Report - howtogetadmininbokunoroblox.blogspot.co.uk/

Report Overview

Submitted URL
howtogetadmininbokunoroblox.blogspot.co.uk/
IP
142.250.74.65
ASN
#15169 GOOGLE
Submitted
2023-04-15 18:36:42
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
42

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
nowqo.net	unknown	2022-04-15	2023-04-15	39 kB	1.9 MB	104.21.25.78
cdn.jsdelivr.net	439	2012-09-30	2023-04-14	412 B	3.9 kB	104.16.86.20
s10.histats.com	15211	2012-05-21	2023-04-14	388 B	4.7 kB	46.105.201.240
fonts.gstatic.com	unknown	2014-09-09	2023-04-14	1.6 kB	57 kB	216.58.207.227
s4.histats.com	12782	2012-05-21	2023-04-15	1.1 kB	184 B	149.56.240.31
maxcdn.bootstrapcdn.com	724	2014-06-18	2023-04-14	522 B	68 kB	104.18.10.207
howtogetadmininbokunoroblox.blogspot.co.uk	unknown	No data	No data	407 B	636 B	142.250.74.65
lh3.googleusercontent.com	66	2012-05-22	2023-04-15	2.9 kB	24 kB	142.250.74.97
cdnjs.cloudflare.com	235	2015-04-17	2023-04-14	446 B	2.6 kB	104.17.24.14
howtogetadmininbokunoroblox.blogspot.com	unknown	2022-10-24	2023-01-18	1.4 kB	53 kB	142.250.74.65
www.blogger.com	8975	2012-05-22	2023-04-15	448 B	58 kB	216.58.207.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-04-15	medium	howtogetadmininbokunoroblox.blogspot.co.uk/
2023-04-15	medium	howtogetadmininbokunoroblox.blogspot.com/
2023-04-15	medium	howtogetadmininbokunoroblox.blogspot.com/
2023-04-15	medium	howtogetadmininbokunoroblox.blogspot.com/js/cookienotice.js
2023-04-15	medium	nowqo.net/roblox/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
2023-04-15	medium	nowqo.net/roblox/images/et-line.woff
2023-04-15	medium	nowqo.net/roblox/images/jquery.countto.js
2023-04-15	medium	nowqo.net/roblox/images/scripts.js
2023-04-15	medium	nowqo.net/roblox/images/fancyselect.js
2023-04-15	medium	nowqo.net/roblox/images/jquery-3.2.1.js
2023-04-15	medium	nowqo.net/roblox/images/main.js
2023-04-15	medium	nowqo.net/roblox/images/form-scripts.js
2023-04-15	medium	nowqo.net/roblox/images/validator.min.js
2023-04-15	medium	nowqo.net/roblox/bebasneue_bold-webfont.html
2023-04-15	medium	nowqo.net/roblox/images/sweetalert2.min.js
2023-04-15	medium	nowqo.net/roblox/images/jquery-ui.min.js
2023-04-15	medium	nowqo.net/roblox/images/jquery.magnific-popup.min.js
2023-04-15	medium	nowqo.net/roblox/images/com.js
2023-04-15	medium	nowqo.net/roblox/bebasneue_regular-webfont.html
2023-04-15	medium	nowqo.net/roblox/images/sticky.js
2023-04-15	medium	nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	Size	First Seen	Last Seen
	nowqo.net/roblox/images/com.js	15 kB	2023-04-08	2023-04-16
Pretty URL nowqo.net/roblox/images/com.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-08 11:35:21 Last Seen2023-04-16 10:44:31 Times Seen198 Hash 2468782a1e490499c7f2ae6d9fe0a7d2 603a2903c17a10820309bf4377e90aa49d71aea1 901c6d7022367a9c5ed36ebd28dae42ef9abd3354a1a66f200de0f944c91784c Loading...

	nowqo.net/roblox/images/sticky.js	20 kB	2023-03-07	2023-04-16
Pretty URL nowqo.net/roblox/images/sticky.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen395 Hash 1180d3ea8d2544bb6bec4dacb60526d2 d2788f5423575404112a66853e0f274960d743e0 bb88a49c99d278abff743baf1f0f492382031afd4212fb27b33a23068723f86e Loading...

	nowqo.net/roblox/images/main.js	34 kB	2023-03-07	2023-04-16
Pretty URL nowqo.net/roblox/images/main.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen393 Hash b4a27b956eccd646f3bc2b2b2b6503c5 6df97b44c507a440a3c1dd6873b44fbc95e92fb1 948fe10b1ea0b581c4871ae90f94882ed8945bd19c9ce0352b20ac0467dc145a Loading...

	nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ	325 B	2023-03-07	2023-04-16
Pretty URL nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 5644d012be9e47b1ae7bf89c80633745 e0fe867b75dd9c9ac03056fd960eb91512808860 477c2e410825c537de3848a9b47bb422f9aea7328dac8fc7395b2f8aa9f8e51e Loading...

	cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js	5.1 kB	2023-03-07	2024-02-26
Pretty URL cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js IP 104.16.86.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-26 23:33:16 Times Seen286 Hash 5ca725d76acf5fc62e1e419e50031fd7 94c9b12c4d33f3f4e7b22a6f6e1420e5c90003c4 e3c6d1c8195fe393af47c014346ebdcd629556a6365ea1f5a671cd507f914ce1 Loading...

	nowqo.net/roblox/images/fancyselect.js	4.6 kB	2023-03-07	2024-02-11
Pretty URL nowqo.net/roblox/images/fancyselect.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-11 16:42:07 Times Seen194 Hash fc20f6fcbceda58609e8ec93ed8972a6 346672aba10658ebe11580ff7fec4b70663c2e0f b92360cf3455f4f375b7c8cc3b601061686d92b9ffd4624004f420c9d09996d8 Loading...

	nowqo.net/roblox/images/validator.min.js	6.1 kB	2023-03-07	2024-04-12
Pretty URL nowqo.net/roblox/images/validator.min.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-12 19:45:27 Times Seen915 Hash 81df0465f243a2e7b7b06b8ad6015173 996eb26bb4bdb44ed5257d048cedaf3ed0a6f90c c31a654938abf168fca328d9663ea83999b87ff36d18b016ea8aace1a9cb2cb1 Loading...

	nowqo.net/roblox/images/form-scripts.js	1.0 kB	2023-03-07	2024-02-11
Pretty URL nowqo.net/roblox/images/form-scripts.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-11 16:42:06 Times Seen200 Hash 7d7a87d79b5343d3f04fed2cc2bef2e3 021cc4c45ce7872041b7af085a4cf13f423c01e8 7a05b1e911af071c10812d790155447a62d4445db99b2d43872202bfcaded5ae Loading...

	s4.histats.com/stats/0.php?4275781&@f16&@g0&@h3&@i1&@j1681583874584&@k3536243&@l3&@mRoblox%20Robux%20Generator%202023&@n0roblox-abx.js=himk\|template=SEO-Elite-Premium.xml\|himk=howtogetadmininbokunoroblox.blogspot.com\|howtogetadmininbokunoroblox.blogspot.com=direct\|ref=direct\|tags=roblox-abx.js&@ohttps%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-56709785&@b3:1681583875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnowqo.net%2Froblox%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ&@w	52 B	2023-04-15	2023-04-15
Pretty URL s4.histats.com/stats/0.php?4275781&@f16&@g0&@h3&@i1&@j1681583874584&@k3536243&@l3&@mRoblox%20Robux%20Generator%202023&@n0roblox-abx.js=himk\|template=SEO-Elite-Premium.xml\|himk=howtogetadmininbokunoroblox.blogspot.com\|howtogetadmininbokunoroblox.blogspot.com=direct\|ref=direct\|tags=roblox-abx.js&@ohttps%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-56709785&@b3:1681583875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnowqo.net%2Froblox%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ&@w IP 149.56.240.31 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-15 20:36:43 Last Seen2023-04-15 20:36:43 Times Seen2 Hash 6dd576e4ca00aa011fb839a51ad759ad 87432d0a852b1af33fbd1d91d5e4cb439f04d728 2d0be92333535ed0f5aa88a6bdf8be1d0c69cf6515054cec99f96d3a15a0e52e Loading...

	nowqo.net/roblox/images/jquery.magnific-popup.min.js	21 kB	2023-03-07	2024-04-17
Pretty URL nowqo.net/roblox/images/jquery.magnific-popup.min.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-17 19:29:15 Times Seen2397 Hash be3333626c57af03599abcb59b325e09 3824067348f6485d6b07d3a43660804e3731b21a ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc Loading...

	nowqo.net/roblox/images/scripts.js	196 B	2023-03-07	2023-04-16
Pretty URL nowqo.net/roblox/images/scripts.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen378 Hash 30110b3852b1800156f09776b7f8abc3 b3016d5bcc5d32713d4841b7430e8a36a08f4d82 c7b5716b450a19a471d68d99302a1aefc97409ad09b5248b7493052fb515f9ef Loading...

	nowqo.net/roblox/images/sweetalert2.min.js	20 kB	2023-03-07	2024-02-10
Pretty URL nowqo.net/roblox/images/sweetalert2.min.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-02-10 04:05:40 Times Seen448 Hash 0ad69b0e70b7da1bb8f8a96e9e6b5d9a 7d21a0c1f43d3edb47dd9e69b05243f3fcb53152 4051f26691def4eafcae32928be110c13d1819e544a12b0a9b95378bfaf9859b Loading...

	nowqo.net/roblox/images/jquery-3.2.1.js	139 kB	2023-03-07	2023-10-31
Pretty URL nowqo.net/roblox/images/jquery-3.2.1.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-10-31 00:50:02 Times Seen397 Hash 0b39dc8f94398407369f2c6f32042bac 8c4abc797c784a78061373a0aa078be14c7931b1 41f59ec5d59f17850334323c174baef773d00ed5bb48e3739d77bb41b3c59c00 Loading...

	nowqo.net/roblox/images/jquery-ui.min.js	200 kB	2023-03-07	2024-03-22
Pretty URL nowqo.net/roblox/images/jquery-ui.min.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:47 Last Seen2024-03-22 19:16:45 Times Seen485 Hash 234f1553c7d27cce512062c59800a9a8 b48e01c35c1e6ad622386b9a3161bd1bf02723c8 d87043ac816dbfadae73fcc32f84eadb9a665cf97ae938bea9702a27d3e9a54a Loading...

	nowqo.net/roblox/images/jquery.countto.js	2.4 kB	2023-03-07	2024-02-11
Pretty URL nowqo.net/roblox/images/jquery.countto.js IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-11 16:42:07 Times Seen206 Hash 2997f7484c171da3ffd1f9f7bf8b9056 be8d289c00db0f7c5975938a147181a772e0f6b6 0c3bb5ecb9b684b6efb1524648c7cf632511260270fa846369f27115ce269070 Loading...

	s10.histats.com/js15_as.js	11 kB	2023-03-07	2024-03-25
Pretty URL s10.histats.com/js15_as.js IP 46.105.201.240 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-03-25 09:24:29 Times Seen1978 Hash e959fbdd13def4b9a9d0a5fc9a7de4d4 1e39712307e3673b40c0bdb8c7d3e86a3e8b60a0 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Loading...

	nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ	622 B	2023-03-07	2023-04-16
Pretty URL nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 7c5cdfb6321019cf9fd448815ff5db0d 88e72d5a1cbc98fb8abec7d7f271be3750f49ffd 247598654d9b470c026aef9f5ff263a7cb7ce6f9ebc3216c9b02809de308a6c6 Loading...

	nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ	514 B	2023-03-07	2023-04-16
Pretty URL nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ IP 104.21.25.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 09933286614ed7eb9801cf06011a4c9d fa97803d9532c6922800b799c7e43039f003f33d 68d3e0ce6a8a98aa641fc113c014919e27ccff17a6c7f286cfc325693f730e09 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 7e58c75dc5c814b8584596366d7fbbc0	2.3 kB	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 01:07:18 Last Seen2024-04-18 14:51:01 Times Seen1120 Hash 7e58c75dc5c814b8584596366d7fbbc0 402ed5cabf7e193cec0bc119f0f80573fbdfd213 a4b7e137da8e508158dde25998a84af33c206e06aa964412416123bda0ab5048 Loading...

	#2 Eval - 85db27906ab42bae987f36e7af985ecf	2.7 kB	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 01:07:18 Last Seen2024-04-18 14:51:01 Times Seen1123 Hash 85db27906ab42bae987f36e7af985ecf 8f5695bbc2eef2bcc4196ed68464866c4029e5fc 829462f248743b16714172d3e598266a34e812142b16c34521a14a280a247612 Loading...

HTTP Transactions (58)

URL IP Response Size

howtogetadmininbokunoroblox.blogspot.co.uk/

142.250.74.65

190 B

URL
howtogetadmininbokunoroblox.blogspot.co.uk/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
190 B (190 bytes)
Hash
ec04bba0fa02d0625e745875424097a0
c5e7fb8872595d82ba2390fd2a8b93dbf818f9cc
f51ee49d69d1f1431a47eb6f5a8d8629fb8b92c626700dcf397de89f0953f6b8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: howtogetadmininbokunoroblox.blogspot.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Location: http://howtogetadmininbokunoroblox.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 15 Apr 2023 18:36:26 GMT
Expires: Sat, 15 Apr 2023 18:36:26 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 190
Server: GSE

howtogetadmininbokunoroblox.blogspot.com/

142.250.74.65

190 B

URL
howtogetadmininbokunoroblox.blogspot.com/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
190 B (190 bytes)
Hash
15164e8100f7f70444cff2cbcec93581
a53d17d8f928d26fc8dbb0cc236f5500fb249b7c
535d67ff715933aa4f227a0673a183a6afc81e09fd7f5ffbd2b1780d1bdd4d16

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: howtogetadmininbokunoroblox.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Location: https://howtogetadmininbokunoroblox.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 15 Apr 2023 18:36:26 GMT
Expires: Sat, 15 Apr 2023 18:36:26 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 190
Server: GSE

howtogetadmininbokunoroblox.blogspot.com/

142.250.74.65

49 kB

URL
howtogetadmininbokunoroblox.blogspot.com/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (32023)
Size
49 kB (48951 bytes)
Hash
b02ef5e324cd5feb8cc23603f6b5c9f3
debc06a78c9782368a1595c1d60f202a260fbc66
9f8f110bd5ee803a90604c1d4ea5fd7e9ff13c9cc9ef5b4e711a606fc918aa3d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: howtogetadmininbokunoroblox.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 15 Apr 2023 18:36:27 GMT
date: Sat, 15 Apr 2023 18:36:27 GMT
cache-control: private, max-age=0
last-modified: Sat, 15 Apr 2023 13:14:55 GMT
etag: W/"108382f6d1d57b5e0e7331ec5f73719904f3855043c7cf5f4a778353fc555d65"
x-robots-tag: all,noodp
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 48951
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

howtogetadmininbokunoroblox.blogspot.com/js/cookienotice.js

142.250.74.65

2.0 kB

URL
howtogetadmininbokunoroblox.blogspot.com/js/cookienotice.js
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: howtogetadmininbokunoroblox.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: howtogetadmininbokunoroblox.blogspot.com
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Sat, 15 Apr 2023 18:36:28 GMT
expires: Sat, 22 Apr 2023 18:36:28 GMT
cache-control: public, max-age=604800
last-modified: Sat, 15 Apr 2023 15:51:18 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.blogger.com/static/v1/widgets/1852870454-widgets.js

216.58.207.233

57 kB

URL
www.blogger.com/static/v1/widgets/1852870454-widgets.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2221)
Size
57 kB (57021 bytes)
Hash
d19b4e5daf1cca65910963a91514ff6d
e4c300bb1b62d4ece1b938cb3ee0f6322ee0a8b9
3d2a90a36164abc85a92ede291287c7135725dae9c5c124b8f3f557f7c12c7d4

HTTP Headers

GET /static/v1/widgets/1852870454-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 57021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 14 Apr 2023 08:03:26 GMT
expires: Sat, 13 Apr 2024 08:03:26 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 14 Apr 2023 04:55:24 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 124382
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AByxGDQ6MhUKd4Ie48qV1QdjJSjgzyEU2UfsX5NabUasso9PdZsZJNeuo3X7H3qIdcu7Kk08DB9e10in672yWOQb3Xx2NWC5bUkR7_yfARz9824n7g

142.250.74.97

1.2 kB

URL
lh3.googleusercontent.com/blogger_img_proxy/AByxGDQ6MhUKd4Ie48qV1QdjJSjgzyEU2UfsX5NabUasso9PdZsZJNeuo3X7H3qIdcu7Kk08DB9e10in672yWOQb3Xx2NWC5bUkR7_yfARz9824n7g
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
1.2 kB (1187 bytes)
Hash
9fe85dcb3fe48e26d43227a130d47e6a
918db738002dda86a37aca5f2bece573f89d8084
57eb79ec23f95554cfee51062e26a0e62c8b095b030bf7aa4068894370e1052e

