Report - www.rodaslotjp1.top/

Report Overview

Submitted URL
www.rodaslotjp1.top/
IP
104.21.31.192
ASN
#13335 CLOUDFLARENET
Submitted
2023-01-29 11:52:47
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	2.0 kB	115 kB	142.250.74.163
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.1 kB	4.2 kB	142.250.74.131
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	368 B	1.9 kB	104.18.21.226
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	441 B	2.1 kB	142.250.74.138
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.88.113.219
www.rodaslotjp1.top	unknown	2023-01-18T12:37:56Z	2023-01-18T12:37:57Z	13 kB	3.0 MB	172.67.179.154
secure.livechatinc.com	6541	2012-08-20T21:27:12Z	2023-03-13T05:22:03Z	585 B	2.7 kB	95.101.10.171
accounts.livechatinc.com	7698	2017-07-31T07:50:56Z	2023-03-13T05:22:04Z	492 B	1.6 kB	95.101.10.171
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-13T06:17:54Z	432 B	12 kB	151.101.129.229
api.livechatinc.com	5353	2013-12-20T15:27:35Z	2023-03-13T05:22:02Z	2.2 kB	7.5 kB	95.101.10.171
cdn.livechatinc.com	6288	2012-06-22T10:37:34Z	2023-03-13T05:22:02Z	2.6 kB	140 kB	95.101.10.171
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	386 B	78 kB	142.250.74.40
cdn.discordapp.com	2474	2015-08-24T15:06:21Z	2023-03-13T05:09:05Z	5.1 kB	3.1 MB	162.159.130.233
img.pay4d.info	93767	2019-09-25T05:12:55Z	2023-03-13T06:56:23Z	18 kB	713 kB	104.19.136.75
liputanslot.net	unknown	2022-09-10T11:14:10Z	2023-01-18T08:24:01Z	757 B	2.3 kB	194.1.147.84
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	739 B	449 B	216.239.32.36
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	52 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-29 11:52:42	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-01-29 11:52:42	medium	Client IP	172.67.179.154	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	www.rodaslotjp1.top/	Phishing
2023-01-29	medium	www.rodaslotjp1.top/js/jquery.marquee.min.js	Phishing
2023-01-29	medium	www.rodaslotjp1.top/js/jquery.pause.min.js	Phishing
2023-01-29	medium	www.rodaslotjp1.top/js/webduo35.js	Phishing
2023-01-29	medium	www.rodaslotjp1.top/webdata.php?content=broadcast	Phishing
2023-01-29	medium	www.rodaslotjp1.top/webdata.php?content=mobileapp	Phishing
2023-01-29	medium	www.rodaslotjp1.top/webdata.php?content=desktopapp	Phishing
2023-01-29	medium	www.rodaslotjp1.top/webdata.php?status=time	Phishing
2023-01-29	medium	www.rodaslotjp1.top/fonts/glyphicons-halflings-regular.woff2	Phishing
2023-01-29	medium	www.rodaslotjp1.top/capimg.php?3302	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	www.rodaslotjp1.top/	1.1 kB	2023-03-13	2023-03-13
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash d9dc29f33e925357cf9a148297c48baf 16904857e8b4dd0a0105ec65b98a02e15240474c 1ae97606565ad59ba4cf1e70b6768e54f40536da3877a78617bfd65330d5eda7 Loading...

	www.rodaslotjp1.top/	576 B	2023-03-13	2023-03-13
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash f4b70cb8b8312033277cefe6eb4b0350 6ea03bf91bf71ad1b36cfaec349fb3f86927b361 218ba876e6f5ad00eb42cbbb587c33418301c4c27ec1274be8d81a18e7d09489 Loading...

	secure.livechatinc.com/customer/action/open_chat?license_id=12114207&group=0&embedded=1&widget_version=3&unique_groups=0	2.5 kB	2023-03-13	2023-03-14
Pretty URL secure.livechatinc.com/customer/action/open_chat?license_id=12114207&group=0&embedded=1&widget_version=3&unique_groups=0 IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:11:34 Last Seen2023-03-14 06:26:07 Times Seen1 Hash 0adfdee1bff3ae07357fcfca6cafc1fc 653c2a38a1047e3c6384942a315ab8b67e676e65 a8b49021237400981adbe4b95cf0f8a17c87ea0a1f88191ee0ccadc66b370ce6 Loading...

	cdn.livechatinc.com/widget/static/js/0.d619df13.chunk.js	48 kB	2023-03-08	2023-03-17
Pretty URL cdn.livechatinc.com/widget/static/js/0.d619df13.chunk.js IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:58 Last Seen2023-03-17 22:17:08 Times Seen1 Hash 10a3d7ac1ed37325d3341c379ee0de69 568234e1f256abe6987b7c9965b51bbc119c0160 8250a0a8a2b63bfae72b2604bc53e7764530aa08651e7c0cb253a90a6c762a8c Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-04-24
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-24 22:31:10 Times Seen261020 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.rodaslotjp1.top/js/webduo35.js	28 kB	2023-03-08	2023-04-20
Pretty URL www.rodaslotjp1.top/js/webduo35.js IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:02:12 Last Seen2023-04-20 04:38:05 Times Seen58 Hash 03202158f907e827e9eca32f48e68d7a af1ce4eb09aff731dcb5b60220efb67b955048a1 de786ed07d8d63eb4363dab605cf35309cba929aac48c02f00a9f3697c4a9f77 Loading...

	www.rodaslotjp1.top/	299 B	2023-03-07	2023-04-20
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:32 Last Seen2023-04-20 04:38:05 Times Seen46 Hash 1ad30f8431977e691204a8e80ea23ca1 7b73359f36d3fe2dcad66fd4486469a5a88c3053 9bd444d31d819741ad3c625ccef43571313e7370ab16642ec4a0fe78d741aaf9 Loading...

	www.rodaslotjp1.top/js/jquery.pause.min.js	1.7 kB	2023-03-07	2024-01-09
Pretty URL www.rodaslotjp1.top/js/jquery.pause.min.js IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:32 Last Seen2024-01-09 19:36:30 Times Seen48 Hash 17e6addbebb0c8408de8629c8cd5ac46 a9a7d181c4361235077b4ecb8f73bcd90d2bdbc2 201542af15d8f2840e6e0ed30a359092760f6a394a3e1dbecf61b5ffbd5bdbe1 Loading...

	www.rodaslotjp1.top/	747 B	2023-03-13	2023-03-13
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash 8ab286f8ac73809c377aa47d1646ad32 4b18860b6509053338d68f2098cd13f83c4295bf a568032fe59e23e9774051aa1216098c52335eabbd90e1eebf28137d6c0a19c2 Loading...

	www.rodaslotjp1.top/	169 B	2023-03-07	2024-02-20
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:32 Last Seen2024-02-20 23:26:03 Times Seen244 Hash b21e43c0570e9fc4f8205b825bb547ec b5246ed21fcc5fa2a3dc128e2054c77eadf2bc8d dc768117ef69bdcdd52eaad2b2207c142fcf34775e10165ef4f6d42a611cb69c Loading...

	cdn.livechatinc.com/tracking.js	87 kB	2023-03-13	2023-03-14
Pretty URL cdn.livechatinc.com/tracking.js IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:11:34 Last Seen2023-03-14 06:27:26 Times Seen1 Hash 29e075294399875f6fd4bdaa0f4a20e4 4b66dda1ae90f520557c9e3190686a4c4301282c b3fcf409ea4cc82df451395238d14a5c25a8bde7f6d6bf547125ed0b374e2dda Loading...

	www.rodaslotjp1.top/	153 B	2023-03-13	2023-03-13
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash 5a7110e2075326593ca313bf7a3228e7 cb46c03abe9f16f2b45bd37ca8abd7a5de99a2a5 dbc66494cb5f2981bc54dd1a0b9b2b3d907681fb729c8b8f57b660977bab0c03 Loading...

	cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.min.js	40 kB	2023-03-07	2024-04-24
Pretty URL cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-24 22:47:43 Times Seen12192 Hash 2f34b630ffe30ba2ff2b91e3f3c322a1 b16fd8226bd6bfb08e568f1b1d0a21d60247cefb 9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe Loading...

	liputanslot.net/assets/message.js	1.3 kB	2023-03-13	2023-03-13
Pretty URL liputanslot.net/assets/message.js IP 194.1.147.84 ASN #210250 K Media Tech Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash 3275e2369f48d09fdcd02997ebfe2e69 3c84611d735970ae99c6e6af3582e0d9a9445975 57cfbee4d09f027af4c782c49ede6111431d2b031d7f7e467be266d9c5d4a5da Loading...

	api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=12114207&version=990.1.1.2117.89.215.1.2.10.1.7.17.0&group_id=0&jsonp=__lc_static_config	5.7 kB	2023-03-13	2023-03-13
Pretty URL api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=12114207&version=990.1.1.2117.89.215.1.2.10.1.7.17.0&group_id=0&jsonp=__lc_static_config IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash b6d0b89474e00b650756182c4f170926 a5f2ccc8c4aae34def71f91175d55eea99468d43 9d65ec861324e200315895bacee81eafa2eab6b5cb214920d497d5c09226b260 Loading...

	cdn.livechatinc.com/widget/static/js/iframe.73879adc.chunk.js	764 kB	2023-03-13	2023-03-14
Pretty URL cdn.livechatinc.com/widget/static/js/iframe.73879adc.chunk.js IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:11:34 Last Seen2023-03-14 06:26:06 Times Seen1 Hash 90cad0f1a20bbe0c7b70af650ab7491a e666a88b94923655225458041b850961df4e4ebe 5741acb692282784583db77424af958b107b6ba21a6e6e0b2c44b12d74b5c34c Loading...

	www.rodaslotjp1.top/js/jquery.marquee.min.js	9.1 kB	2023-03-07	2024-02-16
Pretty URL www.rodaslotjp1.top/js/jquery.marquee.min.js IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:32 Last Seen2024-02-16 12:33:21 Times Seen73 Hash fb33cf2aed11f9e6d82f325e3a59aeaa 23269fefa9d4c96301289553b145f6cf2224dc5b 98e6d279e0a953b3aed10af732b0144fac9ec784a386750259b6b03eb3f26d93 Loading...

	www.rodaslotjp1.top/	394 B	2023-03-09	2023-12-07
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:54:29 Last Seen2023-12-07 11:37:59 Times Seen31 Hash 7d41e6e47ac0daffb3ab997116000681 821c80c4c58aa939bc21d91c08a861448604d4f8 8142e68e23c6c2ba4efc69a47d7a692ab2949acac4693163334441f6cf981133 Loading...

	www.rodaslotjp1.top/	90 B	2023-03-07	2024-04-21
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:32 Last Seen2024-04-21 22:50:21 Times Seen872 Hash cc3c144b883a3abdbbe71701ebb0e66b 9a6863582eebab6a5c00391ef8a37b3afa855945 26ded8f2b1b53d104c738332e3ede0dc27518fe9aba6ecb67be692592f02e88a Loading...

	api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=12114207&url=http%3A%2F%2Fwww.rodaslotjp1.top%2F&channel_type=code&jsonp=__hnsixewyd1b	267 B	2023-03-13	2023-03-13
Pretty URL api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=12114207&url=http%3A%2F%2Fwww.rodaslotjp1.top%2F&channel_type=code&jsonp=__hnsixewyd1b IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash 675c70fb393dd7c6f3b28a3507a8322d bcd247d62519e5653bfa58bf8aaca65703968df5 f8f5e3c62d3ed5dd7999cddf3e9432981fbecb54554f977661a990be16660a33 Loading...

	api.livechatinc.com/v3.3/customer/action/get_localization?license_id=12114207&version=13159fb2ee05429e3ae48a4031b3d0e0_e31120db4aab15a7f7adba3be62deada&language=id&group_id=0&jsonp=__lc_localization	12 kB	2023-03-13	2023-03-13
Pretty URL api.livechatinc.com/v3.3/customer/action/get_localization?license_id=12114207&version=13159fb2ee05429e3ae48a4031b3d0e0_e31120db4aab15a7f7adba3be62deada&language=id&group_id=0&jsonp=__lc_localization IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash 557d38c131564fc3046304aa8f3b354d 15343919fced97d73b4fdad9a310c2931e4ffbe9 dc2e302b84c04f4170707eff0b4e957005ee73785678ad51009833dfc010adc8 Loading...

	secure.livechatinc.com/customer/action/open_chat?license_id=12114207&group=0&embedded=1&widget_version=3&unique_groups=0	105 B	2023-03-07	2023-04-05
Pretty URL secure.livechatinc.com/customer/action/open_chat?license_id=12114207&group=0&embedded=1&widget_version=3&unique_groups=0 IP 95.101.10.171 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2023-04-05 02:06:41 Times Seen330 Hash d30bfddcdb3764a782b7c8584021d1d6 64ed02149d0db57e6c1d68992361d7c1330a663a 5a8894efd9ef253bc344f5587ea4fb4f4b8da39d4dbd49a390c2302898411623 Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 22:50:31 Times Seen37049633 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.rodaslotjp1.top/	22 B	2023-03-07	2023-04-20
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:32 Last Seen2023-04-20 04:38:05 Times Seen45 Hash 6382d7fb0376e831649246353e4d1c72 f710ee7a7b67204ec04c159ff2c233487cd3d1af f6ec71fffc73475ba11ca4ddcff8b317f4a53b164575728e6b804eba990fe4d8 Loading...

	www.rodaslotjp1.top/	64 B	2023-03-07	2023-04-20
Pretty URL www.rodaslotjp1.top/ IP 172.67.179.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:32 Last Seen2023-04-20 04:38:05 Times Seen45 Hash 7008b4cf27e5df1c0e715885bb4dcd72 8aff2414558b1345a6f67d1783d73116d5de566e 03e31cacefb756fe9eba705d8b69db35e9e63c86ea4ff74cbe99c10a8663af03 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0ce1ff68af3adb72157ca8fbe666ff7b	13 kB	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 11:08:46 Last Seen2023-03-13 11:08:46 Times Seen1 Hash 0ce1ff68af3adb72157ca8fbe666ff7b 0b7f882b7d4ac3d928b134314d67e840c20ec508 33e7a09739dae7dcdf2df981e71f9c05ab4081ee209e177e887d9fe859f6254c Loading...

HTTP Transactions (140)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11871
Expires: Sun, 29 Jan 2023 15:10:26 GMT
Date: Sun, 29 Jan 2023 11:52:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11859
Expires: Sun, 29 Jan 2023 15:10:14 GMT
Date: Sun, 29 Jan 2023 11:52:35 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 11:43:08 GMT
content-type: application/json
age: 567
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13392
Expires: Sun, 29 Jan 2023 15:35:47 GMT
Date: Sun, 29 Jan 2023 11:52:35 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WHS9SMSHO7yNwLY7heiivdWvjgq8tDrY3Byyb0rf49zsLsZeWpvvc0BSqFwDgdr3avZ2IHP1bQI=
x-amz-request-id: 81ES7R46PS4MRZ8A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 11:50:18 GMT
age: 137
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 11:52:35 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.rodaslotjp1.top/

172.67.179.154

200 OK

19 kB

URL HTTP/1.1
www.rodaslotjp1.top/
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (364), with CRLF, LF line terminators
Size
19 kB (19253 bytes)
Hash
e2cadf34a2547c96c02648764042b65f
86f0e70f50a62bb42701386d2eef9cf1c6aa6fbb
db1eec6844199e6d44eabe100f15f84fc39945234ad02b6cdfb2714d3c733334

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: Deny
X-Content-Type-Options: nosniff
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06; path=/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yag4O9%2B4qRDfMQuroG3U3XNz5XbQdP%2BJ2NMHYbZNFwVzBfXRBwqiX%2BiDT0oMTSc%2BLCH%2BAEaN2yw5K%2F6GTYseXIM1jI%2BhYcIxlVadvKj1zElsi%2BDksdfIc9mj0v32mbproVB%2FaJoe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7911c3354afe1c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-D3WR7HGLGB

142.250.74.40

200 OK

77 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-D3WR7HGLGB
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (19467)
Size
77 kB (77228 bytes)
Hash
3ca1e3847c247ca488910b637581762e
cea2f520e100a496e439fadd016f0cd34cbe2045
01a32313feee2e3852a36b7b0ef4522eb29ccf83eb494af673f7e0214c9e682f

HTTP Headers

GET /gtag/js?id=G-D3WR7HGLGB HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 29 Jan 2023 11:52:36 GMT
expires: Sun, 29 Jan 2023 11:52:36 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77228
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.min.js

151.101.129.229

200 OK

11 kB

URL HTTP/2
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.min.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (39553)
Size
11 kB (10942 bytes)
Hash
3d7736f3e0093bfcece832c8a1dced40
4421527237d7cf60ab3a8605e131d90370d59f8e
9bfb0fe335300ad7521ccc87e8a1d7be601958e3a9b9f0ea8f98cc7fa3946e70

HTTP Headers

GET /npm/bootstrap@3.4.1/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.rodaslotjp1.top
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.4.1
x-jsd-version-type: version
etag: W/"9b00-sW/YImvWv7COVo8bHQoh1gJHzvs"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 29 Jan 2023 11:52:36 GMT
age: 6502861
x-served-by: cache-fra-eddf8230083-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10942
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:52:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
87084c125ab6d4f169bf99317d1c2ed5
af2a834bd96feb88c28e6c57aca04f2dcdf2ea7e
bbd76d3cf3dc02c4c14871ee08dc41c05a9a06fcd676ccc82003b050c253e1af

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:36 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "19E6661F7F7A85758646A9372D46CCBEFBBFD995"
Expires: Sun, 29 Jan 2023 23:00:00 GMT
Last-Modified: Sun, 29 Jan 2023 11:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 323
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c33a6d8bb505-OSL

cdn.discordapp.com/attachments/1043766431235440694/1057962436818378843/fbgif.gif

162.159.130.233

200 OK

32 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1057962436818378843/fbgif.gif
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 298 x 298\012- data
Size
32 kB (31651 bytes)
Hash
015df9a2407a5ed72b692e04e2d3cd20
b1d114152f9e0b472472c053f3414cefc29367e6
f88c966a4a26b533e3ba554c002c8073e76e8762d537ea5b40fd96769d7d71ee

HTTP Headers

GET /attachments/1043766431235440694/1057962436818378843/fbgif.gif HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/gif
content-length: 31651
cf-ray: 7911c339cbd31bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "015df9a2407a5ed72b692e04e2d3cd20"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Thu, 29 Dec 2022 10:05:01 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1672308301005635
x-goog-hash: crc32c=WSUnWQ==, md5=AV35okB6XtcraS4E4tPNIA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 31651
x-guploader-uploadid: ADPycduQ8hhNNBp5HGgM0GXc6IqQ8ny6LkrR_JBFbTRjPcZSAkPTRfALKPvKMK61Nd9Gto_IQ1Spnow-DP5De9_mh_ViZPc3C5cP
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=oxRIe_g6HqO8zNNJf5_neu2r5umZMCFtl3BakKnw7tc-1674993156-0-AfpYr4Jsc6OMqT3eo+e4uqn8Sf3/KtEdTkTjV+d/2bLw5tZwD156yQXsHNKwezZWNhZmX3s/1j3XZn0Guo7fpgY=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=Y5Br.A6vVk9Z132LQxgnScANuPAc3tYeBCTrgNRohE8-1674993156-0-AeHB8c2tOSj3H9jU+0e06T4G97/3YWA/Fo5AmuwcTzT/bYAwRQIzjkWXQdak+Ci3OKRWfaevoVytWEKooUOHu+M=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rvleWHAVH1YdIDmH87ylMxa2iABBRVIPrcLYMlHxZBBto3eoxdA2Eq7p%2F6wjdGxzh8NjAFpAGmizlojgdaPHSDlqbveCIiTAr5JZmquMhTb9jqazIVcPP74gJ6AYAEDQJfM2zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1057962436449292328/waweb-minn.gif

162.159.130.233

200 OK

184 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1057962436449292328/waweb-minn.gif
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 146 x 144\012- data
Size
184 kB (183562 bytes)
Hash
fff30d8c717ffbb76f59cacc77538f10
28f46fb19f6f6c73a27c262d6670f13e8a1a29e6
f52fbc216e5b65f7f40752c012f1c4cf46a5756808a34b4b422db192b5f220c4

HTTP Headers

GET /attachments/1043766431235440694/1057962436449292328/waweb-minn.gif HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/gif
content-length: 183562
cf-ray: 7911c339cbd01bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "fff30d8c717ffbb76f59cacc77538f10"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Thu, 29 Dec 2022 10:05:00 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1672308300906900
x-goog-hash: crc32c=yGd2FA==, md5=//MNjHF/+7dvWcrMd1OPEA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 183562
x-guploader-uploadid: ADPycdu9_F8JEX4szWG98lFb_MbH2zLWSe-fVFxJgLUM0g4ZxXrhDWiSD5Wr74iLsJ10Hcu6V7-qlmb8tGxcR1MiubTKIt24Gx5R
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=uV6MabqDS595TFC8Qc7srA4ZXGjbsOQhxRXQrkhC9HY-1674993156-0-AX90K0/jcNBBIutetJu7iwURclkZwi5cE1v9uyd7OQpB/fIawq0mZ/AgshladHdYnYxGdJ/NXrbQIZeYb6RqbUQ=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=1I_AilEuzM64xaOLdD0YQXEGbFeNFbkpuhx_Z.XrPeU-1674993156-0-AYRtl+qP23NCv4Nh6Z/EXssrRoWaWcJ9Xf8MG6KpZLwDv89aKNI0KB7tOqzd+dxzCMKOn4Dm3OmlnfYx/6oIKSs=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jIuuz4PLRKIQBvhq2AXHiK1EQvJpNKUmVnnK8abh5hA0Ri7HfRB9YblJ35ftjqHkKY0G5Nm%2BBvRK6G3Uk7NIbmtT%2FfSRZLDIc6UYhfwOVXew7VvODmue107h4fGPEx4BAIIOtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1051837894333038623/rtp.webp

162.159.130.233

200 OK

337 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1051837894333038623/rtp.webp
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
337 kB (336686 bytes)
Hash
d7631f58e757782f0b47ed244d57bf53
832d28bf284861af42ac8c6a4f51184595ce7551
50df1b10eb0d613cc450dffa37bbd9008e77d3a4206cb844f357fb12c77e589a

HTTP Headers

GET /attachments/1043766431235440694/1051837894333038623/rtp.webp HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 336686
cf-ray: 7911c339cbcc1bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "d7631f58e757782f0b47ed244d57bf53"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Mon, 12 Dec 2022 12:28:16 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1670848096270666
x-goog-hash: crc32c=3v4QqQ==, md5=12MfWOdXeC8LR+0kTVe/Uw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 336686
x-guploader-uploadid: ADPycdtmN2rXIBoHUqYKZZ5dLWL599xbVNzwUo1WK6YC-6gjOBqRrzfxoe0lKUeZKH1_LGP6J_3fII3JAwTViXfOlosvRZYiIdnM
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=2zhWd_pk3FOYpDjt4UyIpIq3vvNLubI6vnb2UwC1MOg-1674993156-0-ASLEXmxcVW0chvov5CBPKbWlML8hhz+eSE41OaAwoJstjXAIJv94QzbTm7KoW6YV3Yxjy8niBodvNUbmgiCHpd4=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=O2uKfcb6d.btg5ir03jN0wHCcOdf0D..mnGSEPB8NMQ-1674993156-0-AaASktLncolHR8c1gglHYnNhDpX3AjzFUakP/OD0eEfURY1zOrbHOD0geRVtvKnzHMPuszmeemUEnmGxx22EPUY=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hapKna1dC8Sb7aEiO5V6LyXecjNwJlh%2FwETvOVzK1tUp8X2ZkeRN5QkiTHFOVEmwSOabv4uerQcfMTfOg88Nh31DBKPTqmTxLF4Ktv5ALuOfU0c3eVAOD5%2FyTgF27p77MYUIqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1043766697074638959/bonus-newmember-30.jpg

162.159.130.233

200 OK

159 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1043766697074638959/bonus-newmember-30.jpg
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
159 kB (159285 bytes)
Hash
1bb95c4b8b74a93f7379f175d471e7ac
2c527db477cd51df3d0f0da0574e2a36d06c34d7
6986e3e1dd0a059ad7ad01b1dc61de72ff836cd31d00c511f3c766cea4d2093e

HTTP Headers

GET /attachments/1043766431235440694/1043766697074638959/bonus-newmember-30.jpg HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 159285
cf-ray: 7911c339cbd11bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "1bb95c4b8b74a93f7379f175d471e7ac"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Sun, 20 Nov 2022 05:56:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: h2pri
x-goog-generation: 1668923772857515
x-goog-hash: crc32c=rLfnIQ==, md5=G7lcS4t0qT9zefF11HHnrA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 159285
x-guploader-uploadid: ADPycdupaEFx2cL7OeVg8mMmm5z_LrIip3AiayeNvkrPMLJ69JTKpwTCUEs3-TwhUMNvru2wU0MwLs0X8gzir48JhURdxrKmIoJm
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=0P_sayfzSgCD_9lM_5WopAntauGyR4gDxXLDT9u.4eI-1674993156-0-AYUy+pwKecnVEGrxrUIzK2bl60n9yuR8HkkCmsa9460Z+McKtyvxjV64wpi8z+ATjYhCcdsqShgbVNIqlp5f8lI=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=YwOqroNiTKlH.vb0NowyzmiNOR7uZzBLvmDRvFGjcsY-1674993156-0-ARYKPO3toigWQgpBUt7ku5WA98eyznhQLgQVWCCljWN1No8sZ73udRw6j+0aBgjsDDXxYsWmtU9ubYYV4nZLsbU=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SBHySstAPwBWM9mj3%2FcEokhnUX4VPPG6h5rnJoy0BHWV8zSkW%2F0391RhcmqSLHN0uAbJeJ9O6XQ9cpqYDSKSWTFQkZnqdzJ72jZjM3t4%2F5MEdE3ZkNCCFBNZALJTvGJu0FZc%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

www.rodaslotjp1.top/css/webduo.css

172.67.179.154

200 OK

1.5 kB

URL HTTP/1.1
www.rodaslotjp1.top/css/webduo.css
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.5 kB (1502 bytes)
Hash
c84376bd22c4c69210901e86518fddbe
0ddf937728f748355de9f70e38776de28673b4b1
ef0e30ded8d8998d808ec43f46358c59dc1a5a06d8f960c82f55424535644452

HTTP Headers

GET /css/webduo.css HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 30 May 2021 05:20:16 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNmP6Njku2k%2BimSWGpKwC0rRyTifmVUWvojLs6mBingq1m9dLSmzCR7acWzr2Odxq%2FThSu4JCjh9dnpKtWAr0%2FymaovhYdSM2KFll8ThZaPDiwbzfkna0Q1pWfB7uL8wHCym54HJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c338ceda0afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/css/mediaduo.css

172.67.179.154

200 OK

2.4 kB

URL HTTP/1.1
www.rodaslotjp1.top/css/mediaduo.css
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.4 kB (2407 bytes)
Hash
f3fe2394e0b662a477ed4093af743a7e
5098f0ae863e5f048d299a00cfa22739b5818927
f98e087490b346fba7b9f0b09dc0a6414a4699f1491e7a85fcdbbe6f11bb2f8d

HTTP Headers

GET /css/mediaduo.css HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVZcl3YHNfi9VDkqBRJTeNR1vXv9IWTQtxTj%2FBnyZKxEIgS%2F76b9goR%2F%2FuGfy6qrWFBFkn7pr9itd7dm1JfhxLTULTNMmf2R8dRmlMGD8CjfWCzufh%2BEMWc9LBt1PBJUBlovFEai"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c338df1fb50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

img.pay4d.info/mobile-sport.png

104.19.136.75

200 OK

2.7 kB

URL HTTP/2
img.pay4d.info/mobile-sport.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.7 kB (2730 bytes)
Hash
02a8a80face04e69f3bfa68f686f57bb
61f8a41a95694c27a307199407af513dde0dc43e
d9cd2cc3ba7a11673f072f321e83694c7da5979c0adda00e26de15d9a1f43797

HTTP Headers

GET /mobile-sport.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 2730
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=6408
content-disposition: inline; filename="mobile-sport.webp"
last-modified: Mon, 01 Feb 2021 07:21:49 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa7bb512-OSL
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1043766697447927908/Bonus-rollingan.jpg

162.159.130.233

200 OK

178 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1043766697447927908/Bonus-rollingan.jpg
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
178 kB (178054 bytes)
Hash
dd6f700b123c6e230cf8fab1a6985d83
afa07f7a48cb64084526e2fafd25039fd81c333a
da5ab3bdaf2f619304f8113c548362dc161210ee6f4a5a3643b98f3e4de25fea

HTTP Headers

GET /attachments/1043766431235440694/1043766697447927908/Bonus-rollingan.jpg HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 178054
cf-ray: 7911c339cbcf1bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "dd6f700b123c6e230cf8fab1a6985d83"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Sun, 20 Nov 2022 05:56:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: h2pri
x-goog-generation: 1668923772955222
x-goog-hash: crc32c=caFbhg==, md5=3W9wCxI8biMM+Pqxpphdgw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 178054
x-guploader-uploadid: ADPycdteOOaj-ghPfyfeS04ukxevTtsSu1u28XvYiXNKZynKttoyrAg5qWk1-WPgcUfXTjIQ5HnL96dIX0DjPhRKgP0-9QpNJ-JV
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=.8yb3erT9bduZjQ4RAitAdnLRMg8sNA5lTtM4TfgB_A-1674993156-0-ASl7JrFTz3wmteQSlCxTZWKfde9dbaN7O6BMBbdZQafcOaR6a32sjFSEkERPNpyfnBTeKzYXzOWTTFw3ys6Hdt4=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=FAl4Xz.F1fWNuDCE_6B7Eaptm69Msb77oOC5LjWc0Uc-1674993156-0-AcDgV+wzhMv4GFLOMQoAuyNLE8ia+sFNWGfaWxZh0sUMlARHPQy0DwWzpnQ8umF5tgYgWyxpWsod4NfwijF9uC4=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIzd1GGaz%2FrLrVlKh%2BLsKbohXGJSEfJhnu%2F4mf5z9CHnd6Y0HL8Gzc1rkUYKJ1Pgc383NIV6sCBjpgMiK5rcw%2FbB5PX2z21xCI588Bw5CH0V3N%2BHWDZfVO9MzAHlGUXm8E%2BCuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1043766696864919572/Bonus-slotrollingan.jpg

162.159.130.233

200 OK

343 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1043766696864919572/Bonus-slotrollingan.jpg
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 3750x750, components 3\012- data
Size
343 kB (342669 bytes)
Hash
bb997553725be6dd8d2956cbf1bd953a
9edb824cb77dfaea6773d4a8a011c0ace1b35c53
36d413ac15608bf87e9a505c0024f078f7ef1bb51505455cb32e4ee97079a286

HTTP Headers

GET /attachments/1043766431235440694/1043766696864919572/Bonus-slotrollingan.jpg HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 342669
cf-ray: 7911c339cbc81bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "bb997553725be6dd8d2956cbf1bd953a"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Sun, 20 Nov 2022 05:56:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: h2pri
x-goog-generation: 1668923772817130
x-goog-hash: crc32c=ZaZjZw==, md5=u5l1U3Jb5t2NKVbL8b2VOg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 342669
x-guploader-uploadid: ADPycduEz12hZ52-KSQfVrB0ti4nLysiyHpSzhp4Hcfenr2Na7xSlyRInGfTyPH_SZxjZ7uha8XuOx6oUbJaevqZtWGrmAzHzQlC
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=ZNzvlCaB4jzY.8u31UEnpycK.OZxsTgYdW9DWB7z9ms-1674993156-0-AatnMMR7BU1YIy1+eqPo58DDxiHca+psbmQoGu9ncJoxy3+XQV7V63Y+bFPdPnUUj5ez9nIWYks86+1DZqvn8zQ=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=afM7LahO9DNGuUlQZgM7w2rks8ryKndEBkbTR61Nb.A-1674993156-0-AWF9RDfx/rxZiqoJQNDmb5B+r0arS0RujEmhi9x4HMPXVMptDKot6gAYMjApBp/OSSZ+CP8ETsOhXFBqqi0Ry7k=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C7RlVcnIhvTMxFtrdmIY8ug5iZYyTCM2zYUAZrFWe2OsMm8UQZ51aB5Nq2RGzc5Hjs0lfG8TLk%2B067mbcEk1rYK7pjjYS2M8KCJtNJLgVw4n%2F3aURx49%2Fl6adJ%2FysqRZKUbLJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

img.pay4d.info/picright-b.jpg

104.19.136.75

200 OK

21 kB

URL HTTP/2
img.pay4d.info/picright-b.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 404x194, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
21 kB (20622 bytes)
Hash
11b3651cddd57d137ad1f9f632ca7360
7ac7d221ec9c1865dc06138b53fe870e6bccdb97
43c4b555f21c351bdd7b5953b63d93078c02def41fe3b333c85822aaca5bf5ef

HTTP Headers

GET /picright-b.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 20622
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=24384
content-disposition: inline; filename="picright-b.webp"
last-modified: Fri, 04 Nov 2022 13:42:49 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa87b512-OSL
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1064964032311869561/LUCKY-SPIN.gif

162.159.130.233

200 OK

636 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1064964032311869561/LUCKY-SPIN.gif
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 96 x 96\012- data
Size
636 kB (635643 bytes)
Hash
37156a659381e69400ed45a386ad7151
6d5f8dac0faa4ca8a7b271bcbb16fdc7ca1fdf11
d180186f9cf2f19a97be3976906726a1f66566f9dbd169980acbaf4e9a7bf55a

HTTP Headers

GET /attachments/1043766431235440694/1064964032311869561/LUCKY-SPIN.gif HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/gif
content-length: 635643
cf-ray: 7911c339cbd21bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "37156a659381e69400ed45a386ad7151"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Tue, 17 Jan 2023 17:46:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1673977611437415
x-goog-hash: crc32c=4HR1Jw==, md5=NxVqZZOB5pQA7UWjhq1xUQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 635643
x-guploader-uploadid: ADPycdtbe5RVRR1BgjefyL2CLp2aqssuHcIZaOaGrQkq0CbXwrX0Xw0_CCqVTRnwjWTpfqwv6II5k_jIPxMfUFyyWhG75w
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=TfOO4ViMVjmfrq234QDZPhvd60yzyIkYGskQbv.dGG8-1674993156-0-ASmUanKm+03gWci/YXLrWtRIA9sq8yi8PMV8iLN5JEBUvrhR6rz5ki123U3D9LDnXSIcaYhyKFrfEFj11jUyKMY=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=7nGc0zmpy4XJz8zACihHVaML7bA_VidiCy1dAc_M1PU-1674993156-0-AXjXZ4BrvLa3pmbqtqGVLpo2W1buzB9pNN9kGuZT1ipi3EzfSdeTn21PwJ3b6QtAzIOq7VKqM91/L8HAM8W4stA=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enPQA7ITA8moyeZwxUxe%2BedEyOQyo%2Fdp9NVw1HsOQXNQBeuUnKflaOnBkxNOeBfsqa3VulkiYLfaStkT%2BQot6opaa%2Ffoc8iz%2BM7bNinp9smGyhkzRhr10xrnCW3vbeC6hdot4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1043766696634220544/Bonus-referral.jpg

162.159.130.233

200 OK

300 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1043766696634220544/Bonus-referral.jpg
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 3750x750, components 3\012- data
Size
300 kB (299478 bytes)
Hash
abb01485281ae8fe03c8e39d5c8858e6
c9875c660d146f6c21890b982b83ad89b84ed27f
5f564bc2740b985812c2c5bc2ea82fa06c40a45be072884515e009cb7eb874ca

HTTP Headers

GET /attachments/1043766431235440694/1043766696634220544/Bonus-referral.jpg HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 299478
cf-ray: 7911c339cbcd1bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "abb01485281ae8fe03c8e39d5c8858e6"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Sun, 20 Nov 2022 05:56:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: h2pri
x-goog-generation: 1668923772765616
x-goog-hash: crc32c=vQF/rg==, md5=q7AUhSga6P4DyOOdXIhY5g==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 299478
x-guploader-uploadid: ADPycduMNObDX1rCrrMYwMduMlcoX8Ew4IRgDBdFQOZJpqRkuTQBYroSX_uGQblklvSUs1r9UoIB1mA7PoedzqMRhSiUKkp2aZyh
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=iOVFnedzQ56xLEIhCibzFfz5DaGeHCNCkHFRA3JrtyY-1674993156-0-AZkM1ChULRP3HnBNqgqZ4c4DI9bbL+QIhoMGjoWP+jpJGJ4A9/9w5mhGIeobMBtiV2PdD8br7ZI24Uhg2F5QLno=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=flwIxjScdfA5tW.kwAh2G0J9wltR2RmxnSg1JOaLye4-1674993156-0-AYdpjB0Fwzg8jbG7ifbwOwL6ZAY1YHeZvpzNTiBinnCPT6V3AHWY5IASmvrB8GvfEL35Amyh3AseCR2ka0qb3/Y=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3NJgGGAv5%2BlS1E%2BShfBoz0DrQN2TesNy8%2FqD4nFaz94iPUFW6NkbZwvx7ucedsbFMwAijKqVkTD%2F9iOyoLrtr4s3ogKFc0%2FQRHxIX%2BwhgafluBYjJs%2F8l4Hh5vX1FFD8mBsaAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

www.rodaslotjp1.top/js/jquery.marquee.min.js

172.67.179.154

200 OK

2.4 kB

URL HTTP/1.1
www.rodaslotjp1.top/js/jquery.marquee.min.js
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1219)
Size
2.4 kB (2406 bytes)
Hash
7b2eda62ee8c0b0804a39cfe676467fa
50eb1fb4fefd6e0cbccee08ebd17ec9fcb86ffd9
7fc47d2040f2ede883c15b2c03e799ce5b0154b756533f52966c5043be52b962

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/jquery.marquee.min.js HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:33 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J7qME%2FEqYnIU1qdHtmH%2BfZ%2BL1qROnk%2BwkVBl1pjgI3pykjJowudl%2Baan9r4u3OkH%2BnI%2BhaXY3fi7Nt%2FGz%2BZ1nIYe3Kso32K8zjvtWTGSUVtjzJN1lrlwNoUzmyrMVfaKFD5gzun8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c339cfa01c02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

img.pay4d.info/live-ion.png

104.19.136.75

200 OK

2.4 kB

URL HTTP/2
img.pay4d.info/live-ion.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.4 kB (2434 bytes)
Hash
1a48e4a72414e5587b22eb4ac4ae959b
a3ac92a04917abab71a98503dcfff52be3af7cdb
e48ccb777ed57ca1eee701da53a8fa2d85b64639d0b8210e3160678e1753b144

HTTP Headers

GET /live-ion.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 2434
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=6674
content-disposition: inline; filename="live-ion.webp"
last-modified: Fri, 26 Jun 2020 07:51:41 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a3cb512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/js/jquery.pause.min.js

172.67.179.154

200 OK

875 B

URL HTTP/1.1
www.rodaslotjp1.top/js/jquery.pause.min.js
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (762)
Size
875 B (875 bytes)
Hash
a9b5879d9964e5c7567547b663fa2877
6b19ec1471d65de27418d4c00169c373a6265f62
5373de60466aef12a58e50307929d36607740668bca9622b78b3df753ea16218

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/jquery.pause.min.js HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:33 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bLkccPcTSj5sQYU5C6QuNq4xi1wKRIdSd0Ns2eQG46dlDv35K%2BWIXbE0y4ONJz4c1lptjNBmzw1agSMkGL7B7togEo8DWxuU%2FNmiS%2BCib0%2BlYKWQH2dBz7JA3QuZJe5aQZ6FQUsl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c339cedeb527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

cdn.discordapp.com/attachments/1043766431235440694/1043766697661841498/buy-spin-free-spin.jpg

162.159.130.233

200 OK

406 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1043766697661841498/buy-spin-free-spin.jpg
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 3750x750, components 3\012- data
Size
406 kB (406365 bytes)
Hash
204f04e128ecf26c4e240c6a1a373c40
fffaa2f2ea460bf0f70efe4f7634f31303c76307
6a6ab9fa9f7a84a8147aaaf43e68895dbfa6963ec9dd09f741fd0dbc6c3e93de

HTTP Headers

GET /attachments/1043766431235440694/1043766697661841498/buy-spin-free-spin.jpg HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 406365
cf-ray: 7911c339cbdb1bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "204f04e128ecf26c4e240c6a1a373c40"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Sun, 20 Nov 2022 05:56:13 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: h2pri
x-goog-generation: 1668923773010392
x-goog-hash: crc32c=yLBhWw==, md5=IE8E4Sjs8mxOJAxqGjc8QA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 406365
x-guploader-uploadid: ADPycdvVqD930vWPKoIzGqFLtZdnScg_0Q07c3mHfJHn9Wuwc-H2AYTcObfEjj92XX1FG80AZi2udmv8S76BD209nnmQos_CTW0f
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=v2osRwM96gV_jUqIYq2TWVRrTMRWfHM2jz.B0cTKaMg-1674993156-0-ARart2DD7Tlxgw4bK6ZWlLB7HKu+oYdljKpSmH7vxsIo4V7T0LxYrFf3+ii+uKE12qFSrQrMGSL0KTAGikEhr8k=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=pvRXgRwZEZJ8KEWss5lXodUvNLf1Nm0zq1PEJEpfNy0-1674993156-0-ARRSOz11AE+T3APAlS0DMYVlve9hlUqpWSwMWjyrKB4/gspmYWmu3Qz4J0MOKWWJGOymzeXJ7LUPzHDZNg6S2bM=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2BZpffxbs6t4TsPPOreAQqS2937TGJO08Q9K6iw%2BldDOZiXX5mp7XR69ifYSeBXmkClNUvn79o6KZEgfu1DkjKgtHPrp2oVBC3UbYH18JXiUYtBUHp%2BgdW8Ztm17qLe0T%2BF%2BfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

img.pay4d.info/slot-spad.png

104.19.136.75

200 OK

1.3 kB

URL HTTP/2
img.pay4d.info/slot-spad.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1258 bytes)
Hash
d6290e499ede13e741045d26dfbd95bf
73a41f0d753bb0843be9bfb147e1999ced0e30d5
ccdb75fdea9558a8454442831c45017f205cd8729bc2f0399b91e1fb2473cd89

HTTP Headers

GET /slot-spad.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 1258
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4945
content-disposition: inline; filename="slot-spad.webp"
last-modified: Wed, 18 Dec 2019 05:38:16 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a33b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/icon-promo.png

104.19.136.75

200 OK

15 kB

URL HTTP/2
img.pay4d.info/icon-promo.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
15 kB (15448 bytes)
Hash
11a8e2c003ba77a68232b9d691a26bec
44a0551575e11d99ba5af824dffa53da30ae290c
e5090f48858bf3a2ffc2caf8463340102846ca61ebeced2378f1749525e3be52

HTTP Headers

GET /icon-promo.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 15448
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=35857
content-disposition: inline; filename="icon-promo.webp"
last-modified: Fri, 13 Nov 2020 07:11:14 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a27b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/slot-prag.png

104.19.136.75

200 OK

1.4 kB

URL HTTP/2
img.pay4d.info/slot-prag.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1416 bytes)
Hash
8e7ecdf154298edbc92186de70734ff7
10402bf0a46147d1b1e6e41ded452c24faa6dce6
b13a36e2d82b2cd019af41f40af642d37641573770e11980ecc12e2dce55d713

HTTP Headers

GET /slot-prag.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 1416
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=5251
content-disposition: inline; filename="slot-prag.webp"
last-modified: Wed, 18 Dec 2019 05:38:15 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a2db512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/slot-mg.png

104.19.136.75

200 OK

1.1 kB

URL HTTP/2
img.pay4d.info/slot-mg.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.1 kB (1092 bytes)
Hash
ab217824849c8bc2f05240458ef55574
06b015108c8fc22469d8e5a4c371e6d05c04b624
326039e01fe95c632ec94f34f39b85e61715f2a5abcdb555d937ec140574aa72

HTTP Headers

GET /slot-mg.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 1092
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4064
content-disposition: inline; filename="slot-mg.webp"
last-modified: Tue, 15 Mar 2022 06:24:42 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a36b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/footern.png

104.19.136.75

200 OK

10 kB

URL HTTP/2
img.pay4d.info/footern.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
10 kB (10240 bytes)
Hash
c874f595389f01e778067dff5bc5d1f0
c5f3cb0b0a03bb0cc41cea7d1bc24b630eaab4bf
84097f8df21211e36d200017ce5dbb571569bbd5d21d7dfb1067d0b75567b17f

HTTP Headers

GET /footern.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 10240
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=11983
content-disposition: inline; filename="footern.webp"
last-modified: Fri, 04 Nov 2022 13:47:10 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339ba90b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/picright.jpg

104.19.136.75

200 OK

23 kB

URL HTTP/2
img.pay4d.info/picright.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 404x194, components 3\012- data
Size
23 kB (23329 bytes)
Hash
4d21cb6ce4fcf78445d50ec994697f8b
df4d5433b0acbf6ee3a0db62663f071b2fb01275
b267ac51d20c09b4e5bb4f90f30fac9fb72c024f4448eff75cbccdba316da2e6

HTTP Headers

GET /picright.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 23329
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=26379, status=webp_bigger
last-modified: Fri, 04 Nov 2022 13:42:48 GMT
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911c339aa85b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/kontak/wa.png

104.19.136.75

200 OK

378 B

URL HTTP/2
img.pay4d.info/kontak/wa.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
378 B (378 bytes)
Hash
18d9883e1a072905361ca73d34a57734
c9dcf63a7866cd530f7615bd220e7ce4e81aad0d
a06f5509e0ed17a2901ee5d71717a549f53e66dbec7607e3944cb418c60688c5

HTTP Headers

GET /kontak/wa.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 378
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=1628
content-disposition: inline; filename="wa.webp"
last-modified: Mon, 09 Sep 2019 19:19:48 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a2bb512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/picrightsport.jpg

104.19.136.75

200 OK

20 kB

URL HTTP/2
img.pay4d.info/picrightsport.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 404x194, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (20504 bytes)
Hash
d1f34718eb29953cdea660adc61f1ecd
4856b1c3779c7dcf70c23b5efd1dc29d70698efa
5a8d9b477da241d730a8f786ed294e4b5e5c868363130072dec8164399c5e743

HTTP Headers

GET /picrightsport.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 20504
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=46462
content-disposition: inline; filename="picrightsport.webp"
last-modified: Mon, 19 Dec 2022 07:27:45 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa83b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/informasi.png

104.19.136.75

200 OK

496 B

URL HTTP/2
img.pay4d.info/informasi.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
496 B (496 bytes)
Hash
55734ca433dd15622f992f24a3750a77
625812100e07a5b85b1dca90d622c0deafa3410d
0b31e72e9209648652af2a9e36541fb4ca4015cdbca7f29ae1993824d379c395

HTTP Headers

GET /informasi.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 496
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=2507
content-disposition: inline; filename="informasi.webp"
last-modified: Sat, 30 Jan 2021 10:28:59 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a50b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/picrightsport-b.jpg

104.19.136.75

200 OK

12 kB

URL HTTP/2
img.pay4d.info/picrightsport-b.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 404x194, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11588 bytes)
Hash
b384a638dc5c10281228cd681469b5db
bf8625ff8f2a683d21cd384f671ce379b9a7c76d
0dc4e717442c9585c855bc2dcaa9d621be9fee18d541f724f0af33b3e57137ff

HTTP Headers

GET /picrightsport-b.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 11588
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=13092
content-disposition: inline; filename="picrightsport-b.webp"
last-modified: Fri, 04 Nov 2022 13:42:49 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa84b512-OSL
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 11:49:04 GMT
age: 212
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

img.pay4d.info/picleft-b.jpg

104.19.136.75

200 OK

12 kB

URL HTTP/2
img.pay4d.info/picleft-b.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 404x194, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11550 bytes)
Hash
ea02b87d5efe916e0d1fd689245bafa9
d515d56084f09ed372c254188e6fd75a74ae5543
1a84b9a6f066b825d388f044e0012bfe7922a9ca9a4400c2fa33cac082bfc91d

HTTP Headers

GET /picleft-b.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 11550
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=40621
content-disposition: inline; filename="picleft-b.webp"
last-modified: Tue, 03 Jan 2023 06:53:39 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa7eb512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/live-evo.png

104.19.136.75

200 OK

1.2 kB

URL HTTP/2
img.pay4d.info/live-evo.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.2 kB (1224 bytes)
Hash
a27aeaaf4f87ea70e9d8f179dab9c1d6
acd3b82f10cf00f0487ca7fe1e22ad662d4638fd
9d16857bece7fbf86f719af897f7a7036dd151d2fa4d31e2ae08f863e0dfe179

HTTP Headers

GET /live-evo.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 1224
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4930
content-disposition: inline; filename="live-evo.webp"
last-modified: Sat, 24 Dec 2022 07:19:19 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a3bb512-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
05bdf0a14688c161245db337838e7986
eb3dc24731add860a66b42a14cb9e23212c6d55e
9d725efb303175d9e6e4c44cf7f2dd2646ceb092d778ea03ce2778b3e0f44c4b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D725EFB303175D9E6E4C44CF7F2DD2646CEB092D778EA03CE2778B3E0F44C4B"
Last-Modified: Fri, 27 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Sun, 29 Jan 2023 17:52:14 GMT
Date: Sun, 29 Jan 2023 11:52:36 GMT
Connection: keep-alive

img.pay4d.info/pop/mobile-opus.jpg

104.19.136.75

200 OK

27 kB

URL HTTP/2
img.pay4d.info/pop/mobile-opus.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 600x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (26890 bytes)
Hash
4c7c68406a33bfeeea33d200bce07482
6763ed1610ec08dea562567d316ecbde90bddd59
07c5decca1ad0618b40d89d037235e9b807c5a0cf45845ddfcd21eb30bb3a9ad

HTTP Headers

GET /pop/mobile-opus.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/webp
content-length: 26890
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=125287
content-disposition: inline; filename="mobile-opus.webp"
last-modified: Thu, 19 Jan 2023 08:21:15 GMT
vary: Accept
cf-cache-status: REVALIDATED
expires: Sun, 29 Jan 2023 13:52:36 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a2cb512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/js/webduo35.js

172.67.179.154

200 OK

4.6 kB

URL HTTP/1.1
www.rodaslotjp1.top/js/webduo35.js
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.6 kB (4552 bytes)
Hash
7dd3b2272670666308f82cdbfec11078
45a917a4c26acd9b14453339e257fb3649b3b03c
78d65b9561323fe66dad90ef64848b63a3bd3bae0868d6a7688d95341d988b98

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/webduo35.js HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 04:51:13 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGFyasy7qGEVuZ77giAoA2Rkda3VgkSnDG%2F2ZjjC9qJsulsfLLnmPHq3IwAHKeXJIFtD1D5uBmn6%2BjSK%2B5Qen%2FutcO3XnQVKc4X8yRpCkHkrY6sOw6rR3DEl5axhTZsLN%2FTvVb6A"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c339cad80b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

liputanslot.net/assets/message.js

194.1.147.84

200 OK

557 B

URL HTTP/2
liputanslot.net/assets/message.js
IP
194.1.147.84:0
ASN
#210250 K Media Tech Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1339), with no line terminators
Size
557 B (557 bytes)
Hash
fa37adf380e261828d36f5187f31e380
cf73332c391f81c50af332b51009eeaebccf3de7
a852e1a95e19a00e1f2159806c1a8be87f256fe9334678d827491df990163d96

HTTP Headers

GET /assets/message.js HTTP/1.1
Host: liputanslot.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: text/html; charset=UTF-8
content-length: 557
last-modified: Sat, 28 Jan 2023 08:02:14 GMT
etag: "53b-63d4d686-787b2139e779ef35;br"
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
cache-control: public,max-age=3600,stale-while-revalidate=21600
server: WPX CLOUD/NOR01
x-cache-status: STALE
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10214
Expires: Sun, 29 Jan 2023 14:42:50 GMT
Date: Sun, 29 Jan 2023 11:52:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
05bdf0a14688c161245db337838e7986
eb3dc24731add860a66b42a14cb9e23212c6d55e
9d725efb303175d9e6e4c44cf7f2dd2646ceb092d778ea03ce2778b3e0f44c4b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D725EFB303175D9E6E4C44CF7F2DD2646CEB092D778EA03CE2778B3E0F44C4B"
Last-Modified: Fri, 27 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Sun, 29 Jan 2023 17:52:35 GMT
Date: Sun, 29 Jan 2023 11:52:36 GMT
Connection: keep-alive

liputanslot.net/assets/message.css

194.1.147.84

200 OK

557 B

URL HTTP/2
liputanslot.net/assets/message.css
IP
194.1.147.84:0
ASN
#210250 K Media Tech Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1339), with no line terminators
Size
557 B (557 bytes)
Hash
fa37adf380e261828d36f5187f31e380
cf73332c391f81c50af332b51009eeaebccf3de7
a852e1a95e19a00e1f2159806c1a8be87f256fe9334678d827491df990163d96

HTTP Headers

GET /assets/message.css HTTP/1.1
Host: liputanslot.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: text/html; charset=UTF-8
content-length: 557
last-modified: Sat, 28 Jan 2023 08:02:14 GMT
etag: "53b-63d4d686-787b2139e779ef35;br"
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
cache-control: public,max-age=3600,stale-while-revalidate=21600
server: WPX CLOUD/NOR01
x-cache-status: STALE
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1043766431235440694/1043766697242394725/new-member-sportbook.jpg

162.159.130.233

200 OK

349 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1043766697242394725/new-member-sportbook.jpg
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 3750x750, components 3\012- data
Size
349 kB (348649 bytes)
Hash
1a2bab8b923e6cf319ea5902f2c72e71
e25f4d92dfb49c9e106457cd7c982a318ee9a741
c56729dd44e4ad359b063844365ac40297b7ba0b722636aa6fdb9d6328d00442

HTTP Headers

GET /attachments/1043766431235440694/1043766697242394725/new-member-sportbook.jpg HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 348649
cf-ray: 7911c339cbce1bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "1a2bab8b923e6cf319ea5902f2c72e71"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Sun, 20 Nov 2022 05:56:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: h2pri
x-goog-generation: 1668923772906306
x-goog-hash: crc32c=EwbLNg==, md5=Giuri5I+bPMZ6lkC8scucQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 348649
x-guploader-uploadid: ADPycdv2oXBb26j-tItDWV3b0V39UBtrk1-7ze8jUif3c9_BfhEAXUoe5LmvzAuIa3SvpUPXN6nUMX--k1lQEt1YETBGOA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=xn7t2._j7f5qppkHHhlEJ7p8NSwAI8OEHDBWcuMCOXw-1674993156-0-AZlBvJGOfn9Db3ooA+E/yXr+XB4HvEGsIcJmz8rGiRlNL9IhkdLpPt3U9ttbJ/Dd0O8FpTT3uuol4TF/fQzFf1M=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=s3TJnSAe6lMJvQLX3BOpsXM5EFUGbYPghN4N9kipQ_k-1674993156-0-AY8RgS0GJnmx7Eaa57soewc0T7Ulc7R5UrNqCjaG4pKcTp6H2Qkrq8gTu7AtjO7sB93wJCwE2K8qTyBLLs9CoJk=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2Fu7jXjC%2FVugSPAIIefKOMbnISCMXvXhjNvIgtujCuq%2FWfy0Xbq4AEzzMgb0RiHu6QiPvqmb%2FdWVUzXnL1qcDwF0h4ezHqyfL3o7vLNETIukq8FFCQqGuCSrdcJwKYyTPi74fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

www.rodaslotjp1.top/css/bootstrap.min.css

172.67.179.154

200 OK

22 kB

URL HTTP/1.1
www.rodaslotjp1.top/css/bootstrap.min.css
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65230)
Size
22 kB (21581 bytes)
Hash
b70815b6af1d7a029188550ac74a6f11
5e2ce97dc2ee598a206415bf9764daf11011b6b7
111825b8ecb441cb01c5b86b19c38825081a9e366d9e90e5fd4fcf46ee952872

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:17 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pka31MXRtf6z%2F1B9NqzLIMJDeUJq4FTga2yzq35msSMKaecMhz8BKKIkh5XIP3%2Fs%2B8ZcYsJd%2BRF5NKWs9DgmgyhCfzJXLNbuCSG9vdtoULkqRgTVOFNdybxjWqIIFXufrpluja3W"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c338cc7d0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

cdn.discordapp.com/attachments/1043766431235440694/1043766697888317480/Harian-khusus-slot.jpg

162.159.130.233

200 OK

190 kB

URL HTTP/2
cdn.discordapp.com/attachments/1043766431235440694/1043766697888317480/Harian-khusus-slot.jpg
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
190 kB (190492 bytes)
Hash
7ea8140c17c597fb11bf2d065558d065
7bcd3e3adc727311482a0f69e0bc35faffe488c6
cf78dc47009fb91d75d36e986815fad85f4923680a969c31683b4f3fc8f440a3

HTTP Headers

GET /attachments/1043766431235440694/1043766697888317480/Harian-khusus-slot.jpg HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:36 GMT
content-type: image/jpeg
content-length: 190492
cf-ray: 7911c339cbd61bfe-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "7ea8140c17c597fb11bf2d065558d065"
expires: Mon, 29 Jan 2024 11:52:36 GMT
last-modified: Sun, 20 Nov 2022 05:56:13 GMT
vary: Accept-Encoding
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1668923773058888
x-goog-hash: crc32c=3vAEOQ==, md5=fqgUDBfFl/sRvy0GVVjQZQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 190492
x-guploader-uploadid: ADPycdu6_bdxAL9N1_cK-3wTMowpOPDVAmbA4imu5aL3DFOyhPdYrTX1l49C_7-1RSHW7qFhyiKqnVyQa886GHg0IgCQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=Vo1sJP6EJNlrJ80Swo9Mx.W5o6RTusWeKG6lcCnFCZ8-1674993156-0-Ab58XgLGJq8GduHPUV1yuzuY42Qe82Mhabta7UgHlgg1IwbiUv/jkQzk4SomJCV3Kpa0DD9B4dwOshWmu4Zkm0U=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
__cf_bm=uj3aYqRjwB_U8Af.ZznGTzCYt1vxq6logIcWAI_wvhE-1674993156-0-AXM5I6w46IFAu/BoF0fPni0v76nZnxGXJ2Oz96+tiDU4RlNH8b6NCi8StQEbLgSYt5eTC3EWTdzb7kjWfVLKvhM=; path=/; expires=Sun, 29-Jan-23 12:22:36 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTN8fCy08bja%2BaGtm8Rf9mDetA5VhRYFGU%2FPmWmN%2BoOkeK50LkEwSBW4dOnwU%2FIHMJMQpALdsy9QbqEYUpEgsKdg%2BgkYELasExrc2DSfDOuRFtuouEg5qNdM4SeLNyt2LwLLGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-D3WR7HGLGB&gtm=2oe1p0&_p=219287724&cid=1824737680.1674993163&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674993163&sct=1&seg=0&dl=http%3A%2F%2Fwww.rodaslotjp1.top%2F&dt=RODASLOT%20-%20Situs%20Slot%20Online%20Terlengkap%20dan%20Terbaik%20di%20Indonesia%20tahun%20ini&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-D3WR7HGLGB&gtm=2oe1p0&_p=219287724&cid=1824737680.1674993163&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674993163&sct=1&seg=0&dl=http%3A%2F%2Fwww.rodaslotjp1.top%2F&dt=RODASLOT%20-%20Situs%20Slot%20Online%20Terlengkap%20dan%20Terbaik%20di%20Indonesia%20tahun%20ini&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-D3WR7HGLGB&gtm=2oe1p0&_p=219287724&cid=1824737680.1674993163&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674993163&sct=1&seg=0&dl=http%3A%2F%2Fwww.rodaslotjp1.top%2F&dt=RODASLOT%20-%20Situs%20Slot%20Online%20Terlengkap%20dan%20Terbaik%20di%20Indonesia%20tahun%20ini&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.rodaslotjp1.top
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://www.rodaslotjp1.top
date: Sun, 29 Jan 2023 11:52:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Abel|Oswald:400|PT+Sans:400,700|Open+Sans:300,400,700,800

142.250.74.138

200 OK

1.4 kB

URL HTTP/2
fonts.googleapis.com/css?family=Abel|Oswald:400|PT+Sans:400,700|Open+Sans:300,400,700,800
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
data
Size
1.4 kB (1444 bytes)
Hash
739f66314deb6ecffe8452991a2b384a
aeaf8d0232ad53641a166a2085bde612a7596256
03c013a52f105b9b1adfdf7e49d67e011ed06308b6926a4f726d407725d957a2

HTTP Headers

GET /css?family=Abel|Oswald:400|PT+Sans:400,700|Open+Sans:300,400,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 11:52:36 GMT
date: Sun, 29 Jan 2023 11:52:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.88.113.219

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.88.113.219:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3OIQR2LOmjbn0RqIMLOr6A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9TB7C5VqAc745Y16UmmddmOebjs=

fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2

142.250.74.163

200 OK

47 kB

URL HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 47048, version 1.0\012- data
Size
47 kB (47048 bytes)
Hash
87a1556b696ae2cb1a726bd8c4584a2f
1be0f6f39e0cf316f9827f945eeeaef8294cc37b
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1

HTTP Headers

GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.rodaslotjp1.top
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47048
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 07:41:42 GMT
expires: Fri, 26 Jan 2024 07:41:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:55:54 GMT
content-type: font/woff2
age: 274255
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 45300, version 1.0\012- data
Size
45 kB (45300 bytes)
Hash
5fe660c3a23b871807b0e1d3ee973d23
62a9dd423b30b6ee3ab3dd40d573545d579af10a
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

HTTP Headers

GET /s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.rodaslotjp1.top
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 03:22:46 GMT
expires: Mon, 29 Jan 2024 03:22:46 GMT
cache-control: public, max-age=31536000
age: 30591
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/abel/v18/MwQ5bhbm2POE2V9BPQ.woff2

142.250.74.163

200 OK

9.6 kB

URL HTTP/2
fonts.gstatic.com/s/abel/v18/MwQ5bhbm2POE2V9BPQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9588, version 1.0\012- data
Size
9.6 kB (9588 bytes)
Hash
55d912c794126956bb1e8f41597c131f
f7ade582dbe9d0efe97ae105cab313c6e45904d4
8bea498aed7cc1366e8b966e467b98219c803107d728eab8a6c4c9b045def699

HTTP Headers

GET /s/abel/v18/MwQ5bhbm2POE2V9BPQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.rodaslotjp1.top
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9588
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 22:56:22 GMT
expires: Thu, 25 Jan 2024 22:56:22 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:29:39 GMT
content-type: font/woff2
age: 305775
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

142.250.74.163

200 OK

9.8 kB

URL HTTP/2
fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9840, version 1.0\012- data
Size
9.8 kB (9840 bytes)
Hash
afda6e429fd299054de28e1f157c683d
c1847d6f3df5fe11d5e96fd5e6a59b73ff7ed96b
81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e

HTTP Headers

GET /s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.rodaslotjp1.top
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 03:37:07 GMT
expires: Sat, 27 Jan 2024 03:37:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:24:04 GMT
content-type: font/woff2
age: 202530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 11:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

img.pay4d.info/fish-fishing-god.png

104.19.136.75

200 OK

4.1 kB

URL HTTP/2
img.pay4d.info/fish-fishing-god.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.1 kB (4084 bytes)
Hash
a0948f83578f51b07453a73d2e7feb0e
0e3f824762ed0f79c93200f05b8b631535e62d50
294f599a73342736676eb2d36724e27f9ace65053d1eec0d5267318608dcb49d

HTTP Headers

GET /fish-fishing-god.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 4084
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=8579
content-disposition: inline; filename="fish-fishing-god.webp"
last-modified: Tue, 30 Mar 2021 09:18:46 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a48b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/picleft.jpg

104.19.136.75

200 OK

22 kB

URL HTTP/2
img.pay4d.info/picleft.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 404x194, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22128 bytes)
Hash
2b1bdc85cc48c85f6033c7ddca833b0c
df9589d7051fba1a5c2fd15b81b11f72f24caee0
7e599adfbea9fa50b6139eae70f7ee2214c9a0fd14a718f1d07bfd4b955ae63d

HTTP Headers

GET /picleft.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 22128
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=26042
content-disposition: inline; filename="picleft.webp"
last-modified: Fri, 04 Nov 2022 13:42:48 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa7db512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/mobile-togel.png

104.19.136.75

200 OK

2.8 kB

URL HTTP/2
img.pay4d.info/mobile-togel.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2816 bytes)
Hash
24ee8246bf5b00f82e391b3de2c9530d
44b86adefeab3260148aadfa367cf35c602b6761
04ea1ba435c65231d96bea3e735c0bc193beb05f7e921a354ef593dbfd7528fb

HTTP Headers

GET /mobile-togel.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 2816
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=6237
content-disposition: inline; filename="mobile-togel.webp"
last-modified: Mon, 01 Feb 2021 07:21:49 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa86b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/slot-cq9.png

104.19.136.75

200 OK

1.2 kB

URL HTTP/2
img.pay4d.info/slot-cq9.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.2 kB (1182 bytes)
Hash
c1a383f5c29c2a1abb0146f00f976edd
d044fc1b18c28a0129ef1ffbeba52166614d057e
cef9e6fabf6bc11ddbe76f0abec0e0f7106ba78a0b5499c3c640d82c8a7d6701

HTTP Headers

GET /slot-cq9.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 1182
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4157
content-disposition: inline; filename="slot-cq9.webp"
last-modified: Wed, 10 Nov 2021 17:01:06 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a31b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/live-opus.png

104.19.136.75

200 OK

1.3 kB

URL HTTP/2
img.pay4d.info/live-opus.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1330 bytes)
Hash
ff58f7baf1903414b9e121fa194c01a0
9686d2811e39d923e00d3573d187e84dda29fdba
d68d2439ada8dcdb278433a33da32e2659f34ce90cc7c9023180bbd3dd92f54a

HTTP Headers

GET /live-opus.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 1330
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4303
content-disposition: inline; filename="live-opus.webp"
last-modified: Fri, 26 Aug 2022 10:55:33 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a40b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/mobile-slot.png

104.19.136.75

200 OK

3.0 kB

URL HTTP/2
img.pay4d.info/mobile-slot.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
3.0 kB (3002 bytes)
Hash
bd496c55acc5fdb1ebe53c18e7b78a2e
256827a0c6474898129d22b1cfa7fadc88d96b70
414beef5dd52d21ddb304d58eedf9a6503a42523de9f54922c76f567343cdfc3

HTTP Headers

GET /mobile-slot.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 3002
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=6674
content-disposition: inline; filename="mobile-slot.webp"
last-modified: Mon, 01 Feb 2021 07:21:49 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a26b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/banner/slide-pp-nv.jpg

104.19.136.75

200 OK

169 kB

URL HTTP/2
img.pay4d.info/banner/slide-pp-nv.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1900x380, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
169 kB (168610 bytes)
Hash
d3d185a742b8f2650c153207608c6be7
5bc15557fcdb266c2cc9c7ea8f38def91508b9d2
e30c665d50bf89e24bc57096a97cffa3d4fd7b8e2cef770c482558979ecbf352

HTTP Headers

GET /banner/slide-pp-nv.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 168610
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=268483
content-disposition: inline; filename="slide-pp-nv.webp"
last-modified: Thu, 12 Jan 2023 07:32:42 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a6db512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/m/capimg.php?1962

172.67.179.154

200 OK

804 B

URL HTTP/1.1
www.rodaslotjp1.top/m/capimg.php?1962
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 40 x 30, 8-bit/color RGB, non-interlaced\012- data
Size
804 B (804 bytes)
Hash
5ef3c11e9a1c15a8d016a2d1ad240f86
0f90edad0e56a704d9317fe7afb5ffb140c2343c
9a18c2acaab3b05edee26007fedee55542f8523b90ff900240abac76a10889d7

HTTP Headers

GET /m/capimg.php?1962 HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fEN6mu20nGpCtzO0yzgUHxiSnj2oju5AvSpomYwDONJHftf7bd%2FwrTOThJs5f3CydGwqzsA%2BWlKeD5%2FEvAL0ZJj50po6hTsyvQqIMjedU7FSRrOH1nJXcFEvQqcWfI4E%2F7fLC3HU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7911c33e6f720b41-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/bgline3.png

172.67.179.154

200 OK

986 B

URL HTTP/1.1
www.rodaslotjp1.top/images/bgline3.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 404 x 6, 8-bit/color RGB, non-interlaced\012- data
Size
986 B (986 bytes)
Hash
35f092de33a76e1433440f6f73871f72
d0005c8a59a9320fa9dd75de88ba00bb20e51acf
338b8adbfdbba50026ac6ccb50492e68d4c27ddd75148a2c46f2410fe3941782

HTTP Headers

GET /images/bgline3.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: image/png
Content-Length: 986
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:25 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSgWL0SUWFMpX4hP56S%2Bn6a5S2BqX27lGF%2B3z61wtszLDUBFumqpNGvXKPjepsG3H0Zvo9kb4J0tjTollfXzU%2BzrTc308lx1bfMqDeX%2F5dh%2B7CcpRCtRO2AKnv4%2FC68uuzWTDIAV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c33e6ea8b50c-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/icon-kontak.png

104.19.136.75

200 OK

13 kB

URL HTTP/2
img.pay4d.info/icon-kontak.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
13 kB (12922 bytes)
Hash
03428e550c367a0b470f6fe70d6d55c0
80b591a03333d4bec9e5ab54a0c3f4c1ed45367e
277e7027c4afd477229e58b7a992d3c43ec2b1406693a3283a8d5a59ceb09b1a

HTTP Headers

GET /icon-kontak.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 12922
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=28713
content-disposition: inline; filename="icon-kontak.webp"
last-modified: Fri, 13 Nov 2020 07:38:15 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a29b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/banner/hb-jan23.jpg

104.19.136.75

200 OK

139 kB

URL HTTP/2
img.pay4d.info/banner/hb-jan23.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1900x380, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
139 kB (138780 bytes)
Hash
5d9192c49166652328274421f6c17270
b593d3d5d26257488b6f321121b0ea3ec0bb1408
0df28c495b5e853aec3705b1da33d2a0f1906e1eb9b3db47b3b24ce8ef84b8f3

HTTP Headers

GET /banner/hb-jan23.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 138780
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=237049
content-disposition: inline; filename="hb-jan23.webp"
last-modified: Thu, 12 Jan 2023 07:26:40 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa73b512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/logo.png

172.67.179.154

200 OK

21 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/logo.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (21030 bytes)
Hash
636a6ef59b3e10958912e3e0f04124bf
6784d7e4021e6286fddc77d3513d6a6fd6395c62
6090ecd94834562f6ccb259554e1b9eb833f9fbb626ff103ec25d07552c5420e

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: image/png
Content-Length: 21030
Connection: keep-alive
Last-Modified: Sun, 30 May 2021 05:16:01 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QlMjpMVmf4UziB9K9haI4DwtLrY6fU5pfhpNBXKQPlriz1qasJGfVbdtL8hgk6xkXBGFDwyLPY8JUx21p21x9IRq6GzUsnCzd%2FQACp60PAWEf2dWaN6AkkOkVRvii3t7dpePBBOU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c33e6cea0afa-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/logoweb.png

172.67.179.154

200 OK

21 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/logoweb.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 89, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (21030 bytes)
Hash
636a6ef59b3e10958912e3e0f04124bf
6784d7e4021e6286fddc77d3513d6a6fd6395c62
6090ecd94834562f6ccb259554e1b9eb833f9fbb626ff103ec25d07552c5420e

HTTP Headers

GET /images/logoweb.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: image/png
Content-Length: 21030
Connection: keep-alive
Last-Modified: Sun, 30 May 2021 05:16:06 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAw%2BZW%2BnJPEGVPQt8RZCfn42gvs52vbh9xpgjLu489ttF2vwy5FRkmhc1YiFnm41%2B8HUZdiUdNeKDtBRV2pbTyKAWWzTtVErrGXMEmSE2Meoc3VpFYtyb65GLoryv8oOSsNfUPff"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c33e6e6ab527-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/live-pp.png

104.19.136.75

200 OK

1.4 kB

URL HTTP/2
img.pay4d.info/live-pp.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1418 bytes)
Hash
1f1aa38c5a91ca20b6bfdee9245eebc2
5f00a7a39257fc368e3fcaaf0b923f6a9fd49bcf
57d9d0b26be6a4ea6d8894ff8dab03ea2c4400155146d5380281f4a589966e65

HTTP Headers

GET /live-pp.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 1418
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=7765
content-disposition: inline; filename="live-pp.webp"
last-modified: Fri, 26 Jun 2020 07:51:40 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a39b512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/webdata.php?content=broadcast

172.67.179.154

200 OK

131 B

URL HTTP/1.1
www.rodaslotjp1.top/webdata.php?content=broadcast
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
9eeb528105dc734d4685a1498e34662b
dc4a79b74e316f0398c05872b8975796e8fab8ed
3f942546f48977007e27e64a5ac31ed371d0c1c662960bc2b286f69fd2438bd7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /webdata.php?content=broadcast HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06; _ga_D3WR7HGLGB=GS1.1.1674993163.1.0.1674993163.0.0.0; _ga=GA1.1.1824737680.1674993163

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4JEZWuqiFyKXRaCtMOHPDaLE5CCJE7PGHtDhCKV2fFhKuCVjfj9YSSIiCQM4VaKkk5MvIAno5dHAgIKSCbyScP6r08pZa8PP8I6rEUxCrhO5TPPZc8rOQTOpXaJ5XYMtMnU5iMwd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7911c340b9b00b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/webdata.php?content=mobileapp

172.67.179.154

200 OK

162 B

URL HTTP/1.1
www.rodaslotjp1.top/webdata.php?content=mobileapp
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
162 B (162 bytes)
Hash
a06a7d39b22f1c57a0071e9b32c4ec58
c58d62daece7b19a3b0dd990d4141000a57490a4
e479d9de218cb5c1dd7d4ae3ff9122a9a0d4b077b8eefffb6953e466fb8aa897

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /webdata.php?content=mobileapp HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06; _ga_D3WR7HGLGB=GS1.1.1674993163.1.0.1674993163.0.0.0; _ga=GA1.1.1824737680.1674993163

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ACO1JpOoQjE4lFWoRvRmXtWX%2FzRaxyyOCKot82ibyFVXNMm%2BVfM%2Fejg17%2BKER32qCa9VrjI%2FBpeLlVE04JCdP4yDgIwY5WIK%2FKGc%2BHPCl8I6TpP1wocGUCOvwGrbqRLJsaDgXVb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7911c340b9f9b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

img.pay4d.info/fish-alien-hunter.png

104.19.136.75

200 OK

2.9 kB

URL HTTP/2
img.pay4d.info/fish-alien-hunter.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.9 kB (2884 bytes)
Hash
44ed1c2cb6486482db8d337636bd9494
7d7f1961857c405b2d72078ee512626a79ce2504
165db214f71fc24501cec62e40869ad284f2ef1fddae90933b570a605608b2a3

HTTP Headers

GET /fish-alien-hunter.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:37 GMT
content-type: image/webp
content-length: 2884
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=9071
content-disposition: inline; filename="fish-alien-hunter.webp"
last-modified: Wed, 07 Jul 2021 11:05:14 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:37 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a4cb512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/webdata.php?content=desktopapp

172.67.179.154

200 OK

249 B

URL HTTP/1.1
www.rodaslotjp1.top/webdata.php?content=desktopapp
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (332)
Size
249 B (249 bytes)
Hash
dbc3877819c4d6471ad61498c11234d4
85b7fad57b29857d952a67cdeaa54b54e37d4fa4
59c88e5760a009cac48962c9bf8abb45cb3a32aec33cdcd8a6014d7e84a54d2f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /webdata.php?content=desktopapp HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06; _ga_D3WR7HGLGB=GS1.1.1674993163.1.0.1674993163.0.0.0; _ga=GA1.1.1824737680.1674993163

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhhy55xYJulWcIveiW3PQrU46pjZOwFE4UmfKgj6nmOEcTIiiTI4YjQPGwmwgETf7gtNXNMdmep%2Fb8bY7n4V%2Ba5BpHFPio17FqczHAIOXyoAG9z9mxPgN3x3vfxlyIvam9ZVbGO1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7911c341d87f0afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/webdata.php?status=time

172.67.179.154

200 OK

36 B

URL HTTP/1.1
www.rodaslotjp1.top/webdata.php?status=time
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
774dd327b0a1fdbace44f22d6304ac87
1f1970237e624f2f70e1ac5772ced03816cbf712
7b04f2cc1a61296d868ffdddb32db3855bc4535010746f083c983f3040f2590e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /webdata.php?status=time HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06; _ga_D3WR7HGLGB=GS1.1.1674993163.1.0.1674993163.0.0.0; _ga=GA1.1.1824737680.1674993163

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BocqciSg0ogPhbMGND%2F9VfxrbwPWt1ppu28rVUDYJoTyHtGOFvBht4voeo9mvsigPLj%2BPvtpIKTNLYfYikatIs3K68%2BBT9t5F0Pdun%2FxPrajkwg3wsT%2BCKK1SDs35dLuspM835%2FG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7911c341fb76b527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/upload-Slides-20220614172012.jpg

172.67.179.154

200 OK

231 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20220614172012.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
231 kB (231172 bytes)
Hash
4df76c95de2cb3cbd33b5be2bffd7ae5
a9ce403b0f1ebcf6b95fc3f87bd828e31d90b26c
381d7bb68c9f02142f2a7894e0f7020fe02fa46bf13f6efb2c40846bc5d46a87

HTTP Headers

GET /images/upload-Slides-20220614172012.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: image/jpeg
Content-Length: 231172
Connection: keep-alive
Last-Modified: Tue, 14 Jun 2022 10:20:12 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=brxjRSguUscHsOA19dhSf%2Bdi2IT6e8OL7py0ge5iqtGA20HK8bNqpPlnO%2FSQ1wBtDGpXHSc8ShrxImC2Bvdldt9uLsMvAZyiu%2FGjx%2FLIFUPVkmO6kFmNBxpJFpFo92%2FfmFVn7Ea%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c33e6c011c02-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/bgline.png

172.67.179.154

200 OK

968 B

URL HTTP/1.1
www.rodaslotjp1.top/images/bgline.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 576 x 4, 8-bit/color RGB, non-interlaced\012- data
Size
968 B (968 bytes)
Hash
84736c9ee51d3eb343d5e80ad4ec8a60
b2f28178c4e4b159cbdab5e4926dba8770bfb935
3712ce4415b312c06051a5d16174de7dab3104a4268588749692df3aa4dec75a

HTTP Headers

GET /images/bgline.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: image/png
Content-Length: 968
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:24 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMErRfB4ttUUA75JsohQeqMNoULqWeR2jOcDhMdRwU2RDtZk5xgPX1ml%2B1Wx4kXHsqMKx3ktGIzJgxtoul%2BrvFcPTyLJQZuF2bD%2FLmZei5DBGPaaV21aJCPjvuJ61RkfBwryXmGq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3431d1bb50c-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/upload-SlidesMobile-20221124145502.jpg

172.67.179.154

200 OK

458 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-SlidesMobile-20221124145502.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
458 kB (458299 bytes)
Hash
21664d4045d0f247c15f070a6fe9ee07
ccc9b1fc018ad8d29310f364cca3919edd0948c4
c70db3ac2d8d142d6bcfb38c381e01f767b1afca0c7d2a5c482cac1c4225a005

HTTP Headers

GET /images/upload-SlidesMobile-20221124145502.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:37 GMT
Content-Type: image/jpeg
Content-Length: 458299
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 07:55:02 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z496TniDqovOFCmGu0nhtAj5act%2FovHL6smmoOabKJNKL22%2F4NBl6KEFcTRl%2FebhbKA75wp7gtk3pftRBz6Zzwd8nPYLQWFsDObEoRzgB0C5Ip8kHLOXH7r0TDQ81v6FlPAXTTIs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c33e6adf0b61-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/picmid.jpg

104.19.136.75

200 OK

34 kB

URL HTTP/2
img.pay4d.info/picmid.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 404x194, components 3\012- data
Size
34 kB (34044 bytes)
Hash
9ff8825bea0abb9177794729b5932760
9424c5ff2b125bc8d319313875c90c5393183b36
18179e3e611fdec3356c387f78b85ff7201fd7ee6166eb5aff06aa851cbe4b82

HTTP Headers

GET /picmid.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:38 GMT
content-type: image/jpeg
content-length: 34044
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=36646, status=webp_bigger
last-modified: Fri, 04 Nov 2022 13:42:48 GMT
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:38 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911c339aa80b512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/kontak.png

172.67.179.154

200 OK

5.0 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/kontak.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 69 x 287, 8-bit/color RGBA, non-interlaced\012- data
Size
5.0 kB (4995 bytes)
Hash
cc9ff1f22490e2cca070a57979aea150
c41c924a335152f8e6b07543ff4384e750e114f5
d13562a3a1a8c4e5dedebdc1924ce73f2944c82937d3f247d087caa16cb565f7

HTTP Headers

GET /images/kontak.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/png
Content-Length: 4995
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:25 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bCVgBZ0LYZ%2B%2BVcc4aWqFuOeZ7KLcCnEFM%2BPHd4TUUaFCTWRgCZdK2MjjtJz%2Fg%2Fxj2%2B0MH09g0gwAXj%2F1tPVz7EJE0bYbpVpqmboMGc0jnb%2BaMEPQujiueJc5LHHWBKlV2Jxji4Ol"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3444eebb527-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/fonts/glyphicons-halflings-regular.woff2

172.67.179.154

200 OK

18 kB

URL HTTP/1.1
www.rodaslotjp1.top/fonts/glyphicons-halflings-regular.woff2
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Size
18 kB (18028 bytes)
Hash
448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/css/bootstrap.min.css
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06; _ga_D3WR7HGLGB=GS1.1.1674993163.1.0.1674993163.0.0.0; _ga=GA1.1.1824737680.1674993163

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: font/woff2
Content-Length: 18028
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:22 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwZVP5laVOfU9PwXmjVt7UZjfJq2P%2Bsiy2hYG58oMnJf5hWkVp5kG%2BBt%2Fr8Ats%2BEWjfKikH%2FbPfyS1vT7LKmxLQj23es95AvmpF%2FvxbOpNfrpQ%2F07GrSdN9LS7UhjKYJu4OK7zS5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3430c190b41-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/bgline2.png

172.67.179.154

200 OK

1.1 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/bgline2.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1228 x 6, 8-bit/color RGB, non-interlaced\012- data
Size
1.1 kB (1055 bytes)
Hash
8ddd2e7e6b251acb682296a4c9c3bfb7
eb6c8dd0ca1ee91ed2323c38ca0e49a1c578b7f7
25155f2e8b8413ab2d2d84cedb68a64b7cd23704c005cd89116519fdd1716d0a

HTTP Headers

GET /images/bgline2.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/png
Content-Length: 1055
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:24 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qNbz92AhGO5OVY3rnhUExZ2mFpEyTwzfG97sdmKDhwO%2FnoWgnyukLE2XazWaGxWz71aEt22IldTAuoaDaHouHYdmjZRdNpbNgmgk7oSSDKvX%2FaXd7Ld4Gix4eJ%2F5k1BEC6iHbK2g"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3442b120afa-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2646
Expires: Sun, 29 Jan 2023 12:36:44 GMT
Date: Sun, 29 Jan 2023 11:52:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2646
Expires: Sun, 29 Jan 2023 12:36:44 GMT
Date: Sun, 29 Jan 2023 11:52:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2646
Expires: Sun, 29 Jan 2023 12:36:44 GMT
Date: Sun, 29 Jan 2023 11:52:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2646
Expires: Sun, 29 Jan 2023 12:36:44 GMT
Date: Sun, 29 Jan 2023 11:52:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9167 bytes)
Hash
3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 65802
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6158 bytes)
Hash
2cbbc57c4e469baec1bda006407877cc
e988f007b1f9ec2327e7817f38cf56202096aeae
5237a8a8a7aa1fe59548582abf726fe77ad9e1fad8535bb5f88519dc6e779a86

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6158
x-amzn-requestid: 034023e1-bd96-4c41-aa48-cccf5fa7b366
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: feLdTEXToAMF5Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d58c54-5390c17952d82d9108bdd3f8;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 20:57:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ACe_e899vrvXgDH3SKhGkebo6EgwW3c97aiFsr_p0g0cyWhl0XmjIg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 00:04:06 GMT
etag: "e988f007b1f9ec2327e7817f38cf56202096aeae"
content-type: image/jpeg
age: 42512
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4475 bytes)
Hash
4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 23309
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d2bbd93-ce5c-4300-9ac3-8ccdde169701.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6875 bytes)
Hash
7ed721e83648418f4a5d64f9d038fd1a
7a311c79e311448941a8d624c1064b1a2d97cfbd
b961e73aaba814eec66532ceeafad5191371fc762b05338990e8cc9c8ecfcbff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d2bbd93-ce5c-4300-9ac3-8ccdde169701.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6875
x-amzn-requestid: 5fb13e91-8750-4dd9-90a2-f1218ea6009b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fS9t2E0AoAMF_LA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d10ff2-22e819312302377c4bf698ff;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 11:18:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QH_-DX5fiBhfS9MVH6pJi57mqFRRPSPf0iDbp_5BHE1jUqCZvvPesQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:46:21 GMT
age: 50777
etag: "7a311c79e311448941a8d624c1064b1a2d97cfbd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df8e551-afc5-4ea3-a9ef-8af42c4cbea5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7201 bytes)
Hash
47514f1386d4e6962ac2c931647f60f4
c8da685b6a5aee80c98d4173ffe226b672f054c3
474d462b5d4dbd15b7f759457fe1ed084819cea563ef7c1285028dad9a4a404c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df8e551-afc5-4ea3-a9ef-8af42c4cbea5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7201
x-amzn-requestid: ba830369-3a5f-45bc-9af9-5ad9ee58f43f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbvRREJqIAMF8Uw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4926e-6983a44e506dcd4d203c2688;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 03:11:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rZ3Kbsx37Dlb1Jv23XJcbmrv45SlUiEv9nGAjmjseS6Rk-vZd22O7A==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 01:14:26 GMT
age: 54081
etag: "c8da685b6a5aee80c98d4173ffe226b672f054c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11470 bytes)
Hash
10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 45610
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

img.pay4d.info/slot-hab.png

104.19.136.75

200 OK

1.9 kB

URL HTTP/2
img.pay4d.info/slot-hab.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.9 kB (1888 bytes)
Hash
158c1eeabbd166126f46035ec5e6d457
83fa7159d10da9989fc9853ee6f96ab57b065e83
11bd40a973e0e088856ced2e923bb0badeb4291c9ea0d11386d9a469817eeda0

HTTP Headers

GET /slot-hab.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:38 GMT
content-type: image/webp
content-length: 1888
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=5768
content-disposition: inline; filename="slot-hab.webp"
last-modified: Wed, 18 Dec 2019 05:38:14 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:38 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a2fb512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/psr-hk.png

172.67.179.154

200 OK

5.8 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/psr-hk.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
5.8 kB (5800 bytes)
Hash
6b33466f1596c700cabc4b5aa0fdeddc
96ca4f0aca9bc2e4d28d9e8ee94868b1413e5199
80eaeccf24ccdf4a13dc2a1c1b0780681678cee4c40e3d13bb55e9f16e8240d9

HTTP Headers

GET /images/psr-hk.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/png
Content-Length: 5800
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:28 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClZtRKY4zCahm%2Fad7ENUPgw9Vvgn0sZVnpv2FD2B20rfF7kG5TcmHYQOq3uOAX04UD%2F6hOLsgw7EGH%2F7y1dx8aMhOpN9I45xyyXorfUb4NZGb9iaRmwFvHQLie%2FhR69P1oqbeHSA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3457838b50c-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/mobile-tembakikan.png

104.19.136.75

200 OK

2.1 kB

URL HTTP/2
img.pay4d.info/mobile-tembakikan.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.1 kB (2106 bytes)
Hash
bfdeefb05e569edf1028afb65895653c
97478d745112e48f9400eaeab7e84c41c60ceec2
02f0b6b2e6ee24f5bf2774b69109e9f1f0c5d1deafda081ed4c48d62b90ab9dd

HTTP Headers

GET /mobile-tembakikan.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:38 GMT
content-type: image/webp
content-length: 2106
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=5201
content-disposition: inline; filename="mobile-tembakikan.webp"
last-modified: Mon, 01 Feb 2021 07:21:49 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:38 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa7cb512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/android.png

104.19.136.75

200 OK

1.1 kB

URL HTTP/2
img.pay4d.info/android.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.1 kB (1096 bytes)
Hash
0b02cd52bbd4c1164b94f9c21050e6be
8941f921796a98fc8fabb4c0cec157c34d4e4276
a7c62c2757c85f7b8edb8bddd7f3b0472c851452daceb20485ddffa6ea9703fb

HTTP Headers

GET /android.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:38 GMT
content-type: image/webp
content-length: 1096
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=3351
content-disposition: inline; filename="android.webp"
last-modified: Sat, 30 Jan 2021 10:29:07 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:38 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3448848b512-OSL
X-Firefox-Spdy: h2

cdn.livechatinc.com/tracking.js

95.101.10.171

200 OK

26 kB

URL HTTP/2
cdn.livechatinc.com/tracking.js
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
data
Size
26 kB (25911 bytes)
Hash
349345e8baec106d74b4eb289b8d2b0b
5c4a724241c19e2de9063da2c3dc0c4a3366ea7a
a69d354aa4044e3786dc89e3a46f415276b8657f0caa8c8355b12558cfde8695

HTTP Headers

GET /tracking.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Jan 2023 08:47:12 GMT
x-amz-version-id: iNzmqDcn1iRKaLiTk37THrDgz9osPO8C
server: AmazonS3
content-encoding: br
etag: W/"29e075294399875f6fd4bdaa0f4a20e4"
vary: Accept-Encoding
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: 5u3S8SQ2vBURIIW1wAHlf1ewj7O-VH6XVggEm945QBhoGAgQC4G-PQ==
content-length: 25911
cache-control: max-age=28800
expires: Sun, 29 Jan 2023 19:52:38 GMT
date: Sun, 29 Jan 2023 11:52:38 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.rodaslotjp1.top/capimg.php?3302

172.67.179.154

200 OK

671 B

URL HTTP/1.1
www.rodaslotjp1.top/capimg.php?3302
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 40 x 30, 8-bit/color RGB, non-interlaced\012- data
Size
671 B (671 bytes)
Hash
ee70b05e0f985eb8abb6a4d9ae38387b
5770fe6476602e6bd4711b859d6b99a97792ffba
90f041fa6a8195a104c7bd66604ea5e6e321a619c7dc69906ac88144586e91fe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /capimg.php?3302 HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OeQxJEjRFyzoaj1H3uD22CpsSs7JFZz6VoUlrxc9QFC2ohunKnNLLAwX4vA%2BI6kL7P9wTXt3FQTQhXuDcwBhs%2BmAbqsH3FSlGjhQqHMaqRrAI7CN4v4JhmrJ6b8x1PFd5SYqalmj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7911c3467f810b41-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/mobile-casino.png

104.19.136.75

200 OK

4.0 kB

URL HTTP/2
img.pay4d.info/mobile-casino.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.0 kB (3982 bytes)
Hash
a4ec13dedac773682a95ad0357c883d9
ac08067b8b14c320590fd8e0d9f46fee95c98064
34d33f63decd18d046d7ce1eaa41df45fd546a36c020d1aa2460c68d4e382a05

HTTP Headers

GET /mobile-casino.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:38 GMT
content-type: image/webp
content-length: 3982
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=8816
content-disposition: inline; filename="mobile-casino.webp"
last-modified: Mon, 01 Feb 2021 07:21:49 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:38 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa78b512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/bg.jpg

172.67.179.154

200 OK

37 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/bg.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1901x488, components 3\012- data
Size
37 kB (37177 bytes)
Hash
1145bd8ece028a6dc860d6e4c9beb381
4b4428b004dd6417e8bb8a7b233b96699fbcb77f
1f7cdee463b68622bb20abd385228dabcf18affbdc355eed47ea84d656f42fe1

HTTP Headers

GET /images/bg.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/jpeg
Content-Length: 37177
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:24 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TolDd1CLOP2hQEvaCqcnl7oxIkfSeXVVUszcmpIzeKX1U3smUvQgUSnX4UUYPqNml3nKqQtpgTNY4HHH9EWoh7l5H%2B8lQSJzXWxlOIclKG1jgWXwkoiMWBz6fti6tn1AGecR%2FUP3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c345ebf20b61-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/upload-Slides-20220621191806.jpg

172.67.179.154

200 OK

178 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20220621191806.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
178 kB (178056 bytes)
Hash
769efb2f7df98dca45305a581dae1fb8
af87f7d49038b9be0f25ae40141fb88c8f142df6
ab4c932821ad84d0f900b4b91c2b4562fac0fe3210928b25baa9850a2440e039

