecdfc1566fe9d7e682b8

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/default.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 94803
last-modified: Mon, 25 Apr 2022 03:21:06 GMT
etag: "17253-5dd72111adf8a"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size:   94803
Md5:    8adac2b1f6fec2ad7a323668d7fcd96a
Sha1:   5b875ce4cc5fa5576fdcf13385c0c5b53631e691
Sha256: 1609915700b5b68a54051d6207d11d02cfebb54f9038e8a01e8ca67ddfb6d9e4

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/like_user_2.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 1216
last-modified: Mon, 25 Apr 2022 03:21:08 GMT
etag: "4c0-5dd72113ca035"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size:   1216
Md5:    f9299c2023539a8f27a6e1b12ed260e5
Sha1:   046baf9bcd1bbdf9d51ca63e3899ea2e7f5de0b2
Sha256: ba0c57dd9fbd100462ac62c8c8b3156caf1283d250fb56ee8ce5b0f53e575ccd

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/like_user_1.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 1293
last-modified: Mon, 25 Apr 2022 03:21:08 GMT
etag: "50d-5dd72113bb5d5"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size:   1293
Md5:    2aa0d43e70d60d76ac4bdff139f8c7cb
Sha1:   d7e3433297ad90f5d99249aee29b645265c9f3eb
Sha256: e7c85bfa7ba6d75dd0de72e51da2e185351ced82b32090ab35395766ef4849fa

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/th11.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 33011
last-modified: Mon, 25 Apr 2022 03:21:10 GMT
etag: "80f3-5dd7211541fdd"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 512x512, components 3\012- data
Size:   33011
Md5:    ffe51ab982f112629842aba9714b9070
Sha1:   b371e6d6e449245aed93ca0bb9382dbf083b72b9
Sha256: e3027b9fd073f418da9e7176905e7afd3ac4dcb5e6a527b04067dc77ef17f177

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/thaff22n4.html?city=Mountain%20View&model=Android%2010.0&brand=Generic&isp=Google%20Cloud&browser=Firefox%20Focus&cep=KkfS0NhpkmV255cKlrO_WvM4wm50O6LfaHwGyhQBi3gAKt87wP_LNFCNt_YBtM0R1lbFoK5jr0FL7gvZ-2Avay_8xeycVN6Jo4jW7b8RZpVyNPpOBWC6HY5-wwWVTMwVqzkI46vRMFz7OpI5Qn3ZIijbiprtkRrHsIz4iBQF8VvkSGieX1851GSTa9lHVaO1V_Kxnha8Mba7w8nLAetEZm8aMtXvHiEBix0tZPN_6Wc51alQiVja764MO3SUaL5hQ3mNlz2Ukjep7hCvAtEAD1AvEbOrbEdGske1nfca-U0oAyADA0ukLS5tCRkrOqgw9ho-SfxhszKUxLNbcC6VUib0Es79jrVM553vE8irtytgaM8ojf6e3RANNQpg-aVZshXYdoSXIUgNRwLe2J4IJ18f7bSXf0Al5IucakYT694&lptoken=165f69fb314c80a104eb HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: text/html
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
vary: Accept-Encoding
last-modified: Wed, 07 Sep 2022 11:47:46 GMT
etag: W/"424d-5e814e1a3843d"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2343)
Size:   9572
Md5:    410b127d487dceb87cef1f35b4fb99d1
Sha1:   9737372d6b0824772e013c82915932662d37ad16
Sha256: a86bafe46f95e0b20d74267e4f58033e42eedc243f887233e0224c20a36089f7
                                        
                                            GET /th1paff/th13.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 5238
last-modified: Mon, 25 Apr 2022 03:21:10 GMT
etag: "1476-5dd72115661fd"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 128x128, components 3\012- data
Size:   5238
Md5:    79428c15f4cb8d4c22f0ae8844e327d7
Sha1:   b34513fac8649885f2e9ce9940b26e9f7f47d8bb
Sha256: 7e257b9661a3c2ef7598ad3b7e10133e9a4c97cbe389f0363bd103b841d43076

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/th14.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 5988
last-modified: Mon, 25 Apr 2022 03:21:10 GMT
etag: "1764-5dd721157aa1e"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 128x128, components 3\012- data
Size:   5988
Md5:    4387f4c0cbae645d5d7442254e7cc560
Sha1:   99b2c3a509f515fc9e53c8b018ba6b47028afbe1
Sha256: 116ad309253857cb0844a375919bf6af104efc407355e64a5cabf600cc70a67b

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/clip_footer_3.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 2460
last-modified: Mon, 25 Apr 2022 03:21:06 GMT
etag: "99c-5dd721117f189"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 52 x 59, 8-bit colormap, non-interlaced\012- data
Size:   2460
Md5:    e1b626392882cc25b4d891afaa68afd4
Sha1:   454d7abdbc2548d04feb95436ea0ab4126b4f00b
Sha256: ef3b8785199a0a640150a9d9ceb9b7cff2b118ee377ce36317d4a3e716bd944f

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/th17.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 4513
last-modified: Mon, 25 Apr 2022 03:21:10 GMT
etag: "11a1-5dd72115b43ff"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 128x128, components 3\012- data
Size:   4513
Md5:    2444132c4b20c85e0c9526f3b35a2524
Sha1:   eb394ff3f1a3e2fadc7a8912e8929e218270e733
Sha256: dfa6330186654634effccd2138f9ccd398bd743328b42a847ebe220c7a5dcff5

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/th15.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 3856
last-modified: Mon, 25 Apr 2022 03:21:10 GMT
etag: "f10-5dd721158c35e"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 128x128, components 3\012- data
Size:   3856
Md5:    d8996a573db7acb91022ed0d671a1495
Sha1:   175685d525ff01441445e0c585ddbf9d867de6e4
Sha256: cb72127809614325373d8eaf864c013df8c0f4bace2d3e55e94c8ec5faa91753

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/th16.jpg HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 4130
last-modified: Mon, 25 Apr 2022 03:21:10 GMT
etag: "1022-5dd72115a1b1f"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 128x128, components 3\012- data
Size:   4130
Md5:    487c9c7e98edf8c07cd5cef5a7c3e48d
Sha1:   a27e943677cc67810eb71f7f889969d2ca52e390
Sha256: 1f49025ec428748511a8f75e7b4d47072fd0f7ce4cb4107592241570bd324356

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /th1paff/footer_right.png HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
content-length: 4919
last-modified: Mon, 25 Apr 2022 03:21:06 GMT
etag: "1337-5dd72111cb44a"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 168 x 66, 8-bit colormap, non-interlaced\012- data
Size:   4919
Md5:    0e786b7344ac0b63609290a3a415fc4f
Sha1:   c2e77827e895aaa13522f1c5c0ef79d4caef0bb2
Sha256: f044237e4439b415a4947127f26fb14b4d32cf1d32ff51fd8f0ff4d21d2692e5

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:06 GMT
vary: Accept-Encoding
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /th1paff/clean.css HTTP/1.1 
Host: 42.winprizes542.digital
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         45.76.148.82
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 24 Nov 2022 18:57:05 GMT
vary: Accept-Encoding
last-modified: Mon, 25 Apr 2022 03:21:06 GMT
etag: W/"2b87-5dd721117c2a9"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---