HTTP Headers

GET /blogger_img_proxy/AByxGDQ6MhUKd4Ie48qV1QdjJSjgzyEU2UfsX5NabUasso9PdZsZJNeuo3X7H3qIdcu7Kk08DB9e10in672yWOQb3Xx2NWC5bUkR7_yfARz9824n7g HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
timing-allow-origin: *
content-type: image/jpeg
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 18:36:28 GMT
server: fife
content-length: 1187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AByxGDT_xd_EQTV6KvYIPDWFRDZHIKPBRGkIvO5tKPug5ak_ZzhhbOfu8xSi-X7OeOL8Qa6x2deAGumYiToCr6VvwjpSBFoffvMOEGHvDumG0_8EMQ

142.250.74.97

5.7 kB

URL
lh3.googleusercontent.com/blogger_img_proxy/AByxGDT_xd_EQTV6KvYIPDWFRDZHIKPBRGkIvO5tKPug5ak_ZzhhbOfu8xSi-X7OeOL8Qa6x2deAGumYiToCr6VvwjpSBFoffvMOEGHvDumG0_8EMQ
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
5.7 kB (5730 bytes)
Hash
af657814437027f122629437300048e4
b3eff03425c48f6e9625079b5c50e46b9327e513
fef4864426413b38c7199150262ab409c45f15509345142fbe73df0604a674b7

HTTP Headers

GET /blogger_img_proxy/AByxGDT_xd_EQTV6KvYIPDWFRDZHIKPBRGkIvO5tKPug5ak_ZzhhbOfu8xSi-X7OeOL8Qa6x2deAGumYiToCr6VvwjpSBFoffvMOEGHvDumG0_8EMQ HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Sun, 16 Apr 2023 18:36:28 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 18:36:28 GMT
server: fife
content-length: 5730
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AByxGDSopc5yHHnSvDGIIKe5VHG6aIZ92DqVpHaxmOLGMWSW3Z6tEShIXpZutmdprKUePmirHJYIUP9hT7k1RBx4x2elptpwyd2U-T9QWDr6slTt3w

142.250.74.97

5.9 kB

URL
lh3.googleusercontent.com/blogger_img_proxy/AByxGDSopc5yHHnSvDGIIKe5VHG6aIZ92DqVpHaxmOLGMWSW3Z6tEShIXpZutmdprKUePmirHJYIUP9hT7k1RBx4x2elptpwyd2U-T9QWDr6slTt3w
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
5.9 kB (5869 bytes)
Hash
c9134e1a2699da25a073c23cec853a6f
bdd2ffd16732d391af8b631614ae625755564153
8b1bb4800e34ea443a9d588821d3be3e6f3943a145503fa01d94af4acf0e0723

HTTP Headers

GET /blogger_img_proxy/AByxGDSopc5yHHnSvDGIIKe5VHG6aIZ92DqVpHaxmOLGMWSW3Z6tEShIXpZutmdprKUePmirHJYIUP9hT7k1RBx4x2elptpwyd2U-T9QWDr6slTt3w HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Sun, 16 Apr 2023 18:36:28 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 18:36:28 GMT
server: fife
content-length: 5869
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AByxGDQJKyvClixzONprDrJ268LqXNryWRE7pGEML5LLs1us783ZKLTIp5JKxVuvIq8RAqb4uD8k6PSs03GXUB2GxF3iAVJW0lCO_KfSjkmjTvQ7-no

142.250.74.97

5.3 kB

URL
lh3.googleusercontent.com/blogger_img_proxy/AByxGDQJKyvClixzONprDrJ268LqXNryWRE7pGEML5LLs1us783ZKLTIp5JKxVuvIq8RAqb4uD8k6PSs03GXUB2GxF3iAVJW0lCO_KfSjkmjTvQ7-no
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
5.3 kB (5343 bytes)
Hash
742f358f1e75046ab6f8f3da22fd9783
ca4885c5d2b962adca0a246842bc15144f067cf1
885b49a4203145ed60436b19a07ab6ad9bd5693ae53524515b6b94b2a3f11625

HTTP Headers

GET /blogger_img_proxy/AByxGDQJKyvClixzONprDrJ268LqXNryWRE7pGEML5LLs1us783ZKLTIp5JKxVuvIq8RAqb4uD8k6PSs03GXUB2GxF3iAVJW0lCO_KfSjkmjTvQ7-no HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Sun, 16 Apr 2023 18:36:28 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 18:36:28 GMT
server: fife
content-length: 5343
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AByxGDQrmft7Pfb7fl0DQqki0Nk-61KRXyv4JFSu7LWIloZaw3b7v9pFTr--N-jR9rgSXhNeWeoOMDKoUikNbe96rpFDgxWwtFa1fuz73kv8LXpSLA

142.250.74.97

3.7 kB

URL
lh3.googleusercontent.com/blogger_img_proxy/AByxGDQrmft7Pfb7fl0DQqki0Nk-61KRXyv4JFSu7LWIloZaw3b7v9pFTr--N-jR9rgSXhNeWeoOMDKoUikNbe96rpFDgxWwtFa1fuz73kv8LXpSLA
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
3.7 kB (3714 bytes)
Hash
dc2d85a9c8bddeee463ea60dab51adab
d9657535e6d55fb25134515e64c8fbdf1ce87098
9940938c28af275c7328e2c406b87b9fd188be41ac5103cefb1a5b517fbcb700

HTTP Headers

GET /blogger_img_proxy/AByxGDQrmft7Pfb7fl0DQqki0Nk-61KRXyv4JFSu7LWIloZaw3b7v9pFTr--N-jR9rgSXhNeWeoOMDKoUikNbe96rpFDgxWwtFa1fuz73kv8LXpSLA HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Sun, 16 Apr 2023 18:36:28 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 18:36:28 GMT
server: fife
content-length: 3714
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nowqo.net/roblox/images/gamebaglogo.png

104.21.25.78

200 OK

3.3 kB

URL GET HTTP/3
nowqo.net/roblox/images/gamebaglogo.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3340 bytes)
Hash
e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f

HTTP Headers

GET /roblox/images/gamebaglogo.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: image/png
content-length: 3340
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728363
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sJbVAWwaXr9zszw2JFHVGRpze%2Fp2vGjL8xxC2tMjrKzqJB1TZ930Fsl6OGadGi3L8oX6qJBY9Z0kQcEt7f6e%2Fe26Zcu%2F5c88KVClZicTG2tJtDu%2BAKqpO8L40M0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b590ea1b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/ft-1.png

104.21.25.78

200 OK

3.3 kB

URL GET HTTP/3
nowqo.net/roblox/images/ft-1.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3340 bytes)
Hash
e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f

HTTP Headers

GET /roblox/images/ft-1.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: image/png
content-length: 3340
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728363
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BHPPVB5ozwja6Q9M%2FFZM246U0gk0Bvw4MZFF37QgTtQtyUsCzXCvQkN2ogXmKbowh8O9BUUqO2buaF%2BWnJm8wdSFiEcw7lkbtua%2BGBfvEUQgkDoDN6Ovnz7VnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b590ea3b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/header.png

104.21.25.78

200 OK

131 kB

URL GET HTTP/3
nowqo.net/roblox/images/header.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
131 kB (131285 bytes)
Hash
35e93538f31d67876a2cb38bf94279d8
49bf97732e9bffb5371ad60d024901b09d83651b
95c1de9315834de2ff3608a2dc048a6aedc273e665f9b54eb956523a81fc91df

HTTP Headers

GET /roblox/images/header.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: image/png
content-length: 131285
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728363
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKBe0wYlsnxgFmvPScCQ%2BgU6BYFy2HD0EcOi%2BOm2ExnVr8XMRTCcqv0NbzivsJqPYfqYRNGDAidYfF%2BL0y9XgFYj9QZ1YAOHGLMh90EMFcCfH6FaffPyvGShHAA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b590e9fb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css

104.17.24.14

200 OK

1.5 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (3201), with no line terminators
Size
1.5 kB (1541 bytes)
Hash
8e09ceb5490863a66cd2e83ca3d7e524
35e3d074516ec70c508d748f7ae01827bc0c28ba
cccbb374fd4cb6dcbac9df64456b49cb11530e7bafdac6c6c7e67ff2ed350db9

HTTP Headers

GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: text/css; charset=utf-8
content-length: 1541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-c81"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7427194
expires: Thu, 04 Apr 2024 18:36:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VURFd5dZbaW6bQk3cjHyIMXWgbTjK5I25x6VXnJGul2FrhMLjIaNf8xA8bHmbx5Gso7S1dKeq%2BzEmhZJSb%2BIXVtNH%2BEEg9q0mhX4cQNd7IKS7EjVNcU94ctljj0PqAFaokmKKp0B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7b864b59390eb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

nowqo.net/roblox/images/main-bg.jpg

104.21.25.78

200 OK

838 kB

URL GET HTTP/3
nowqo.net/roblox/images/main-bg.jpg
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
JPEG image data, baseline, precision 8, 2560x1440, components 3\012- data
Size
838 kB (838330 bytes)
Hash
ba5d619ee57cf5acc6ebee951a24e01a
a0627942a4e280318a098576257027078cbc40fc
ff5ca3b41fff989a535f80c1119cca50d67fa99c759545a3fc484cc8124cf836

HTTP Headers

GET /roblox/images/main-bg.jpg HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/jpeg
content-length: 838330
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728364
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cOsKe3RXSU8tXUUnfiX7rTvWKePP3gk3rqYuFYSGZeXegsOaPmTqqqrrMyDT0WiYiOnPH0nqHH0nd955k%2FhA8OlF21Iz38O%2B%2Bn4QoqBDxUuwmjax5b3DONGoKcA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5a58c4b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/pr-r.png

104.21.25.78

200 OK

27 kB

URL GET HTTP/3
nowqo.net/roblox/images/pr-r.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 960 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size
27 kB (27316 bytes)
Hash
1339ccba9a248e9c3689c2f921283d91
7d393c9a3efa49a81afc9406700e94ae23e4bb95
082da94e7b1e7b7cf6054ecb33edffc2b36578727ef34c8a1ef6bddfaa6cfbbf

HTTP Headers

GET /roblox/images/pr-r.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/png
content-length: 27316
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728364
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ep1oMefi5zS2HCyx6DYoe5VOUEeMJ%2BuapCBbtRh3DwxycJHBPGRS8PDZptGKUlnpywPWxxHxDqt4k95jAdaDIfRBD9J7lzoxxd8S7T3sbE3NYxrXXM52%2Bm0wgvg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5ae99eb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700

104.21.25.78

200 OK

16 kB

URL GET HTTP/3
nowqo.net/roblox/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (701), with no line terminators
Size
16 kB (16358 bytes)
Hash
da2204a870cb1cf5239f4cb8d5a54e73
1f21abcbf599cd78c13e60a7f8a68861891c9c6b
e176d5c8f1e34b7655db75393a7b0c84fca68f8bc9083fa6c302ede69dd28f24

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700 HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=773
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 07:38:09 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=svFOUcFykDZHCuQd%2FCI3zihIgS1QVh97lJeDkfmIWoqSfyXiATBZwhjKzGLV%2F8UGtaZy1R7ukYsIEuh26%2BUPclS6aAlb%2FnnI%2BNOZxlvPVj5%2FLPuFJRIz4PNLRT8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58ee75b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/btn-img.png

104.21.25.78

200 OK

2.0 kB

URL GET HTTP/3
nowqo.net/roblox/images/btn-img.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1977 bytes)
Hash
b750214f9a0276662f12acbbff0d37ce
65e094e10e2b933ab866a66b5f9b25321b99a0d1
db31dae896b9158c4d1c3f32525e6f63281fe9c671a5dc93236cac960013351b

HTTP Headers

GET /roblox/images/btn-img.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/png
content-length: 1977
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 139086
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=op6OtYVkSYQ0%2BuhKaahnx8CrEGxAjS1ycvClmuVmCdKHXFtIVyt4pWO9TOLdUM%2BKCmvVz8M9ztDRT2w4o1hMrDQw01i7EGRJWKZgEeB2BFPKtphXWgzABAAR8V4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5ae9a0b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/panel-overlay.png

104.21.25.78

200 OK

3.1 kB

URL GET HTTP/3
nowqo.net/roblox/images/panel-overlay.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 960 x 661, 4-bit colormap, non-interlaced\012- data
Size
3.1 kB (3116 bytes)
Hash
2b026d93f79b384005e4252c80701791
87804a0d83d2e745b31526c8b60d026abecbe73a
b7a5d35c1c7be1953002244f054a14f38ed11912ad52d25a8e963774f7f52e0e

HTTP Headers

GET /roblox/images/panel-overlay.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/png
content-length: 3116
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728364
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYockxep51pZHoXZlrhWn37FuUT2PfK5JQcqh1bfdi78PKILlFgnO%2FIyNayhDKkXJ7Ch9gCtISfNzKexhnG4HrFHl3xMG2I8wmIkFrzvOMprUzA1AMmZcBCwg2c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5ae99bb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/et-line.woff

104.21.25.78

200 OK

55 kB

URL GET HTTP/3
nowqo.net/roblox/images/et-line.woff
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
Web Open Font Format, CFF, length 55220, version 1.0\012- data
Size
55 kB (55220 bytes)
Hash
b01ff252761958325faab1535c90c87f
d33413e7bc42acc8837cc9030ca45d29c1ccf0c6
19d2f43d546ada73dd083f7778aa4a5cac1a8e7a3af56efccae580fce07a5e1c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/et-line.woff HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: font/woff
content-length: 55220
cache-control: public, max-age=31536000
expires: Sun, 16 Apr 2023 07:06:54 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 503968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZSemxJt9ldWKKvqoDjt%2FpwVgivzIb7bCjSGt6BW4haw6hKbYTueuGDLg7B47JLTD8HuuIcA1yPlSnorwQZT%2FXwbFUIpx4VQ25z17ltXsDdWicL6oJuy4jFWL9o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5ae9a3b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js

104.16.86.20

200 OK

2.8 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
IP
104.16.86.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5C:61:30:2F:8C:51:BF:3D:79:B5:3A:04:9A:91:F0:1C:D9:78:87:40
ValidityThu, 02 Jun 2022 00:00:00 GMT - Thu, 01 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4802)
Size
2.8 kB (2771 bytes)
Hash
e4fc85d2f9e34b54b8c87ac94f7d43ed
3e28b660e87d33f09d96c645af186db19d173f56
63e49a78880615f61d9b9c2c237ffa49f06c0199cbe331716d9990f6f2833ee6

HTTP Headers

GET /npm/js-base64@3.7.2/base64.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 3.7.2
x-jsd-version-type: version
etag: W/"1405-lMmxLE0z8/TnsipvbhQg5ckAA8Q"
x-served-by: cache-fra-eddf8230050-FRA, cache-jnb7024-JNB
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 177766
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PGRB1ifstxVKVatS9xcnJcP20Q7R8YtSTiCCKsPVpIiaIXIdVM10PnRqanCrioyWkkCsjJq4yW6R%2BosugoF9giiBQnBRa5lcEwIF%2Bzi0oog2yaHyP18MuSKFf8PlqLMzyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b595cabb517-OSL
content-encoding: br
X-Firefox-Spdy: h2

nowqo.net/roblox/images/font-awesome.min.css

104.21.25.78

200 OK

73 kB

URL GET HTTP/3
nowqo.net/roblox/images/font-awesome.min.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (27546)
Size
73 kB (72861 bytes)
Hash
64dae9087df4aa4f1c461e80d82e0a21
5ee39784906c14753f3c13e25fa1faaf44eacde0
ec80d4d48a74e1ead21c116c25306dfc4987027b03d74032384f75f185438d43

HTTP Headers

GET /roblox/images/font-awesome.min.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 157891
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sM2nErbAX2%2F00Ul4ubj18HTS4o1qKGUB3CDmMMB7aZ0HR0rWynDBvwbii%2FkjOyPTmtW7NXhJqqZO65PW9tLF6sm7eZjBG9VTPNQk6jgAfPYaJF4ng4%2FqBsC4Cfk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58ee7db527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/jquery.countto.js

104.21.25.78

200 OK

19 kB

URL GET HTTP/3
nowqo.net/roblox/images/jquery.countto.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (1043)
Size
19 kB (18629 bytes)
Hash
07f744196932e75a743460c4ab9eae04
de5876e9c5c204b3d73fd987d2343fd0c4e186e0
9d0eced91baac07271436e5a03adb60ffa35905f9f5fb740d9ccfab5e577a483

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/jquery.countto.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3761
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 157891
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ItMm%2BUGOc%2FYlQXJW2GeVy1P%2By2U4z6Liyttg7ntPmjPeybTQcfGkeLBCGneds9XshhVx6bN7cyZgLWCJFlXIt3aJp7C%2BbjNuq4DphPU9Zk6ofj3MaJua3a0s9NU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b590eb2b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/scripts.js

104.21.25.78

200 OK

19 kB

URL GET HTTP/3
nowqo.net/roblox/images/scripts.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with no line terminators
Size
19 kB (18719 bytes)
Hash
6fd3be561449a027fb61fbe114c5716c
f83661ec65cecd0952031ce2c9f914704d843145
0a361f0de8c33b9a82f912f39af72aa0db4efc46a4d17c13f814391c0d68cbe6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/scripts.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=225
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4A4PpuMDFx3k8aOX4qzEaB6%2FPOe6Os75ukzWmcgSPW4K1V3trUUronvGywMOG%2Fin8yF2TPT%2B1XQ5xN5D3r%2B%2FY1o2%2BFJ0yomzYk8uHpdl550Ns10abonZnvi%2FDQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b591ec6b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/bootstrap.min.css

104.21.25.78

200 OK

39 kB

URL GET HTTP/3
nowqo.net/roblox/images/bootstrap.min.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (65371)
Size
39 kB (38638 bytes)
Hash
3876a5884f4eb5acff60d69cff4da7d1
60872e6e2dd191a4079440a0eb8a67f4248f466e
b5ef5281a500803b22947d4293bc1d555187756b6e86ab39746ab77af5f660fa

HTTP Headers

GET /roblox/images/bootstrap.min.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VeVjBRkEUsYxmBehzzWQJbIjGH%2FtuwaXuE%2FwV0AgEKQ%2BLeVqd41zzffQktWvTiR2W54Xye4AIuk769rfQ5oKCnOnLse64On3skQdUYEHbMQ60jMkpTEqzJFmcmM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58ee81b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/ca.png

104.21.25.78

200 OK

628 B

URL GET HTTP/3
nowqo.net/roblox/images/ca.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced\012- data
Size
628 B (628 bytes)
Hash
8618709a45d8d1c4d9d254c61bdf29b8
9470a0ba81cf743d77ed3cbe98ea6dc9dfb6a583
3a6c5facc8613948b81833101a2ff8c3a114813ce24077585faee268b8ffb541

HTTP Headers

GET /roblox/images/ca.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F; username1Cookie=Priscilla; username2Cookie=Ermes; username3Cookie=Abelardo; comment1Cookie=This software is awesome . thank you Concordio!; comment2Cookie=wow.. thank you admin!  1000000 Clash Royale Gems.; comment3Cookie=thanks! this website is giving some real stuff .
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/png
content-length: 628
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:42 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 139076
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cAM02zcCdoelXWwqrgBfspZnAMvAMXiBkT4E7Pa9%2BiMsmvgkK9Tqsog5PrVGT8s3duemz88gop5qCeCGdke%2BcaLjOl3%2FH9kTL18E41EfgKzd1qbeEdoBRJ7LDqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5bdadcb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/fancyselect.js

104.21.25.78

200 OK

4.8 kB

URL GET HTTP/3
nowqo.net/roblox/images/fancyselect.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (1254)
Size
4.8 kB (4755 bytes)
Hash
1d74f4dc2f668a2a87a5dc1d45915d9e
d1bc21af151ac1f5e177642e2552f56b00e65f8e
ff946c6baa8a9847ad39ca65be9ef10ec64cf9c90a31474b656018d4af9b5bfb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/fancyselect.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6778
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Am6uppOl32pQ%2BIpefM9bCpEOjfyPmsiS91EoYeWV71n0UbWwtOCJbfRhweUmrTYOColzkvbmkUNPzelydLo%2BYx3KnOgZf1qtUJ6qYt3NWbZHxREbkIVByYgLKng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b590eb4b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

s10.histats.com/js15_as.js

46.105.201.240

200 OK

4.4 kB

URL GET HTTP/2
s10.histats.com/js15_as.js
IP
46.105.201.240:443
ASN
#16276 OVH SAS

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerLet's Encrypt
Subjecthistats.com
FingerprintF3:F6:9F:E3:A0:B3:22:C0:B2:93:4E:22:72:B6:D1:DA:40:BA:AE:9B
ValidityWed, 15 Mar 2023 12:20:28 GMT - Tue, 13 Jun 2023 12:20:27 GMT

File type
HTML document, ASCII text, with very long lines (11440), with no line terminators
Size
4.4 kB (4364 bytes)
Hash
ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1

HTTP Headers

GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Apr 2023 18:31:03 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 220926468
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE8:8D:29:52:9C:44:66:28:BB:43:25:CE:11:45:BB:A1:5A:4E:44:11
ValidityTue, 28 Mar 2023 16:54:02 GMT - Tue, 20 Jun 2023 16:54:01 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansRegular1.10;1ASC;OpenSans-RegularOpen Sans RegularVersion 1.10OpenSans-Regularhttp://ww\012- data
Size
18 kB (17789 bytes)
Hash
8c20320e2a77d984348f9e9aa7296b9d
0939a63b6a9982ab64f044dfc3a21dac2bca0499
0be48b762bdf588db02112492dfadcb3a098fad3ac5aa2ccc80568b799462c52

HTTP Headers

GET /s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17789
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Apr 2023 17:17:02 GMT
expires: Fri, 12 Apr 2024 17:17:02 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jun 2017 16:46:31 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 177567
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE8:8D:29:52:9C:44:66:28:BB:43:25:CE:11:45:BB:A1:5A:4E:44:11
ValidityTue, 28 Mar 2023 16:54:02 GMT - Tue, 20 Jun 2023 16:54:01 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open Sans LightRegular1.10;1ASC;OpenSans-LightVersion 1.10OpenSans-Lighthttp://www.apache.org/li\012- data
Size
18 kB (18391 bytes)
Hash
a69c5fa643b7208c4922909701e399ac
0560e8f641340a70d9c36b3d4106e42ac395f829
0a8b75177ccda56113a7a1bb9214c38276257846f9323226f74831f74ffc721f

HTTP Headers

GET /s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18391
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 12 Apr 2023 19:44:14 GMT
expires: Thu, 11 Apr 2024 19:44:14 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jun 2017 16:45:42 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 255135
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE8:8D:29:52:9C:44:66:28:BB:43:25:CE:11:45:BB:A1:5A:4E:44:11
ValidityTue, 28 Mar 2023 16:54:02 GMT - Tue, 20 Jun 2023 16:54:01 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansBold1.10;1ASC;OpenSans-BoldOpen Sans BoldVersion 1.10OpenSans-Boldhttp://www.apache.org\012- data
Size
19 kB (18604 bytes)
Hash
5498784000b038638befe230ea392271
efef80115bdabd927501563197827a7ae837a19f
5848ca5f4af491c37907f2e4cb0e240166572edc90615a96d4702f2dce34800b

HTTP Headers

GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Apr 2023 06:40:10 GMT
expires: Fri, 12 Apr 2024 06:40:10 GMT
cache-control: public, max-age=31536000
age: 215779
last-modified: Wed, 14 Jun 2017 16:46:24 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

s4.histats.com/stats/0.php?4275781&@f16&@g0&@h3&@i1&@j1681583874584&@k3536243&@l3&@mRoblox%20Robux%20Generator%202023&@n0roblox-abx.js=himk|template=SEO-Elite-Premium.xml|himk=howtogetadmininbokunoroblox.blogspot.com|howtogetadmininbokunoroblox.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-56709785&@b3:1681583875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnowqo.net%2Froblox%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ&@w

149.56.240.31

200 OK

52 B

URL GET HTTP/1.1
s4.histats.com/stats/0.php?4275781&@f16&@g0&@h3&@i1&@j1681583874584&@k3536243&@l3&@mRoblox%20Robux%20Generator%202023&@n0roblox-abx.js=himk|template=SEO-Elite-Premium.xml|himk=howtogetadmininbokunoroblox.blogspot.com|howtogetadmininbokunoroblox.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-56709785&@b3:1681583875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnowqo.net%2Froblox%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ&@w
IP
149.56.240.31:443
ASN
#16276 OVH SAS

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerLet's Encrypt
Subjecthistats.com
FingerprintF3:F6:9F:E3:A0:B3:22:C0:B2:93:4E:22:72:B6:D1:DA:40:BA:AE:9B
ValidityWed, 15 Mar 2023 12:20:28 GMT - Tue, 13 Jun 2023 12:20:27 GMT

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
6dd576e4ca00aa011fb839a51ad759ad
87432d0a852b1af33fbd1d91d5e4cb439f04d728
2d0be92333535ed0f5aa88a6bdf8be1d0c69cf6515054cec99f96d3a15a0e52e

HTTP Headers

GET /stats/0.php?4275781&@f16&@g0&@h3&@i1&@j1681583874584&@k3536243&@l3&@mRoblox%20Robux%20Generator%202023&@n0roblox-abx.js=himk|template=SEO-Elite-Premium.xml|himk=howtogetadmininbokunoroblox.blogspot.com|howtogetadmininbokunoroblox.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-56709785&@b3:1681583875&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnowqo.net%2Froblox%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 15 Apr 2023 18:36:30 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 52
Connection: close

nowqo.net/roblox/images/ac.png

104.21.25.78

200 OK

408 B

URL GET HTTP/3
nowqo.net/roblox/images/ac.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced\012- data
Size
408 B (408 bytes)
Hash
7391e6b6df7b181d51ffeb2a5a6d7bd4
e442abb4c7713078983da019502d070f38c12e26
6f20d866841c4514782a46142df22b70b8da9783c513e3d41d8f3313483fe38d

HTTP Headers

GET /roblox/images/ac.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681583874584; HstCmu4275781=1681580304853; HstPn4275781=3; HstPt4275781=3; HstCnv4275781=1; HstCns4275781=2; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F; username1Cookie=Priscilla; username2Cookie=Ermes; username3Cookie=Abelardo; comment1Cookie=This software is awesome . thank you Concordio!; comment2Cookie=wow.. thank you admin!  1000000 Clash Royale Gems.; comment3Cookie=thanks! this website is giving some real stuff .; timePosted11Cookie=98304; timePosted22Cookie=70599; timePosted33Cookie=25153
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:31 GMT
content-type: image/png
content-length: 408
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:47 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728363
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pi7WrIQd%2Fn8%2B0NSN%2BnaYNmbcd7wsrDblqIdmTq3S0VOENuVGJe32RaZAKs88L%2FQAjleY6GtITad8f%2BZ6O11iOLDMc1HmkpkfLTppiAKoTm6I%2Flc6MhBJa78IeVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b6aebb1b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/us.png

104.21.25.78

200 OK

609 B

URL GET HTTP/3
nowqo.net/roblox/images/us.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced\012- data
Size
609 B (609 bytes)
Hash
968591e0050981be9fa94bd2597afb48
dd9e149e2b5ad59dd8b4b262f5fdeb5cc10ecf43
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585

HTTP Headers

GET /roblox/images/us.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681583874584; HstCmu4275781=1681580304853; HstPn4275781=3; HstPt4275781=3; HstCnv4275781=1; HstCns4275781=2; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F; username1Cookie=Priscilla; username2Cookie=Ermes; username3Cookie=Abelardo; comment1Cookie=This software is awesome . thank you Concordio!; comment2Cookie=wow.. thank you admin!  1000000 Clash Royale Gems.; comment3Cookie=thanks! this website is giving some real stuff .; timePosted11Cookie=101304; timePosted22Cookie=73599; timePosted33Cookie=28153
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:34 GMT
content-type: image/png
content-length: 609
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:24 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728369
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HaOA5rL%2BP3eKFMfbRLJX%2BTxobUGcu9kKGa5GiYvk70v%2FsfSOvsCfz6W%2BUlkKhFqYFxsfke7KmGdKtBs%2BsOwgQiXXRGJUEgCBkHBozsTIhiXrYNsj9c%2BDgYIu36o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b7a8995b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/close.png

104.21.25.78

404 Not Found

886 B

URL GET HTTP/3
nowqo.net/roblox/close.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
886 B (886 bytes)
Hash
1c50dadac931ecabaf7091ebf459c2e5
bfa28d6b4f663d9439b697a8cba5bde3bd531d77
8f936a607eb214265655b35d7fcf28fbf56f5179d29ccfd6ebcfe90d871b2b98

HTTP Headers

GET /roblox/close.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681583874584; HstCmu4275781=1681580304853; HstPn4275781=3; HstPt4275781=3; HstCnv4275781=1; HstCns4275781=2; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F; username1Cookie=Priscilla; username2Cookie=Ermes; username3Cookie=Abelardo; comment1Cookie=This software is awesome . thank you Concordio!; comment2Cookie=wow.. thank you admin!  1000000 Clash Royale Gems.; comment3Cookie=thanks! this website is giving some real stuff .; timePosted11Cookie=101304; timePosted22Cookie=73599; timePosted33Cookie=28153
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sat, 15 Apr 2023 18:36:34 GMT
content-type: text/html
cache-control: private, max-age=31536000, must-revalidate
pragma: no-cache
cf-cache-status: HIT
age: 728369
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xNO7UNTZU5cIMWs7WFtIFro7y2lCPBP0toLGUZlOEjB3q9Ly4oa4PnSh62dgB3V0B1GTQAWH3loG3WZ9hjRCnocGtEO3JhrQM6MjNSLVynacG%2FFf6ZsnfWQlIU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b7a8993b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/jquery-3.2.1.js

104.21.25.78

200 OK

139 kB

URL GET HTTP/3
nowqo.net/roblox/images/jquery-3.2.1.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (1237)
Size
139 kB (138802 bytes)
Hash
0b39dc8f94398407369f2c6f32042bac
8c4abc797c784a78061373a0aa078be14c7931b1
41f59ec5d59f17850334323c174baef773d00ed5bb48e3739d77bb41b3c59c00

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/jquery-3.2.1.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=268039
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RswIDDJP3Tlj0X%2FkEfGZKvov3ws5Sz3uj4PSYIo8UPFfQlF00vaU%2BU4GJpzGySLzYLMNf2N%2FGRB4g4muOEx1YnoDCcKNCkXx3%2FRaXZDJV3LFIjNz4XZKzbv80Tc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b590ea2b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/main.js

104.21.25.78

200 OK

34 kB

URL GET HTTP/3
nowqo.net/roblox/images/main.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (24637)
Size
34 kB (34244 bytes)
Hash
b4a27b956eccd646f3bc2b2b2b6503c5
6df97b44c507a440a3c1dd6873b44fbc95e92fb1
948fe10b1ea0b581c4871ae90f94882ed8945bd19c9ce0352b20ac0467dc145a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/main.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38451
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcGd6%2FrOnnZVajxG9fIABGDAnvhF0c7nolTOFNPWAvSswvDq0MnwcP2BjVqu4TrEesGM21ILX6EKITLenId9MdvQxLgrhl84oQqzvTuC%2F5%2B3asx%2FxvyA7jTvX%2B8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b591ec8b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/de.png

104.21.25.78

200 OK

545 B

URL GET HTTP/3
nowqo.net/roblox/images/de.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced\012- data
Size
545 B (545 bytes)
Hash
ddabae687ecae5edaaeb808d440543e6
1daf2d67ccaa5be01a330a231ac996a9d5575594
3323814006fe6739493d27057954941830b59eff37ebaac994310e17c522dd57

HTTP Headers

GET /roblox/images/de.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681583874584; HstCmu4275781=1681580304853; HstPn4275781=3; HstPt4275781=3; HstCnv4275781=1; HstCns4275781=2; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F; username1Cookie=Priscilla; username2Cookie=Ermes; username3Cookie=Abelardo; comment1Cookie=This software is awesome . thank you Concordio!; comment2Cookie=wow.. thank you admin!  1000000 Clash Royale Gems.; comment3Cookie=thanks! this website is giving some real stuff .; timePosted11Cookie=103304; timePosted22Cookie=75599; timePosted33Cookie=30153
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:36 GMT
content-type: image/png
content-length: 545
cache-control: public, max-age=31536000
expires: Fri, 21 Apr 2023 06:34:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 117834
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oRiDtpvO5x6jbpPEf56NWAsNhoMehmcpxG9PTmQTG4JaaXl6OPImrzsYmGuoSy61PI8OS8KntIj%2F6HfzvunnvBu5LjJX2Pj0iVIld%2BHkfb1ZjkbM2jg56DUeWtU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b8a2e7cb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/form-scripts.js

104.21.25.78

200 OK

1.0 kB

URL GET HTTP/3
nowqo.net/roblox/images/form-scripts.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (1061), with no line terminators
Size
1.0 kB (1021 bytes)
Hash
6199605916a54c185314b9c5d3b5e809
5fbe1148fc133ac41089c2fa9e50c32e91ba6541
6c7d18b6f23e412b7e2217aae669caf57c56c3de9e6c0f7099151c752512b139

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/form-scripts.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1469
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQxiyFM4bqFB68JNXL4q%2FQVM84lCVc8P2opWgdiS7mwbKhin8TJj%2B6nYhoHORcu8VUuK%2BbIZC4Uo%2F8r0%2FcaBD2JLZrx1EhXTnDh8k%2BqPBeIVDSztqlnEk9jx9AA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b591ebdb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/pr-l.png

104.21.25.78

200 OK

16 kB

URL GET HTTP/3
nowqo.net/roblox/images/pr-l.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 960 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16083 bytes)
Hash
6073469203244cc95b8fbe0996b8c405
60c3fe75fa9d7e3ae7f42f9a247d103b9841982a
7509fb455029a48272466bce43b17cf8247f769f9a4b9c51a03eba55924e11f3

HTTP Headers

GET /roblox/images/pr-l.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/png
content-length: 16083
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 728364
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2FeMAhIaGy0xWt024rXVCvDtQlXBLXA2BwP6G54H1Q96Vt9UGSbbhU7DDhLhPWkLR0AEltwkadrbnLep34ufJTvQlCL2tioRh2Bmkpk40Wzl4NWSf3uo2oRTwB0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5ae99db527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/magnific-popup.css

104.21.25.78

200 OK

6.1 kB

URL GET HTTP/3
nowqo.net/roblox/images/magnific-popup.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (6066), with no line terminators
Size
6.1 kB (6066 bytes)
Hash
5c7b8257bc3d11ed0b9d8c57d9d967d6
77a322afa98376719dd8fdd3942be08bb129d1bf
2c71340892aeebaae880becc0b89bd2ef6938150078692622c04d3f2bc7c0a32

HTTP Headers

GET /roblox/images/magnific-popup.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7946
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1xB%2B2MuOgSNOBgsO%2F47jbid95tnPNH5iucQPy9OUnQmBa0ccwC7sdbhoVxH5IqYfogDnUw1ngxE%2BL3YfXVSxPxqEIoDxIPh1Ld9%2BnVmBGEQTlhRCpGUSKpE2D%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58fe87b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/validator.min.js

104.21.25.78

200 OK

6.1 kB

URL GET HTTP/3
nowqo.net/roblox/images/validator.min.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (6259), with no line terminators
Size
6.1 kB (6055 bytes)
Hash
c542ac1e946658c7739d7c1244dd647f
5b34ad25a6933d25a3bec582821cdf7e598f90c1
e82795588f13566da7127ae782f27664653c7e7b6f9007c6c85f29580259a08d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/validator.min.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XD8ZiApQEXjanRRj3%2F%2BHVZDzx2bH%2BMdG8QIul6juFTanVsgTmDs0Pt5QzetHbX49i0kU1KgZvCjnu6z%2FGNNHhkYTvRaWLUVYQrNMZJmp05n5LOmOwfUURX00dBA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b591ebbb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/sweetalert2.min.css

104.21.25.78

200 OK

14 kB

URL GET HTTP/3
nowqo.net/roblox/images/sweetalert2.min.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (13988), with no line terminators
Size
14 kB (13988 bytes)
Hash
2854c355b9997439e011705e39b4b3ed
06f14e99f5bee6853283e1d42227f3289781379e
a64645980f5ee5a0aaa66cec5a98103420643da6681221c9cd10fc318adcdb6d

HTTP Headers

GET /roblox/images/sweetalert2.min.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sqi8G2XzDk1YMuJbfvrJsgRAYHaFaNTRfihO2M94HNXOamx%2BbJeSOUputIzFm%2F%2BSDXcsxfuKUXEjgmqv5jS0UWU1Qzc4j8bV73t69%2FDygWPSGHpzTc4Mv%2BeoJdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58fe85b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/bebasneue_bold-webfont.html

104.21.25.78

200 OK

15 kB

URL GET HTTP/3
nowqo.net/roblox/bebasneue_bold-webfont.html
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15216, version 256.256\012- data
Size
15 kB (15216 bytes)
Hash
343da8bfb3e5f68623f89728e3ac70d5
1e7b5280d24e99691a8023445a80f1a57deb5437
b4cca3534c900c315be9a8d4ca33bb9de6ae987c7e0f22988f9d43913a942fb5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/bebasneue_bold-webfont.html HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: text/html
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 503968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BPKA3A%2FIYM0PvVf16HgSweeWZArBjeAhH%2BjBH6Di573cOE1NX7AYNfm5WOrHCRx2GbayUHakbmwixuRI%2BtmYj%2FKkjCNtEUU7viDTJljlb2smUHJsmlh1lHLpDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b5ae9a4b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/gamebag-favico.png

104.21.25.78

200 OK

3.3 kB

URL GET HTTP/3
nowqo.net/roblox/images/gamebag-favico.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3340 bytes)
Hash
e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f

HTTP Headers

GET /roblox/images/gamebag-favico.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F; username1Cookie=Priscilla; username2Cookie=Ermes; username3Cookie=Abelardo; comment1Cookie=This software is awesome . thank you Concordio!; comment2Cookie=wow.. thank you admin!  1000000 Clash Royale Gems.; comment3Cookie=thanks! this website is giving some real stuff .
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/png
content-length: 3340
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:25 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 523569
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCqcD%2BM3uDOc7pcExYeZwQGvGuSdPPyM3cQahaCNi2TOLlLr9XdFa3%2FDWvKAjL1lMb2ZM5k%2BgF67HIkG84YJUj1Y7K3mOviH7iZMWN5oi6zjbEeEg09bpnanmog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5c2b3cb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/style.css

104.21.25.78

200 OK

40 kB

URL GET HTTP/3
nowqo.net/roblox/images/style.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (40387), with no line terminators
Size
40 kB (40387 bytes)
Hash
3e05a1f487075dc57f03535a3d6693da
6e4cccd476e7d09d261ebdc7563383d40ec3fa99
52079098bd4de80b7be963bc457d10467682b061619c1d5b96ed628f63c4cd9b

HTTP Headers

GET /roblox/images/style.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=50839
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wr7mILcNR%2BuMglTo%2BB4AA4RTwDlzE2kRSpZEvWc3AxFPMJaMOWubevF5bil1xJQbTlY1YHkkbrUE7H2qeDe351%2BYHl8JuV4kr265RnyFeT78DP0Ni65olQ6Rdvg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58fe8eb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

104.18.10.207

200 OK

67 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 9b0e9cc931c66bf3d677884409621f3d
cdn-cache: HIT
cf-cache-status: HIT
age: 699898
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7b864b5b2f160b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

nowqo.net/roblox/images/sweetalert2.min.js

104.21.25.78

200 OK

20 kB

URL GET HTTP/3
nowqo.net/roblox/images/sweetalert2.min.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (20305), with no line terminators
Size
20 kB (20305 bytes)
Hash
0ad69b0e70b7da1bb8f8a96e9e6b5d9a
7d21a0c1f43d3edb47dd9e69b05243f3fcb53152
4051f26691def4eafcae32928be110c13d1819e544a12b0a9b95378bfaf9859b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/sweetalert2.min.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 157891
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iiY5Zli8oiMEkvYXnbH9WDdC5CaVZL80%2BEhiaVuFhdTgdU7BcPuufhv17gVtgTnGkIj%2FoQviAtf%2FYUMptVC%2FD7oK4PdEjft1E%2F08ZRXYrZEYlAhuNll2vWEsOso%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b590eb6b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/animate.css

104.21.25.78

200 OK

54 kB

URL GET HTTP/3
nowqo.net/roblox/images/animate.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (53418)
Size
54 kB (53546 bytes)
Hash
e2a7d135b1c8e224646c92c6f3fd96a6
b2b50086832927bbd02c4e17c05ebe56b0b48367
0202d4f993c3ef2e05f7073d7058c02956ad2ad252f4dc73cf7f4e90c800b30d

HTTP Headers

GET /roblox/images/animate.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=68796
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TbLRdl1tG80moOftNPJeqN%2B9PlTv7J7ul%2BQTn1I1hHGPqXYtHvt9J%2FhF4TNQfrVQyA%2BUwMzmkm4XZyDofPgkvS6eNUszZELmKl7y0FZpnOsfGbG51IkDjn8zXvU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58fe83b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/jquery-ui.min.js

104.21.25.78

200 OK

200 kB

URL GET HTTP/3
nowqo.net/roblox/images/jquery-ui.min.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (563)
Size
200 kB (200104 bytes)
Hash
234f1553c7d27cce512062c59800a9a8
b48e01c35c1e6ad622386b9a3161bd1bf02723c8
d87043ac816dbfadae73fcc32f84eadb9a665cf97ae938bea9702a27d3e9a54a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/jquery-ui.min.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f1RUHLInCSeQfyUokHc2CDNVou2LUIkJziQtIl0iZm4UfpNc4GE5GoRXRIV4RZRKRzEKOKiZCBbWoCn%2BqErBsQU1IaXdh16QvR3d7yXltGuVpiVtv3zxseOZWHs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b590ea5b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/jquery.magnific-popup.min.js

104.21.25.78

200 OK

21 kB

URL GET HTTP/3
nowqo.net/roblox/images/jquery.magnific-popup.min.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (21014)
Size
21 kB (21143 bytes)
Hash
be3333626c57af03599abcb59b325e09
3824067348f6485d6b07d3a43660804e3731b21a
ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/jquery.magnific-popup.min.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPcbPfLspnIaw%2FaIewgdgx6GwcvLT6OJLQXAUT6LGJZBrU0SA13DQ%2B07oy8xfpg3dtgfV8ov81N%2Bd9mrnOeYnxPjik58rvR9oyxlKE0ZLS5z6k7yNK%2FcwQCLzms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b591ebfb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/com.js

104.21.25.78

200 OK

15 kB

URL GET HTTP/3
nowqo.net/roblox/images/com.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type

Size
15 kB (15179 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/com.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=17963
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r2Wp%2BbHm9cqe1OUIAUp9zGsJrlHzEal7PxlXmlJ4fUtNdBodVp6ag%2FMjhDX4x5RK6TgSKh75ve0NyYuSD1LIgd6BxAEX1H8xGSah78uLN4mKU2mxRIGhuaOwmBM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b591ebab527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/bebasneue_regular-webfont.html

104.21.25.78

200 OK

16 kB

URL GET HTTP/3
nowqo.net/roblox/bebasneue_regular-webfont.html
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15948, version 15811.-24832\012- data
Size
16 kB (15948 bytes)
Hash
e40e33db088776dcc998d8e79263d860
ae07a83cee583252d5a2bc27b3e5efed83f8dfe9
80fe1f0f417a2e7373882d874e71bc40385c74e453bfb9e2cb8b14e2b70d4842

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/bebasneue_regular-webfont.html HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F; username1Cookie=Priscilla; username2Cookie=Ermes; username3Cookie=Abelardo; comment1Cookie=This software is awesome . thank you Concordio!; comment2Cookie=wow.. thank you admin!  1000000 Clash Royale Gems.; comment3Cookie=thanks! this website is giving some real stuff .
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: text/html
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
age: 503968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cGAky%2F8LhOuK0bbk%2BcM6LiijN7PNOeYtfjVksdibOkWanLXIgLxkJRuGhgc0%2Fl7Gv5DNiiiaVhBl39X5y1Vjhm4B%2BHxOSfU%2F%2Fo9OXx7uA0nKiV37lfz4ljg6Dis%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b5bdadeb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/button-dot.png

104.21.25.78

200 OK

672 B

URL GET HTTP/3
nowqo.net/roblox/images/button-dot.png
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
PNG image data, 15 x 15, 8-bit colormap, non-interlaced\012- data
Size
672 B (672 bytes)
Hash
478aefab2e280b16b0372e607414d3c2
710f5aaa706ec23cbf45006d7c1d25be76b4fa64
a651e77df132fc0c4dbccb7c56f84923c28dcb159f4b7a112bde8bbc548632bc

HTTP Headers

GET /roblox/images/button-dot.png HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/images/style.css
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:29 GMT
content-type: image/png
content-length: 672
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:19 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
cf-cache-status: HIT
age: 157892
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jI0iQBSpAUb0ErWyTr2tCMjgIBg0yY1LnM%2BAoZ6FUi6oghqCV2vtqvTIWRFXe4Nj13JSwRZqBYh3NJKZXETDorOyjpZ0hVlf%2Bqv1acTydXsfSk%2FAN3ExPcd%2BtCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b864b5ae9a2b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/custom-css.css

104.21.25.78

200 OK

1.6 kB

URL GET HTTP/3
nowqo.net/roblox/images/custom-css.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (1606), with no line terminators
Size
1.6 kB (1606 bytes)
Hash
d34740a6a9be71e4be3a3f85bd9ecf8c
7554eff0bb6aba275be019a2bb94b9e7f22890b7
00f0b781fe8a57a9f9844786f6570ce1aad98d4e14ec99fed38d8274f23a4a87

HTTP Headers

GET /roblox/images/custom-css.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1790
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pfiXptVYFc5X4seH77uKf82%2BClgRKhl%2B1GU7yPCDHw6RMUV9t4gOBcYGFDmGzdxPMCQ6QjPyeDVRVsrlVQuSs5oyEIaWbVtBvvwFhbc58l49hH2MK%2B%2FQdGqIAKg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58fe8fb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/images/sticky.js

104.21.25.78

200 OK

20 kB

URL GET HTTP/3
nowqo.net/roblox/images/sticky.js
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (16920)
Size
20 kB (19623 bytes)
Hash
1180d3ea8d2544bb6bec4dacb60526d2
d2788f5423575404112a66853e0f274960d743e0
bb88a49c99d278abff743baf1f0f492382031afd4212fb27b33a23068723f86e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/images/sticky.js HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=20845
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FUlwN1JoZzvmnwlG%2BXSM8I%2B%2BMlH1lS0edKSEe8%2FG2wdleSOuMGvx%2BdlSKn2HBVWrnmPcjoKRc0mJVIRXIj88eXPVAz5GpOvSApKS28d6BbC2Z%2F4hIIlSU%2FTBdbQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b591ec4b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ

104.21.25.78

200 OK

15 kB

URL User Request GET HTTP/2
nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type

Size
15 kB (15348 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://howtogetadmininbokunoroblox.blogspot.com/
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/html
last-modified: Fri, 07 Apr 2023 06:41:19 GMT
vary: Accept-Encoding
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdJq2GMnTeqBtL9JxtyW9ma30QUKN7QYdRqWrJSmoV5ss5lJjC4J%2B9AQPYgRerJPalP3P9hfteR0apJTa4XyVRdgHDrxaxMAmRB29KSnhf72WWKK6WRaamXrxzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b57db5db503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

nowqo.net/roblox/images/fancyselect.css

104.21.25.78

200 OK

3.6 kB

URL GET HTTP/3
nowqo.net/roblox/images/fancyselect.css
IP
104.21.25.78:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Certificate
IssuerGoogle Trust Services LLC
Subject*.nowqo.net
Fingerprint4D:F9:79:11:BB:71:F0:57:06:92:43:6D:46:F2:D5:42:7E:73:1B:4E
ValidityTue, 04 Apr 2023 14:41:31 GMT - Mon, 03 Jul 2023 14:41:30 GMT

File type
ASCII text, with very long lines (3597), with no line terminators
Size
3.6 kB (3595 bytes)
Hash
b86846846243a51557217cb783b39128
0199ad38dc1de1aeac470288bd1b8ecff464fd5d
a7b61a6c6412f3bacecc0bb6da9d0f6ff60ebb115c66458bd4031518d2cf01e3

HTTP Headers

GET /roblox/images/fancyselect.css HTTP/1.1
Host: nowqo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: nowqo.net
Connection: keep-alive
Referer: https://nowqo.net/roblox/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwiaGltayIsInRlbXBsYXRlIiwiU0VPLUVsaXRlLVByZW1pdW0ueG1sIiwiaGltayIsImhvd3RvZ2V0YWRtaW5pbmJva3Vub3JvYmxveC5ibG9nc3BvdC5jb20iLCJob3d0b2dldGFkbWluaW5ib2t1bm9yb2Jsb3guYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1hYnguanMiXQ
Cookie: HstCfa4275781=1681580304853; HstCla4275781=1681580338341; HstCmu4275781=1681580304853; HstPn4275781=2; HstPt4275781=2; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Fjogoslegaisdorobloxcomdinheirolimitad.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Apr 2023 18:36:28 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4253
cache-control: public, max-age=31536000
expires: Fri, 14 Apr 2023 06:32:18 GMT
last-modified: Tue, 08 Oct 2019 06:00:24 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 728363
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3oEX2T%2FzgPaQWxdsPV2oXyS4lvtiZABCJB5ZeO16Y0WnLjf0eL7LB9fgpJq%2BQ1Muhic0k4qY4%2BWnSwoijSd8WDXx1Nth%2BD6zdIPq9daUunlwsIvzZSp4h4xeWVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b864b58fe8cb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML