Report - luckyspinpubg-eventhacks.xlox.ml/

Report Overview

Submitted URL
luckyspinpubg-eventhacks.xlox.ml/
IP
52.230.38.12
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2022-09-25 20:30:22
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	1.8 kB	93.184.220.29
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	792 B	62 kB	142.250.74.74
k.top4top.io	985927	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	436 B	7.4 kB	65.21.235.194
i.ibb.co	13485	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	57 kB	51.210.32.103
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	964 B	28 kB	142.250.74.163
www.pubgmobile.com	21653	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.6 kB	1.6 MB	23.36.76.250
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	458 B	7.0 kB	104.17.24.14
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	746 B	142.250.74.10
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
luckyspinpubg-eventhacks.xlox.ml	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.6 kB	1.2 MB	52.230.38.12
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.240.207.158
e.top4top.io	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	436 B	3.2 kB	51.159.67.109
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	74 kB	34.120.237.76
stackpath.bootstrapcdn.com	2467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	424 B	8.4 kB	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Tencent

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/js/popup.js	Phishing
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/js/click.js	Phishing
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/js/spinFunction.js	Phishing
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/media/putar.mp3	Phishing
2022-09-25	medium	k.top4top.io/m_1807x9v082.mp3	Malware
2022-09-25	medium	e.top4top.io/m_1839g790y1.mp3	Malware
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/media/header.mp4	Phishing
2022-09-25	medium	luckyspinpubg-eventhacks.xlox.ml/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	84 kB	2023-03-07	2024-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-11 05:18:28 Times Seen14111 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js	84 kB	2023-03-07	2024-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-11 05:18:28 Times Seen14478 Hash 32015dd42e9582a80a84736f5d9a44d7 41b4bfbaa96be6d1440db6e78004ade1c134e276 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3 Loading...

	luckyspinpubg-eventhacks.xlox.ml/js/popup.js	2.2 kB	2023-03-08	2023-03-08
Pretty URL luckyspinpubg-eventhacks.xlox.ml/js/popup.js IP 52.230.38.12 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:14:46 Last Seen2023-03-08 01:14:46 Times Seen1 Hash e6190237a2b0ab07afe9faca2519676d cb1e07ee91aad92d7778771d4a5bda1d2df4afc8 ce1aa9c55ef642db7a8305cbb3f254924932a96c1a20ca26c452cd55d9d2be11 Loading...

	luckyspinpubg-eventhacks.xlox.ml/js/click.js	154 B	2023-03-07	2023-03-10
Pretty URL luckyspinpubg-eventhacks.xlox.ml/js/click.js IP 52.230.38.12 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:09:22 Last Seen2023-03-10 19:40:10 Times Seen1 Hash 8a52ed6d3f95485222023ab95ae0291d 0c2818cef38d5d103786ca4db2b2ae76e81c1139 cd72a550b8c4648cb41e1d837e15b6dcbe5df634896a486bcd1a91aacb83bcd6 Loading...

	luckyspinpubg-eventhacks.xlox.ml/js/spinFunction.js	1.7 kB	2023-03-08	2023-03-08
Pretty URL luckyspinpubg-eventhacks.xlox.ml/js/spinFunction.js IP 52.230.38.12 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:14:46 Last Seen2023-03-08 01:14:46 Times Seen1 Hash 2d9e24d5cdb987cd3239c58b4779310b 8d5e40bef4b9c54a2d2ed0972a87144e21b14c9d 0fc95bb4b1219ebcd08dd04dc6bca25bdea5488d7fe1496cdf78cb128f4aec70 Loading...

HTTP Transactions (68)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7755
Expires: Sun, 25 Sep 2022 22:39:25 GMT
Date: Sun, 25 Sep 2022 20:30:10 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 20:15:06 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6uTHxlZgAFpTtRoX7kHylNhlq86dtbJHeB6BbOx4FnI8Nq8TTOM2ag==
Age: 904

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1QoyQK0Z7pgVfKjv6nQlD_--sRkAkGLWZXL7K-tngvrvKZ0g51-tRw==
age: 57296
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 20:30:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css

104.17.24.14

200 OK

5.8 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
5.8 kB (5845 bytes)
Hash
a7e25a22602a2b2ed35f90fd5210cff1
148c4f275b60e6cf6253d6b4c7bdc486515b2202
312d94bafa68e11e3a4a8d7c06bc25ee161d1d965afb1fa99db79815a272d0bf

HTTP Headers

GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 25 Sep 2022 20:30:11 GMT
content-type: text/css; charset=utf-8
content-length: 5845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-1149f"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6293454
expires: Fri, 15 Sep 2023 20:30:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YQryU6wVuJ7iDsZN9vB7%2BPenW0r0b1wuSacboDWJ2CseumN%2FuL%2FGWdUFBb05Y9wTVFveiJPhwGl1YfyGo13CkimOyCfu4I%2BeXvPR%2FL%2Br7pw8FK27CJ9M8hEWYGEujIXOxTfbXZ%2Bu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75068427f9030b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
650b6e71248092b05b7f35e8703da4fb
a675c71ea7c50c6a3576eb9626630b0445016d32
122a0ec921f9b9a6b845d4f75df0a4d950f2ce3c34a79cecc67d80962255c1ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5014
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Last-Modified: Sun, 25 Sep 2022 19:06:37 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f09a18ffd47757d6303864753f40a57c
6f056a04785c83dae4a4f40eaac5ac34a5a391f2
9969afe37e2b095cd931423fcc9dbfaa9a751d81a055bcd8f77a1aa7a51bd72e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4824
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Last-Modified: Sun, 25 Sep 2022 19:09:47 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

i.ibb.co/V9rgBqw/twitter-text.png

51.210.32.103

200 OK

4.3 kB

URL HTTP/2
i.ibb.co/V9rgBqw/twitter-text.png
IP
51.210.32.103:0
ASN
#16276 OVH SAS

File type
PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size
4.3 kB (4298 bytes)
Hash
fef946b8bba756359e2a1e87ccd915ea
acc364946077b0e32b2343474ce4066ad3ee524c
1be5d05ce6faad469f7f9c5a5879f2d9f8d267b60eb394e92c19217268bcea8f

HTTP Headers

GET /V9rgBqw/twitter-text.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 20:30:11 GMT
content-type: image/png
content-length: 4298
last-modified: Mon, 18 Oct 2021 19:35:41 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.74

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 15:43:54 GMT
expires: Sat, 23 Sep 2023 15:43:54 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 189977
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

142.250.74.74

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32180)
Size
30 kB (29707 bytes)
Hash
f16500423cc2867eff8b773df637c48f
1cd32d75b59a89c3a70274e383151a61ce0594f4
6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7

HTTP Headers

GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 20:24:33 GMT
expires: Mon, 25 Sep 2023 20:24:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 338
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
650b6e71248092b05b7f35e8703da4fb
a675c71ea7c50c6a3576eb9626630b0445016d32
122a0ec921f9b9a6b845d4f75df0a4d950f2ce3c34a79cecc67d80962255c1ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5014
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Last-Modified: Sun, 25 Sep 2022 19:06:37 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 25 Sep 2022 20:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 25 Sep 2022 20:18:52 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9AERwFof-hz-LYWeZRcqiAn32Rtkb4iuVdhWt3zqppqoNjOQNrsuZg==
Age: 1554

i.ibb.co/Wg8qQxh/facebook-text.png

51.210.32.103

200 OK

29 kB

URL HTTP/2
i.ibb.co/Wg8qQxh/facebook-text.png
IP
51.210.32.103:0
ASN
#16276 OVH SAS

File type
PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced\012- data
Size
29 kB (28789 bytes)
Hash
74190b93fc4f5d88f0c8e6411ba20bd8
89ce2ecb660a90b8e6ed1b335443d7767c59f28a
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

HTTP Headers

GET /Wg8qQxh/facebook-text.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 20:30:11 GMT
content-type: image/png
content-length: 28789
last-modified: Mon, 18 Oct 2021 19:35:50 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/css/style.css

52.230.38.12

200 OK

2.4 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/css/style.css
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
2.4 kB (2422 bytes)
Hash
4f67f00d86540962db9f449f3c3c7042
dfe32d943b2eafe0c1ca545e0070cbf978574e94
98d9cc0062deec805f2053ee935478b115deb622562b3b159aa3ed647e0f0c31

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/style.css HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: text/css
last-modified: Tue, 23 Nov 2021 08:53:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2422
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/css/animate.css

52.230.38.12

200 OK

4.5 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/css/animate.css
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
4.5 kB (4458 bytes)
Hash
7aab472abe7a8f098e88318c6fbfb713
20cfbdef273882f9aea994a3e709acb58086b953
4da0b366b64426bcc72fa58f6c1008cc2c7e5ca7ed5862018e52c91d97886e35

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/animate.css HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: text/css
last-modified: Tue, 23 Nov 2021 08:53:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4458
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/css/login/facebook.css

52.230.38.12

200 OK

683 B

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/css/login/facebook.css
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
683 B (683 bytes)
Hash
e229b2c6886d95ba933dbef6002d17c0
b938f58bfa1506793ab5d01c7dc6795c8f652190
c52f52a23cd8c7e104de6676cf38ce40e92dfbf7b20c9e8755d3ed2e1f1ce8a4

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/login/facebook.css HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: text/css
last-modified: Tue, 23 Nov 2021 08:53:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 683
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/css/login/twitter.css

52.230.38.12

200 OK

587 B

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/css/login/twitter.css
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
587 B (587 bytes)
Hash
3d15a45ff55b0d79615bde5120e36aa4
9d7faa748f598ff3db89a34c761293ecc87f971d
e29d212d77e72cc93bac74882ca175b4396803222019d34f8b6510fab664526b

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /css/login/twitter.css HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: text/css
last-modified: Tue, 23 Nov 2021 08:53:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 587
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

i.ibb.co/Wx8wkq1/footer-img.png

51.210.32.103

200 OK

23 kB

URL HTTP/2
i.ibb.co/Wx8wkq1/footer-img.png
IP
51.210.32.103:0
ASN
#16276 OVH SAS

File type
PNG image data, 525 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22746 bytes)
Hash
5731c4bc8559b7e76f83c40187fac947
5fde367c0bd45727a60c852c950dad9177b48e0c
ff21b5da68b872c36b781dbe5413f52c3ed3c1f9f2e0bbd7c8646270beb37627

HTTP Headers

GET /Wx8wkq1/footer-img.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 20:30:11 GMT
content-type: image/png
content-length: 22746
last-modified: Fri, 02 Jul 2021 03:16:09 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.ibb.co/DV5fKmN/menu.png

51.210.32.103

200 OK

126 B

URL HTTP/2
i.ibb.co/DV5fKmN/menu.png
IP
51.210.32.103:0
ASN
#16276 OVH SAS

File type
PNG image data, 29 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
126 B (126 bytes)
Hash
811800fb15f23aa1c4914eccbda2e0b4
ac53a92ccb79ac81b8af3a9f6e6287ac203edc1d
0935d302a23d3bf9236aaa827d77a450752b9a5eb74be1712fe24a12a2f50b5b

HTTP Headers

GET /DV5fKmN/menu.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 20:30:11 GMT
content-type: image/png
content-length: 126
last-modified: Fri, 02 Jul 2021 03:34:15 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f09a18ffd47757d6303864753f40a57c
6f056a04785c83dae4a4f40eaac5ac34a5a391f2
9969afe37e2b095cd931423fcc9dbfaa9a751d81a055bcd8f77a1aa7a51bd72e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

104.18.10.207

200 OK

7.4 kB

URL HTTP/2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
7.4 kB (7449 bytes)
Hash
f07c088c3b26ac3ea3a1318ab459fc86
5d92650ece1b539bcc848dda9eda99648b7b219a
dd16f8e5240e48cd207f0187da8be599ff904e7ebde15799ad1d768da988bc86

HTTP Headers

GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 25 Sep 2022 20:30:11 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 9584565
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 750684284a53fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/teko/v15/LYjNdG7kmE0gfaN9pQ.woff2

142.250.74.163

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/teko/v15/LYjNdG7kmE0gfaN9pQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13324, version 1.0\012- data
Size
13 kB (13324 bytes)
Hash
b4082c888eefa2dca3fe2c9d46a87180
05aeb6c58175f659fe59eaca5a9d3735dd0530e3
352ad1513eeaeec51060f01d5bed32345862ec4d9c0802b81e0a47885951e4b6

HTTP Headers

GET /s/teko/v15/LYjNdG7kmE0gfaN9pQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://luckyspinpubg-eventhacks.xlox.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13324
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 20:23:43 GMT
expires: Thu, 21 Sep 2023 20:23:43 GMT
cache-control: public, max-age=31536000
age: 345988
last-modified: Wed, 27 Apr 2022 17:05:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/teko/v15/LYjCdG7kmE0gdVBesCRgqA.woff2

142.250.74.163

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/teko/v15/LYjCdG7kmE0gdVBesCRgqA.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13196, version 1.0\012- data
Size
13 kB (13196 bytes)
Hash
5b9fce771bd530ab9767e2b5aebd28c1
28ee5935b59df8b2d6876707e1f0f0e6768d2d31
a3bf77e9dea5a047c348fa98ccbeb5d5e07de3541ce0a2dfb243690da964804c

HTTP Headers

GET /s/teko/v15/LYjCdG7kmE0gdVBesCRgqA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://luckyspinpubg-eventhacks.xlox.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13196
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 20:04:04 GMT
expires: Tue, 19 Sep 2023 20:04:04 GMT
cache-control: public, max-age=31536000
age: 519967
last-modified: Wed, 27 Apr 2022 16:17:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.240.207.158

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.240.207.158:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DfiOdeVHjOg8Kbfj8IC8QQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Jpe5WYf/tbSjO5txQC3dasq6zjo=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 20:30:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.pubgmobile.com/common/images/icon_logo.jpg

23.36.76.250

200 OK

982 kB

URL HTTP/2
www.pubgmobile.com/common/images/icon_logo.jpg
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, baseline, precision 8, 1024x1024, components 3\012- data
Size
982 kB (982437 bytes)
Hash
b83d8d3e9beecfac081f4e742d27661c
448330670bef8c2ee17baf6d2410ca974341cb88
5899c82b2f0563679a9c1ee79b5b28f2545864d95c7627c1a70e36a2f034497d

HTTP Headers

GET /common/images/icon_logo.jpg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 982437
last-modified: Mon, 30 Nov 2020 12:10:45 GMT
etag: "5fc4e145-efda5"
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=255
expires: Sun, 25 Sep 2022 20:34:26 GMT
date: Sun, 25 Sep 2022 20:30:11 GMT
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/rewards/1.png

52.230.38.12

200 OK

56 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/rewards/1.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
56 kB (55464 bytes)
Hash
a5472b3134ec2ef4d38b8a1c291d461b
f9e2e591179caafaee3239eb59c2570395edd300
bbd0fb7d5c316f94d9ee11c758a0423ab529a2b635ae19675e541928f8530861

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/1.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:59:38 GMT
accept-ranges: bytes
content-length: 55464
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.pubgmobile.com/id/event/royalepass10/images/icon_logo.jpg

23.36.76.250

200 OK

75 kB

URL HTTP/2
www.pubgmobile.com/id/event/royalepass10/images/icon_logo.jpg
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3\012- data
Size
75 kB (75149 bytes)
Hash
92c19dc5bd77186e5bb8ed35ce668979
646bf70d1c669c7d7388f95a0a33755e4721289c
0d9cf7eb8fb12be77685134e63f7dae9a95fbf9306ae0529bd0347582d18a8ef

HTTP Headers

GET /id/event/royalepass10/images/icon_logo.jpg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 75149
last-modified: Wed, 15 Sep 2021 06:46:59 GMT
etag: "614196e3-1258d"
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=300
expires: Sun, 25 Sep 2022 20:35:11 GMT
date: Sun, 25 Sep 2022 20:30:11 GMT
X-Firefox-Spdy: h2

www.pubgmobile.com/common/images/link_2.png

23.36.76.250

200 OK

827 B

URL HTTP/2
www.pubgmobile.com/common/images/link_2.png
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 96 x 97, 8-bit colormap, non-interlaced\012- data
Size
827 B (827 bytes)
Hash
5237cbfbbee111383e08cfc45a464042
c540d679fda7b859b08b19635d0cebdedf529b86
e20d0a77af62d8461cc5f464d9463d7eb417452e32ce216cff928b0658a53a52

HTTP Headers

GET /common/images/link_2.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 827
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
etag: "60534f72-33b"
accept-ranges: bytes
cache-control: max-age=295
expires: Sun, 25 Sep 2022 20:35:06 GMT
date: Sun, 25 Sep 2022 20:30:11 GMT
X-Firefox-Spdy: h2

www.pubgmobile.com/common/images/link_1.png

23.36.76.250

200 OK

412 B

URL HTTP/2
www.pubgmobile.com/common/images/link_1.png
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 97 x 97, 8-bit colormap, non-interlaced\012- data
Size
412 B (412 bytes)
Hash
82939295be11b12439a76cada0d3b06d
d5ae3f2dbb15970e5f3aae222e08212f020f85d5
99ed54c6d4dbabf849b1b844a548a0ee3f8a8d0bf2c4424d57ee5d8c761f843a

HTTP Headers

GET /common/images/link_1.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 412
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
etag: "60534f72-19c"
accept-ranges: bytes
cache-control: max-age=300
expires: Sun, 25 Sep 2022 20:35:11 GMT
date: Sun, 25 Sep 2022 20:30:11 GMT
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/js/popup.js

52.230.38.12

200 OK

560 B

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/js/popup.js
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (2172), with no line terminators
Size
560 B (560 bytes)
Hash
48bd14257f0d8709af0d9acd40389b20
dfae3fa8cf54ca0c94794d44c5824387ec2c0b4d
c44f87b09553b1c95163aa6542ea574fe60e45174f72c5e02c2701d9e33fc276

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /js/popup.js HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: application/javascript
last-modified: Fri, 26 Nov 2021 11:51:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 560
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/js/click.js

52.230.38.12

200 OK

154 B

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/js/click.js
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
154 B (154 bytes)
Hash
8a52ed6d3f95485222023ab95ae0291d
0c2818cef38d5d103786ca4db2b2ae76e81c1139
cd72a550b8c4648cb41e1d837e15b6dcbe5df634896a486bcd1a91aacb83bcd6

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /js/click.js HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: application/javascript
last-modified: Fri, 26 Nov 2021 17:33:58 GMT
accept-ranges: bytes
content-length: 154
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/js/spinFunction.js

52.230.38.12

200 OK

636 B

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/js/spinFunction.js
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
636 B (636 bytes)
Hash
c88326c478ae11a6f99d61b5324fd615
3eed72047ccd2af0c8ad595bef03f3869b7d95ee
9f0b2108e1a3478a2ed7e2d7ef0b7a6890f083cc4c9f0a4a99979d0e1344b15f

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /js/spinFunction.js HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: application/javascript
last-modified: Fri, 26 Nov 2021 17:36:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 636
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.pubgmobile.com/common/images/link_4.png

23.36.76.250

200 OK

768 B

URL HTTP/2
www.pubgmobile.com/common/images/link_4.png
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 97 x 97, 8-bit colormap, non-interlaced\012- data
Size
768 B (768 bytes)
Hash
b480c3674a6555319933765cabc6bad1
ebba145f86644ffa0c0fb85482ca6d87977e63da
a61ba6147dc708bcecfb1a2adfdd5ceb9550e06992c5ffb42c3e30d36823e95c

HTTP Headers

GET /common/images/link_4.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 768
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
etag: "60534f72-300"
accept-ranges: bytes
cache-control: max-age=273
expires: Sun, 25 Sep 2022 20:34:44 GMT
date: Sun, 25 Sep 2022 20:30:11 GMT
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/media/putar.mp3

52.230.38.12

206 Partial Content

92 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/media/putar.mp3
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size
92 kB (92512 bytes)
Hash
f0858e0f1bdad4dc4fc5a70b2fdcf2e3
f33fdf0b7762a864aad6b34eb9dbbfae52869dcd
9d75aee8bcc5636d3d2dcd95370a55468121ae7a484509b23160c192a95254aa

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /media/putar.mp3 HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
content-type: audio/mpeg
last-modified: Tue, 23 Nov 2021 08:53:20 GMT
content-range: bytes 0-92511/92512
content-length: 92512
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.pubgmobile.com/images/event/royalepassm5/bg_1.jpg

23.36.76.250

200 OK

351 kB

URL HTTP/2
www.pubgmobile.com/images/event/royalepassm5/bg_1.jpg
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x960, components 3\012- data
Size
351 kB (351387 bytes)
Hash
852db6081c17a744c475d85c6de70a0b
98b26bc014f0147eb874ed92efc673820b56a0c2
a28304aa895440c6efcfd4097771141af9a322fa93b036b366938c0f31178375

HTTP Headers

GET /images/event/royalepassm5/bg_1.jpg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 351387
last-modified: Thu, 18 Nov 2021 06:31:57 GMT
etag: "6195f35d-55c9b"
accept-ranges: bytes
cache-control: max-age=300
expires: Sun, 25 Sep 2022 20:35:11 GMT
date: Sun, 25 Sep 2022 20:30:11 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d9a28833c53afc841a351032effe8b3a
a521a974f508c23b7b32c9ef05eee6036043a1bd
ab0e2b87422a5f1290d713d916e38ace204fe012de778892c8289d1f23481196

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB0E2B87422A5F1290D713D916E38ACE204FE012DE778892C8289D1F23481196"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14820
Expires: Mon, 26 Sep 2022 00:37:11 GMT
Date: Sun, 25 Sep 2022 20:30:11 GMT
Connection: keep-alive

k.top4top.io/m_1807x9v082.mp3

65.21.235.194

206 Partial Content

6.8 kB

URL HTTP/2
k.top4top.io/m_1807x9v082.mp3
IP
65.21.235.194:0
ASN
#24940 Hetzner Online GmbH

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size
6.8 kB (6824 bytes)
Hash
c7a9f0b4dab23617e33a84ec16db54d2
d2863f409479d463e669087569a01479936bef36
23a4886519b85fc7223039ed57b1452a8b3786230f0a60fd6d4bfaa6a2511f57

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /m_1807x9v082.mp3 HTTP/1.1
Host: k.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 206 Partial Content
server: nginx
date: Sun, 25 Sep 2022 20:30:11 GMT
content-type: audio/mpeg
content-length: 6824
set-cookie: klj_40d147_downloads=lb4ry; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Mon, 26 Sep 2022 20:06:51 GMT
last-modified: Sat, 12 Dec 2020 03:59:49 GMT
content-disposition: inline; filename="close_reward_popup.mp3"
etag: "5fd44035-1aa8"
expires: Sun, 25 Sep 2022 22:30:11 GMT
cache-control: max-age=7200
x-file-id: x35791342x
content-range: bytes 0-6823/6824
X-Firefox-Spdy: h2

e.top4top.io/m_1839g790y1.mp3

51.159.67.109

206 Partial Content

2.6 kB

URL HTTP/2
e.top4top.io/m_1839g790y1.mp3
IP
51.159.67.109:0
ASN
#12876 Online S.a.s.

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size
2.6 kB (2644 bytes)
Hash
01f7d3fd02583cdfd99b2062c6cab526
1f5d896475bf9a250a4773f1eab6581333d03cf9
35f3cb88514d9156e754f6274ba418b6cc5202b9a3687bd804021320f9f50559

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /m_1839g790y1.mp3 HTTP/1.1
Host: e.top4top.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 206 Partial Content
server: nginx
date: Sun, 25 Sep 2022 20:30:12 GMT
content-type: audio/mpeg
content-length: 2644
set-cookie: klj_40d147_downloads=lmwbs; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Mon, 26 Sep 2022 20:06:52 GMT
last-modified: Thu, 14 Jan 2021 00:11:47 GMT
content-disposition: inline; filename="open_reward_tab%20(1)%20(mp3cut.net).mp3"
etag: "5fff8c43-a54"
expires: Sun, 25 Sep 2022 22:30:12 GMT
cache-control: max-age=7200
x-file-id: x36340264x
content-range: bytes 0-2643/2644
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/season-alert.png

52.230.38.12

200 OK

20 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/season-alert.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 600 x 93, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20488 bytes)
Hash
667b487479a80d9f1db21ec187033baf
1bf688faaf17d64c098ef853a8352b58d7f9f6e3
68a2b2f800decfcbad996e600b6679a0ab081e06c70540b946bbf4c239fb460e

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/season-alert.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:58:08 GMT
accept-ranges: bytes
content-length: 20488
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/btn-off.png

52.230.38.12

200 OK

5.1 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/btn-off.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 190 x 70, 8-bit colormap, non-interlaced\012- data
Size
5.1 kB (5079 bytes)
Hash
6b94d3ef2816c7e787d101d185f8699c
3ec9ec0ced439dd15358cd0373bc840fe188c120
b057e2ce2b07be7f8e452f78612a8b0137264d186d06cdd5a42672093a008844

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/btn-off.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:58:06 GMT
accept-ranges: bytes
content-length: 5079
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/rewards/5.png

52.230.38.12

200 OK

31 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/rewards/5.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
31 kB (31100 bytes)
Hash
51d36d4ad47f58b3e3a65f8908720b43
87bf1a4540cac5ff01f7cc45ce47df7d82a8aa7e
34af21d5d998c4522a370885cd773f2e3d98e31e8900d14e718dd22e9dca9dda

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/5.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:59:40 GMT
accept-ranges: bytes
content-length: 31100
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/rewards/3.png

52.230.38.12

200 OK

25 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/rewards/3.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 600 x 600, 8-bit colormap, non-interlaced\012- data
Size
25 kB (24931 bytes)
Hash
eb55c28d7cba2510ed4139dd61d4b5cd
d072fd1a3d5d0b8f04dce389cf8422f4fe495e82
33052231d2bfe5ea2563ee0f50b85e1aaa22bbdac0dd1fc80815b79dedf84cc4

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/3.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:59:40 GMT
accept-ranges: bytes
content-length: 24931
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/rewards/2.png

52.230.38.12

200 OK

106 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/rewards/2.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 1080 x 1080, 8-bit colormap, non-interlaced\012- data
Size
106 kB (105458 bytes)
Hash
98a00282b09f415a2a38323a39b88148
6a97e5a342babd8393e3b8d94492a4b8393dfcd5
edf34c356c60c88bc5fe8c9bb9785ba1711258fa667788af9200f83ab4b7c304

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/2.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:59:40 GMT
accept-ranges: bytes
content-length: 105458
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/rewards/4.png

52.230.38.12

200 OK

99 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/rewards/4.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 1080 x 1080, 8-bit colormap, non-interlaced\012- data
Size
99 kB (99308 bytes)
Hash
5838f0116f3c1690aa14790720d24838
12b67c42d727eff8a8354d97ce8335980ad58877
de92ba8b7f8ef4531b63081e4b113e81dd8e90bb8a8c9aaf89e184f1c6248ef2

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/4.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:59:40 GMT
accept-ranges: bytes
content-length: 99308
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/putar.png

52.230.38.12

200 OK

114 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/putar.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 1011 x 1280, 8-bit colormap, non-interlaced\012- data
Size
114 kB (114328 bytes)
Hash
ac5ced5c66b234d18666e3b7fadd6e2e
18f0127af200b912a8e3eef75538abae5712ef37
42fd75c98f1a102533f2e8ac25626f8bf4e4844319ae916748edcdafbd48cfc1

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/putar.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:58:08 GMT
accept-ranges: bytes
content-length: 114328
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.pubgmobile.com/common/images/link_5.png

23.36.76.250

200 OK

643 B

URL HTTP/2
www.pubgmobile.com/common/images/link_5.png
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 96 x 97, 8-bit colormap, non-interlaced\012- data
Size
643 B (643 bytes)
Hash
b5e71034e6ad24b6ba8a9e2dd4e9eacf
8764842732f93a3f3bb3a79944163e5a8ef67b9a
ece6fc3bf5e763a1031f5900eea1e88bd8a27bf8a2a9bddf4402301f450f21e4

HTTP Headers

GET /common/images/link_5.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 643
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
etag: "60534f72-283"
accept-ranges: bytes
cache-control: max-age=293
expires: Sun, 25 Sep 2022 20:35:05 GMT
date: Sun, 25 Sep 2022 20:30:12 GMT
X-Firefox-Spdy: h2

www.pubgmobile.com/en/images/pay.png

23.36.76.250

200 OK

1.3 kB

URL HTTP/2
www.pubgmobile.com/en/images/pay.png
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1319 bytes)
Hash
0950bb106b9361f850f5181a9acd02eb
87ba05b8bae18d0a747fefe375f128ec1aecf81d
12ecca619edd7636523e6b67f2953ed82326d5b49bcc565bd14e36aedb933325

HTTP Headers

GET /en/images/pay.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 1319
last-modified: Fri, 05 Mar 2021 06:44:57 GMT
etag: "6041d369-527"
accept-ranges: bytes
cache-control: max-age=300
expires: Sun, 25 Sep 2022 20:35:12 GMT
date: Sun, 25 Sep 2022 20:30:12 GMT
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/rewards/6.png

52.230.38.12

200 OK

218 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/rewards/6.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 1280 x 1280, 8-bit colormap, non-interlaced\012- data
Size
218 kB (217484 bytes)
Hash
f7232b1263d7b852a98f899895390aa2
8bb859f92dc65de5d41b321343fd7b8905261c12
1a1a24c7b95fe6f7dd82de62bef2ce51b6eec800502cfbb57b203deb35887bc1

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/rewards/6.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:59:40 GMT
accept-ranges: bytes
content-length: 217484
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/img/spin.png

52.230.38.12

200 OK

457 kB

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/img/spin.png
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 1280 x 1280, 8-bit colormap, non-interlaced\012- data
Size
457 kB (456703 bytes)
Hash
4fdb6f73c01833f3304b3ae18700f23c
41a36415cb0866a98eecf445d5273b84844d0eb1
06450bb63895376ae5c06edccd05dd258d79b26fa40a45de1960a2aaec9e334c

Detections

Analyzer	Verdict	Alert
openphish	Tencent

HTTP Headers

GET /img/spin.png HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 02 Oct 2022 20:30:11 GMT
content-type: image/png
last-modified: Tue, 23 Nov 2021 08:58:08 GMT
accept-ranges: bytes
content-length: 456703
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.pubgmobile.com/common/images/link_3.png

23.36.76.250

200 OK

638 B

URL HTTP/2
www.pubgmobile.com/common/images/link_3.png
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 97 x 97, 8-bit colormap, non-interlaced\012- data
Size
638 B (638 bytes)
Hash
de20417af4a25e0e4b270108101dc88a
cd0d4a6be07ae625ca9137d5594733c8bdce0a8d
65bcb1d2699f8726c0fe67bd01eb5cc8cd682a8eb8b67aeda82739a41f1f5a8d

HTTP Headers

GET /common/images/link_3.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 638
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
etag: "60534f72-27e"
accept-ranges: bytes
cache-control: max-age=285
expires: Sun, 25 Sep 2022 20:34:57 GMT
date: Sun, 25 Sep 2022 20:30:12 GMT
X-Firefox-Spdy: h2

www.pubgmobile.com/images/event/royalepassm5/m_bg_3.jpg

23.36.76.250

200 OK

120 kB

URL HTTP/2
www.pubgmobile.com/images/event/royalepassm5/m_bg_3.jpg
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 750x1624, components 3\012- data
Size
120 kB (120391 bytes)
Hash
2a4f294c0e824b6b6fded0c511881046
741de418318a3db3b0ebb85f8803b34b2100bf1d
02a0a9c2ec6ffc9fd4764e9f6c07d55f16f27f5e46bcb94bdb6fc585b3cc2297

HTTP Headers

GET /images/event/royalepassm5/m_bg_3.jpg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 120391
last-modified: Thu, 18 Nov 2021 06:31:59 GMT
etag: "6195f35f-1d647"
accept-ranges: bytes
cache-control: max-age=273
expires: Sun, 25 Sep 2022 20:34:45 GMT
date: Sun, 25 Sep 2022 20:30:12 GMT
X-Firefox-Spdy: h2

www.pubgmobile.com/images/event/royalepassm5/kv_logo.png

23.36.76.250

200 OK

88 kB

URL HTTP/2
www.pubgmobile.com/images/event/royalepassm5/kv_logo.png
IP
23.36.76.250:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 460 x 543, 8-bit colormap, non-interlaced\012- data
Size
88 kB (88534 bytes)
Hash
16d9c268ce10ceb3b96436fb637c2c03
2c1fd55c3237346eb679762e6311ed26297734ff
4fb413cdb813d9fb0e299b6ac44f0143972dff48e0e626bc4d8b903b365f0af1

HTTP Headers

GET /images/event/royalepassm5/kv_logo.png HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/png
content-length: 88534
last-modified: Thu, 18 Nov 2021 06:31:59 GMT
etag: "6195f35f-159d6"
accept-ranges: bytes
cache-control: max-age=284
expires: Sun, 25 Sep 2022 20:34:56 GMT
date: Sun, 25 Sep 2022 20:30:12 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19355
Expires: Mon, 26 Sep 2022 01:52:48 GMT
Date: Sun, 25 Sep 2022 20:30:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19355
Expires: Mon, 26 Sep 2022 01:52:48 GMT
Date: Sun, 25 Sep 2022 20:30:13 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size
13 kB (12826 bytes)
Hash
b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rN_8rm10Pxb0AUKW6ECfNulcYxBaS7FgGD15gT14dX-FlsGJfqahxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:19 GMT
age: 82374
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0737a7ae-3ae7-4fe5-b739-e988b295c795.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8715 bytes)
Hash
a89e7161745036637a66e8ab5b7efdf9
79c83cc27996b2339bd63764dbb2ae9744db6d70
13b990c3c6a9bee6def25d007e14628c52e427b6f4c718895b1817d5e8e59760

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0737a7ae-3ae7-4fe5-b739-e988b295c795.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8715
x-amzn-requestid: d5e237f4-4c0e-4e3b-b3ae-ea1eb5b7cafc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y5JmTEAwIAMF_Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632d22f4-48a975a866edc1755858600f;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 03:07:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Sm6N8Un8XKHtGGZwxLd1aYygBns1l8siRvcc2w_9V2imJopvt8Ockw==
via: 1.1 44cd593d82a2d200a94217033c614c6a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 07:09:15 GMT
age: 48058
etag: "79c83cc27996b2339bd63764dbb2ae9744db6d70"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6199 bytes)
Hash
714af732a9aa1db2b13ffb62810fd532
358e74de395352a9529ff1c17856daf8900888c5
1d2035cfcd283560ebe8494f9438e52f8d96cd092dd41cb0eb899a3f905c1e05

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6199
x-amzn-requestid: d26f22d9-4e9b-4764-8c96-2e1c7ce36340
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--OKHowoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7727-7adb7c4925e6e50e13889544;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LryqVGSkKbiNOwcqXMULY9FXbOuZBBenjgGPDME3NZLZOdp5divXmw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:02:29 GMT
age: 80864
etag: "358e74de395352a9529ff1c17856daf8900888c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5305 bytes)
Hash
9773faaac4deac40b96cd0802e974f36
db601663fa6ee5564eddaf8d3d84c7b04bf3871c
40e7a573f510ff29db04b3fbfacde2ad6ecd67b4c0be30034e057654c86408a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5305
x-amzn-requestid: df7ba218-d20c-4389-8895-affd870ad15f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y5JqKGtHoAMFcJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632d230d-1854a5420f7091316aa4f211;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 03:07:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: v37Rjs_OtmFd6UKau0Flv_J6GAWTe0UdA8hXaDmmn6SmLXQbEHeBVQ==
via: 1.1 44cd593d82a2d200a94217033c614c6a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 03:45:44 GMT
age: 60269
etag: "db601663fa6ee5564eddaf8d3d84c7b04bf3871c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10032 bytes)
Hash
aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5CzA52-o7GYViSJ4lna7ptv9dycJCUL-NLWOk-iCW-ZxDU_FQH_OoQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:51:18 GMT
age: 81535
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8914 bytes)
Hash
dfdacc8edea3c24dad020d7e9c11b3f4
2b6e37596e88b62f288dc8e8c937fd904fae28d5
338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
content-type: image/jpeg
age: 82387
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc313594-ca24-4e62-bba0-99a0475817bf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14237 bytes)
Hash
ed165f50993660657ba10cdebdb895b3
0241ca5908ca229c2528a3c84177488cc2c08c13
b13c7b9ce6ae5d4295467977258ab19da8329b0f1db39e38f11d16d905d742cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc313594-ca24-4e62-bba0-99a0475817bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 14237
x-amzn-requestid: ebac6624-ee74-4911-b34d-f12abd8524e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7ruIG08oAMF6bQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e265a-1119098a051db3235b3a0674;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:34:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PuRSMM1YJ_03oGNhk2W-FwfPRkhU_TDcvyi-31NspF3s8U7erzx6_A==
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:21:10 GMT
age: 79749
etag: "0241ca5908ca229c2528a3c84177488cc2c08c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/media/header.mp4

52.230.38.12

206 Partial Content

0 B

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/media/header.mp4
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET /media/header.mp4 HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Tue, 23 Nov 2021 08:53:20 GMT
content-range: bytes 0-2640963/2640964
content-length: 2640964
date: Sun, 25 Sep 2022 20:30:11 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:300,400,500,700|Teko:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyspinpubg-eventhacks.xlox.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Sep 2022 20:30:11 GMT
date: Sun, 25 Sep 2022 20:30:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

luckyspinpubg-eventhacks.xlox.ml/

52.230.38.12

200 OK

0 B

URL HTTP/2
luckyspinpubg-eventhacks.xlox.ml/
IP
52.230.38.12:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: luckyspinpubg-eventhacks.xlox.ml
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Sep 2022 20:30:10 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (68)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size