HTTP Headers

GET /images/upload-Slides-20220621191806.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/jpeg
Content-Length: 178056
Connection: keep-alive
Last-Modified: Tue, 21 Jun 2022 12:18:06 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZAIeCo1iz1mtlRXjms9skiYU8%2BX5gTNNVVWcqLUFVN4zladgKK4vmYrq2O2njX1fdZkOWb%2BKmf7L9SoVTKcZzxCkSiJzhQKZ68HslcF5bdG1UjvvgI2y7YCdYTiLznYb5yu2BVw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3457a561c02-OSL
alt-svc: h2=":443"; ma=60

api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=12114207&url=http%3A%2F%2Fwww.rodaslotjp1.top%2F&channel_type=code&jsonp=__hnsixewyd1b

95.101.10.171

200 OK

267 B

URL HTTP/2
api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=12114207&url=http%3A%2F%2Fwww.rodaslotjp1.top%2F&channel_type=code&jsonp=__hnsixewyd1b
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
267 B (267 bytes)
Hash
675c70fb393dd7c6f3b28a3507a8322d
bcd247d62519e5653bfa58bf8aaca65703968df5
f8f5e3c62d3ed5dd7999cddf3e9432981fbecb54554f977661a990be16660a33

HTTP Headers

GET /v3.3/customer/action/get_dynamic_configuration?license_id=12114207&url=http%3A%2F%2Fwww.rodaslotjp1.top%2F&channel_type=code&jsonp=__hnsixewyd1b HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-security-policy: frame-ancestors http://www.rodaslotjp1.top/;
content-type: application/javascript; charset=UTF-8
legacy: 2023-06-30
vary: Accept-Encoding
x-frame-options: allow-from http://www.rodaslotjp1.top/
content-length: 267
date: Sun, 29 Jan 2023 11:52:38 GMT
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/upload-Slides-20220614170923.jpg

172.67.179.154

200 OK

154 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20220614170923.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
154 kB (154044 bytes)
Hash
f93f4bc861b794bd482b461303163f98
95e11d2dbeb8e6862b3106ea38a82fae001c59c3
884741622555ee240bd01c1ffaedd6b89c413090e0d6def9432e63b6f659b63d

HTTP Headers

GET /images/upload-Slides-20220614170923.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/jpeg
Content-Length: 154044
Connection: keep-alive
Last-Modified: Tue, 14 Jun 2022 10:09:23 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOckKOiTxjtKxOXX7YkFzHFA4pkdTAPtyekKZVuB49f8YJotAAk2UNFW1dsezKJ7vJGnWzdtgsCvnQNhOOA5xHx2QzxaDMkyKD9CfiEQACcTAAy1Xf29OlqUdJanpna4KJtBL7s4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3468e9b0afa-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/live-sg.png

104.19.136.75

200 OK

2.8 kB

URL HTTP/2
img.pay4d.info/live-sg.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2814 bytes)
Hash
5fde10bbbfdf170112f4bc9859955ed5
e73a68c4221288b52a848a67801f9bcd387ba2ea
60bb4f59c40e9ef9f1d2be56a2a7324a8750e339de1efb9b96840314b8581628

HTTP Headers

GET /live-sg.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 2814
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=11259
content-disposition: inline; filename="live-sg.webp"
last-modified: Thu, 10 Dec 2020 08:44:39 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a45b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/fish-fishing-war.png

104.19.136.75

200 OK

4.2 kB

URL HTTP/2
img.pay4d.info/fish-fishing-war.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.2 kB (4158 bytes)
Hash
5de4388ad28949bab321d81e8afd639b
320c986e3c630e937333639364dcf80ef7dc19a2
54d4dfa543f1b8e4c544ce229b644b2671722eca476c6b8cb9df759e2375561f

HTTP Headers

GET /fish-fishing-war.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 4158
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=10616
content-disposition: inline; filename="fish-fishing-war.webp"
last-modified: Tue, 30 Mar 2021 09:18:46 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a4ab512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/logo_providernewn.png

104.19.136.75

200 OK

23 kB

URL HTTP/2
img.pay4d.info/logo_providernewn.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
23 kB (22986 bytes)
Hash
7d6a7641bdff382fd00a6f9c21a42aa1
8c3a482d06391d155e232d844c61a321e8f74dbb
fa1d88846de93439c5603d97da37187779c37879e3ba8312c9a36ed6d8b0520f

HTTP Headers

GET /logo_providernewn.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 22986
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=65682
content-disposition: inline; filename="logo_providernewn.webp"
last-modified: Tue, 03 Jan 2023 06:53:38 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa77b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/sport-sbo.png

104.19.136.75

200 OK

916 B

URL HTTP/2
img.pay4d.info/sport-sbo.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
916 B (916 bytes)
Hash
cae13d2cc7b31af8015e56b8fea2fc1e
27b5f0536f897c018485311e47acb4b6f28b5eac
d3373d5f14a658e23f379b60fbadf2d4439ffd043826cbe4f9efb13e7ac4b591

HTTP Headers

GET /sport-sbo.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 916
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4025
content-disposition: inline; filename="sport-sbo.webp"
last-modified: Mon, 19 Dec 2022 07:31:08 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a47b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/buku-mimpi.png

104.19.136.75

200 OK

734 B

URL HTTP/2
img.pay4d.info/buku-mimpi.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
734 B (734 bytes)
Hash
47e11b51ac743eaa8cf239317b274ed5
2f8e7efe94b9a2bc33e4a2cfa5d56c767e53f2b6
e102b58cf346532436c7e47dc3e2e29fc53b5b550e0fcd1c4200aadce03bb7e6

HTTP Headers

GET /buku-mimpi.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 734
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=3014
content-disposition: inline; filename="buku-mimpi.webp"
last-modified: Sat, 30 Jan 2021 10:28:57 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a4fb512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/upload-Slides-20220106160028.jpg

172.67.179.154

200 OK

409 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20220106160028.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2022:01:03 13:38:22], progressive, precision 8, 3750x750, components 3\012- data
Size
409 kB (409445 bytes)
Hash
db56ecb897695599fa2bfca82fa1266e
41865a33dba81e93dd48abb0fc76ccdc95e0ef52
f30b5f7a2520fd6bfcd40e8382f4727cabb3142973a312ed7b769852965a3908

HTTP Headers

GET /images/upload-Slides-20220106160028.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:38 GMT
Content-Type: image/jpeg
Content-Length: 409445
Connection: keep-alive
Last-Modified: Thu, 06 Jan 2022 09:00:28 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VfQEMdXaT%2F%2Bbr1UwACb8FCnXaxxcvWO4qiRUW1zKx92wrJ3j2F6Ji0M8tm1YVLltEMNyBotg7nK%2B7Sw1RouilCiOAQ50Yn3o6fjkXU76pkqtDllmXrEr3J8m9br5W7Rgi7UICdZW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3466a20b527-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/slot-jok.png

104.19.136.75

200 OK

2.0 kB

URL HTTP/2
img.pay4d.info/slot-jok.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.0 kB (2000 bytes)
Hash
c3d6ce73337d8098402370b95ce184d6
f82824809e6fc6b5bc0696c7dce5942ab17abac5
21cd86f323c17093d4d78ba1e98352a00c8459cb70d1135006cf1de90b0388b3

HTTP Headers

GET /slot-jok.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 2000
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=7983
content-disposition: inline; filename="slot-jok.webp"
last-modified: Wed, 18 Dec 2019 05:38:14 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a37b512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/picmid-b.jpg

104.19.136.75

200 OK

13 kB

URL HTTP/2
img.pay4d.info/picmid-b.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 404x194, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
13 kB (12984 bytes)
Hash
9741a4d69d097af680b8022899c49aa9
ecca414b6289e5932869301daa6805a5d38b2308
436d03660070ea77bffbf80355fe6142589b56eb7f0d1087f08c656722680b29

HTTP Headers

GET /picmid-b.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 12984
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=33525
content-disposition: inline; filename="picmid-b.webp"
last-modified: Tue, 06 Dec 2022 06:05:42 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c339aa82b512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/upload-Slides-20211231173958.jpg

172.67.179.154

200 OK

346 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20211231173958.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2021:12:30 18:10:23], progressive, precision 8, 3750x750, components 3\012- data
Size
346 kB (345463 bytes)
Hash
73788a0abb1cbc694c3aadb3b0395213
65d93352804d0563ac1eea6869568e420b609201
7223619d2a446f695a31950eb03d8aec3fbbeab4ce6cbcd60bf90cf8b7593f1e

HTTP Headers

GET /images/upload-Slides-20211231173958.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:39 GMT
Content-Type: image/jpeg
Content-Length: 345463
Connection: keep-alive
Last-Modified: Fri, 31 Dec 2021 10:39:58 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7wtXCCSgjXyQai%2F0ucy4P0VNrwBE1Hhdek638g6%2BwFjInas5mM4X9sKrdLalpuRfZ85xOUr%2FlX0Uxpgz%2BhGXn3hYbPZ2259a2Uh37wUlp1EvOIYwU2%2FsGTPvN1swet5a6S54p6%2Bq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c347bbc4b50c-OSL
alt-svc: h2=":443"; ma=60

www.rodaslotjp1.top/images/upload-Slides-20220315120908.jpg

172.67.179.154

200 OK

190 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20220315120908.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
190 kB (190494 bytes)
Hash
7939387a0d2813e295d4ddddcbf7715b
0731f851e7d003d2f286f39bc1f62384c312d816
17f6ef51a9870c86e1fd9e8d4d8ba2f097c587c2205e600782f10825c75cb64a

HTTP Headers

GET /images/upload-Slides-20220315120908.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:39 GMT
Content-Type: image/jpeg
Content-Length: 190494
Connection: keep-alive
Last-Modified: Tue, 15 Mar 2022 05:09:08 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Y59v5f7S%2B%2B8Y%2Bgiv1tl5dnVHMtVi80FShMDGAAIV2zIUTWcVeSzMwduS2UHI4iWIXgi20YLk9nRSTdNfbqgqGHoUJg7O%2FxG75jmtr%2BeeVg53tI9A2f1gZmAPDDVyhb52kP2xY04"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c348c9b50b41-OSL
alt-svc: h2=":443"; ma=60

api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=12114207&version=990.1.1.2117.89.215.1.2.10.1.7.17.0&group_id=0&jsonp=__lc_static_config

95.101.10.171

200 OK

2.0 kB

URL HTTP/2
api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=12114207&version=990.1.1.2117.89.215.1.2.10.1.7.17.0&group_id=0&jsonp=__lc_static_config
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (5667), with no line terminators
Size
2.0 kB (2015 bytes)
Hash
af6112da6477d9b7efe39f47695c2486
f2d17be147afa7233350e93f713cd3a53b649b93
da5646ccb11d4e48bf96292de7020904047b1ab011ae9cf96cf6617aefdcc0fe

HTTP Headers

GET /v3.3/customer/action/get_configuration?license_id=12114207&version=990.1.1.2117.89.215.1.2.10.1.7.17.0&group_id=0&jsonp=__lc_static_config HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript; charset=UTF-8
legacy: 2023-06-30
vary: Accept-Encoding
content-length: 2015
cache-control: public, max-age=600
expires: Sun, 29 Jan 2023 12:02:39 GMT
date: Sun, 29 Jan 2023 11:52:39 GMT
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/psr-sg.png

172.67.179.154

200 OK

5.8 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/psr-sg.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
5.8 kB (5752 bytes)
Hash
62f2ba4b9e6571ffa4aaff9df88a1363
062d797e0b0e5d72fe4c67326da651e98120d997
eb3dba84673c3872ef5b868fd31ad9eff4138e566609cfd9fea427d218bb1413

HTTP Headers

GET /images/psr-sg.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:39 GMT
Content-Type: image/png
Content-Length: 5752
Connection: keep-alive
Last-Modified: Fri, 23 Oct 2020 10:01:29 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXVDESqNGZYVRPnbRJuk2YT1%2FuSGnCFLkhn7cfFrFIuftfBG%2FaOIozD7KJwRCATpbEXSp8DYadQXQvGhyaXybLSORGlkjDa5JZmdULkQ76djKxr7JI5E8UP7zCW7%2FcuS7WejYIKH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c34d3bbab527-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/sport-saba.png

104.19.136.75

200 OK

1.8 kB

URL HTTP/2
img.pay4d.info/sport-saba.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.8 kB (1770 bytes)
Hash
9dc335c8ab6468b47a49e492aa97af52
e8982a717f2557a1242a1dfd4511ceec6b47cd70
277b290785f86422c338396b72410c9dfb7f0672b608e6808f41365b3579f26f

HTTP Headers

GET /sport-saba.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: image/webp
content-length: 1770
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=5247
content-disposition: inline; filename="sport-saba.webp"
last-modified: Mon, 19 Dec 2022 07:31:08 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:39 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a46b512-OSL
X-Firefox-Spdy: h2

api.livechatinc.com/v3.3/customer/action/get_localization?license_id=12114207&version=13159fb2ee05429e3ae48a4031b3d0e0_e31120db4aab15a7f7adba3be62deada&language=id&group_id=0&jsonp=__lc_localization

95.101.10.171

200 OK

4.0 kB

URL HTTP/2
api.livechatinc.com/v3.3/customer/action/get_localization?license_id=12114207&version=13159fb2ee05429e3ae48a4031b3d0e0_e31120db4aab15a7f7adba3be62deada&language=id&group_id=0&jsonp=__lc_localization
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (11633), with no line terminators
Size
4.0 kB (4004 bytes)
Hash
efee89158f0a68578271c969bb5f240b
26aa32ea87f385e0eee4ac243ba0fd2b80d4249c
4601301981e4c5c4d36d4246247bebd7e6433505ff9e1c0bbe0468180c517408

HTTP Headers

GET /v3.3/customer/action/get_localization?license_id=12114207&version=13159fb2ee05429e3ae48a4031b3d0e0_e31120db4aab15a7f7adba3be62deada&language=id&group_id=0&jsonp=__lc_localization HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript; charset=UTF-8
legacy: 2023-06-30
vary: Accept-Encoding
cache-control: public, max-age=600
expires: Sun, 29 Jan 2023 12:02:39 GMT
date: Sun, 29 Jan 2023 11:52:39 GMT
content-length: 4004
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/upload-Slides-20211231173921.jpg

172.67.179.154

200 OK

351 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20211231173921.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2021:12:30 17:58:33], progressive, precision 8, 3750x750, components 3\012- data
Size
351 kB (351361 bytes)
Hash
9d934934d8fb22040ec191d9ccaa7bb8
15f7c6da9bddb6e82653ca92f570e73533aa610f
fe3dc11cb752bc38de4f830321d72baf7e6b43de16395960ad184c02dfa49e6c

HTTP Headers

GET /images/upload-Slides-20211231173921.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:39 GMT
Content-Type: image/jpeg
Content-Length: 351361
Connection: keep-alive
Last-Modified: Fri, 31 Dec 2021 10:39:21 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GgeJvtQ2jMfhuLW1cCMQL%2F%2FzFcOqMBHz74RitUznmLODINFbuYvDeVyUXhFxcIms0JQFr92J4b%2FMUvVOYU9rvoNubepnJKb7vnzlALUZuYXHj2B2h8udpGEg4hO9%2ButOT1TO01tu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3495f430b61-OSL
alt-svc: h2=":443"; ma=60

secure.livechatinc.com/customer/action/open_chat?license_id=12114207&group=0&embedded=1&widget_version=3&unique_groups=0

95.101.10.171

200 OK

2.6 kB

URL HTTP/2
secure.livechatinc.com/customer/action/open_chat?license_id=12114207&group=0&embedded=1&widget_version=3&unique_groups=0
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8824), with no line terminators
Size
2.6 kB (2557 bytes)
Hash
e73532c0c660a631b8b058705ce26d21
ac886227ce8d418692c8496201f8bc76709b1a63
0ee4d5761027247228422c7b57c6727e95d065c52b4f68501694f1a41754ac03

HTTP Headers

GET /customer/action/open_chat?license_id=12114207&group=0&embedded=1&widget_version=3&unique_groups=0 HTTP/1.1
Host: secure.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: text/html; charset=utf-8
vary: Accept-Encoding
date: Sun, 29 Jan 2023 11:52:39 GMT
content-length: 2557
X-Firefox-Spdy: h2

cdn.livechatinc.com/widget/static/js/0.d619df13.chunk.js

95.101.10.171

200 OK

15 kB

URL HTTP/2
cdn.livechatinc.com/widget/static/js/0.d619df13.chunk.js
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (47599), with no line terminators
Size
15 kB (14999 bytes)
Hash
aa354a30c2b34b7c6ca4afb13c39442c
4e033c71e891ad3d60d7437c6e674c601260c66d
f4ffa5e37b87bda31ba0d2c7b64fe9939011588c3233c527799262be7169cf95

HTTP Headers

GET /widget/static/js/0.d619df13.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 11 Jan 2023 08:35:01 GMT
x-amz-version-id: fr6Gz9d8KXQbrJuaQVT4sDUpSqjnuR9Q
server: AmazonS3
content-encoding: br
etag: W/"10a3d7ac1ed37325d3341c379ee0de69"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: DcjWrJ5J0UZqsGb4T2ZIU7t__E1ADvqdBmzVXTCZLmhoDUvGkFZlRA==
content-length: 14999
cache-control: max-age=31536000
expires: Mon, 29 Jan 2024 11:52:39 GMT
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.livechatinc.com/widget/static/js/1.242d30c5.chunk.js

95.101.10.171

200 OK

70 kB

URL HTTP/2
cdn.livechatinc.com/widget/static/js/1.242d30c5.chunk.js
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65462)
Size
70 kB (69814 bytes)
Hash
88298c1f3a966d806ce3dd802d2cfdb5
e19a54d47ddc9bd3ed805f6e5471ae2de613404b
9373f82e3b877dd04122dacfd587cb7f62562b53744142a734210c8af0a61dbf

HTTP Headers

GET /widget/static/js/1.242d30c5.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 16 Jan 2023 07:45:14 GMT
x-amz-version-id: Px6texczRRdv2H_bvm87pAIOH7z7Z.qa
server: AmazonS3
content-encoding: gzip
etag: W/"6cc6a8d0a347434070e1ae1406714b63"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: BpmGXFPk1aGvtFzUfSPoO8bfNDP06kQHquXkuVVoPBldkY4nhooSMA==
content-length: 69814
cache-control: max-age=31536000
expires: Mon, 29 Jan 2024 11:52:39 GMT
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.livechatinc.com/widget/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2

95.101.10.171

200 OK

13 kB

URL HTTP/2
cdn.livechatinc.com/widget/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 12852, version 1.0\012- data
Size
13 kB (12852 bytes)
Hash
3b5df7e947d77201eaf22f3dbdac08cc
21989ca07e4afe32d48982b816b8fac85ce3e668
4a46d61a9aed90cea010dbabcdb510b9ceff1b729a06b169cdbe142f66cbc86f

HTTP Headers

GET /widget/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2 HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 12852
last-modified: Tue, 18 Oct 2022 07:22:37 GMT
etag: "3b5df7e947d77201eaf22f3dbdac08cc"
x-amz-version-id: 4jMtpmrTh3NU2il.eSSLRODO9UYgvJk9
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: HAM50-C2
x-amz-cf-id: KM8abeyaVeSEIxlLTJcUkoNH7_q4l1PlUQolOkL0_K8Ml-Hn8lULcg==
cache-control: max-age=31536000
expires: Mon, 29 Jan 2024 11:52:39 GMT
date: Sun, 29 Jan 2023 11:52:39 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.livechatinc.com/widget/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2

95.101.10.171

200 OK

13 kB

URL HTTP/2
cdn.livechatinc.com/widget/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 12688, version 1.0\012- data
Size
13 kB (12688 bytes)
Hash
d9f5998f47f6f22cb66e7dbf428c76ab
86b993baf91f867a03ea62e0d0adc9488530efaa
e94ba9c6df7a149b4b3c590bcc484ce24ce7c0f15c6f7f43479035a6311211d6

HTTP Headers

GET /widget/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2 HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/octet-stream
content-length: 12688
last-modified: Tue, 18 Oct 2022 07:22:38 GMT
etag: "d9f5998f47f6f22cb66e7dbf428c76ab"
x-amz-version-id: msVoGOeEvv4rBAjmPT.bOOY9QhLnYq.K
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: X3prfpUvaSuujXUioKllfbrWJRSujJaRcEeTIItJqtcJgekTOM8gKw==
cache-control: max-age=31536000
expires: Mon, 29 Jan 2024 11:52:39 GMT
date: Sun, 29 Jan 2023 11:52:39 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/upload-Promo-20220310183820.jpg

172.67.179.154

200 OK

215 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Promo-20220310183820.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3750x750, components 3\012- data
Size
215 kB (214680 bytes)
Hash
336772f5da15b5514f27d89d460e31b7
50c789e1bf96b36ed805f27ae7fac332322c03e7
13548e36be0537e24154e13da4638010f5ede7fcb2b63ca109d339553b7aa89b

HTTP Headers

GET /images/upload-Promo-20220310183820.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:39 GMT
Content-Type: image/jpeg
Content-Length: 214680
Connection: keep-alive
Last-Modified: Thu, 10 Mar 2022 11:38:20 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fwWNiGkr0oB8JcYdv%2Bn3MDIBqncmIkGI258BjK15sRcuRkjvLPQjikwdEh0LkFjCwWg%2FtzXNPeVDMxchKQnlnVV0yhZADo6HBoSPUji1O3dQIjJKqzOOSLDwzRosVwdRv0dSJJJA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c34b6a691c02-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/banner/evomn.jpg

104.19.136.75

200 OK

83 kB

URL HTTP/2
img.pay4d.info/banner/evomn.jpg
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1900x380, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
83 kB (83322 bytes)
Hash
d7cd05a35121d6c4af6ec438ed96e10c
6533486ee55c331d3dd348bcdcbf37ecd10e1e7e
d90573f6414e0e2951796b54b038343e5e8e4ce1cf16fdbfac22a4a95d802fde

HTTP Headers

GET /banner/evomn.jpg HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:40 GMT
content-type: image/webp
content-length: 83322
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=433485
content-disposition: inline; filename="evomn.webp"
last-modified: Thu, 19 Jan 2023 08:18:15 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:40 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a6fb512-OSL
X-Firefox-Spdy: h2

accounts.livechatinc.com/customer/token

95.101.10.171

200 OK

138 B

URL HTTP/2
accounts.livechatinc.com/customer/token
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text
Size
138 B (138 bytes)
Hash
cf5ae2da5b4c1fc31cc5a4832f86863e
b7ae103a7b4141aaecdd849ca812cdc7060e999e
0bf743f2034559d22187990a0bbdaceda0f922d1fdfdfb259f3781a51466a2a8

HTTP Headers

POST /customer/token HTTP/1.1
Host: accounts.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 190
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://secure.livechatinc.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/json
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-length: 138
date: Sun, 29 Jan 2023 11:52:40 GMT
set-cookie: __lc_cid=b217ce85-bc10-4efd-540b-88c9fca89b28; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Wed, 29 Jan 2025 11:52:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cst=743a5a7ac83fb1f4df0a4766de171762e0f846b4bfeeded97102d49e87c3211ad8b5802c275e224c2ce5dcfc40ad17377a46c63127eb3ddc09921c08fa9d; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Wed, 29 Jan 2025 11:52:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cid=b217ce85-bc10-4efd-540b-88c9fca89b28; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Wed, 29 Jan 2025 11:52:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cst=743a5a7ac83fb1f4df0a4766de171762e0f846b4bfeeded97102d49e87c3211ad8b5802c275e224c2ce5dcfc40ad17377a46c63127eb3ddc09921c08fa9d; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Wed, 29 Jan 2025 11:52:40 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__oauth_redirect_detector=counter=1&t=1674993190&tag=9fa0fc7ec8226ea857fb616ca1f888799edb9456; Path=/; Expires=Sun, 29 Jan 2023 11:53:10 GMT; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

www.rodaslotjp1.top/images/upload-Slides-20211231174026.jpg

172.67.179.154

200 OK

302 kB

URL HTTP/1.1
www.rodaslotjp1.top/images/upload-Slides-20211231174026.jpg
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Windows), datetime=2021:12:30 18:14:11], progressive, precision 8, 3750x750, components 3\012- data
Size
302 kB (301778 bytes)
Hash
ce0cc0ea2b35f06226a11a5f24c90d2b
6e6bccdde13ba9a11871de5af0d79ce2aaa1a455
78e01ddcdc1fa614b104c4b459eff291591bef384a9bf7d0f3d8c224b0d74107

HTTP Headers

GET /images/upload-Slides-20211231174026.jpg HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:39 GMT
Content-Type: image/jpeg
Content-Length: 301778
Connection: keep-alive
Last-Modified: Fri, 31 Dec 2021 10:40:26 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BuvxZw0HT5JgXGc3FnKncjs%2Ble7UD%2B5quQEJfDZ9djmZ5o9kYyEsiXSj0XKf0vXmV5ilR5TUdWkb0b2r1sLR6AI%2BaNSVyfBgUzNuor5Lh9t4KD1ARLnJxDzb6V3hObk0PjWssVy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c34c4cfc0afa-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/slot-ttg.png

104.19.136.75

200 OK

356 B

URL HTTP/2
img.pay4d.info/slot-ttg.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
356 B (356 bytes)
Hash
3ce52bfdf47ac5aeec429c7d844f8309
20ecca3cdae26598825aca9d3180721585936d76
574449c76cb20fb822d17cec93a25ed069371c78d8f6e9efb0daa4924a411a56

HTTP Headers

GET /slot-ttg.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:40 GMT
content-type: image/webp
content-length: 356
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=2467
content-disposition: inline; filename="slot-ttg.webp"
last-modified: Sat, 14 Mar 2020 09:33:42 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:40 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a38b512-OSL
X-Firefox-Spdy: h2

api.livechatinc.com/v3.3/customer/rtm/ws?license_id=12114207

95.101.10.171

101 Switching Protocols

0 B

URL HTTP/1.1
api.livechatinc.com/v3.3/customer/rtm/ws?license_id=12114207
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3.3/customer/rtm/ws?license_id=12114207 HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://secure.livechatinc.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 07TioxWHnbX2HtDS2Yx0pA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
sec-websocket-accept: HgAINNPXqaO3tCbznfJAnLbdV7Q=
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://secure.livechatinc.com
legacy: 2023-06-30
Date: Sun, 29 Jan 2023 11:52:40 GMT
Upgrade: websocket
Connection: Upgrade

img.pay4d.info/fish-zombie.png

104.19.136.75

200 OK

2.8 kB

URL HTTP/2
img.pay4d.info/fish-zombie.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.8 kB (2760 bytes)
Hash
88304eeaf81e9ebd296a0d0e2ddb7be2
32c2c254dfa81406883e0507339c538a4af5ce3b
fab65eee93acd119c34e221f22ca4029d06a9fa9a5d93b56be894e4247ff7d81

HTTP Headers

GET /fish-zombie.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:40 GMT
content-type: image/webp
content-length: 2760
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=9384
content-disposition: inline; filename="fish-zombie.webp"
last-modified: Thu, 05 Aug 2021 09:13:00 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:40 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3399a4db512-OSL
X-Firefox-Spdy: h2

www.rodaslotjp1.top/favicon.png

172.67.179.154

200 OK

16 kB

URL HTTP/1.1
www.rodaslotjp1.top/favicon.png
IP
172.67.179.154:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced\012- data
Size
16 kB (16063 bytes)
Hash
fcd83e4eac191498c446d3f4dbc209a9
16e29aba138bb4eaf8d2b3d29727d411dcf6ac90
dae0f3dcba83d3dc22fa11e342dcb7cfa5cc981c4edbf4e7f6303bdf356691a6

HTTP Headers

GET /favicon.png HTTP/1.1
Host: www.rodaslotjp1.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Cookie: PHPSESSID=kerb2r03t2lf2tete7p3756b06; _ga_D3WR7HGLGB=GS1.1.1674993163.1.0.1674993163.0.0.0; _ga=GA1.1.1824737680.1674993163

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 11:52:41 GMT
Content-Type: image/png
Content-Length: 16063
Connection: keep-alive
Last-Modified: Sun, 30 May 2021 05:14:25 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzJPzO6B7WLlCS0KY2eQ4zayVou6Y%2BPnR4mgDz6hbAfVHPj0X0Q0tzIz68cW207dWL6mq%2BqY4%2FKesoU8ODcSyaftuixpHi%2FRV18uMfnatl1PQNvakLdlRB9H%2Fk0EujncjbJkmWLj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7911c3578ed90b61-OSL
alt-svc: h2=":443"; ma=60

img.pay4d.info/dlandroid.png

104.19.136.75

200 OK

2.5 kB

URL HTTP/2
img.pay4d.info/dlandroid.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 kB (2520 bytes)
Hash
a74bb516386bf584bbcb42de349db17c
8bb9f72b4f8d077bbe7319cb341bd9ef7ea8136a
5ddce943f364942ee30b1398175472ab116b19119a3fa7eb2815944162ccfb51

HTTP Headers

GET /dlandroid.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:41 GMT
content-type: image/webp
content-length: 2520
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=5781
content-disposition: inline; filename="dlandroid.webp"
last-modified: Wed, 11 Sep 2019 07:36:31 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:41 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3436f1bb512-OSL
X-Firefox-Spdy: h2

img.pay4d.info/live-mg.png

104.19.136.75

200 OK

1.1 kB

URL HTTP/2
img.pay4d.info/live-mg.png
IP
104.19.136.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.1 kB (1092 bytes)
Hash
ab217824849c8bc2f05240458ef55574
06b015108c8fc22469d8e5a4c371e6d05c04b624
326039e01fe95c632ec94f34f39b85e61715f2a5abcdb555d937ec140574aa72

HTTP Headers

GET /live-mg.png HTTP/1.1
Host: img.pay4d.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.rodaslotjp1.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 29 Jan 2023 11:52:43 GMT
content-type: image/webp
content-length: 1092
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4064
content-disposition: inline; filename="live-mg.webp"
last-modified: Tue, 15 Mar 2022 06:24:43 GMT
vary: Accept
cf-cache-status: HIT
expires: Sun, 29 Jan 2023 13:52:43 GMT
cache-control: public, max-age=7200
accept-ranges: bytes
server: cloudflare
cf-ray: 7911c3398a3eb512-OSL
X-Firefox-Spdy: h2

cdn.livechatinc.com/widget/static/js/iframe.73879adc.chunk.js

95.101.10.171

200 OK

0 B

URL HTTP/2
cdn.livechatinc.com/widget/static/js/iframe.73879adc.chunk.js
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /widget/static/js/iframe.73879adc.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 25 Jan 2023 08:47:14 GMT
x-amz-version-id: DWqeOBaonG9oWcxGU0ZIpqeLsqrYCT6x
server: AmazonS3
content-encoding: gzip
etag: W/"90cad0f1a20bbe0c7b70af650ab7491a"
vary: Accept-Encoding
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: MgLZ1iZ8LpNw3GUGmXeMSFOx05M7e3xvuc4-Sud2VVDGYvBOPceAhQ==
content-length: 228662
cache-control: max-age=31536000
expires: Mon, 29 Jan 2024 11:52:39 GMT
date: Sun, 29 Jan 2023 11:52:39 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML