Report - devil.pubgsite.net/

Report Overview

Submitted URL
devil.pubgsite.net/
IP
172.67.153.23
ASN
#13335 CLOUDFLARENET
Submitted
2023-01-31 04:34:50
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
58

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.33.119.27
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.8 kB	5.6 kB	142.250.74.131
a.top4top.io	588496	2019-12-05T19:36:40Z	2023-03-13T05:39:38Z	434 B	18 kB	51.159.64.45
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	437 B	630 B	142.250.74.170
site-assets.fontawesome.com	299062	2022-02-10T07:20:21Z	2023-03-13T05:35:13Z	407 B	90 kB	104.18.22.52
www.pubgmobile.com	21653	2018-04-27T13:06:13Z	2023-03-13T05:39:38Z	2.5 kB	95 kB	95.101.11.50
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	456 B	6.9 kB	104.17.25.14
code.jquery.com	634	2012-05-21T19:28:02Z	2023-03-13T05:09:57Z	374 B	33 kB	69.16.175.10
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	788 B	61 kB	142.250.74.170
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.39.176.227
stackpath.bootstrapcdn.com	2467	2018-06-15T22:36:43Z	2023-03-13T07:25:30Z	422 B	76 kB	104.18.11.207
l.top4top.io	926491	2020-01-15T00:19:40Z	2023-03-13T05:39:38Z	434 B	20 kB	65.21.235.194
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.0 kB	1.9 kB	93.184.220.29
devil.pubgsite.net	unknown	2023-01-30T13:56:17Z	2023-01-31T04:35:03Z	8.7 kB	2.0 MB	104.21.34.14
i.postimg.cc	23840	2018-04-11T12:01:12Z	2023-03-13T05:19:26Z	4.5 kB	354 kB	162.19.88.69
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	482 B	14 kB	216.58.207.227
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	74 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-31 04:34:54	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-01-31 04:34:54	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent
2023-01-30	medium	devil.pubgsite.net/	Tencent

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	devil.pubgsite.net/media/spinning.mp3	Phishing
2023-01-31	medium	devil.pubgsite.net/js/spinFunction.js	Phishing
2023-01-31	medium	devil.pubgsite.net/media/header.mp4	Phishing
2023-01-31	medium	l.top4top.io/m_1725u5z7i1.mp3	Malware
2023-01-31	medium	a.top4top.io/m_1725zobal2.mp3	Malware
2023-01-31	medium	devil.pubgsite.net/	Phishing
2023-01-31	medium	devil.pubgsite.net/media/header.mp4	Phishing
2023-01-31	medium	devil.pubgsite.net/js/script.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-1.10.2.min.js	93 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-1.10.2.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 06:09:50 Times Seen10169 Hash 628072e7212db1e8cdacb22b21752cda 0511abe9863c2ea7084efa7e24d1d86c5b3974f1 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	84 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 06:09:50 Times Seen13741 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	devil.pubgsite.net/js/spinFunction.js	9.4 kB	2023-03-13	2023-03-13
Pretty URL devil.pubgsite.net/js/spinFunction.js IP 104.21.34.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:59:48 Last Seen2023-03-13 12:59:48 Times Seen1 Hash 5d056bf96ccd61bc15cd4c9edb6b1387 e529d06df177c30b94ad6a27f41360132181764f b547f46daa6a950d42f81ee37e10b96796d12e31b32acdfe384e4e2ad3f13c7e Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js	84 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 06:09:50 Times Seen14093 Hash 32015dd42e9582a80a84736f5d9a44d7 41b4bfbaa96be6d1440db6e78004ade1c134e276 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3 Loading...

	devil.pubgsite.net/js/script.js	2.2 kB	2023-03-13	2023-03-13
Pretty URL devil.pubgsite.net/js/script.js IP 104.21.34.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:59:48 Last Seen2023-03-13 12:59:48 Times Seen1 Hash d05d1772ad1bee4d69f9c6e6d26c7d0d 3a5f68549b0d9c9550e3de25c3d6a30bedeea312 63f603812e5e50f66e41df592651aa0706dc10dd22124d89508f6e92cd080cf9 Loading...

	devil.pubgsite.net/	1.4 kB	2023-03-13	2023-03-13
Pretty URL devil.pubgsite.net/ IP 104.21.34.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:59:48 Last Seen2023-03-13 12:59:48 Times Seen1 Hash c62eea67ffdf3e49c411263d54f7ff7c 628d5fbb3942467cb2b72ca28cef7523e45ccdd1 8d4a2b0abc807c6fd9dfe71472fc2073b2be9cf7af4a5e5b905cca707f205f55 Loading...

	http:blank	580 B	2023-03-13	2023-03-13
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:59:48 Last Seen2023-03-13 12:59:48 Times Seen1 Hash 036880d4645942b9bbb11d2ad7c0acba 1e1d0e7aec61493a4913dfc08cee7370b9b9dcb1 0b0e9150b7aa1300fda37ccee7226bd23efdffdd69373f7b754721e707996b69 Loading...

		Size	First Seen	Last Seen
	#1 Eval - fceddb23385fd8ed6d1accb229e3f992	3.4 kB	2023-03-13	2023-03-26
Pretty Observations First Seen2023-03-13 12:59:48 Last Seen2023-03-26 04:52:05 Times Seen3 Hash fceddb23385fd8ed6d1accb229e3f992 d1fc2469372ce7d0cb6c12b8c0bfc58b3912a52d b5d58c116e332d3aa50114aab796b5f3c57372f46ad08fe89e69f7e2f52c0bd2 Loading...

HTTP Transactions (78)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15760
Expires: Tue, 31 Jan 2023 08:57:18 GMT
Date: Tue, 31 Jan 2023 04:34:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5481
Expires: Tue, 31 Jan 2023 06:05:59 GMT
Date: Tue, 31 Jan 2023 04:34:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4789
Expires: Tue, 31 Jan 2023 05:54:27 GMT
Date: Tue, 31 Jan 2023 04:34:38 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 03:43:15 GMT
content-type: application/json
age: 3083
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: LCi70nl+4FjQY0xJ0mJq4IGbMDm/LliFoQMQjUVbn0wzw92PRpdUJVy20sEFNJL5Q6DhssQ7lec=
x-amz-request-id: N1JBVVA9SPZWNP32
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 04:22:04 GMT
age: 754
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:38 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/87J8JGgx5vk

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/87J8JGgx5vk
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c97f2f87965a0d616905722e2837363c
627f202f286cffccd0a55ee7648cb4c79a043b66
36880f91ceee334f2948a54b725746dfce8d90f1ae39f73beeb3d7bf3343d120

HTTP Headers

POST /s/gts1p5/87J8JGgx5vk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 03:49:04 GMT
age: 2734
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css

104.17.25.14

200 OK

5.8 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
5.8 kB (5845 bytes)
Hash
a7e25a22602a2b2ed35f90fd5210cff1
148c4f275b60e6cf6253d6b4c7bdc486515b2202
312d94bafa68e11e3a4a8d7c06bc25ee161d1d965afb1fa99db79815a272d0bf

HTTP Headers

GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:38 GMT
content-type: text/css; charset=utf-8
content-length: 5845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-1149f"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3376536
expires: Sun, 21 Jan 2024 04:34:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Ao5xHyR8uYvjcxti9dpJLeTJnnyYV6XlSDaRH%2BpuelBfCWyZ3JkBbJKVmxKpk%2BTxcQ47VgrQj26vFuRtKzGGDT%2B7rfu5KOwiRqnRfARgSzgK5b2cA%2FTBTWWw9KECrrXoPE8Su85"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 791fbc717be3b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3123
Cache-Control: max-age=169587
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:38 GMT
Etag: "63d8819e-118"
Expires: Thu, 02 Feb 2023 03:41:05 GMT
Last-Modified: Tue, 31 Jan 2023 02:49:02 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a799f16f5814e9202997f27a519a0cb7
9dfad3ebb76e2568bc18d46f4c1db821f1bb2078
c4816ebee8f96749a264ab12d309a93741bda208a0461e213ceea13d61864038

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6569
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Last-Modified: Tue, 31 Jan 2023 02:45:10 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19237
Expires: Tue, 31 Jan 2023 09:55:16 GMT
Date: Tue, 31 Jan 2023 04:34:39 GMT
Connection: keep-alive

code.jquery.com/jquery-1.10.2.min.js

69.16.175.10

200 OK

33 kB

URL HTTP/2
code.jquery.com/jquery-1.10.2.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32072)
Size
33 kB (32788 bytes)
Hash
68cc08e82915da8b82fc6be74ab86365
4089530b0c00f6cbd1452d7f873be85454196fd1
6c63276db5e51f227be1c9bdaf73d76fa01040499944a8c8607db0c234f0575c

HTTP Headers

GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-encoding: gzip
content-length: 32788
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
accept-ranges: bytes
server: nginx
etag: W/"620cd6ff-16bb3"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675139679.dop026.sk1.t,1675139679.cds209.sk1.hn,1675139679.cds243.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
363936321a9f08665a6afc9fdafbe442
bf305cdf4315648572bcd015a12a8768570b23ca
b273c986b58d473155841e29084a1cbd2693b45f51fe92a91345f7daeb4fb812

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3124
Cache-Control: max-age=169587
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Etag: "63d8819e-118"
Expires: Thu, 02 Feb 2023 03:41:06 GMT
Last-Modified: Tue, 31 Jan 2023 02:49:02 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280

devil.pubgsite.net/img/rewards/6.png

104.21.34.14

200 OK

34 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/6.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
34 kB (34107 bytes)
Hash
c81ee2bde6347a3a98e40cc2c5c38d83
6038e9a2ff4b6f24e732bd3e7a1d7c46059da109
e090efc52320e3b2b0dcb49fcd0a9e9d212155489727b91d7163659c1a13f057

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/6.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 34107
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Fri, 02 Dec 2022 13:35:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CIKsQa%2FZqriXEHX%2F0yoQApBSHAFL1%2FlkmdB2rDXALX%2B4vE43E%2FpzgI4%2BXIrFFamy3wkXkTNWpf7bXQ8SfsyV2ZonAUOkXYp4KAt2yews1Wp2hKvRJn8BjxZo4Qb5dE56RPZyh7k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148bab500-OSL
X-Firefox-Spdy: h2

devil.pubgsite.net/img/rewards/7.png

104.21.34.14

200 OK

25 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/7.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 295, 8-bit colormap, non-interlaced\012- data
Size
25 kB (25128 bytes)
Hash
d6b2ab91c120120706fa7bcd40e8d96e
9096d4c8f6d599fbc1acd1297c009da4191dd3c9
2ae1da98a6eda1758d1f152d2a10a1db6b5c74623036806721ace7ab8e9d05c0

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/7.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 25128
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Fri, 02 Dec 2022 13:35:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fimfLn9XDXVuoaQx4FVvfvUpKsTTH4uAH0jkKk3xR606txn6su8VOCcbnCCrUOlMWpsgl0uyhSMyKAwBrqn0h2C5ZGh5i7gkySWJnKrH7JdWNSb8WvlbJFJ8HvOeM8UZsVyZOVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148b9b500-OSL
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.170

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 22:44:56 GMT
expires: Wed, 24 Jan 2024 22:44:56 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 539383
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

devil.pubgsite.net/img/rewards/2.png

104.21.34.14

200 OK

62 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/2.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
62 kB (61711 bytes)
Hash
6d04e8add539914589d9416459a939b1
9db44661f85f3ab71764055c98e3c149be342702
2e9f6c1b8f2ad7a035713b8b471c36e6fe9205146636338179ad1b0f822ad79b

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/2.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 61711
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Fri, 02 Dec 2022 13:35:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRzUUW%2BE19im3SoYQMDJNdVDj%2BOLq3AmStRTdQ0wD0mLx4qobQRkT24HPG%2B0%2FPBaCcjsbVWBQ%2B3Q%2BGQCVjosE9iu1g%2FKVGlMQcyhlz4F3j3UW1dJ7nCkHqheocqc8SXIK0iK1XE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148b1b500-OSL
X-Firefox-Spdy: h2

i.postimg.cc/pV8Q4L9L/footer-img.png

162.19.88.69

200 OK

14 kB

URL HTTP/2
i.postimg.cc/pV8Q4L9L/footer-img.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 669 x 99, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14457 bytes)
Hash
d8e7ade119fece88de74909f9625a4f4
fcd55a597136e98a1ef13fb4ec78b5fdfe5ddffb
49c48ca56906e272d341083c726fc29a7304b7e66647ffd08b4ce7edd67430b4

HTTP Headers

GET /pV8Q4L9L/footer-img.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 14457
last-modified: Sun, 26 Dec 2021 01:40:34 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

devil.pubgsite.net/img/rewards/1.png

104.21.34.14

200 OK

42 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/1.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
42 kB (41544 bytes)
Hash
ae3e5231f195a463d7ab8bab05ae3762
d5919e5a852ad95b8267c80f7b1b441a65065d14
1868036bdf80860211dcee9597e32850c45ae42018ba68729e219c301a801ad1

