buk.v3mn.in/4kjL_Lj?2bw_LP=bHxyj2xhpZVoaoKnlWh1emB3lHqCy6VffJ-Zlri0jG58mqFiY390jqxiaWRfZX9wrYw/apoole@slurpmail.net&s3=&s4=
188.114.97.1301 Moved Permanently 0 B URL HTTP/1.1 buk.v3mn.in/4kjL_Lj?2bw_LP=bHxyj2xhpZVoaoKnlWh1emB3lHqCy6VffJ-Zlri0jG58mqFiY390jqxiaWRfZX9wrYw/apoole@slurpmail.net&s3=&s4=
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /4kjL_Lj?2bw_LP=bHxyj2xhpZVoaoKnlWh1emB3lHqCy6VffJ-Zlri0jG58mqFiY390jqxiaWRfZX9wrYw/apoole@slurpmail.net&s3=&s4= HTTP/1.1
Host: buk.v3mn.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 31 Jan 2023 14:11:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 31 Jan 2023 15:11:25 GMT
Location: https://buk.v3mn.in/4kjL_Lj?2bw_LP=bHxyj2xhpZVoaoKnlWh1emB3lHqCy6VffJ-Zlri0jG58mqFiY390jqxiaWRfZX9wrYw/apoole@slurpmail.net&s3=&s4=
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zJqqfEVQDJKgZDSRPZx0l87ie%2FfHPMQQQKbvSHB%2BvCfP4WAXdIpdDz1VD9wh%2FPWBYg4H6eWaNMZ1JGSUOb%2FErpe9T4G4rrersR%2FXFY1mkttsJtIfVpqPI5STy1JAgw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79230951d824b4ed-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3897
Expires: Tue, 31 Jan 2023 15:16:22 GMT
Date: Tue, 31 Jan 2023 14:11:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5550
Expires: Tue, 31 Jan 2023 15:43:55 GMT
Date: Tue, 31 Jan 2023 14:11:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 13:43:17 GMT
content-type: application/json
age: 1688
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14514
Expires: Tue, 31 Jan 2023 18:13:19 GMT
Date: Tue, 31 Jan 2023 14:11:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: p5U4FsZaJu45K1qX5XtgaDtz0Mb/wF3aioxVFr1HoOoonF0ZbR0jp7qPN3xTgpw+oov4bI+4Mb0HYPF+4NBcWQ==
x-amz-request-id: KDJXVBC2MVDN7NNE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 13:51:11 GMT
age: 1214
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 14:11:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59fc9fde994e5d38f2d9c1a0b0a34d83
c92745a929c2807485c4c17c77623fa0661c6c32
7397030a2519957c52e9ce01b40e552092fd45fed0e93a4462f1d17af9e1618c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7397030A2519957C52E9CE01B40E552092FD45FED0E93A4462F1D17AF9E1618C"
Last-Modified: Tue, 31 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 31 Jan 2023 20:11:25 GMT
Date: Tue, 31 Jan 2023 14:11:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 13:41:42 GMT
age: 1783
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4062
Expires: Tue, 31 Jan 2023 15:19:08 GMT
Date: Tue, 31 Jan 2023 14:11:26 GMT
Connection: keep-alive
push.services.mozilla.com/
44.227.71.100101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.227.71.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LoZj6bbAwW5CvUbToYN0Ag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BrhZfO3ajomi+1R+CwI3tSldbfo=
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59fc9fde994e5d38f2d9c1a0b0a34d83
c92745a929c2807485c4c17c77623fa0661c6c32
7397030a2519957c52e9ce01b40e552092fd45fed0e93a4462f1d17af9e1618c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7397030A2519957C52E9CE01B40E552092FD45FED0E93A4462F1D17AF9E1618C"
Last-Modified: Tue, 31 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Tue, 31 Jan 2023 20:11:25 GMT
Date: Tue, 31 Jan 2023 14:11:26 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 14:11:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
216.58.207.202200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (65451)
Hash 903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 16:41:31 GMT
expires: Mon, 29 Jan 2024 16:41:31 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
age: 163795
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 933 B IP 93.184.220.29:0
File type gzip compressed data, from Unix\012- data
Hash 6099451fdd8f77dba24ff723b8e797a8
12df4e3f1c0b02c5275a10c45e10978105c43273
fe8b7776f562c78ec08356e23a6280747834c74aea8903893b9cd82f0838ba8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6208
Cache-Control: max-age=109612
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 14:11:26 GMT
Etag: "63d8127a-116"
Expires: Wed, 01 Feb 2023 20:38:18 GMT
Last-Modified: Mon, 30 Jan 2023 18:54:50 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 278
cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
104.18.19.183200 OK 696 B URL HTTP/2 cdn.by.wonderpush.com/sdk/1.1/wonderpush-loader.min.js
IP 104.18.19.183:0
File type ASCII text, with very long lines (1337), with no line terminators
Hash 3eb4ebbd84300308a46c51d9cd003dd6
6df26f199d57528753a6594e33f48ffb3035b478
86e51e001c8bca636589fc2fc2363bdea0775df09d50cfc2e155e06ee5d8f9c5
GET /sdk/1.1/wonderpush-loader.min.js HTTP/1.1
Host: cdn.by.wonderpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 14:11:26 GMT
content-type: application/javascript
content-length: 696
last-modified: Tue, 17 Jan 2023 16:23:59 GMT
cache-control: public,max-age=86400
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET
access-control-max-age: 86400
etag: "3eb4ebbd84300308a46c51d9cd003dd6ed6e"
x-cache: Miss from cloudfront
via: 1.1 a52c33748955378f279062b7fc7ef91e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 3MHOVLcmz7axT6qMCuNKmP6H-wPBX5F3nU3u6I9kDctv9Cfg3rHPxA==
cf-cache-status: HIT
age: 78383
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7923095d8d040b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 14:11:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash ccf9d2c12149d9228a64dcfac5dc2372
ca83b81160cb3fe2077044df89457ffae07c6797
9668e8e00f522028d922237b925a5449de63b27b2a497ae91c804c882993c453
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6208
Cache-Control: max-age=109612
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 14:11:26 GMT
Etag: "63d8127a-116"
Expires: Wed, 01 Feb 2023 20:38:18 GMT
Last-Modified: Mon, 30 Jan 2023 18:54:50 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a32b2d8ca324cee600a609bdd42db3a2
f049ab3b05c80a6622dcd65296f990dc6f37bbb4
c49c1ce8b66dd886572a14b2e215ebd6a8fe6f957f2668fa76495d38acfa34c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C49C1CE8B66DD886572A14B2E215EBD6A8FE6F957F2668FA76495D38ACFA34C3"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9450
Expires: Tue, 31 Jan 2023 16:48:57 GMT
Date: Tue, 31 Jan 2023 14:11:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a32b2d8ca324cee600a609bdd42db3a2
f049ab3b05c80a6622dcd65296f990dc6f37bbb4
c49c1ce8b66dd886572a14b2e215ebd6a8fe6f957f2668fa76495d38acfa34c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C49C1CE8B66DD886572A14B2E215EBD6A8FE6F957F2668FA76495D38ACFA34C3"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18061
Expires: Tue, 31 Jan 2023 19:12:28 GMT
Date: Tue, 31 Jan 2023 14:11:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a32b2d8ca324cee600a609bdd42db3a2
f049ab3b05c80a6622dcd65296f990dc6f37bbb4
c49c1ce8b66dd886572a14b2e215ebd6a8fe6f957f2668fa76495d38acfa34c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C49C1CE8B66DD886572A14B2E215EBD6A8FE6F957F2668FA76495D38ACFA34C3"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18061
Expires: Tue, 31 Jan 2023 19:12:28 GMT
Date: Tue, 31 Jan 2023 14:11:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a32b2d8ca324cee600a609bdd42db3a2
f049ab3b05c80a6622dcd65296f990dc6f37bbb4
c49c1ce8b66dd886572a14b2e215ebd6a8fe6f957f2668fa76495d38acfa34c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C49C1CE8B66DD886572A14B2E215EBD6A8FE6F957F2668FA76495D38ACFA34C3"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18061
Expires: Tue, 31 Jan 2023 19:12:28 GMT
Date: Tue, 31 Jan 2023 14:11:27 GMT
Connection: keep-alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/css/translate.css
97.107.133.178200 OK 655 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/css/translate.css
IP 97.107.133.178:0
Hash 64836db20736f1e7995b43489b4bf0ac
a0db33db05acb39dd01d9f19f5eed634682b0ead
d4d21bac4b13cac53c0b921c3aa69d1e010a32ad3ccb7498821aa6e763e71c87
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/css/translate.css HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:26 GMT
ETag: "28f-5deb63a3c5580"
Accept-Ranges: bytes
Content-Length: 655
Content-Type: text/css
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/css/style.css
97.107.133.178200 OK 21 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/css/style.css
IP 97.107.133.178:0
Hash 5bfd2245d7f170adde20137ba98ce022
7b81e6803067d57102a45007f0de027b4a49307a
f6eb66822c1b670b9a92100c2c818fb9748718b148adea7e2b90a0149e7555f2
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/css/style.css HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 13:28:30 GMT
ETag: "52f4-5edfb07fabb80"
Accept-Ranges: bytes
Content-Length: 21236
Content-Type: text/css
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16059
Expires: Tue, 31 Jan 2023 18:39:06 GMT
Date: Tue, 31 Jan 2023 14:11:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16059
Expires: Tue, 31 Jan 2023 18:39:06 GMT
Date: Tue, 31 Jan 2023 14:11:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16059
Expires: Tue, 31 Jan 2023 18:39:06 GMT
Date: Tue, 31 Jan 2023 14:11:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 976dda397f9292a498ca9db5599c0378
dad9e9c3462907a2475046aee36d57f8309cd44e
7ed9ccf2ff75ca53f5ba56a1d2127e0f09b0ae941cad8b042e8df01ad01e614b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43ae4cd9-2533-48ae-8086-f8fea8a4e269.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6844
x-amzn-requestid: 0542cf46-5045-459f-a35f-f6c0d3f5f7b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flZsxH0YIAMF9ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86feb-692d50f710a131df2ee49aa8;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6bbFjAsd03GN8zzBnAFBm7xA8igZ_xHJsOHzw7nwNgRxiWUDLPGjpQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:53:29 GMT
age: 44278
etag: "dad9e9c3462907a2475046aee36d57f8309cd44e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hDjKAMYoVwHdCqS8t08PrWyfQQLiWaosXbi3FOJY8BeV0yAFCGziGw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:58:16 GMT
age: 43991
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:40:17 GMT
age: 37870
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T5CaUojMEG8x8vki59UdIhI8IbbBRY_7w3xgiW3RCZlHTyeHPLIy2Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:47:13 GMT
age: 59054
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: djoQmYTv7Rlq9tKKkJ5U1J3YeVSIs5yzSts_xRN3bdi27Ra8UfM6OQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:44:45 GMT
age: 59202
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZP2Mar8l3QoPH733_vv3hUuQjWvaN4_TgfYwme2-6WIxGi55BoSchg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 04:26:31 GMT
age: 35096
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/css/translateelement.css
97.107.133.178200 OK 19 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/css/translateelement.css
IP 97.107.133.178:0
File type ASCII text, with very long lines (18670)
Hash 15ab5dfc566a9a19f6e89a72b7819e43
064aac1e8bc5a26c5986e40659bc328157ec3b53
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/css/translateelement.css HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:28 GMT
ETag: "4924-5deb63a5ada00"
Accept-Ranges: bytes
Content-Length: 18724
Content-Type: text/css
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/js/interactive.js
97.107.133.178200 OK 45 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/js/interactive.js
IP 97.107.133.178:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash acf4559f3f91eda60139e1c3d5eefdd9
ae0434de9a8f8fb0f5ccd7e4a1ee46e26587ab62
c67f4eb232627e2138f6f362ef0d27952f867490800b96b785c99d6d1419a5db
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/js/interactive.js HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 13:10:55 GMT
ETag: "ae3d-5edfac918b5c0"
Accept-Ranges: bytes
Content-Length: 44605
Content-Type: application/javascript
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray1.gif
97.107.133.178200 OK 69 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray1.gif
IP 97.107.133.178:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 3ae573d079dcd1d2da4086f2c0c72c45
e7c9dabec81379373476ed23168dcecb9b8c56aa
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray1.gif HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:49 GMT
ETag: "45-5deb63b9b4940"
Accept-Ranges: bytes
Content-Length: 69
Content-Type: image/gif
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray2.gif
97.107.133.178200 OK 377 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray2.gif
IP 97.107.133.178:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash c10bdec858cb0cf9e6cc5865d5925746
697c095ed5509e5a5af0c5ebf2380662aeffc531
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray2.gif HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:49 GMT
ETag: "179-5deb63b9b4940"
Accept-Ranges: bytes
Content-Length: 377
Content-Type: image/gif
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/certifi.png
97.107.133.178200 OK 3.9 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/certifi.png
IP 97.107.133.178:0
File type PNG image data, 228 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash 9022c3516aad47159731fd7e843a5897
