happy-u.vip/bgv2?cep=5fjIOvElmQUXtI4yaGLiFCt6JuTxUb-oK8l8FWENS1tq-91W6S6yi472qKguttYGOBhYNBUAiNTM-hLalxvgrRPSPIGar2mZHlU6mxpTRTLDombV15A08YDiqxRBUpS8ZmcmozMqf0axcaZUgzk3qO0x6PcmI1IFuE5au8gISxPCLTsDLKKBNZ61IOxO_bAhpP-pud6Tqvf6X8JVH1BQMesprUFqqzBAdErsp2g4-kNLvhj8FGhtecNIlVzXRP29G2pnn88iJ7oF5_M3GaiA9oWG7Zl1rA_80oH55aaT2egqTWWkgGDUM_RXMc7_wpOX0s8-tjsmrcCpRg2s0bTtXZV0cr_VaZAFfJlxm80dT5qaXT-jO_JNU2SyWkc_RIgo&lptoken=1641754b36af950554fe
188.114.97.1302 Found 314 B URL HTTP/1.1 happy-u.vip/bgv2?cep=5fjIOvElmQUXtI4yaGLiFCt6JuTxUb-oK8l8FWENS1tq-91W6S6yi472qKguttYGOBhYNBUAiNTM-hLalxvgrRPSPIGar2mZHlU6mxpTRTLDombV15A08YDiqxRBUpS8ZmcmozMqf0axcaZUgzk3qO0x6PcmI1IFuE5au8gISxPCLTsDLKKBNZ61IOxO_bAhpP-pud6Tqvf6X8JVH1BQMesprUFqqzBAdErsp2g4-kNLvhj8FGhtecNIlVzXRP29G2pnn88iJ7oF5_M3GaiA9oWG7Zl1rA_80oH55aaT2egqTWWkgGDUM_RXMc7_wpOX0s8-tjsmrcCpRg2s0bTtXZV0cr_VaZAFfJlxm80dT5qaXT-jO_JNU2SyWkc_RIgo&lptoken=1641754b36af950554fe
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash d5016befc66a1b6b2b842b7c229cb32f
4b89605a7c97c07e4f0d543889c85401bcc927b8
466a03700a5d12220d3997f2865222dae2134f311d6978ec3c8224a69cca219c
GET /bgv2?cep=5fjIOvElmQUXtI4yaGLiFCt6JuTxUb-oK8l8FWENS1tq-91W6S6yi472qKguttYGOBhYNBUAiNTM-hLalxvgrRPSPIGar2mZHlU6mxpTRTLDombV15A08YDiqxRBUpS8ZmcmozMqf0axcaZUgzk3qO0x6PcmI1IFuE5au8gISxPCLTsDLKKBNZ61IOxO_bAhpP-pud6Tqvf6X8JVH1BQMesprUFqqzBAdErsp2g4-kNLvhj8FGhtecNIlVzXRP29G2pnn88iJ7oF5_M3GaiA9oWG7Zl1rA_80oH55aaT2egqTWWkgGDUM_RXMc7_wpOX0s8-tjsmrcCpRg2s0bTtXZV0cr_VaZAFfJlxm80dT5qaXT-jO_JNU2SyWkc_RIgo&lptoken=1641754b36af950554fe HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 19:56:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-error-code: Found
x-amz-error-message: Resource Found
x-amz-request-id: YGH8GKW1W1494P4P
x-amz-id-2: DNoGQqKwbssyKBA8Ohb4j1hMDvAdL0Ez6UigEAB3lGHbDmbJ6VS+i6wSwzA/Uj/itdMCUONM6Fk=
Location: /bgv2/
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kv1efqLJEqUVBLgKLdkwJIpOCIGchrTPfQ8D7HvyjVHdXPUFXof1lgYnwB9Ni8gUx8aiiHg80NJ4JvpykyBhodQbLSsgVZTvC2UkPCL8Dfzm9bNKBJ8jEIXxvDBmPg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79357d370fb0b4f7-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4937
Expires: Thu, 02 Feb 2023 21:18:33 GMT
Date: Thu, 02 Feb 2023 19:56:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4547
Expires: Thu, 02 Feb 2023 21:12:03 GMT
Date: Thu, 02 Feb 2023 19:56:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 19:43:31 GMT
content-type: application/json
age: 765
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
happy-u.vip/bgv2/
188.114.97.1200 OK 12 kB IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12404)
Hash 59d54b2cbaa6c7637b5c362ae86fd272
62a4d0154c302289d1d20ce1bee74b88ab40ec1f
56a84fe31ff3e27047b408ff284bc7ed768cd7fec5cf394432ca83d8c2e04b56
GET /bgv2/ HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 19:56:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 4Jegz4YTN7WMFxCsKyvrCiGuEg8BOrwDtjfeLDKy1mwKsIsQi7sm7zgUO3nlMExQwjaNQfUmiNI=
x-amz-request-id: 24ZCCWE6HWD3Q848
Last-Modified: Wed, 24 Aug 2022 13:56:19 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 16
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9Yh6xZd55HPlvNHgS4lfnab3qO9PGzEX12n9I4yDlD2wOXjlQ3ADQ4ja4AsYF%2FnmWYQdDSC1Shy6OTw7LVnYDEgkR2DxuDtcqeB%2BYDt5OeOqqUfSFwp8BQdA094nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79357d38aa23b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20318
Expires: Fri, 03 Feb 2023 01:34:54 GMT
Date: Thu, 02 Feb 2023 19:56:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OHGyUnDoUwtoERO3R6wR9eGI5EhzQZTs5GERffi169Lo/FJAiSRfdvpu5/36GSeZRuuZ+T8zAOiTgvWmN5r7mg==
x-amz-request-id: AQNWHFSGNGEB3ZAG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 19:23:14 GMT
age: 1982
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 16
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 19:56:16 GMT
Etag: "63dadb9b-116"
Last-Modified: Thu, 02 Feb 2023 19:56:00 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2413
Cache-Control: max-age=94888
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 19:56:16 GMT
Etag: "63dadb9b-116"
Expires: Fri, 03 Feb 2023 22:17:44 GMT
Last-Modified: Wed, 01 Feb 2023 21:37:31 GMT
Server: ECS (amb/6BBD)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b2a063f530c2132d31c18ff02810c100
ae3a25cfc332c571e8edc57d1ed1b201af7f5998
3bc836a364fd0d83f54410c908641a7b76b7bf2e860017dd90fa4da582586a56
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3345
Cache-Control: max-age=163482
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 19:56:16 GMT
Etag: "63dbe3e9-117"
Expires: Sat, 04 Feb 2023 17:20:58 GMT
Last-Modified: Thu, 02 Feb 2023 16:25:13 GMT
Server: ECS (amb/6B84)
X-Cache: HIT
Content-Length: 279
happy-u.vip/bgv2%2Fimages%2Fslot-result-1.png
188.114.97.1200 OK 20 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-result-1.png
IP 188.114.97.1:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 1fbd2b26e61236d5bcfdfeb6adbd2c8c
c9034272d28dab018b73f1967a679c734f987a1f
c402c36eb8d623b618261d40846e63c130de1e78720ab5578eae1d645198c963
GET /bgv2%2Fimages%2Fslot-result-1.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/png
content-length: 20370
x-amz-id-2: 1WnqKYAuEcrOmFbrsr7JI/SMIPEXfet0K4iNMRpnexOUMAyOkdmj9ri5MVPBeOQ2OiYmqkKHTZY=
x-amz-request-id: BAV2B09D726WTJDK
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "1fbd2b26e61236d5bcfdfeb6adbd2c8c"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2uluZsN4YTEkF7QemZicL4fGZUEYutF%2BCewTCRG87Lyu4mAH8g6mlObZsArcqei95zEPiUxsrGU%2Fdkg0jp7guciGDgf%2FvQwdA%2FhEJDGu7rdMs9WRbUJ3N%2BzsO6z8Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b0eb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-result-2.png
188.114.97.1200 OK 27 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-result-2.png
IP 188.114.97.1:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash b6ca0bfea4d0cec334f128f5c2c44cff
f6dc006902542a929187af718d9f6a244e5472b5
b09b477eb93ed896b8e52a2f746e435695dbef2a1259987bae4fbea3c35b5435
GET /bgv2%2Fimages%2Fslot-result-2.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/png
content-length: 26733
x-amz-id-2: 7x9M1Bc2u07jVyX1d533Ss+HdmK3O6CLBggyak/V1jK4HgZ+oCoscBMf9cDZGnfwByL8HOYymr8=
x-amz-request-id: BAVEBNYD0QMXQ3SD
last-modified: Tue, 14 Sep 2021 10:36:57 GMT
etag: "b6ca0bfea4d0cec334f128f5c2c44cff"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IEcZO9xgeUqT0yZuYkmny%2FbluTrByQWCClX9zs83BwXLVZtKIanoPWMBW14xCULd2sT%2Bz%2Fv%2B%2FAWMIfos4oPKVMiHcnuZaR%2FODzT8w6FvPrJNeMgbWrwnfwdNWq98xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b0fb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-start.png
188.114.97.1200 OK 26 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-start.png
IP 188.114.97.1:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash f491647556e492de92530b48827690aa
6296c44299f5acb17cb2c06e37391a70672b1fd3
efb819d37f19ec7505d9602488ce97868d84e1c7929ce83e308e23f02d97b95d
GET /bgv2%2Fimages%2Fslot-start.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/png
content-length: 26084
x-amz-id-2: j+yxnQ1NrAb/8L9uG9/Yn5JSFnh779NWYWoBMSJmqgzWy4lNsmTcnRdAobWeEuF0B51Ff8PM1Ss=
x-amz-request-id: XW0XH3NPCG3104V0
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "f491647556e492de92530b48827690aa"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qvq40p4%2F7z3ve%2BXtAKRUZqQa8Rla520IIJjxCizdDSAum%2B1l2kMfh7nRzUOLB7i3CqwVHYjFTeQ%2F8MFYUU9d%2F3JZzwhH4i3UCJHFNQ578DsFxrJGp5Rxpuh%2BGD7CmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b15b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fred-arrow-right.png
188.114.97.1200 OK 1.4 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fred-arrow-right.png
IP 188.114.97.1:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 881bdc037be8895ba5d8d53456890e7e
4e105c89e2a1475520bb74c9c20bf2f9e906fcb3
9f8160d6380fef91c8eadecc6e8e59e93e3f5c40be7963018c8104bef4354d8f
GET /bgv2%2Fimages%2Fred-arrow-right.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/png
content-length: 1362
x-amz-id-2: ZyV3RZx2wJN2v3n0Wr69962KjUzOJJiJkJDA/bumgxFtK9z+/srFKtTL2doQk54Hp8zN6oJngLs=
x-amz-request-id: BAV0ZRH8WP2FAX21
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "881bdc037be8895ba5d8d53456890e7e"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3igyNX%2F0a%2BkOtzhGa87fUEkTHpksjpPUlKoCML15J90PqLH4sE7K%2Fa9EbJkBJcSW13JFCfHGQLMq4cMxa%2FVB6%2FNmb8XumaUY6R2S0xNOC%2FaZEZXC5RU4HNXEbanqNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b14b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fred-arrow-left.png
188.114.97.1200 OK 1.3 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fred-arrow-left.png
IP 188.114.97.1:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 92d3e482cacea857c5dfaf9fa3a21dfb
3f12c410c77d763cc4719ec367a18417b8300758
4a688dc66588e8e86e98ccadb318fa2aca3fd6e2444aac783278b982f3e47eef
GET /bgv2%2Fimages%2Fred-arrow-left.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/png
content-length: 1334
x-amz-id-2: xUnMGTfDJN91DI2FhGiWrX8IWMUl6nZ+Yia0hIMKG+8C23xf1MggFRxaL6Li9ZZlcz+1ZT3C8Bs=
x-amz-request-id: XW0HCQKF11JRE3B5
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "92d3e482cacea857c5dfaf9fa3a21dfb"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5TCXZg05zC6QR8Mfr86ES%2BsjC86rkL5iJgFpdQrsjMn5F7PtKaLY4iafjJfd7NNoIV5qyZT%2FEn1zxg3ufE3ce7Kf5FLeKyxUEtUV4YOYFy%2Bb8cQ9nGBfNZTuUkVAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b12b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-spin.gif
188.114.97.1200 OK 88 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-spin.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 410 x 279\012- data
Hash 617c16c5e04c8603dd7f157862b1c682
1306296f9a666a7fc50f339a2a924ce8a3a18169
7f8e36cf7ac437d7c42440ef5f522c8e27adb06348b573192308038fa7c1dc7e
GET /bgv2%2Fimages%2Fslot-spin.gif HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/gif
content-length: 87599
x-amz-id-2: Wlo1yes0n3PNT9IEDHdBdBvZtRkdcg1aLj4/PbS2sue2gd4RrjMY1lqrEImJKuqWAVnZRpxsIyg=
x-amz-request-id: XW0R4T2ATBJFFA66
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "617c16c5e04c8603dd7f157862b1c682"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Few35B%2BqOf295C4mZD56WgNnqAWsNySMdlzKPT%2FF8efebAAiMeGvXYlT7FUUFgD2USRpe%2BuIiYBaDpCgZvGloj0IqZpqLebjGIT3cKJwes0qjedUxmS%2FAgFFl3MRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b0cb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fimages%2Fslot-win.png
188.114.97.1200 OK 14 kB URL HTTP/2 happy-u.vip/bgv2%2Fimages%2Fslot-win.png
IP 188.114.97.1:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 939b6a73c96383ac0842317037f3a0f0
0654b62431c8ba522833950b8166d7a16e2a6b56
b8f1ec0ac028bd024af2cf57b63b07069b2f4a41e61c1577e968ca5d7ba72837
GET /bgv2%2Fimages%2Fslot-win.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/png
content-length: 14391
x-amz-id-2: IlMMpeRyJ/vGzkQw1W4DvoJO042OJ3ZQDOCKE/22+EXdtPexMjG20IKWezbb1CqeUCu5kGJyzxI=
x-amz-request-id: BAV6KBSDT1047WH3
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: "939b6a73c96383ac0842317037f3a0f0"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0PZm00cv%2Ft0edm%2BUelWmmIKqvL%2BeDQA45%2FUT7ior9ke6O3fa1RcBPlHaVjaNNXZ1TW6AM4GfB%2BnVum2f7A6ObdlPLs7Y7zthJaAwDy1S%2FFVdXFoNvMq0uUm0MRGIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b10b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 67d700154d75602f11c9737cddbd2276
490decbfdd242deefa9fbf092bd256d31402d73b
935941e71355a1991f0159b44473a728ca64f86efab9f81fcec08dcacf285471
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 02 Feb 2023 19:56:16 GMT
Last-Modified: Thu, 02 Feb 2023 19:56:01 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: P1AjccW2uJ3Gqr5xZHv5KvVewuFR6t_ZFVbSsdTOBV4rRsDMnQ0SAA==
Age: 15
cdn.countryflags.com/thumbs/bulgaria/flag-button-square-250.png
104.26.15.30200 OK 2.1 kB URL HTTP/2 cdn.countryflags.com/thumbs/bulgaria/flag-button-square-250.png
IP 104.26.15.30:0
File type PNG image data, 250 x 250, 8-bit colormap, non-interlaced\012- data
Hash 3f0bf22f5b1b69cfbceac506951d3afc
edd3361f44f2971f96af94cff3ea35a485061dfa
2c6c2c194cbcf3b0b62d748b79e5c09d3d0ecc4021f23182966272219939e2e1
GET /thumbs/bulgaria/flag-button-square-250.png HTTP/1.1
Host: cdn.countryflags.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: image/png
content-length: 2091
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "82b-5426c8e5e5000"
last-modified: Tue, 29 Nov 2016 08:41:36 GMT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 7188
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5xdUMjO2cbDVa0uSdlYZbc6VDaiWFJ3jGFR5LCaKxwwNnQFylOaYtKd8iA58S7edpETnfUcV1yfHEivLSsXTYbjw5r3B%2Bxmwixut9mM9ObuFVpcmYuxIUAtf3PaY7Xc8kvCuteS%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3ad8e3fac0-OSL
X-Firefox-Spdy: h2
walter-larence.com/hp
18.193.146.82200 OK 382 B IP 18.193.146.82:0
File type ASCII text, with very long lines (381)
Hash 10263a40a9d604e06e31e20f0b213918
524c7e3d46f4c3b19319ff3315ba6adfafd5eb3b
1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee
Analyzer Verdict Alert fortinet Malware
GET /hp HTTP/1.1
Host: walter-larence.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:16 GMT
content-length: 382
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 05295a6ef6a1e08350820742ca84d4cd
829cfdfb5f40a5cf0a9b80d787d46652df0ffdec
2864347c8cafc993e298b6c80a7e34b0c49710b9e8e35af6815ef685d4efdaf2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2864347C8CAFC993E298B6C80A7E34B0C49710B9E8E35AF6815EF685D4EFDAF2"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14276
Expires: Thu, 02 Feb 2023 23:54:12 GMT
Date: Thu, 02 Feb 2023 19:56:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 16
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 19:56:16 GMT
Etag: "63dadb9b-116"
Last-Modified: Thu, 02 Feb 2023 19:56:00 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
assets.landerlab.io/base.css
54.230.111.7200 OK 8.7 kB URL HTTP/2 assets.landerlab.io/base.css
IP 54.230.111.7:0
File type ASCII text, with very long lines (8731)
Hash 7f6de4e86d84bcbfd919f155e7545439
e7d9a7a418519c3fbce6de3c85775087cba93b49
8d8c59c2712df25a26ecd01739496e49c3514a9341fa3cd21cfa98627ba6efa2
GET /base.css HTTP/1.1
Host: assets.landerlab.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 8732
last-modified: Sat, 29 May 2021 19:05:04 GMT
x-amz-version-id: 0sEXTlrAazg9KkJm7sv1lqt808WfgxiL
accept-ranges: bytes
server: AmazonS3
date: Thu, 02 Feb 2023 05:06:28 GMT
etag: "7f6de4e86d84bcbfd919f155e7545439"
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: m62Eu3WEPC4hAPByfSkzHdwnzgrf5WCNumYz5Jgkw9ERGXIsqIA2Sw==
age: 53389
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0ede9217e40a6bf6f80f4def23a90a81
31bf390777fede55e08e3cc0e91dc69b7339040f
955c96b94b634f3c12925c1daa9b8d60592728da242b1828fdae578385b2beba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=92475
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 19:56:16 GMT
Etag: "63dadb9b-116"
Expires: Fri, 03 Feb 2023 21:37:31 GMT
Last-Modified: Wed, 01 Feb 2023 21:37:31 GMT
Server: nginx
Content-Length: 278
my.rtmark.net/p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a
IP 139.45.195.8:0
Hash bd33725f56da891692dff0ac7583d37d
2f5c7d6865087971dd4645d30d6fff57b64fa3fd
66411aa8478bd069ad8a9aa0f2159279c3693da7a7e1fb3b1e53c751e580cfeb
GET /p.js?f=sync&lr=1&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash bd77b0ce6227313b58b12ef9e56b6971
bec5fd298d45b3f63f77294678220808caa57032
32b6b0c3128db1a27ada330dcdda3659db3ac39bd12ad32e2f55c0b5e8a4b261
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 19:56:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 20:20:02 GMT
Expires: Wed, 08 Feb 2023 20:20:01 GMT
Etag: "bec5fd298d45b3f63f77294678220808caa57032"
Cache-Control: max-age=519224,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79357d3afc230b51-OSL
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 0ee5b16a991598f5e5873021f6b1231a
a17f9267eb4ea0f5d9c348ea16a91f1bcaf42f1f
ee621500464e573168aa29156f694a8dbb7e5b7d7e01403bb50606f5a47f733b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 19:56:16 GMT
Etag: "63db10ec-118"
Server: ECS (amb/6B91)
Content-Length: 280
bigrourg.net/pfe/current/micro.tag.min.js?z=4519794&sw=/sw-check-permissions-047d6.js
139.45.197.251200 OK 14 kB URL HTTP/1.1 bigrourg.net/pfe/current/micro.tag.min.js?z=4519794&sw=/sw-check-permissions-047d6.js
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (41091), with no line terminators
Hash 002d32199f9116c7429c84ef9d7849bb
328e4f6b8bdfb247e311b58cddab5eaa21d5b4e3
8b9b2a4d4da7ff539e51c4bb298f0587b0c14ed4158294bfa003cb8b6893d1dc
GET /pfe/current/micro.tag.min.js?z=4519794&sw=/sw-check-permissions-047d6.js HTTP/1.1
Host: bigrourg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 19:56:16 GMT
Content-Type: application/javascript
Last-Modified: Fri, 27 Jan 2023 11:03:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63d3af98-a083"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=51b4888facefcf31461709e6561caaa1
104.18.16.6200 OK 0 B URL HTTP/2 track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=51b4888facefcf31461709e6561caaa1
IP 104.18.16.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/606dc316bd12e800113ca177?lander_id=51b4888facefcf31461709e6561caaa1 HTTP/1.1
Host: track.landerlab.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-length: 0
cache-control: no-cache
set-cookie: worker_cookie=N4Igdgpg7g+gFgSwC4wQExALhAYwJwDsArERDgIwC0OAZgEx2UAsAhjjpXvmpWUU3gAcBAGwQCABjwgANCABuCAM7JUGbOTQAjQQ0E1KLFnkZMJIiZUGCIVHFol0cEgMwQXTM7IXLVSBAC2EEpILAEADlggdI4ulI7xdAAq5HiYRCKY5CIAdMQuAFreiipIAPYATmpRRDQieHXkWvEuODxMbniUWiIslgQQRFrkxGwSEhhyOGHhLAgA5mDV2BYiaDgu2Vpo5HQQguPk5K0sIwTeYGVoEDA4cHNgWADaALpyyjCQUFg0LAA2SggAF8gA=; Expires=Fri, 03 Feb 2023 19:56:16 GMT; Domain=track.landerlab.io; Path=/; SameSite=None; Secure
__cf_bm=.AYDPF7yqQTpGnW4VR8FHcYE4pNsBENz_SuEdtMiOTI-1675367776-0-AQATK7c4JiXkUJG4iWMnR0FYdfhyIoybNZX+aukjhsDa/5/QbgkNmLNQm5ugpxbJJHjY+Rk3yq1rqEN1csIoTpA=; path=/; expires=Thu, 02-Feb-23 20:26:16 GMT; domain=.track.landerlab.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3ca82c0b65-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0ffd26a248ef8e44cab403c7d2fff9f5
634348376fe3a43eafe6546f4b49bb10f1982536
5df91504f42a12b470cb51c7b93ee4123dc2ab06252bb01375ead748590f295d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DF91504F42A12B470CB51C7B93EE4123DC2AB06252BB01375EAD748590F295D"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15463
Expires: Fri, 03 Feb 2023 00:13:59 GMT
Date: Thu, 02 Feb 2023 19:56:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dc308f9d7ad76de0fa86f154c7988354
84f343d7affa56ad1f6b97ab00bb82db8caa4f50
9a35521776cdb87cf7427dc3c3bb5988c155336a780aed0aa8dff0e6b70b129a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A35521776CDB87CF7427DC3C3BB5988C155336A780AED0AA8DFF0E6B70B129A"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6124
Expires: Thu, 02 Feb 2023 21:38:20 GMT
Date: Thu, 02 Feb 2023 19:56:16 GMT
Connection: keep-alive
deefauph.com/pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js
139.45.197.251200 OK 14 kB URL HTTP/1.1 deefauph.com/pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (41091), with no line terminators
Hash 002d32199f9116c7429c84ef9d7849bb
328e4f6b8bdfb247e311b58cddab5eaa21d5b4e3
8b9b2a4d4da7ff539e51c4bb298f0587b0c14ed4158294bfa003cb8b6893d1dc
GET /pfe/current/micro.tag.min.js?z=4188429&sw=/sw-check-permissions-b5194.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 Feb 2023 19:56:16 GMT
Content-Type: application/javascript
Last-Modified: Fri, 27 Jan 2023 11:03:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63d3af98-a083"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0ffd26a248ef8e44cab403c7d2fff9f5
634348376fe3a43eafe6546f4b49bb10f1982536
5df91504f42a12b470cb51c7b93ee4123dc2ab06252bb01375ead748590f295d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DF91504F42A12B470CB51C7B93EE4123DC2AB06252BB01375EAD748590F295D"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15463
Expires: Fri, 03 Feb 2023 00:13:59 GMT
Date: Thu, 02 Feb 2023 19:56:16 GMT
Connection: keep-alive
unphionetor.com/vctx?t=74797
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=74797
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=74797 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 19:56:16 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2d4c9527891ddad459af7729f491d389
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
bigrourg.net/zone?&pub=0&zone_id=4519794&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 bigrourg.net/zone?&pub=0&zone_id=4519794&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4519794&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: bigrourg.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:16 GMT
content-length: 0
x-trace-id: 6eecdd533153801be42ecb8dbdff1390
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
propeller-tracking.com/fv.js?t=74797
139.45.197.240200 OK 2.2 kB URL HTTP/2 propeller-tracking.com/fv.js?t=74797
IP 139.45.197.240:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
GET /fv.js?t=74797 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 810545fcbfd7660fc9058d0cfe3ee7bd
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
d3rxaij56vjege.cloudfront.net/form-serialize/0.3/serialize.min.js
54.230.245.102200 OK 1.2 kB URL HTTP/1.1 d3rxaij56vjege.cloudfront.net/form-serialize/0.3/serialize.min.js
IP 54.230.245.102:0
File type ASCII text, with very long lines (1197), with no line terminators
Hash 7d3e5f83849d8d66381fd41ac97eb5a1
bf52c33777d86cd1498dd166eb43d7ee16ea35f2
bd5127d88d20bfc74fb94869e2026ddfbb9119934c6b441b12ed7762a948a702
GET /form-serialize/0.3/serialize.min.js HTTP/1.1
Host: d3rxaij56vjege.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1197
Connection: keep-alive
Last-Modified: Mon, 02 Nov 2015 22:04:54 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 02 Feb 2023 05:22:11 GMT
ETag: "7d3e5f83849d8d66381fd41ac97eb5a1"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GpuWtn8jV_SFQLnKx-rXc1LsiaDUyTKFsrHzRt_4iXfI--LBJ2RG1g==
Age: 52446
happy-u.vip/favicon.ico
188.114.97.1404 Not Found 268 B IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 3e2761923e0c15aa799d7b5400542834
a0823245fdc40b34ccc889e3e577d0601a3daf4e
449ad3c59f57fee9f2f6d35f43750e1ba15ccd3cf208fa68d0ba847733baf1a2
GET /favicon.ico HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://happy-u.vip/bgv2/
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 19:56:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-request-id: PWQP25Z35JQKD2R3
x-amz-id-2: J8zq5Bj2CD5reKGuNFlzwAs5bDr3vYWqqxhSKrCO4I2XPUCajePpkNuBJcKSfghbK7UD1Q4fPtc=
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 15
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BO2vMaN%2FWctDmEKWgahtUjpL%2BTHUoq%2B1WPmJsBKf5oC%2Bku7q7uiB5jwO9hOYH4fKU953gOkNbE4N0gs2nywU6VV70kOeYxiFrW6J%2FgZM9As99tRtMGitewfBog3jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79357d3e2a96b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 19:07:19 GMT
age: 2937
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=74797&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 19:56:17 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2f7d58e7d58b457e4d50023099c16348
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=74797&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=74797&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 19:56:17 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a582824df4ddb7946d8d387176cdf20d
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6a83f1cda10b24856cd1be686e5cff48
9176a8eebc8d2457d201e195da4c4f76688f5a16
9cb7ea8c3301debfe14b8f13ee01254c080238169ba13f0c030ea870d36c70cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9CB7EA8C3301DEBFE14B8F13EE01254C080238169BA13F0C030EA870D36C70CD"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10720
Expires: Thu, 02 Feb 2023 22:54:57 GMT
Date: Thu, 02 Feb 2023 19:56:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5420
Expires: Thu, 02 Feb 2023 21:26:37 GMT
Date: Thu, 02 Feb 2023 19:56:17 GMT
Connection: keep-alive
deefauph.com/zone?&pub=0&zone_id=4188429&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL HTTP/2 deefauph.com/zone?&pub=0&zone_id=4188429&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4188429&is_mobile=false&domain=happy-u.vip&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:17 GMT
content-length: 0
x-trace-id: a155388fe6947c49586da80220327efa
access-control-allow-origin: http://happy-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv2%2F
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv2%2F
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=67c006a00db193d37627fba7e3ea754bf5ba407dea3b822db9bccd1950a8556a&ttl=&rurl=http%3A%2F%2Fhappy-u.vip%2Fbgv2%2F HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:17 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5891de254f0e4e968236668c099f4aca; expires=Fri, 02 Feb 2024 19:56:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
100.20.3.157101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 100.20.3.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S7I9TLivdvzgaB1dn7PFhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JCUIF8FrDeizV89V+b597gQ/cbE=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18631
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 19:56:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18631
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 19:56:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18631
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 19:56:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18631
Expires: Fri, 03 Feb 2023 01:06:49 GMT
Date: Thu, 02 Feb 2023 19:56:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C1kqthy0eZop0UZfG3_op5xeBOVGiPLYfia4uS1l4-kchEzV6ccE9w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:16:08 GMT
age: 45610
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i697kJpdT4ZPeMLWIftWf16pWCic0-v4tL4GDKfVfTZLo-E4-3FwDQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 77680
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85f439bb-b615-43ac-bd20-2466bff7ff50.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85f439bb-b615-43ac-bd20-2466bff7ff50.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d910c24f5a6108cb74103cd70692a703
9fe648fa464e46d16f685aca1704f3414eda4107
5cbe5e571e62555225621440203ae24a3b8c41ac7f49b6b731bc2c94e620797f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85f439bb-b615-43ac-bd20-2466bff7ff50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5561
x-amzn-requestid: 76ca969b-a840-4d5c-97c1-2dfd93b8f630
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKYE3-IAMFqbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-2729fe22420bcc0563c39aff;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: E91BIw8QT3vXXQY8GIPpnRqnTZV4paZ3wynf7UjLnjeIfwS0tiC1Gg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 77680
etag: "9fe648fa464e46d16f685aca1704f3414eda4107"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df4a4906103a8f409c066b1cded71384
22847e3926db3e3d5f6b529297a4abe8b377c3a6
84a14b73b2cc7f4641eaa5539cbee0a109ae2b05cf88d06797a2b00c8d4f0c43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b0e15d-e5be-4197-a382-bf7332128068.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9221
x-amzn-requestid: 209c2ad4-7a1f-4867-bf98-4ca8621111a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTBFv5IAMFgqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-1627a9d603c69f7760ad013b;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kAkcQOKAvuq3k-X081MLCqon-cnQJqGryVeE0fwX0a7bcXgJlySIvg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:21:38 GMT
age: 77680
etag: "22847e3926db3e3d5f6b529297a4abe8b377c3a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86664b4d1fc27ba7b5bff8a245604326
b8c7ef73101a497b6c78ad59aafe66a391fdc3fa
e4596faadf14051299036a79632951d90183dd0635293687edef11985799a752
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4814
x-amzn-requestid: 90da23ab-2c54-40ec-8e26-bdf4eeb1e27b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKWFpvoAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-70c4cb89413ed6bd44731d76;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axFfTgcGtvqt1RcbyLpovD5Fr7J2Wx9pNwb92m2rwTdj-sGp0bIq-Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:10 GMT
age: 79028
etag: "b8c7ef73101a497b6c78ad59aafe66a391fdc3fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:54:58 GMT
age: 79280
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3259
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3259
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=74797&bid=undefined&aid=undefined&tp=3259 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 19:56:19 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 8cd1d7f3c0f2e8e25c51e8aad291e264
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3259
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbri?t=74797&bid=undefined&aid=undefined&tp=3259
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbri?t=74797&bid=undefined&aid=undefined&tp=3259 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://happy-u.vip
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 02 Feb 2023 19:56:19 GMT
access-control-allow-origin: http://happy-u.vip
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: e33faae7dadbb0bf44c9cea6a6c36772
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
happy-u.vip/bgv2%2Fjs%2Fjquery.min.js
188.114.97.1200 OK 0 B URL HTTP/2 happy-u.vip/bgv2%2Fjs%2Fjquery.min.js
IP 188.114.97.1:0
GET /bgv2%2Fjs%2Fjquery.min.js HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: application/javascript
x-amz-id-2: Jb+YvPUjjAb7J5MlbRMuvm3rwmSo7onzLhV071Y3IIAoYmyjlQPxi/3irjwXb77C98HSWzHz/Dk=
x-amz-request-id: BAVDMD505YYE2VDF
last-modified: Tue, 14 Sep 2021 10:36:58 GMT
etag: W/"723e11a50995eef960d59451910e2cb4"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 16
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Rq36BzkSo80y4zA7ngPXwyVDjl9rMKPsdVuAm1QEAz%2FF3BgyNN6qUNzduTGmAoY0noOWg3R08aRyJLUReFBmbAlI%2F568GV%2FVBcX%2BxkWKR3DeUJ3XvYlUzXQUXx2%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79357d3a8b0bb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
propeller-tracking.com/fv.js?t=74797
139.45.197.240200 OK 0 B URL HTTP/2 propeller-tracking.com/fv.js?t=74797
IP 139.45.197.240:0
GET /fv.js?t=74797 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://happy-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 19:56:16 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 7b92ebc32c20028913203a9250ac8d5b
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2