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/1.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 41544
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Thu, 12 Jan 2023 22:44:40 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BBSU5g%2F8yB99hsH44wCrtndJcE2KqimgryRrdOu4HUY04hRBsWvbMxNDThp2bk6zEhOJ61uEOiYsQHUfpzXJWmJhOuy6wFMPaFM2Xmy7FoFpEfKuk%2FJO240F975kk3B026IRzkQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148b0b500-OSL
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

142.250.74.170

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32180)
Size
30 kB (29707 bytes)
Hash
f16500423cc2867eff8b773df637c48f
1cd32d75b59a89c3a70274e383151a61ce0594f4
6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7

HTTP Headers

GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:25:13 GMT
expires: Thu, 25 Jan 2024 19:25:13 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 464966
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

devil.pubgsite.net/img/rewards/3.png

104.21.34.14

200 OK

34 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/3.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 295, 8-bit colormap, non-interlaced\012- data
Size
34 kB (33786 bytes)
Hash
279aeb58a894797c3c2e65f9f3872dac
4275c981a3b93c045bb475e61ce57de32ce48e47
66215df14c6d310987a6cb9c5c381967483c7bbe1904ec7466443cb0abee392b

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/3.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 33786
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Thu, 12 Jan 2023 22:44:40 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrK7vt4QooVrDUGC2%2FM6GRXNpNKIBPdKBPzwjp%2BzUoTkHUzRwHC6Vmy97%2BqRHHAuTII3nsbHt7J05wAIdtxm0bqz0Z0OWSzAl3T6tgPDa88NiFV%2BTMxwehOa17Oe3BmHcsAoxqA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148b2b500-OSL
X-Firefox-Spdy: h2

i.postimg.cc/Thwcks3z/footer-socmed-2.png

162.19.88.69

200 OK

12 kB

URL HTTP/2
i.postimg.cc/Thwcks3z/footer-socmed-2.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 148, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11789 bytes)
Hash
0d76c6316716e7672112fa057d0da131
4a9f7f2d17431734575380c07d92564957f02c46
62dec982412037eb2b025b01c2438385b53354c2a6089ef9102529ddcb37d630

HTTP Headers

GET /Thwcks3z/footer-socmed-2.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 11789
last-modified: Tue, 22 Mar 2022 04:48:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

devil.pubgsite.net/img/rewards/4.png

104.21.34.14

200 OK

49 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/4.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48933 bytes)
Hash
e4ee188c3f6c5ea7b67654824ee377bd
5a0928d657766aebcb2a7a80e11e259b250ec0c6
33102180861aa73f916e49297f34c466bfeddd97eff88aab7e88f49bc9c2b8b4

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/4.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 48933
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Fri, 02 Dec 2022 13:35:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWmChpDkLF4uIWmGgXrYFdOByMBUrk%2BCCpmPF3AcdFEXr7DRp6EcpJ14ZZ4ZvrN%2Fnq79VVMWD7HFHzqQqA%2BJFhHeKz4%2BIGx3o3dRW2KrUfvOY1KZBv2tIwZiPTfTUe8uW0nl5I0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148b7b500-OSL
X-Firefox-Spdy: h2

i.postimg.cc/Sxyy8Kzz/footer-socmed-6.png

162.19.88.69

200 OK

4.3 kB

URL HTTP/2
i.postimg.cc/Sxyy8Kzz/footer-socmed-6.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 184 x 140, 8-bit/color RGBA, non-interlaced\012- data
Size
4.3 kB (4316 bytes)
Hash
27eb10858d473bfd39cca3251fe35a26
f472c341ec3696a0c7bb85799495995ff72f941f
e0e93e88b46229223de82294608854d6578f0ade6f696b31f830cda37aae9b0e

HTTP Headers

GET /Sxyy8Kzz/footer-socmed-6.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 4316
last-modified: Wed, 13 Apr 2022 13:57:35 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

devil.pubgsite.net/img/rewards/5.png

104.21.34.14

200 OK

69 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/5.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
69 kB (68621 bytes)
Hash
08f8d71969f8f985ba7a8b4fd3e4a79f
dc1e6f92832b2f84129f44519a6ecedd50c8b4e8
834fe98e05c3a90b8ff2007fbfddbe5275f4c52e60d5268f44a25f32147a0aa0

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/5.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 68621
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Fri, 02 Dec 2022 13:35:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UpBw%2FNsobserhRiR3iDBwq9XxVfq8O%2FenbypWWdRAV6wCU5hwUDo03g1qlKmc7voa7wXQIL9dX3ty0SR4iKXQ6U0AjiKC%2BN2FI2uafSJRk%2BCPlrzAwVtZY0B5JT2TsJ1Hesui24%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7158bcb500-OSL
X-Firefox-Spdy: h2

i.postimg.cc/w7RQzsJF/footer-socmed-5.png

162.19.88.69

200 OK

9.8 kB

URL HTTP/2
i.postimg.cc/w7RQzsJF/footer-socmed-5.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
9.8 kB (9840 bytes)
Hash
010d177128984148483764afcbe38b8a
a46bdb7a79807f57863ac5bdf51b769d1e8e97f0
22413a2dd1f4a4d55c29a714d5e81341264eda2dde1113562c48682de1770d91

HTTP Headers

GET /w7RQzsJF/footer-socmed-5.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 9840
last-modified: Tue, 22 Mar 2022 04:48:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

devil.pubgsite.net/img/draw.png

104.21.34.14

200 OK

96 kB

URL HTTP/2
devil.pubgsite.net/img/draw.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1024 x 768, 8-bit colormap, non-interlaced\012- data
Size
96 kB (95750 bytes)
Hash
c349e95445e78c3495c84c3a0c21a61a
d8497df6eb72f096262b16d9366a27c6b8928adb
0a78bb684ed98b318888066340b6cbec2b33c6026fe4d29fafea4426789815b0

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/draw.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 95750
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Tue, 17 Jan 2023 23:13:22 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRcyvnlIlC1Nco1isW6PQhCavexFf7wNXjYoj3p85YxVDjvlGzDGh5IbJJWsV%2Fj9qgNOnaGRGLVpjlWjM%2FQMCBfvQVFRCzvvDmiXDMuiH3f2gqK11%2FRECNHk13DlqU5nRdsKkts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148b6b500-OSL
X-Firefox-Spdy: h2

i.postimg.cc/3wBVgZTz/login-Method1.png

162.19.88.69

200 OK

29 kB

URL HTTP/2
i.postimg.cc/3wBVgZTz/login-Method1.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced\012- data
Size
29 kB (28789 bytes)
Hash
74190b93fc4f5d88f0c8e6411ba20bd8
89ce2ecb660a90b8e6ed1b335443d7767c59f28a
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

HTTP Headers

GET /3wBVgZTz/login-Method1.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 28789
last-modified: Sun, 26 Dec 2021 01:51:44 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i.postimg.cc/YvcfCqz7/footer-socmed-4.png

162.19.88.69

200 OK

15 kB

URL HTTP/2
i.postimg.cc/YvcfCqz7/footer-socmed-4.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (14747 bytes)
Hash
396ddda13117ca63c10d66afc75b045f
a3e197f3f99566f72693c8ccbe722a2430dfe1dc
db2e36d4d529976cb7f6f07619bdb7c8918e9f35a705b7db99074c427b4f705e

HTTP Headers

GET /YvcfCqz7/footer-socmed-4.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 14747
last-modified: Tue, 22 Mar 2022 04:48:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/bdB94RGs/footer-socmed-3.png

162.19.88.69

200 OK

8.0 kB

URL HTTP/2
i.postimg.cc/bdB94RGs/footer-socmed-3.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (8004 bytes)
Hash
e9c30eff69db680e38d3e93aea870280
7958cc94ac08dde6f5ff38d4d220c376a66a697a
96e9a2cfe21342fb25fc23d598a500f1102b94f79478a8834df013bf95bc7007

HTTP Headers

GET /bdB94RGs/footer-socmed-3.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 8004
last-modified: Tue, 22 Mar 2022 04:48:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/dtyfWFF2/login-Method2.png

162.19.88.69

200 OK

4.3 kB

URL HTTP/2
i.postimg.cc/dtyfWFF2/login-Method2.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size
4.3 kB (4298 bytes)
Hash
fef946b8bba756359e2a1e87ccd915ea
acc364946077b0e32b2343474ce4066ad3ee524c
1be5d05ce6faad469f7f9c5a5879f2d9f8d267b60eb394e92c19217268bcea8f

HTTP Headers

GET /dtyfWFF2/login-Method2.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 4298
last-modified: Sun, 26 Dec 2021 01:53:00 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/jnLQLD1x/footer-socmed-1.png

162.19.88.69

200 OK

7.0 kB

URL HTTP/2
i.postimg.cc/jnLQLD1x/footer-socmed-1.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (6953 bytes)
Hash
cc467f5a6a7ec0c41a34f4400bfa8473
025aa3fbceba7087d07e152b822820a77fca7d37
72271585bdd425610dd93695a3150c3820ab3a26fb389cafe8ccc67ed8b8690e

HTTP Headers

GET /jnLQLD1x/footer-socmed-1.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 6953
last-modified: Tue, 22 Mar 2022 04:48:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

devil.pubgsite.net/media/spinning.mp3

104.21.34.14

206 Partial Content

93 kB

URL HTTP/2
devil.pubgsite.net/media/spinning.mp3
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size
93 kB (93347 bytes)
Hash
d79ba85640e089dabcc31377d3586363
9e114f0f2ae0cad5b464a6d14f3f3e91193b204a
c116089f76fcfac640d9077510d653c8efe84c308e3b163913b9193417bbc6a5

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /media/spinning.mp3 HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: audio/mpeg
content-length: 93347
last-modified: Fri, 02 Dec 2022 13:35:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=120
cf-cache-status: HIT
content-range: bytes 0-93346/93347
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=stC8N5zl52ldaJ%2Fq0%2B%2BFsKOvuWESBjr%2FpKZelmgKy8cQ8iGXg%2FxrZBVDLg15%2BizLqdX%2B%2FLVIAlnooL5Cz4%2B%2FS7McMjXL4pZKoaclmo%2B0ST4tkzjosdGA9n4xKD7Od0zW9bZ0CqE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc7178dbb500-OSL
X-Firefox-Spdy: h2

i.postimg.cc/9XrpfK2B/footer-ppua.png

162.19.88.69

200 OK

88 kB

URL HTTP/2
i.postimg.cc/9XrpfK2B/footer-ppua.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 1280 x 54, 8-bit/color RGBA, non-interlaced\012- data
Size
88 kB (88464 bytes)
Hash
6774f33254c7f07a7763bd503b7c918c
9e212fcefaece30889f0aad36e0ead3a41ceb4fe
e072b60dd0fb713c703bf0496b6bc130c8c9653a44746cffb2cf854c090334b4

HTTP Headers

GET /9XrpfK2B/footer-ppua.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 88464
last-modified: Fri, 21 Oct 2022 13:16:13 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/SxQ04Qn4/navbar-logo.png

162.19.88.69

200 OK

159 kB

URL HTTP/2
i.postimg.cc/SxQ04Qn4/navbar-logo.png
IP
162.19.88.69:0
ASN
#16276 OVH SAS

File type
PNG image data, 1074 x 800, 8-bit/color RGBA, non-interlaced\012- data
Size
159 kB (158577 bytes)
Hash
386d5af4a1126e03333b3a043f9efa73
3a71b66fbd920ea27595e9c958336da8b3d05606
8b877d99b1124d17bb2e21c71cc8838f80c9c0945e1c140714588e73d50c3473

HTTP Headers

GET /SxQ04Qn4/navbar-logo.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 158577
last-modified: Tue, 22 Mar 2022 04:46:34 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

devil.pubgsite.net/css/style.css

104.21.34.14

200 OK

14 kB

URL HTTP/2
devil.pubgsite.net/css/style.css
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (11006), with no line terminators
Size
14 kB (13984 bytes)
Hash
2cf1adda8c511b489c569e39e29d8d98
e12670d07e61e1e5486b20d8a944e50104711b37
8bad24219e7984c1add7f92700f47cd77c95f13f15e85ba757ca1be4e10517af

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/style.css HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: text/css
cache-control: public, max-age=604800
cf-bgj: minify
cf-polished: origSize=13568
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Wed, 18 Jan 2023 17:57:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3WDILFDaapFdbJ4drZsK%2FbBDyUEdLz65OWWf8kLr4JFWzNIU0cCZ9SXPBfsslMfHYthOiUualUhTKN9tWns8a8xPk9ZLqDaVViqnZBiE4lIsfqVm%2F4a2%2F%2BzvQGLYTgAHMq6%2FVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc71188bb500-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/87J8JGgx5vk

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/87J8JGgx5vk
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c97f2f87965a0d616905722e2837363c
627f202f286cffccd0a55ee7648cb4c79a043b66
36880f91ceee334f2948a54b725746dfce8d90f1ae39f73beeb3d7bf3343d120

HTTP Headers

POST /s/gts1p5/87J8JGgx5vk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

devil.pubgsite.net/img/rewards/8.png

104.21.34.14

200 OK

64 kB

URL HTTP/2
devil.pubgsite.net/img/rewards/8.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
64 kB (63542 bytes)
Hash
1e3c112e2b132a3b4f312e85aa64c0b3
3a959e14026a2608923b5ac943ee1f47d85ac439
a8126c221df3880aa151e4909c37410f316b84e06b774cb711bf006ab9da95ca

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/8.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 63542
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Tue, 17 Jan 2023 23:13:22 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXpaEpgisMHeNFKuzfpx%2BJRyYAHKeo17ZmA1afl2N7o5Ovfvq3hXFZbwobLx79%2B71sbbJoRXPzdJXkP3XH%2Fa%2Bdiy7b7VMnqGsGoetYwGQyrV1JJHjvjSoNiZA8KtL%2BfGObRUDgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc7148b5b500-OSL
X-Firefox-Spdy: h2

devil.pubgsite.net/js/spinFunction.js

104.21.34.14

200 OK

15 kB

URL HTTP/2
devil.pubgsite.net/js/spinFunction.js
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (9415), with no line terminators
Size
15 kB (15030 bytes)
Hash
400fcd0441e6f9221ae6d45522c8088c
7f224f392c03122b88f8038fdb2c5dd2096c78dc
e7f48036a772eebe808c020f08da9467ed63299d739d02fdd4a5697b97d53274

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /js/spinFunction.js HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: application/javascript
cache-control: public, max-age=604800
cf-bgj: minify
cf-polished: origSize=9433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Wed, 18 Jan 2023 17:39:16 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rWGVY3%2FbU%2FrrfLLNID4F00bodM7madiNRPcc6XWkjBY6guRDmRn49H3Nq4XtThCvR9C5FpajXeV9FbrHHdzHnKVbvebk7pbR9PpAUbWOqYfqrSQUcMhe%2BdLPL8DB7qVonercHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc7168d4b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/teko/v15/LYjCdG7kmE0gdVBesCRgqA.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/teko/v15/LYjCdG7kmE0gdVBesCRgqA.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13196, version 1.0\012- data
Size
13 kB (13196 bytes)
Hash
5b9fce771bd530ab9767e2b5aebd28c1
28ee5935b59df8b2d6876707e1f0f0e6768d2d31
a3bf77e9dea5a047c348fa98ccbeb5d5e07de3541ce0a2dfb243690da964804c

HTTP Headers

GET /s/teko/v15/LYjCdG7kmE0gdVBesCRgqA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://devil.pubgsite.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 06:32:58 GMT
expires: Mon, 29 Jan 2024 06:32:58 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:17:49 GMT
content-type: font/woff2
age: 165701
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.39.176.227

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.176.227:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ct/7H4uMl3oK8Tnm85Lx+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /xooeP4a4PC3mFStO9Lfg6MkmqA=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 04:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

devil.pubgsite.net/img/event-title.png

104.21.34.14

200 OK

45 kB

URL HTTP/2
devil.pubgsite.net/img/event-title.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1198 x 272, 8-bit colormap, non-interlaced\012- data
Size
45 kB (45306 bytes)
Hash
654402fec5cdfc64d16542c5fac3bc17
edbaee58575c48fcad8b9b47e928021f02bbb146
3cbace2ae506c92511eaf87d49cb6be785656ff0ae2f3933135cc65c1936c416

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/event-title.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: image/png
content-length: 45306
cache-control: public, max-age=604800
expires: Mon, 06 Feb 2023 13:06:22 GMT
last-modified: Tue, 17 Jan 2023 23:13:22 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iHhigL94qJFja7XWM%2F2cPGqnI3IJduq6delt1EWf3qpmETd%2B9MmYPpRIEMGqlP7ZLwTNppyw5rWKDOTsrf404JZNkJYdwUbn%2FQXQg1sGyYCWtMjdJVch6usmDgPWU1y%2B3AXiRF4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc735998b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

site-assets.fontawesome.com/releases/v6.1.1/css/all.css

104.18.22.52

200 OK

89 kB

URL HTTP/2
site-assets.fontawesome.com/releases/v6.1.1/css/all.css
IP
104.18.22.52:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
89 kB (89286 bytes)
Hash
8d77e0a31b2786b237fe7ec1989b279b
f1a4148ec59d8f26903fb25a3cc84b29ce0d6254
1a09af10cbfce88292a8a0a2e4cd02b3a8583fd3122b18016b402c05d1b1b305

HTTP Headers

GET /releases/v6.1.1/css/all.css HTTP/1.1
Host: site-assets.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: text/css
x-amz-id-2: 332zxxLyeOA0bVHaDihkoNN8z15TpqoPHwlgSqo0+JYF9Eb1EbFs+dM6zZXyMDQJzxobqXmUSog=
x-amz-request-id: DBBNDRR8JR1BQ6BC
last-modified: Tue, 22 Mar 2022 15:39:41 GMT
etag: W/"325672b036bab9b57f6873aed5eccc43"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1065476
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc720e1fb515-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.11.207

200 OK

75 kB

URL HTTP/2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
75 kB (75340 bytes)
Hash
3a3a8fcc7d2d9b399e4095d5ba228cc4
07c78fd028614f465ae8890b9a918d2609fa3241
dba87f8575289737cf7df53ad20452b95172d5d04cc768de198274dc4b787450

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 20586433
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 791fbc71fc081bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7ef187b9f5a65eb91e2f434d41ed74f3
18f05b13fa45e46fbf22df48ae64f5ebeee46246
26a689f9e17b3f698e61f8163e854c405deefe08fe3f6ba08dcbd5a2962736d9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26A689F9E17B3F698E61F8163E854C405DEEFE08FE3F6BA08DCBD5A2962736D9"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6264
Expires: Tue, 31 Jan 2023 06:19:03 GMT
Date: Tue, 31 Jan 2023 04:34:39 GMT
Connection: keep-alive

devil.pubgsite.net/media/header.mp4

104.21.34.14

206 Partial Content

63 kB

URL HTTP/2
devil.pubgsite.net/media/header.mp4
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
63 kB (63167 bytes)
Hash
f3ac45912c1c12dcefb555ccb0ede967
d498861cd67969479801cd65913b810fa14e6762
f9d83fcff5a3144776fdcceaff04102104a92ef18237ad8175f624970e6217cd

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /media/header.mp4 HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=1277952-
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: video/mp4
content-length: 63167
last-modified: Wed, 18 Jan 2023 17:41:08 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=120
cf-cache-status: HIT
age: 0
content-range: bytes 1277952-1341118/1341119
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPEQWp%2Be4eGfn2LgeWGfqZU2cPgB3hw8efh14yDJKkVz24SfO7Vlo7th7aOvFdYKtSt6dfcQhMTFuDPQBQJbFn48%2BgqDJri0wjke9hpxUkYBbHz3o01%2Bn0bfbnyP2OmorIQvFUI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc73498eb500-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
15ecfe5b2cd2d3b74715fd1b778beb20
bb211d5082a45c54ca2d887c47eb1bfeb6f6106d
4a37c1cf5fe5fece2b3f90c379e4359d6df947e2419295d2081052548fa9a730

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A37C1CF5FE5FECE2B3F90C379E4359D6DF947E2419295D2081052548FA9A730"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4716
Expires: Tue, 31 Jan 2023 05:53:15 GMT
Date: Tue, 31 Jan 2023 04:34:39 GMT
Connection: keep-alive

l.top4top.io/m_1725u5z7i1.mp3

65.21.235.194

206 Partial Content

20 kB

URL HTTP/2
l.top4top.io/m_1725u5z7i1.mp3
IP
65.21.235.194:0
ASN
#24940 Hetzner Online GmbH

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size
20 kB (19781 bytes)
Hash
ee5b5d12064ae26f839b882edb33da62
6fa93ef00f294eec4ef05276e81813db1e95e346
4bc5852e5cec62ceab9260f712961f59609868151e01b63e7b7cae2b00efed54

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /m_1725u5z7i1.mp3 HTTP/1.1
Host: l.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 206 Partial Content
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: audio/mpeg
content-length: 19781
set-cookie: klj_40d147_downloads=kh51z; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Wed, 01 Feb 2023 04:11:19 GMT
last-modified: Mon, 21 Sep 2020 07:16:33 GMT
content-disposition: inline; filename="open_reward_tab.mp3"
etag: "5f685351-4d45"
expires: Tue, 31 Jan 2023 06:34:39 GMT
cache-control: max-age=7200
x-file-id: x34392023x
content-range: bytes 0-19780/19781
X-Firefox-Spdy: h2

a.top4top.io/m_1725zobal2.mp3

51.159.64.45

206 Partial Content

18 kB

URL HTTP/2
a.top4top.io/m_1725zobal2.mp3
IP
51.159.64.45:0
ASN
#12876 Online S.a.s.

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size
18 kB (17691 bytes)
Hash
70ded6b0b406f9710307bc35e221629f
7034ec2ff72c936255b04c0890ce8976599380cc
22e1575a06426f427b46598d6599c565e80ed3e937b1872b0d5d928bfe5b2d65

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /m_1725zobal2.mp3 HTTP/1.1
Host: a.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 206 Partial Content
server: nginx
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: audio/mpeg
content-length: 17691
set-cookie: klj_40d147_downloads=kh520; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Wed, 01 Feb 2023 04:11:19 GMT
last-modified: Mon, 21 Sep 2020 07:16:33 GMT
content-disposition: inline; filename="close_reward_popup.mp3"
etag: "5f685351-451b"
expires: Tue, 31 Jan 2023 06:34:39 GMT
cache-control: max-age=7200
x-file-id: x34392024x
content-range: bytes 0-17690/17691
X-Firefox-Spdy: h2

www.pubgmobile.com/en/images/footer_link_bg.png

95.101.11.50

200 OK

1.6 kB

URL HTTP/2
www.pubgmobile.com/en/images/footer_link_bg.png
IP
95.101.11.50:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 560 x 127, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1630 bytes)
Hash
92ae645b6114492e8c1c5464d949466a
1d27f2644c0f5e899e9478c78136a9bc94131150
f1bd509f6032d31635a91d57de9428b83929221b854768c38c8f1643877a9417

HTTP Headers

GET /en/images/footer_link_bg.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 1630
last-modified: Mon, 21 Mar 2022 13:24:17 GMT
etag: "62387c81-65e"
accept-ranges: bytes
cache-control: max-age=300
expires: Tue, 31 Jan 2023 04:39:39 GMT
date: Tue, 31 Jan 2023 04:34:39 GMT
X-Firefox-Spdy: h2

devil.pubgsite.net/

104.21.34.14

200 OK

3.9 kB

URL HTTP/2
devil.pubgsite.net/
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1447)
Size
3.9 kB (3880 bytes)
Hash
e86717314524aec5788e3c97b61445e4
3c8fbd275f1e1b5a308b7ac2ede3a31ec6b7d66f
7447bddf441e8d0707ba205a947dd441887989d8c8c5854688c5da5892b83a11

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l89DBZsGMGWsJek0CwOUQ9ZEWqB%2BC3nkzgUG6iw75euaSIcyB%2FjJ7BtqQYkSCtkNa6v4onvtTsaH2xjnlCs3Wn%2BjbeizPLhNOrSQ4BQ%2BfFRDTB95riYOZ1zEuD3wB9gMZPG%2FsAw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc6f1f72b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.pubgmobile.com/act/a20180515iggamepc/logo.png

95.101.11.50

200 OK

15 kB

URL HTTP/2
www.pubgmobile.com/act/a20180515iggamepc/logo.png
IP
95.101.11.50:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 264 x 108, 8-bit colormap, non-interlaced\012- data
Size
15 kB (15346 bytes)
Hash
a95d496ed72c59e83151554ddc21d6fa
e0312725d988fdb18bd9d5304b426273a346f205
a7ab32e68ae06ffe1c89bdf96bfb8a686340f859c1e91190c3778c42837a7f04

HTTP Headers

GET /act/a20180515iggamepc/logo.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 15346
last-modified: Thu, 07 Jan 2021 07:39:14 GMT
etag: "5ff6baa2-3bf2"
accept-ranges: bytes
cache-control: max-age=255
expires: Tue, 31 Jan 2023 04:38:55 GMT
date: Tue, 31 Jan 2023 04:34:40 GMT
X-Firefox-Spdy: h2

www.pubgmobile.com/en/images/nav_menu.svg

95.101.11.50

200 OK

426 B

URL HTTP/2
www.pubgmobile.com/en/images/nav_menu.svg
IP
95.101.11.50:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- HTML document, Unicode text, UTF-8 text, with very long lines (876), with no line terminators
Size
426 B (426 bytes)
Hash
76f5753e4fe160785df31ef342ada1c1
a78cc3e318b79b7fe5e7eb8df11683706b518e8f
52c48564638e7f165f23fae7f76b72d07905f2179ff659b939bfab7ec8b82a26

HTTP Headers

GET /en/images/nav_menu.svg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 13:24:18 GMT
etag: "62387c82-374"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 31 Jan 2023 04:34:40 GMT
content-length: 426
X-Firefox-Spdy: h2

www.pubgmobile.com/en/images/nav_language.svg

95.101.11.50

200 OK

675 B

URL HTTP/2
www.pubgmobile.com/en/images/nav_language.svg
IP
95.101.11.50:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- HTML document, Unicode text, UTF-8 text, with very long lines (1107), with no line terminators
Size
675 B (675 bytes)
Hash
77e7b8dcd13159c59219706782b1a897
a3c73409a8e9841a00b771d96ce6cb0ce76d222e
4f61e0a210a58bdf43f8a93bf658275291e6a16979f8090c0731f06b6fb3c5a4

HTTP Headers

GET /en/images/nav_language.svg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 13:24:18 GMT
etag: "62387c82-45b"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 31 Jan 2023 04:34:40 GMT
content-length: 675
X-Firefox-Spdy: h2

www.pubgmobile.com/en/images/nav_download.svg

95.101.11.50

200 OK

485 B

URL HTTP/2
www.pubgmobile.com/en/images/nav_download.svg
IP
95.101.11.50:0
ASN
#20940 Akamai International B.V.

File type
SVG Scalable Vector Graphics image\012- HTML document, Unicode text, UTF-8 text, with very long lines (999), with no line terminators
Size
485 B (485 bytes)
Hash
105955f14143a23be57cadef8e91950e
98cc1e76113b4b2a2a77805bb1f1d6b364344d88
b85bdfd2887c4fe7681cae97896e604e74d27f150feb49598e1e7efebd3c6fc2

HTTP Headers

GET /en/images/nav_download.svg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 13:24:17 GMT
etag: "62387c81-3ef"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 31 Jan 2023 04:34:40 GMT
content-length: 485
X-Firefox-Spdy: h2

www.pubgmobile.com/id/event/royalepass10/images/icon_logo.jpg

95.101.11.50

200 OK

75 kB

URL HTTP/2
www.pubgmobile.com/id/event/royalepass10/images/icon_logo.jpg
IP
95.101.11.50:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3\012- data
Size
75 kB (75149 bytes)
Hash
92c19dc5bd77186e5bb8ed35ce668979
646bf70d1c669c7d7388f95a0a33755e4721289c
0d9cf7eb8fb12be77685134e63f7dae9a95fbf9306ae0529bd0347582d18a8ef

HTTP Headers

GET /id/event/royalepass10/images/icon_logo.jpg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 75149
last-modified: Wed, 15 Sep 2021 06:46:59 GMT
etag: "614196e3-1258d"
accept-ranges: bytes
cache-control: max-age=280
expires: Tue, 31 Jan 2023 04:39:20 GMT
date: Tue, 31 Jan 2023 04:34:40 GMT
X-Firefox-Spdy: h2

devil.pubgsite.net/css/login/twitter.css

104.21.34.14

200 OK

70 kB

URL HTTP/2
devil.pubgsite.net/css/login/twitter.css
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1856), with no line terminators
Size
70 kB (69982 bytes)
Hash
58720339dd043f24a7a159847f3f397e
de9c6c6f31b0f4332b9d07ad18042e3db3ffa82e
b564ce61bf4091c357165f1519158dff09e474e9225b6079e6f8170b746d782e

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/login/twitter.css HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: text/css
cache-control: public, max-age=604800
cf-bgj: minify
cf-polished: origSize=2262
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Wed, 18 Jan 2023 03:18:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLRA%2BAnRQKf8MvG%2FJC5BhoM9nLaaOzWWTUG9xReSi5JeLGQwByxwiu9xiI1KjJoD%2FQ%2Bpx8IhraazyH0Ti8LAqDg0gP6HY20y%2FW9bxh2jWJRZhT3Plr%2FEsC9%2BWDlDzvYS%2FhHypLw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc7128a7b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

devil.pubgsite.net/css/animate.css

104.21.34.14

200 OK

233 kB

URL HTTP/2
devil.pubgsite.net/css/animate.css
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (60556)
Size
233 kB (232732 bytes)
Hash
25fa3ea3edbd3d6de11fd81ff31d7d95
55c4a4f4c0ebd0f0dc60820ee0802f94cc95b95a
65fe40524b3ca62c67a6da6badab6532d28423ac6de82164834fdbf8d70c0c26

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: text/css
cache-control: public, max-age=604800
cf-bgj: minify
cf-polished: origSize=77906
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Fri, 02 Dec 2022 13:35:50 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4GHnm8Aqr9MFouE4GaJderyttId2uFAZ1kTNdPuCwNclRV71bP5WrrGWynoZRZBGRPNcXBszumz3qTl5TqgjzbFLBxgpp3UF9qrWrZumdmNERntf%2BFvs%2B24Jkw3DxpuyptIebGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc711894b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5252
Expires: Tue, 31 Jan 2023 06:02:12 GMT
Date: Tue, 31 Jan 2023 04:34:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: v9Wphg34UGE5kkZ9RKBcphcpPuCn54oVyepzTW5rZ3J9nkL9J501PA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 22:03:23 GMT
age: 23477
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39003a0d-b88f-4013-b50c-7e01c5afc867.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5757 bytes)
Hash
b60240f10673b4c275619f7c2f5005cf
d29076a2ad44f9d44da6f77fd1dcaea9a28c7d51
ccfdf6106ab405f6fd346bd501a7bc121acba3db657bf0bc2f7587cbe6488f55

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39003a0d-b88f-4013-b50c-7e01c5afc867.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5757
x-amzn-requestid: 9b6d11e9-be38-4c89-87bd-a71146dbb22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTTwG9GIAMFmZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7327e-4f8bebbf40e45cc6467c5c26;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 02:59:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xqcuV95IWwbypAsXnim75PnsGKkyN9LEF--w3P2A2nhMMAwfveh-kw==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 12:45:24 GMT
age: 56956
etag: "d29076a2ad44f9d44da6f77fd1dcaea9a28c7d51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F746a5715-1639-49f0-9350-9e74558b6a97.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6893 bytes)
Hash
0b8edbb541668f634636dc44f1559b50
0a2322b18a1cc6ca4710fce7b6d8f28263ca6064
2765a746ef8f589399e2588727364fbea9c9710327f61c979371765def1e9694

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F746a5715-1639-49f0-9350-9e74558b6a97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6893
x-amzn-requestid: 38d02de7-71c6-4e93-ae9f-5e2e434c2b62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsbVEo2oAMFTrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2277b-49c8737605f859f724e3ed4f;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BYuZMDDcR56g58NhU38KpBY_-2IGglgSXsAtHpsSLlSiyOAuTkdlmQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 12:26:08 GMT
age: 58112
etag: "0a2322b18a1cc6ca4710fce7b6d8f28263ca6064"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefbec1f8-74c9-424a-88f1-a90a7ff35701.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12154 bytes)
Hash
ac9e49e19b226b271d1a6f29d7159e64
df578148d224d67fb6e098da3eeb1d86c233cb73
1e065f356fe4ae535ec6fa40ddbad8a2ddad1fa1a053bedceb25c90fa3620ad4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefbec1f8-74c9-424a-88f1-a90a7ff35701.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12154
x-amzn-requestid: 0ba17a3e-c78c-4634-8706-eedd20d8e3c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk303H-mIAMFelA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b8-1d7f813471bcbd3341f06e86;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3FK_njK19r3IK-kJpLm1VMHiXJrZnOvjrxDh5YPl9hY-F_2vZ5KNcA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:44:52 GMT
age: 24588
etag: "df578148d224d67fb6e098da3eeb1d86c233cb73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde59a1de-2b64-4d28-8e63-6d511c4c70d5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9972 bytes)
Hash
d143b65b98551bde96a7f026808d4583
3e995e5933e6f8c15ecd3bc642ce1778a11f7ca7
004be88ebe2a4840bb718a5148fcf7d2dc1400f6c1c880cee4428d66ba91dbd9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde59a1de-2b64-4d28-8e63-6d511c4c70d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9972
x-amzn-requestid: fc482a0d-3033-492d-86bf-fedd44c7cac2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFNnUHmyIAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8fc8-7091fe260abb90766f87e7cf;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:10:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GfEXQhD_Og-PS-aycWJ75R5LL1r5hJtXd5MZ3OaYc6nb-bUHo0cnSA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 23:35:46 GMT
age: 17934
etag: "3e995e5933e6f8c15ecd3bc642ce1778a11f7ca7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd37b27-1930-4380-aa34-e533abb33eaa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8755 bytes)
Hash
146cb1c622ae62d62090dcaf81709056
c9e939eea5ca410e2ac3e2c93fb9cdf51fd3a03e
d1a2caf59c5bfb3fd66c804217c60705de91e5beebd006cffab1d712a5aef85b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd37b27-1930-4380-aa34-e533abb33eaa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8755
x-amzn-requestid: 18054ad3-92df-4a07-b7d1-643293ba4a5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1hDGZfoAMFsFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c6c-7aae5ef32459231c25465b1b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:05:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5GkQA5AcFOFc2Wn5rdaX7nH5F4wfy52vtlpbI8Qlai-jQE77inKzqA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:50:53 GMT
age: 24227
etag: "c9e939eea5ca410e2ac3e2c93fb9cdf51fd3a03e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

devil.pubgsite.net/css/login/facebook.css

104.21.34.14

200 OK

983 kB

URL HTTP/2
devil.pubgsite.net/css/login/facebook.css
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2567), with no line terminators
Size
983 kB (983077 bytes)
Hash
320b98e0fa252a9058325d5b5f50784d
bcaee4c32de7b9a90f46dc7fd881de71eada38c9
69f7a5cc370e74f7d215f3bd4d65751ed97fa3158fef925dee90ecdd61ce479a

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/login/facebook.css HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: text/css
cache-control: public, max-age=604800
cf-bgj: minify
cf-polished: origSize=3247
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Wed, 18 Jan 2023 03:21:00 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KuLrs6GNp%2B4wvKgtCUuY9N505hH7Ky2e96LMOnoY4qPi1SDvC0m%2B6zS3WB1Aon8b8gkyl1EQCuLpMh6hXfl6Sv0%2BpPiW5Iik03C%2F1TozraC2eoVa9bXI5CeagvKBo8wp6SN84lE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc711895b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13639 bytes)
Hash
63486f2a937aa8fd013fc2c2d1b32f2d
e8868de34c2f79348c1edad764259eb70bebd7a6
fa6e5ce374031c0df3b3f2d6de823cf1fe08fdaf9957a0722770867cfdec0ed1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 13639
x-amzn-requestid: 8131c878-620a-4972-ba8f-1456859acae2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYcJSF0SIAMFe1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d340a1-18c7280940d508c440c0182c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:10:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mXlQ5A2PHadECkKglPquN9x68ubYk8s2to-_JjCgEQe7axfJo6K8Jw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 07:53:36 GMT
age: 74471
etag: "e8868de34c2f79348c1edad764259eb70bebd7a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

devil.pubgsite.net/media/header.mp4

104.21.34.14

206 Partial Content

0 B

URL HTTP/2
devil.pubgsite.net/media/header.mp4
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /media/header.mp4 HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: video/mp4
content-length: 1341119
last-modified: Wed, 18 Jan 2023 17:41:08 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=120
cf-cache-status: HIT
content-range: bytes 0-1341118/1341119
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3eiwA36Vrpyf8f9UgGfqfDCDwSeRxNDImz5NX04Mgs1nhMv%2FooHrhqUb4ESRCK1Hwize36qIB%2F8NIlmwEwSl%2BupnQ8A%2FvXngJkMKec%2FemTMp%2FSNvQqJmujJ8vsPp4yIp5KPdwoY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc7168d8b500-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500

142.250.74.170

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:300,400,500,700|Teko:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 31 Jan 2023 04:34:39 GMT
date: Tue, 31 Jan 2023 04:34:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

devil.pubgsite.net/img/header-frame.png

104.21.34.14

404 Not Found

0 B

URL HTTP/2
devil.pubgsite.net/img/header-frame.png
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/header-frame.png HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AGZMM1dt9Qg55PTEInQU6yGOfg9Lw4YRuCJdfU%2FtqIm3OoYdN7xWbgJA1zxYPJN9ThQRJZQ9Hx10Vdy2Gc%2BjDdE7Al5RVVq2JA%2BJAaurPapGiopgpDyThpaMaTBX05M8BRYvsDk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791fbc735996b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

devil.pubgsite.net/js/script.js

104.21.34.14

200 OK

0 B

URL HTTP/2
devil.pubgsite.net/js/script.js
IP
104.21.34.14:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /js/script.js HTTP/1.1
Host: devil.pubgsite.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://devil.pubgsite.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 31 Jan 2023 04:34:39 GMT
content-type: application/javascript
cache-control: public, max-age=604800
cf-bgj: minify
cf-polished: origSize=2834
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 06 Feb 2023 13:06:19 GMT
last-modified: Sun, 29 Jan 2023 15:51:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ig3eLBSAWj8IdMXzCuBNtA%2FdwK8FfCgkVzrOSjcu9ubd67A7ea3Xfx7TtKSfRz6ipXKbN99TWsW79XE2BDCpUZM6Chb8SlDR7NyBZs%2FaytVuUnPSdSXnPnEeqbG8%2FH0IGI5%2BmP0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791fbc7168c9b500-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (78)

URL HTTP/1.1

IP