rezuke.gooredirect.xyz/go/b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9
3.70.16.242200 OK 281 B URL HTTP/1.1 rezuke.gooredirect.xyz/go/b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9
IP 3.70.16.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (354), with no line terminators
Hash 9e20f6103f87761948e03baed98a9a21
32f21c051b53673871f5fcca7a020d537224345c
cad462d9a5a0d1e9574a3a17b25546e471f1810e173cb55e669d952fbef39b59
Analyzer Verdict Alert fortinet Malware
GET /go/b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9 HTTP/1.1
Host: rezuke.gooredirect.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 22 Jan 2023 16:52:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
ETag: W/"162-oSYCw5Oaxwej8jaPFDaN4EFJqI4"
Set-Cookie: bemob-uniq-visit:b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9=1; Domain=rezuke.gooredirect.xyz; Path=/; Expires=Mon, 23 Jan 2023 16:52:16 GMT; HttpOnly
bemob-rotation:b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9:random:49fab40ab4742eb9f6d1fa26a4316c05=0-1-0; Domain=rezuke.gooredirect.xyz; Path=/; Expires=Mon, 23 Jan 2023 16:52:16 GMT; HttpOnly
bemob-track-url=https%3A%2F%2Fspinwee1.online%2Froot%2Fspinwhel-dollar-update1%2F%3Fbemobdata%3Dc%253Db2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l%253D0f5ed425-1402-48da-b28e-2a162da604c7..a%253D0..b%253D0; Domain=rezuke.gooredirect.xyz; Path=/; Expires=Mon, 23 Jan 2023 16:52:16 GMT; HttpOnly
X-Response-Time: 12.775ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11434
Expires: Sun, 22 Jan 2023 20:02:50 GMT
Date: Sun, 22 Jan 2023 16:52:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8a5e416451617846248067d72b675125
995b0346adefaf5f2e167d1b81e60cc9afc4f19e
c5fafb9127b71cbd4f7b1a44f755fc4aa0e2f47bbc50de4b15c870a22bf160d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5FAFB9127B71CBD4F7B1A44F755FC4AA0E2F47BBC50DE4B15C870A22BF160D9"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14318
Expires: Sun, 22 Jan 2023 20:50:55 GMT
Date: Sun, 22 Jan 2023 16:52:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 17094b856fde02b2c8c2d3845ad325cf
26dc3f2ebf81faf5ab96eb75ffcbead6085528b8
6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20191
Expires: Sun, 22 Jan 2023 22:28:48 GMT
Date: Sun, 22 Jan 2023 16:52:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 16:34:51 GMT
content-type: application/json
age: 1046
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ztQnbKRcyM+aQbGlYm+rm+XsNIsjS4GoheOx4BAqMV6IL1sbhVIBXCR/LPMdcgJ6mX8Z8HPSpAdTtQF2OgmjMA==
x-amz-request-id: 8EV7Z7BMK3P14JW9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 16:47:22 GMT
age: 295
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 16:52:17 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d11fc81e5b2a2004c34155ab5fa85c24
a1523c399be7eb35c2e899e1a9ef7739018ec7b5
56662670c24df275f0d4257ffdad3109ba16a86536c332185402c28eadb0a22d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56662670C24DF275F0D4257FFDAD3109BA16A86536C332185402C28EADB0A22D"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 22 Jan 2023 22:52:17 GMT
Date: Sun, 22 Jan 2023 16:52:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 16:17:30 GMT
age: 2087
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c74880fa99032b5c3831c179d702419
0020b368309735c94d8053d3781a7efb7283cfc5
437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4052
Cache-Control: max-age=148922
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 16:52:17 GMT
Etag: "63ccfca7-1d7"
Expires: Tue, 24 Jan 2023 10:14:19 GMT
Last-Modified: Sun, 22 Jan 2023 09:06:47 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
IP 142.250.74.163:0
Hash 3dcf2ba052d502ab5efebbca41bd8ed3
817120de492a723913da0e6b694a583007d05b3b
14ce71dfccae2a33b69f24365f8699de7c1b4119a066e6165acbf1e8cf0c300b
POST /s/gts1p5/_RGHbMLcXs4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 16:52:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
spinwee1.online/root/spinwhel-dollar-update1/img/smiley.png
172.67.218.184200 OK 5.0 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/smiley.png
IP 172.67.218.184:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 6a1b1fb2c9a70e8bb232985a5e7c76f2
a371f8e561576cb893e897f1e156597d3abbd0be
68c86e51e47a972e3191621e48685c0d9d1e166235cd816dc74370bc439567fc
GET /root/spinwhel-dollar-update1/img/smiley.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/png
content-length: 4992
cache-control: public, max-age=14400, must-revalidate
etag: "a770a97f2ef0e3b3edd238062c9e3313-ssl"
x-nf-request-id: 01GQD6A7EVDQHTS96FMXREWE9K
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jYAtA5zDp%2BOIfS8%2Fy7MrdezLAQy12meuBmpoiXx1%2Bva0yIA2Gj151R53coN9tQZ5%2BL03b1OV1zUzwHMFGTmK%2FtlOCOPElS3iQhDh68wbon661UNOXZt5E%2FbNoE2v7IlAjAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2fa6b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/8.jpg
172.67.218.184200 OK 4.8 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/8.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 240x240, components 3\012- data
Hash f1b90b01b26661e37ecdb01a4753a1bf
b6c3960258ba473581daf27df9db972540ec29ed
a8079bac57434af72b399fb198d79cbd9c46a5363096afa97398e4da4228218d
GET /root/spinwhel-dollar-update1/img/8.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 4831
cache-control: public, max-age=14400, must-revalidate
etag: "b9ce8499900b91e7201edecbf1f2962e-ssl"
x-nf-request-id: 01GQD6A7EWX0971HFV25NGSA7F
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDKf0r7Spxy21uj5iEPcVE0ThkcLk7%2BENXj4B09fGT70vRjEuX3gGpUqURsOmyyUBtmWKsnuShB16qMaKt%2BLGS%2FK9IPMMtgR8RCszwDYpAa1GyxHtSHTGSAzkoo5zIQtOXA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f8eb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/2.jpg
172.67.218.184200 OK 8.1 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/2.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash d3a748efcc12b64924280109f7b42c99
733dca7bef4f1f344b9bd0176ed9f8e6b38111e9
0f6c00936fa720c5c4b4bd5b410badd270114ba65d06ad148b550617a296ab17
GET /root/spinwhel-dollar-update1/img/2.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 8149
cache-control: public, max-age=14400, must-revalidate
etag: "192591960bd52039aaec63c9d453a3a2-ssl"
x-nf-request-id: 01GQD6A7ETEWWQKZG69A31G511
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RmLZrrDBa7WAv%2FUjC0JG0ptW8ke4T3rSYUu29hIbIMVOjsVx7AZfsNJoTPTqcMrqX9xmq%2BuRQKMBhdC4gPoVsJd9DDSSiXt57wrlx9t5oPhvuduisL74vLwAWEHA0t90wgg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f92b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/6.jpg
172.67.218.184200 OK 21 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/6.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=happy refuuge at camp\377\333], baseline, precision 8, 408x408, components 3\012- data
Hash ccddf6a16d3fcc1c7ba4acef48fdef50
de01377d44746d8e92c46e1a64788b5df04340d4
a6fc77c7cb826f01f0aa8c3182b8b0006125f0d5fbec3ceff93b004d14e17d01
GET /root/spinwhel-dollar-update1/img/6.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 20826
cache-control: public, max-age=14400, must-revalidate
etag: "d9f71630def6a1050f1f740068adb403-ssl"
x-nf-request-id: 01GQD6A7DRHECBS1HVZV1CYKHE
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pty9F3Ukm%2F0GX%2FA8Aimtl%2F2hZqbANFffEQFhAXT5tiyoctyzJfGArxAlGK94w5ltBcIjF%2Fwl4GHdEUF2TgLQ%2Bdrc6V5rwrMLfZBRqzx0rQGqJMRhgdcay12EWHpyB0NRGcs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2fa1b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/1.jpg
172.67.218.184200 OK 18 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/1.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling hispanic or middle eastern young man looking at the camera\377\333], baseline, precision 8, 360x360, components 3\012- data
Hash 8d4757a7ca89741ae1ef279ac277739b
e3134530778bbf711de60829f9ee270ae3309d4b
e0b4b9068a7fe672f712bb1a39080e06604c506465394214cfde2382ba52f047
GET /root/spinwhel-dollar-update1/img/1.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 18232
cache-control: public, max-age=14400, must-revalidate
etag: "0fdf1d98ca06e6a3b06349fd9985af77-ssl"
x-nf-request-id: 01GQD6A7EM7E0RKSEQEPV0A6XG
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lurzsPK%2FQVy15ViViabELIAqy8FcHdU6CukmKybps%2BLDGW49WMhDWuuHAAZuZD9al8pPVU8zPDskHLErdYJY3OYlCBSZHb2CeVf7R5Eu%2F%2FhL8cDNbD28uUpuAm9YvUMd8YE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f91b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/refresh.png
172.67.218.184200 OK 1.8 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/refresh.png
IP 172.67.218.184:0
File type PNG image data, 70 x 70, 8-bit colormap, non-interlaced\012- data
Hash 2d0f4539e28850747bcdf03e8c9a9f10
c400935fad4c29d04714cf5b9e74fb4d4d8f1e1d
c04fa254d43e1b6db555962ac2dbc6cd67d47aff3c1d7895a229cdaca87a688e
GET /root/spinwhel-dollar-update1/img/refresh.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/png
content-length: 1798
cache-control: public, max-age=14400, must-revalidate
etag: "a8f2cf0e5f0e85d12faa27e61c1d49a3-ssl"
x-nf-request-id: 01GQD6A7F92206XYH4BT7Y6VW1
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vpKbycuiHSP%2BKy7l5FVg0mg4ZxVE%2Bkv1tCSzZbHVsn%2BpPO5rTvBWA1Vm7i57ESevzXtV25GOGWI4R%2BuxBNEORmPr02sh1Ix6ICKS9VJ7QjbcDbWDH%2FNukJLh3bFOoSt3t5c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c3fa8b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.219.22101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.219.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5WrwUJu2nihh95seVWdR7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cYH1O3hwbd9mIxB54EAiJvnJq7A=
ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
142.250.74.163200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/_RGHbMLcXs4
IP 142.250.74.163:0
Hash 3dcf2ba052d502ab5efebbca41bd8ed3
817120de492a723913da0e6b694a583007d05b3b
14ce71dfccae2a33b69f24365f8699de7c1b4119a066e6165acbf1e8cf0c300b
POST /s/gts1p5/_RGHbMLcXs4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 16:52:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
spinwee1.online/root/spinwhel-dollar-update1/img/7.jpg
172.67.218.184200 OK 26 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/7.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 480x400, components 3\012- data
Hash 22cb80edd617362c5465bc2e8f8871d0
aa39c3c8c4dfb74089b63abef0e33e74e8fe5210
eaa4bd9a29ee64b0d8e79df7304706004eb6be85fc417f7ffaa0cc7eb6541635
GET /root/spinwhel-dollar-update1/img/7.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 26430
cache-control: public, max-age=14400, must-revalidate
etag: "5f713f6c2173d1bb8ea9cf3786e18e19-ssl"
x-nf-request-id: 01GQD6A7ESPADRGNAM73BC3YJA
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C01wykRwvQ8ZAZMCZC23ir2PZf8oRazeV%2FbTkapsUYRQzUKwbYFiggONlATAgcfh0muHOUiveNt4KUmFqCCzRHtEdr7guixlMdIvKdulhQvfotZqe64uJW21QlMabS0ycCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2fa3b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/3.jpg
172.67.218.184200 OK 15 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/3.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling young man looking at the camera with his arms crossed\377\333], baseline, precision 8, 360x360, components 3\012- data
Hash 56612da382cd894c3d9a7066200c8987
b50307ef6d081ab84e04f3077551ef52bc677bf8
235ac72915d61b0433f01ae12e6a2a0dd5a676b0e85fdeeb67f6a5b2ea9bb63d
GET /root/spinwhel-dollar-update1/img/3.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 14686
cache-control: public, max-age=14400, must-revalidate
etag: "a84fd5388db24f436ebb6879d0e97503-ssl"
x-nf-request-id: 01GQD6A7F29Y4KR6YZKTXK6D72
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ORfY9t4Kdu4r1UZpIKcIE2QnA%2B8qEMXlp54FFEPEZUAv%2FQPHcmH0MVXtWaWarTs8UT6lXr4cDtpnfpVp39jMnearTnz6TDOfgIORQO3cN55vWZWuTn7Ka%2FrnBOvnbQRMPQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f95b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/4.jpg
172.67.218.184200 OK 21 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/4.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 400x400, components 3\012- data
Hash 5c6bd23de24730e4b4b37730dd74aef8
6ad9ac3a16e2cd8521eeb8d918f0ceb383fb1f90
2fa0af8cb1cffe84b9fadb389a4750f9fe8a5a1ff0a3bce12ec329d4c5e9bcd8
GET /root/spinwhel-dollar-update1/img/4.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 21109
cache-control: public, max-age=14400, must-revalidate
etag: "143c69aaf1e8ba0aabf3dd9ec1d9e445-ssl"
x-nf-request-id: 01GQD6A7ESB151WST14NX8DZCA
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jROI%2BHCfsKJe9vMtSCHmXwlmZ0Wk%2FgJmxX0wEem1yNcIzzt4erU9EC%2FK3SPjT5FvKxMFqpOU7dOrSND%2FTuOzXE8%2F8cFbcqeu4%2B9JFzBXZUP5sk6fAuHA%2FoMYtUEtDVOkBbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f93b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/5.jpg
172.67.218.184200 OK 48 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/5.jpg
IP 172.67.218.184:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, copyright=Shannon Selim], baseline, precision 8, 640x640, components 3\012- data
Hash 6b4d6ee00c74e83d9951c81d58ce9295
9594243fe36fb66f7f0cf659cd279be1cf1cc864
49950c2963d8d425b48440d5663c436b5cd6a4ee550f57912120d530c96032d2
GET /root/spinwhel-dollar-update1/img/5.jpg HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/jpeg
content-length: 48500
cache-control: public, max-age=14400, must-revalidate
etag: "b7af897904fb4d58f4a27936259bb793-ssl"
x-nf-request-id: 01GQD6A7EWPS9H6K07GWNM2HKQ
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wH6FULHKn2%2BscGO5f7UeS8AYjs0J81gZbZGbMbXAXryISqOUmzKOjvekrEIcFdumfeeNQ7tW3FFoxc%2FAJ4vp9TkJ18SDPeYscJyb6VWy9ajUNzOF19fhtl%2FzlfAKnkrGNAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f9bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/cash.png
172.67.218.184200 OK 209 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/cash.png
IP 172.67.218.184:0
File type PNG image data, 583 x 428, 8-bit/color RGBA, non-interlaced\012- data
Size 209 kB (208563 bytes)
Hash fb2fb3ad3e6b2bd995282c94913e5511
626101ecc636398a7f5b02991ab8fecfc5ec50bf
ae6b385c0f9ad0ad8d24b508f0fbe1304f00e3401b84f4eb842c1618e975915f
GET /root/spinwhel-dollar-update1/img/cash.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/png
content-length: 208563
cache-control: public, max-age=14400, must-revalidate
etag: "e6c7d366254d797918519c0942294681-ssl"
x-nf-request-id: 01GQD6A7EK9E9EHBRBK1BBVPYB
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWYtFw7H3U9uJjhINAtp1x2AZMMK2WP1yE%2FLEUMOhWEQunjAsOLUFDdpyOgsRbMpOVI8LjCbApygi5EaCwK8JvCIIyFLXxru1o5OD%2FmmSqGMMXU88bmpXAYkQEtlS%2FjoKhk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f8bb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/img/spin_vi.png
172.67.218.184200 OK 144 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/img/spin_vi.png
IP 172.67.218.184:0
File type PNG image data, 501 x 501, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (143539 bytes)
Hash b2e0dc76b605aceefed434898101c106
6f6884c31fc48831f5c86e78e172580a21de32d5
feffd2a69fa72042957b2bd5da3619cb1de3b20347d2cdd1b434a8835ac6fdd9
GET /root/spinwhel-dollar-update1/img/spin_vi.png HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: image/png
content-length: 143539
cache-control: public, max-age=14400, must-revalidate
etag: "6abb8baa204b238e829a09b2a6e423b7-ssl"
x-nf-request-id: 01GQD6A7EXDWK0J5XKK9S5XMMK
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nc7Q8wgGSdFiEa3FwPS4qc2CVVV5kSu16PNN38AHQmG9LLIkX3PbgkZnO%2BXVxGkQ0%2FUbAa8gjV%2BuM7ISzinif1pAj0OaZaBWRQJZGSU1eswv7z1eftyC3YxXUWo%2F38lvk54%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d9cc9c2f89b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 10b746592d3f1e4779579960c5d5ba60
006c8745d276ad37062a1dc7079e96c521810ad2
c663eadb388a75e6be02d882abf317a11db84f5e86b794bb716525215c34de7d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C663EADB388A75E6BE02D882ABF317A11DB84F5E86B794BB716525215C34DE7D"
Last-Modified: Fri, 20 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 22 Jan 2023 22:52:18 GMT
Date: Sun, 22 Jan 2023 16:52:18 GMT
Connection: keep-alive
ahaurgoo.net/pfe/current/micro.tag.min.js?z=5657473&sw=/sw-check-permissions-552cb.js
139.45.197.251200 OK 14 kB URL HTTP/2 ahaurgoo.net/pfe/current/micro.tag.min.js?z=5657473&sw=/sw-check-permissions-552cb.js
IP 139.45.197.251:0
Hash 52bc07734f5e2aa98ea2fcb0e9b73c68
f4186479331c76e7e77cc9a154d3019931c8c2f6
cc5c464f07b06b3382275ccb14f63cef48689d70b9c665b7920cf5e280b75b24
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=5657473&sw=/sw-check-permissions-552cb.js HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-9a87"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5301
Expires: Sun, 22 Jan 2023 18:20:40 GMT
Date: Sun, 22 Jan 2023 16:52:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5301
Expires: Sun, 22 Jan 2023 18:20:40 GMT
Date: Sun, 22 Jan 2023 16:52:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5301
Expires: Sun, 22 Jan 2023 18:20:40 GMT
Date: Sun, 22 Jan 2023 16:52:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5301
Expires: Sun, 22 Jan 2023 18:20:40 GMT
Date: Sun, 22 Jan 2023 16:52:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e5cb3e8d03fffcd307c5ebaef08167
1a813821d15afd416b82c3343a7920a0ffc909cb
84a81b6f63faa3f17a20222b8fa389761a0fb0512a1549b4848849c0425539c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7656
x-amzn-requestid: 6e1ebd9d-6ef0-48d0-a891-51bbf914ed42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNlYHaUoAMFr-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c88-479e8fb72b0b248d020d9e77;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pu5h9aerRhgCkbAszYjgiRrblEiomyl7ev5WRmdAjQSTQNgSqczG0A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:58:15 GMT
age: 68044
etag: "1a813821d15afd416b82c3343a7920a0ffc909cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/js/jquery.min.js
172.67.218.184200 OK 39 kB URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/js/jquery.min.js
IP 172.67.218.184:0
File type ASCII text, with very long lines (32058)
Hash c2a97a94df66be4ccffab469e99a49d3
dc0dff20161718eb9ca51f24f593ff5ad3f5ac53
551f68c430d8652e247510a2a8f832a078bce07938b131c991d62e4169b925ec
Analyzer Verdict Alert fortinet Malware
GET /root/spinwhel-dollar-update1/js/jquery.min.js HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"ddbc6702bc953f6dedfe3543150cf865-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQD6A7EZEQK7A3ESVK51DH6P
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FLsIu%2FMSPI15trqSvmXDJ%2B3QKzo8RTqhA1DmLqt8ST5FBcRTeRLlqAh0eRvxOqUS9LxLK5X6ZbO28sdSFon9eAijELjhX0Ld7jRV7e5lpH6uvivAVCsk%2FSHyGkSqa2zZjFA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d9cc9c3fadb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tYwSI7_1wwDixmup43f8j54sJ541GjyzB2rboENRXfSpuwPKImlNjA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 01:38:03 GMT
age: 54856
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ec85cf23f6ed6a70e62e17998dfcede
2a690f14cf97f33da2c4f4b21c737a7ca37665b4
ae3cedd8f51f9ed2d996f1d75e7288802d68fa3c27d928934311e4d8821940cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb253a292-08cb-455a-bf4c-63bdca08af64.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 86dec496-ff1b-4db8-9bcb-12275f6feeb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkBGiOIAMFaCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c7f-16c24501673bc2161c1e8a3b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GQ2E2QJ9WGrRFcbmucLjzAwgimtD8ndEVR5vyT9LDLJUW6IbxCwemw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:55:39 GMT
age: 68200
etag: "2a690f14cf97f33da2c4f4b21c737a7ca37665b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f86ec004a2042b4030cd2cce2bf1e1d
e3c00dcc55f095f03a6f4505960ac1cee0b3877c
64b5084d4145d5931af05c335d21e31e75db30b1f9e8a2efd92fc4cd0aa7ac07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8221
x-amzn-requestid: 02db02af-4f05-450d-9370-0e7a9dda6948
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOEWGUMoAMF2QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d4e-050e7cdf21878aa159f36d0b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:46:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2bxIP5fBGoswPsQAvhRGhNlrHNQtiCpgWFr_S3fjQuyEXPW8amllzw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:58:50 GMT
age: 68009
etag: "e3c00dcc55f095f03a6f4505960ac1cee0b3877c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b7dac109bc648666356225a0d21ed17
f07e82cffe064c296cb1b2c80f7b09feb7552bbe
cc8997d71cd85021addccb0f6a0f00edf95f9747333ff0a436581db4ede78f51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6102
x-amzn-requestid: 256e7b90-3052-41f7-abcf-43c455a2ee7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOFfEZtIAMFWhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d56-3237bb0a1f86766b5eb86e82;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:47:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PcHoBpKnLZj86KR261shofMwYYOoYLkwFHLgXS4ICo5jaySNb3f8_Q==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 22:00:49 GMT
age: 67890
etag: "f07e82cffe064c296cb1b2c80f7b09feb7552bbe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pu3hj.bemobpath.com/?redirectUrl=https%3A%2F%2Fspinwee1.online%2Froot%2Fspinwhel-dollar-update1%2F%3Fbemobdata%3Dc%253Db2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l%253D0f5ed425-1402-48da-b28e-2a162da604c7..a%253D0..b%253D0
3.70.16.242200 OK 0 B URL HTTP/2 pu3hj.bemobpath.com/?redirectUrl=https%3A%2F%2Fspinwee1.online%2Froot%2Fspinwhel-dollar-update1%2F%3Fbemobdata%3Dc%253Db2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l%253D0f5ed425-1402-48da-b28e-2a162da604c7..a%253D0..b%253D0
IP 3.70.16.242:0
GET /?redirectUrl=https%3A%2F%2Fspinwee1.online%2Froot%2Fspinwhel-dollar-update1%2F%3Fbemobdata%3Dc%253Db2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l%253D0f5ed425-1402-48da-b28e-2a162da604c7..a%253D0..b%253D0 HTTP/1.1
Host: pu3hj.bemobpath.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Sun, 22 Jan 2023 16:52:17 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
etag: W/"118-zE2fGA5mjP7z8pZScj1vlenGI4g"
x-response-time: 4.686ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/js/bioep.min.js
172.67.218.184200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/js/bioep.min.js
IP 172.67.218.184:0
Analyzer Verdict Alert fortinet Malware
GET /root/spinwhel-dollar-update1/js/bioep.min.js HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"16322b53a3ea039d744dc303d398d1dd-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQD6A7EK8XQE3NAZNJNX2JRC
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nE7AzZyaF4EEKi6lOdlRa7xEDvhIJQjjsGxZmCNjCKLIh0uVh28eo2djsib8CbNgYe4PPWanoDWVX36tRXmsVLyYu4BBvnn%2BkHiE4OxD5Zbfug8tMraNVjmvQRRf3LxWcr4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d9cc9c2f87b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/css/style__base.css
172.67.218.184200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/css/style__base.css
IP 172.67.218.184:0
GET /root/spinwhel-dollar-update1/css/style__base.css HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"48cda9d2e1e4882f881c36734d6c0dbf-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQD6A7ENCNDPFXP84PB5SBQJ
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6a0pXBQz61sc4CXOIR9HPL0gE2Ptr%2B3m6ZslvdK3h1lLgyMwa9Rvn5CZMmlEdqf4PN2H4%2BorPFSc4a3VEvtvhmcJ97aRqZ%2B6sphkqo541RSxv6g4VtFsrP7RT5LLf3K2l8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d9cc9c1f7ab511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/js/en_date.js
172.67.218.184200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/js/en_date.js
IP 172.67.218.184:0
Analyzer Verdict Alert fortinet Malware
GET /root/spinwhel-dollar-update1/js/en_date.js HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"3ffc4d8daf8a0279c657879a371a6eff-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQD6A7F0MW20NHAHG6FRXR22
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJ%2BAa%2Bb35qFTaRSl%2BtD%2BZFV9g6AZUmUcbF1FSO3Ec7Fi2htdovp8Z4Mw%2B1xAh870KkdpnpWzg5LL6aYmhkkbS%2BlPGGIN2xmBPBfVu5JkWneW%2B46C%2BKsmnj6n%2Bf0CFBSpxCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d9cc9c1f76b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
backunder.com/script.js
172.67.169.6200 OK 0 B IP 172.67.169.6:0
GET /script.js HTTP/1.1
Host: backunder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: application/javascript
last-modified: Thu, 15 Dec 2022 18:41:17 GMT
etag: W/"418-5efe232c61c0f-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vr9dPFbRtvZyRYt7WKY893ahETBl0xy%2FZ4E3YmXajnmUzqMAUVJouWCyzZFA8Hk8hNm3ctc92pyLZGtQwwFusn21nwQ6e2eqepoF4IScZbzP9Png99x5P2%2BXrksQeu9k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d9cc9c9e7c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
172.67.218.184200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
IP 172.67.218.184:0
Analyzer Verdict Alert fortinet Malware
GET /root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0 HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:17 GMT
content-type: text/html; charset=UTF-8
age: 82940
cache-control: public, max-age=0, must-revalidate
vary: Accept-Encoding
x-nf-request-id: 01GQD6A7ATDFYREKJB3XH6KYRM
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IwEscpZkCY9vPtY9eZLqTCVQ%2FWfgGniz4JzfrFcB9ufjxP9IHE9zKB%2BNxL%2B0PfscAL6luXF4QTycgGwK0oqvY4BxBCCSI0eWQPWQ53oeQM49T7WSb3h%2BMjXGWf3j%2B9i5W9I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d9cc9b3e49b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
spinwee1.online/root/spinwhel-dollar-update1/css/style_a.css
172.67.218.184200 OK 0 B URL HTTP/2 spinwee1.online/root/spinwhel-dollar-update1/css/style_a.css
IP 172.67.218.184:0
GET /root/spinwhel-dollar-update1/css/style_a.css HTTP/1.1
Host: spinwee1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinwee1.online/root/spinwhel-dollar-update1/?bemobdata=c=b2cf6a4b-e1e7-4c0c-b933-80a47b3216d9..l=0f5ed425-1402-48da-b28e-2a162da604c7..a=0..b=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 16:52:18 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
etag: W/"1473adf58d9bbec22e785727559b8c51-ssl"
vary: Accept-Encoding
x-nf-request-id: 01GQD6A7EG69N31G8MDR7BTHXA
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TJbqELuq4ipku1UyszGtRPpvbYfDNGAT6QWkL8u7pd68OFY2%2BbBOVFDjx2ccBYn0kl%2BZgRtX%2Bd1fIc9MkqFOv7DNN7EeIMDpsr7aJhGsERiscBh6Y9xiBWMjKAJd2No0zUw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d9cc9c1f83b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2