ae03072621611dca2f191d1744508c48a80a0c69
bc512eadb571d6cd4a7c608703be5499db6cf50f8ad996d66e2128069f253a35
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/certifi.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 10:26:20 GMT
ETag: "f3d-5edf87c802b00"
Accept-Ranges: bytes
Content-Length: 3901
Content-Type: image/png
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/cross.png
97.107.133.178200 OK 2.3 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/cross.png
IP 97.107.133.178:0
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash cd2742194d7f7f607463ff4be3f65679
a7f618ca9d0e2e6068ca9947bc3fa345bd6fda69
290e51ccfcc19b30c2462630151348b63159d3249e5d1914a889d95b252f92e5
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/cross.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 11:04:42 GMT
ETag: "8ce-5edf905b5e680"
Accept-Ranges: bytes
Content-Length: 2254
Content-Type: image/png
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/win_min.png
97.107.133.178200 OK 128 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/win_min.png
IP 97.107.133.178:0
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 0bb86caf792dd7d24731c18cd37bb68e
dda1e433a0eaf785b2aa2c6214d5e48cb82a3a25
2ac27821ba64d645f36e2ad197492d30c11b10a032cc474554679555f4604622
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/win_min.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:06:13 GMT
ETag: "80-5deb63d097f40"
Accept-Ranges: bytes
Content-Length: 128
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray3.gif
97.107.133.178200 OK 234 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray3.gif
IP 97.107.133.178:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 9ce99ec458daf212f9812a90f3fadd13
9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_tray3.gif HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:51 GMT
ETag: "ea-5deb63bb9cdc0"
Accept-Ranges: bytes
Content-Length: 234
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/beep.mp3
97.107.133.178206 Partial Content 16 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/beep.mp3
IP 97.107.133.178:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash d6040c63cafad92b0c2933569de365c0
6e0782bf850c89a1211cc1ec2ab10373520c834c
e8ef8e78f08ac34193423319b86566a442440ec663d09f26911e9fa10c4c9db7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/beep.mp3 HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:34 GMT
ETag: "3e3c-5deb63ab66780"
Accept-Ranges: bytes
Content-Length: 15932
Content-Range: bytes 0-15931/15932
Content-Type: audio/mpeg
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/win_cls.png
97.107.133.178200 OK 293 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/win_cls.png
IP 97.107.133.178:0
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 9eb68d2ce05c151bda542a7a6356e22c
baeeefe4a7ac657c10a5f081841015de1bcf90dd
2d2b7040bc32b397c3c60d800de9aa7d86404f1874862eba61bdaa21f1523eb7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/win_cls.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:06:12 GMT
ETag: "125-5deb63cfa3d00"
Accept-Ranges: bytes
Content-Length: 293
Content-Type: image/png
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_gray1.png
97.107.133.178200 OK 364 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_gray1.png
IP 97.107.133.178:0
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_gray1.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:46 GMT
ETag: "16c-5deb63b6d8280"
Accept-Ranges: bytes
Content-Length: 364
Content-Type: image/png
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_gray2.png
97.107.133.178200 OK 349 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_gray2.png
IP 97.107.133.178:0
File type PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Hash 7454c652e0733d92de6c920c2d646ae0
34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_gray2.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:05:47 GMT
ETag: "15d-5deb63b7cc4c0"
Accept-Ranges: bytes
Content-Length: 349
Content-Type: image/png
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/logo.png
97.107.133.178200 OK 47 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/logo.png
IP 97.107.133.178:0
File type PNG image data, 200 x 53, 8-bit/color RGBA, non-interlaced\012- data
Hash 030039fab2b746ba4604138a69688750
4e6ee383dba86880f61bf90f475003185879337d
03af4bee2c3393ad45418df0152046bcc95acd68064a98296677e032afba4952
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/logo.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 07:33:26 GMT
ETag: "b5f3-5edf612297d80"
Accept-Ranges: bytes
Content-Length: 46579
Content-Type: image/png
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/pc_green.png
97.107.133.178200 OK 13 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/pc_green.png
IP 97.107.133.178:0
File type PNG image data, 120 x 97, 8-bit/color RGBA, non-interlaced\012- data
Hash b3a43c72ed2264b9ad7283b4fcabc9d4
7f0bd4126bc9723cee50911fda908eb8ed85e8bf
3363faaf5f03a983bec735a8e0041c5c3f7b87c7855b80edc6cbfc597a527429
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/pc_green.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 11:17:04 GMT
ETag: "3399-5edf931efec00"
Accept-Ranges: bytes
Content-Length: 13209
Content-Type: image/png
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl1.png
97.107.133.178200 OK 6.0 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl1.png
IP 97.107.133.178:0
File type PNG image data, 80 x 65, 8-bit/color RGBA, non-interlaced\012- data
Hash 1ba78c9484ac8c36583f8c5963b74f05
20335a5474578f3a9cab8d1052526f3ac88a7ded
6d8e43b02e0ddce97f5439e6a6401a9b709d88172229d0880fad5ddd788c95fc
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl1.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 11:34:32 GMT
ETag: "1753-5edf970672200"
Accept-Ranges: bytes
Content-Length: 5971
Content-Type: image/png
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/bg.png
97.107.133.178200 OK 362 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/bg.png
IP 97.107.133.178:0
File type PNG image data, 1350 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 362 kB (362207 bytes)
Hash 1bbd5f2535757d9cd4cca02e0fda13d7
b668ba508f7b6c859b85848f3b372e4ca817737f
1551731f7cafce0a9b4246a6db5fdccdf56704d266e9ccd56676fb6570c4f8ad
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/bg.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 10:35:14 GMT
ETag: "586df-5edf89c545c80"
Accept-Ranges: bytes
Content-Length: 362207
Content-Type: image/png
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl2.png
97.107.133.178200 OK 9.6 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl2.png
IP 97.107.133.178:0
File type PNG image data, 65 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 7a71359c816c3ff8536126cf4ff49167
1ba9c5ac0bc69f0dc70f30e4f93ca988c2d73ed0
e1afc64bded5ccc18187539f64460b288cdd181aeca3e07e4a2b85dcf5f7ce86
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl2.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 11:25:27 GMT
ETag: "2590-5edf94feb17c0"
Accept-Ranges: bytes
Content-Length: 9616
Content-Type: image/png
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl3.png
97.107.133.178200 OK 9.3 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl3.png
IP 97.107.133.178:0
File type PNG image data, 78 x 68, 8-bit/color RGBA, non-interlaced\012- data
Hash f2d9f17e875b7acf29b8f31aa4575096
d20b7c059c2a5f128c8b84ce9d3e24a7e18ef2e7
1e43d9d36503388bb05a293d8a33ea966fc851f2fdad8dff8ede0d035ede3e87
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ico_bl3.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 11:21:26 GMT
ETag: "243b-5edf9418db980"
Accept-Ranges: bytes
Content-Length: 9275
Content-Type: image/png
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/mc-i.png
97.107.133.178200 OK 3.1 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/mc-i.png
IP 97.107.133.178:0
File type PNG image data, 78 x 68, 8-bit/color RGBA, non-interlaced\012- data
Hash 633714b1295770c99485455816c43be2
e26c3b7d793f48444e2f82bc3ea4a29128d96d8e
a7cfd2ee032844ad28cc18372b050d644921d60b888ba70fc364e2ad4bdf0425
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/mc-i.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 11:37:22 GMT
ETag: "c35-5edf97a892080"
Accept-Ranges: bytes
Content-Length: 3125
Content-Type: image/png
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/cart.png
97.107.133.178200 OK 1.6 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/cart.png
IP 97.107.133.178:0
File type PNG image data, 97 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash be8947305fc8816f346c2e8f8a75c674
5d7f604bbe1ffb73e264a636b1113e5baf772e49
932a5b0d4ea874522bc8d529dcfbb9f37f840443e02d7a33415833a975d20bcc
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/cart.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 07:35:10 GMT
ETag: "62c-5edf6185c6780"
Accept-Ranges: bytes
Content-Length: 1580
Content-Type: image/png
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/bg.webp
97.107.133.178200 OK 284 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/bg.webp
IP 97.107.133.178:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 284 kB (284510 bytes)
Hash 7e841327d779a5baf27449a093589f83
69880cb82514a97db24a68e33b1e6155dae35352
b564a4e17e9bbe274076e43282cc8ae2881b2788cfbc251c02c786d00623e9c2
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/bg.webp HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 10:33:47 GMT
ETag: "4575e-5edf89724d8c0"
Accept-Ranges: bytes
Content-Length: 284510
Content-Type: image/webp
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/100icon.webp
97.107.133.178200 OK 2.6 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/100icon.webp
IP 97.107.133.178:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f498ff3f0c4999b89101beb12b8f4334
e5e5a62ad30841ca6b5ef7c7c497753061828810
39e36ab1506dc09f89dcdf80755deefc17a35b9e71263b32dc2c1828a14a6adb
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/100icon.webp HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 10:02:24 GMT
ETag: "a32-5edf826e88c00"
Accept-Ranges: bytes
Content-Length: 2610
Content-Type: image/webp
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ring.png
97.107.133.178200 OK 2.2 kB URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ring.png
IP 97.107.133.178:0
File type PNG image data, 30 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 362a46dd22ed5f992e906fa1b2a6ba9c
27bde287218c4ff11ce60ced37182da024f3383c
7ab1abfffc69499079b7cec130ba9a807f59db9a60d9ef16928227f060bec60d
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/ring.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Mon, 21 Nov 2022 11:02:36 GMT
ETag: "8a2-5edf8fe334b00"
Accept-Ranges: bytes
Content-Length: 2210
Content-Type: image/png
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/translate_24dp.png
97.107.133.178200 OK 825 B URL HTTP/1.1 roadssign.com/eml/CA-McAfee-newdesign-NOV22-eml-avi/img/translate_24dp.png
IP 97.107.133.178:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 55ff382a8b09329e3230a1797eb8f5fd
026ae089006a674da7dcc9bf6b986c5d59e75478
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /eml/CA-McAfee-newdesign-NOV22-eml-avi/img/translate_24dp.png HTTP/1.1
Host: roadssign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buk.v3mn.in/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 14:11:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Last-Modified: Wed, 11 May 2022 06:06:10 GMT
ETag: "339-5deb63cdbb880"
Accept-Ranges: bytes
Content-Length: 825
Content-Type: image/png
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
buk.v3mn.in/4kjL_Lj?2bw_LP=bHxyj2xhpZVoaoKnlWh1emB3lHqCy6VffJ-Zlri0jG58mqFiY390jqxiaWRfZX9wrYw/apoole@slurpmail.net&s3=&s4=
188.114.96.1200 OK 5.2 kB URL HTTP/2 buk.v3mn.in/4kjL_Lj?2bw_LP=bHxyj2xhpZVoaoKnlWh1emB3lHqCy6VffJ-Zlri0jG58mqFiY390jqxiaWRfZX9wrYw/apoole@slurpmail.net&s3=&s4=
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 0196fdd58c7bb88dd0559151799b921c
89efb536ddcf4264752c33bb02b9962de98baa61
cf6525ff7158862dd286c479c52a876f4cca532454e5906a03c5b9e60aefe06a
GET /4kjL_Lj?2bw_LP=bHxyj2xhpZVoaoKnlWh1emB3lHqCy6VffJ-Zlri0jG58mqFiY390jqxiaWRfZX9wrYw/apoole@slurpmail.net&s3=&s4= HTTP/1.1
Host: buk.v3mn.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 31 Jan 2023 14:11:26 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfuIDVsPo8swiQFq3fXyPe4TWIvmtFX1P9HHIyUwTClQSsEQDjN6E477jv921OQ%2FjwB1LRWiTTu7CY0iLdoo%2BW8sGnxUJUbQraLZCdeOoYnI7JrLnXyU3v8%2BPGcqlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792309553d001bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/images/branding/product/2x/translate_24dp.png
216.58.211.3200 OK 1.8 kB URL HTTP/2 www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP 216.58.211.3:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roadssign.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 16:07:41 GMT
expires: Tue, 30 Jan 2024 16:07:41 GMT
cache-control: public, max-age=31536000
age: 79427
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 14:11:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN