Report - kiaphamrobloxdungeonquest.blogspot.ae/

Report Overview

Submitted URL
kiaphamrobloxdungeonquest.blogspot.ae/
IP
142.250.74.65
ASN
#15169 GOOGLE
Submitted
2023-02-25 19:36:27
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-14T05:09:37Z	333 B	391 B	34.117.237.239
bux.wellter.de	unknown	2022-12-12T15:54:44Z	2023-03-08T23:51:32Z	10 kB	1.0 MB	104.21.4.139
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	42 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-14T05:09:04Z	2.7 kB	7.1 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-14T05:09:37Z	413 B	5.9 kB	34.160.144.191
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-14T07:59:56Z	414 B	34 kB	142.250.74.74
i.ytimg.com	109	2012-10-03T19:11:04Z	2023-03-14T02:04:10Z	2.6 kB	22 kB	142.250.74.54
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T18:28:26Z	368 B	1.9 kB	104.18.21.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T18:13:28Z	782 B	2.4 kB	35.241.9.150
www.blogger.com	8975	2012-05-22T09:35:03Z	2023-03-14T05:10:55Z	847 B	166 kB	216.58.207.233
lh3.googleusercontent.com	66	2012-05-22T09:35:05Z	2023-03-13T18:12:05Z	3.5 kB	13 kB	216.58.211.1
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-14T05:24:24Z	384 B	2.9 kB	151.101.1.229
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-14T08:49:03Z	1.0 kB	39 kB	142.250.74.35
s4.histats.com	12782	2012-05-21T19:14:14Z	2023-03-14T05:44:37Z	640 B	184 B	149.56.240.129
kiaphamrobloxdungeonquest.blogspot.com	unknown	2023-01-15T02:08:15Z	2023-03-04T01:18:53Z	838 B	18 kB	142.250.74.65
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T18:12:07Z	6.2 kB	13 kB	142.250.74.131
apis.google.com	105	2013-05-06T22:20:21Z	2023-03-14T05:10:55Z	388 B	22 kB	216.58.207.238
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-14T05:09:38Z	606 B	127 B	52.38.163.97
gerailagu.com	unknown	2018-10-21T08:51:37Z	2023-03-13T22:13:14Z	395 B	2.2 kB	172.96.187.226
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-14T05:10:25Z	418 B	2.6 kB	104.17.24.14
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-14T07:31:50Z	497 B	68 kB	188.114.99.234
s10.histats.com	15211	2012-05-21T19:14:14Z	2023-03-14T05:44:34Z	360 B	4.7 kB	46.105.201.240
kiaphamrobloxdungeonquest.blogspot.ae	unknown	2023-02-25T18:04:42Z	2023-02-25T18:04:42Z	369 B	633 B	142.250.74.65

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-25	medium	kiaphamrobloxdungeonquest.blogspot.ae/	Phishing
2023-02-25	medium	kiaphamrobloxdungeonquest.blogspot.com/	Phishing
2023-02-25	medium	kiaphamrobloxdungeonquest.blogspot.com/	Phishing
2023-02-25	medium	bux.wellter.de/images/form-scripts.js	Phishing
2023-02-25	medium	bux.wellter.de/images/scripts.js	Phishing
2023-02-25	medium	bux.wellter.de/images/com.js	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery-3.2.1.js	Phishing
2023-02-25	medium	bux.wellter.de/images/fancyselect.js	Phishing
2023-02-25	medium	bux.wellter.de/images/sweetalert2.min.js	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery-ui.min.js	Phishing
2023-02-25	medium	bux.wellter.de/images/main.js	Phishing
2023-02-25	medium	bux.wellter.de/images/validator.min.js	Phishing
2023-02-25	medium	bux.wellter.de/index.html	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery.countto.js	Phishing
2023-02-25	medium	bux.wellter.de/images/sticky.js	Phishing
2023-02-25	medium	bux.wellter.de/images/jquery.magnific-popup.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	bux.wellter.de/images/jquery-ui.min.js	200 kB	2023-03-07	2024-03-22
Pretty URL bux.wellter.de/images/jquery-ui.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:47 Last Seen2024-03-22 19:16:45 Times Seen485 Hash 234f1553c7d27cce512062c59800a9a8 b48e01c35c1e6ad622386b9a3161bd1bf02723c8 d87043ac816dbfadae73fcc32f84eadb9a665cf97ae938bea9702a27d3e9a54a Loading...

	bux.wellter.de/images/form-scripts.js	1.0 kB	2023-03-07	2024-05-04
Pretty URL bux.wellter.de/images/form-scripts.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-05-04 10:08:35 Times Seen207 Hash 7d7a87d79b5343d3f04fed2cc2bef2e3 021cc4c45ce7872041b7af085a4cf13f423c01e8 7a05b1e911af071c10812d790155447a62d4445db99b2d43872202bfcaded5ae Loading...

	bux.wellter.de/index.html	622 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/index.html IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 7c5cdfb6321019cf9fd448815ff5db0d 88e72d5a1cbc98fb8abec7d7f271be3750f49ffd 247598654d9b470c026aef9f5ff263a7cb7ce6f9ebc3216c9b02809de308a6c6 Loading...

	bux.wellter.de/images/validator.min.js	6.1 kB	2023-03-07	2024-05-10
Pretty URL bux.wellter.de/images/validator.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-10 16:30:57 Times Seen928 Hash 81df0465f243a2e7b7b06b8ad6015173 996eb26bb4bdb44ed5257d048cedaf3ed0a6f90c c31a654938abf168fca328d9663ea83999b87ff36d18b016ea8aace1a9cb2cb1 Loading...

	bux.wellter.de/images/com.js	15 kB	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/com.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 04:24:01 Times Seen65 Hash 466cf8a36ac32eb927568e8c63d94f80 fbff8ca922aba7d561ba63cba4582026020fa76c 05b0cf64ba783827ded5c5dcd31e88670cf507a588d73371d304cb8c482ea39f Loading...

	bux.wellter.de/images/main.js	34 kB	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/main.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen393 Hash b4a27b956eccd646f3bc2b2b2b6503c5 6df97b44c507a440a3c1dd6873b44fbc95e92fb1 948fe10b1ea0b581c4871ae90f94882ed8945bd19c9ce0352b20ac0467dc145a Loading...

	unknown	0 B	2023-03-07	2024-05-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 01:36:24 Times Seen37532900 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1677353852073&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0&@ohttps%3A%2F%2Fkiaphamrobloxdungeonquest.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-9904420&@b3:1677353852&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html&@w	52 B	2023-03-14	2023-03-14
Pretty URL s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1677353852073&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0&@ohttps%3A%2F%2Fkiaphamrobloxdungeonquest.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-9904420&@b3:1677353852&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html&@w IP 149.56.240.129 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 11:15:53 Last Seen2023-03-14 11:15:57 Times Seen1 Hash e109dfadbe17668ddef5b1e7e7591a65 ecae162b1ba679da53a3375f27883a3ad68d53b9 b25ad84853cadef5b3385ed485cdd43940261ff1ece7b34937c1ed4431ef3027 Loading...

	kiaphamrobloxdungeonquest.blogspot.com/js/cookienotice.js	6.5 kB	2023-03-07	2024-05-10
Pretty URL kiaphamrobloxdungeonquest.blogspot.com/js/cookienotice.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:24 Last Seen2024-05-10 21:04:31 Times Seen116726 Hash a705132a2174f88e196ec3610d68faa8 3bad57a48d973a678fec600d45933010f6edc659 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js	94 kB	2023-03-07	2024-05-10
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2024-05-10 19:18:03 Times Seen10706 Hash ddb84c1587287b2df08966081ef063bf 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd Loading...

	kiaphamrobloxdungeonquest.blogspot.com/	59 B	2023-03-07	2024-05-08
Pretty URL kiaphamrobloxdungeonquest.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-05-08 14:11:23 Times Seen832 Hash b18a6685f56e044e25a9c3b083b03a61 46c5d39e4b863a8498b2e955a39fcd565a17b563 1ab5a10cefea9e0f69eb94f4eb72dc7d02dc83469a69a5b4e395df38ce0e33ae Loading...

	cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js	5.1 kB	2023-03-07	2024-02-26
Pretty URL cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-26 23:33:16 Times Seen286 Hash 5ca725d76acf5fc62e1e419e50031fd7 94c9b12c4d33f3f4e7b22a6f6e1420e5c90003c4 e3c6d1c8195fe393af47c014346ebdcd629556a6365ea1f5a671cd507f914ce1 Loading...

	bux.wellter.de/images/scripts.js	196 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/scripts.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen378 Hash 30110b3852b1800156f09776b7f8abc3 b3016d5bcc5d32713d4841b7430e8a36a08f4d82 c7b5716b450a19a471d68d99302a1aefc97409ad09b5248b7493052fb515f9ef Loading...

	kiaphamrobloxdungeonquest.blogspot.com/	278 B	2023-03-13	2023-03-14
Pretty URL kiaphamrobloxdungeonquest.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:51:13 Last Seen2023-03-14 11:15:57 Times Seen1 Hash 66a0f26b15d7c1dac6e5a9440154b1a4 d001f832584ac0e4aef38a8e46f4f81e304b198f 80dcd07ab7d19349ad3f923b6383d9b0974694444047ea8b3eff694684c94da7 Loading...

	gerailagu.com/cluster-v2/roblox-gs.js	4.0 kB	2023-03-12	2023-04-05
Pretty URL gerailagu.com/cluster-v2/roblox-gs.js IP 172.96.187.226 ASN #32475 SINGLEHOP-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:05:17 Last Seen2023-04-05 02:08:19 Times Seen38 Hash 9ad78627841fa8725c9e9bb630ebc778 7bb3f1df29d16ce53a5cbd8423f2c4f85f476b29 279c5e80a02e40d6526157d1beddaf219a244317f07164dbe66572126d96ee82 Loading...

	bux.wellter.de/images/sticky.js	20 kB	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/images/sticky.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen395 Hash 1180d3ea8d2544bb6bec4dacb60526d2 d2788f5423575404112a66853e0f274960d743e0 bb88a49c99d278abff743baf1f0f492382031afd4212fb27b33a23068723f86e Loading...

	bux.wellter.de/images/jquery.magnific-popup.min.js	21 kB	2023-03-07	2024-05-11
Pretty URL bux.wellter.de/images/jquery.magnific-popup.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-11 01:23:51 Times Seen2434 Hash be3333626c57af03599abcb59b325e09 3824067348f6485d6b07d3a43660804e3731b21a ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc Loading...

	bux.wellter.de/images/jquery-3.2.1.js	139 kB	2023-03-07	2024-05-05
Pretty URL bux.wellter.de/images/jquery-3.2.1.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-05-05 14:09:33 Times Seen399 Hash 0b39dc8f94398407369f2c6f32042bac 8c4abc797c784a78061373a0aa078be14c7931b1 41f59ec5d59f17850334323c174baef773d00ed5bb48e3739d77bb41b3c59c00 Loading...

	bux.wellter.de/images/fancyselect.js	4.6 kB	2023-03-07	2024-02-11
Pretty URL bux.wellter.de/images/fancyselect.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-02-11 16:42:07 Times Seen194 Hash fc20f6fcbceda58609e8ec93ed8972a6 346672aba10658ebe11580ff7fec4b70663c2e0f b92360cf3455f4f375b7c8cc3b601061686d92b9ffd4624004f420c9d09996d8 Loading...

	bux.wellter.de/images/jquery.countto.js	2.4 kB	2023-03-07	2024-05-04
Pretty URL bux.wellter.de/images/jquery.countto.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-05-04 10:08:35 Times Seen212 Hash 2997f7484c171da3ffd1f9f7bf8b9056 be8d289c00db0f7c5975938a147181a772e0f6b6 0c3bb5ecb9b684b6efb1524648c7cf632511260270fa846369f27115ce269070 Loading...

	bux.wellter.de/index.html	325 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/index.html IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 5644d012be9e47b1ae7bf89c80633745 e0fe867b75dd9c9ac03056fd960eb91512808860 477c2e410825c537de3848a9b47bb422f9aea7328dac8fc7395b2f8aa9f8e51e Loading...

	kiaphamrobloxdungeonquest.blogspot.com/	869 B	2023-03-07	2024-05-08
Pretty URL kiaphamrobloxdungeonquest.blogspot.com/ IP 142.250.74.65 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2024-05-08 14:11:23 Times Seen827 Hash 2d135a9971cce583f36e336907b140a4 bb2a8980127c917dea27895d821319b61aaf443a c7c0b7788d6eb04848fd22d443c99f284ff71b87adebaf4cc69b872892b42d80 Loading...

	apis.google.com/js/platform.js	55 kB	2023-03-13	2023-03-18
Pretty URL apis.google.com/js/platform.js IP 216.58.207.238 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:41:16 Last Seen2023-03-18 16:35:17 Times Seen1 Hash f35ce633e9ec6bd6aae0ddbb0f671289 a944c9e12a806c3f375bc217c903b17d716eb345 4d68890ba4c6bfa2417c5b97ab63489256913dcae1f94f232204b05d8fa4f5b1 Loading...

	bux.wellter.de/images/sweetalert2.min.js	20 kB	2023-03-07	2024-05-04
Pretty URL bux.wellter.de/images/sweetalert2.min.js IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-04 10:08:36 Times Seen456 Hash 0ad69b0e70b7da1bb8f8a96e9e6b5d9a 7d21a0c1f43d3edb47dd9e69b05243f3fcb53152 4051f26691def4eafcae32928be110c13d1819e544a12b0a9b95378bfaf9859b Loading...

	bux.wellter.de/index.html	514 B	2023-03-07	2023-04-16
Pretty URL bux.wellter.de/index.html IP 104.21.4.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:18 Last Seen2023-04-16 10:44:31 Times Seen199 Hash 09933286614ed7eb9801cf06011a4c9d fa97803d9532c6922800b799c7e43039f003f33d 68d3e0ce6a8a98aa641fc113c014919e27ccff17a6c7f286cfc325693f730e09 Loading...

	s10.histats.com/js15_as.js	11 kB	2023-03-07	2024-05-03
Pretty URL s10.histats.com/js15_as.js IP 46.105.201.240 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-03 06:50:30 Times Seen1983 Hash e959fbdd13def4b9a9d0a5fc9a7de4d4 1e39712307e3673b40c0bdb8c7d3e86a3e8b60a0 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Loading...

HTTP Transactions (90)

URL IP Response Size

kiaphamrobloxdungeonquest.blogspot.ae/

142.250.74.65

302 Moved Temporarily

189 B

URL HTTP/1.1
kiaphamrobloxdungeonquest.blogspot.ae/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
189 B (189 bytes)
Hash
4830b5bdc999d0f93861e9fb3f8cd507
368616ae8829ebda8578b416f43591a95474eccc
b1a2c0ec3a3b0f5ffd21fbe23eb2758118e50c64d0cb749dc25d63d3b4242920

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: kiaphamrobloxdungeonquest.blogspot.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Location: http://kiaphamrobloxdungeonquest.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 25 Feb 2023 19:36:16 GMT
Expires: Sat, 25 Feb 2023 19:36:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 189
Server: GSE

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7a57f620f4b5b83c5c9520e881269446
d46ca3756afc5d9775c1e48c78b39d11574d507a
8417deae76018365ad55aabd7950ed99f429e02c3915626137695f90c955215b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8417DEAE76018365AD55AABD7950ED99F429E02C3915626137695F90C955215B"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7320
Expires: Sat, 25 Feb 2023 21:38:16 GMT
Date: Sat, 25 Feb 2023 19:36:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8083775b7a6637d27672cc4a2581fa2d
023420d026fbf2cd0f69d5606524094011375202
66664ed1d36948fe99498950e3525d03c1797689c9186c4cd0bd5ded531b3bac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66664ED1D36948FE99498950E3525D03C1797689C9186C4CD0BD5DED531B3BAC"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4639
Expires: Sat, 25 Feb 2023 20:53:35 GMT
Date: Sat, 25 Feb 2023 19:36:16 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Feb 2023 19:07:48 GMT
content-type: application/json
age: 1708
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
29cfccb9238759ed21dbb0d92cae75f8
f41ad1b02e353cd2b33af7618c71cc16fae2886e
91e392e78e584e8a82762dab0d5615aa1af3893237d601db3d45bb6fad488580

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91E392E78E584E8A82762DAB0D5615AA1AF3893237D601DB3D45BB6FAD488580"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11745
Expires: Sat, 25 Feb 2023 22:52:01 GMT
Date: Sat, 25 Feb 2023 19:36:16 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: oFhmRvwypm4uKGtkkA+l3U3TPav3K0HIER98E7z8iA+wbzmHITNqrK3co2vnFPr3UCsjlz9gfQk=
x-amz-request-id: NBAMCQ8J5TP9VZ4H
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Feb 2023 19:31:07 GMT
age: 309
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 19:36:16 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

kiaphamrobloxdungeonquest.blogspot.com/

142.250.74.65

301 Moved Permanently

189 B

URL HTTP/1.1
kiaphamrobloxdungeonquest.blogspot.com/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
189 B (189 bytes)
Hash
8032ff6604d87f90853019ce8aaa399c
04cc3e69addb52bf9b56aab2e7a677602e351bc0
23049e5ce2b4604c7a27624c097977e7fc001b493753a1d84fe3d5b5b4b5d09e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: kiaphamrobloxdungeonquest.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Location: https://kiaphamrobloxdungeonquest.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 25 Feb 2023 19:36:16 GMT
Expires: Sat, 25 Feb 2023 19:36:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 189
Server: GSE

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fc91980e4635ecc08e4bd5f11284526f
77498253ba096c3e8c8876063119e1b08a395791
d4be9f3f25e40f0a682897f44dc8c19fe976f2f3a7d815e865ff6a0745f615f8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Last-Modified, Backoff, Alert, Cache-Control, ETag, Expires, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Feb 2023 19:12:23 GMT
age: 1433
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

kiaphamrobloxdungeonquest.blogspot.com/

142.250.74.65

200 OK

17 kB

URL HTTP/2
kiaphamrobloxdungeonquest.blogspot.com/
IP
142.250.74.65:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (893), with CR, LF line terminators
Size
17 kB (17141 bytes)
Hash
f6e706e4b1cd6f25fcc9a94aa647a88e
b4902acca07b638040989b2f05f89d0ad01468ae
eec008129d18d3de6eb808bfd6c4d3aedd0e64e20d713deb22b409ddfc4d84c6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: kiaphamrobloxdungeonquest.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 25 Feb 2023 19:36:16 GMT
date: Sat, 25 Feb 2023 19:36:16 GMT
cache-control: private, max-age=0
last-modified: Tue, 21 Dec 2021 00:28:02 GMT
etag: W/"dd4e99f22a41a64657f2a631b1b99eda741b2ff633809dfe76d4797fff4009cf"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 17141
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b1d73c7d1e3e594a7be10b7ac62176ac
46105f3b581c409f00524674825c08343e4d71d1
7b31674705946d30e1822ddca8008520258d81a32cb11fadeded012dac2b0d13

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B31674705946D30E1822DDCA8008520258D81A32CB11FADEDED012DAC2B0D13"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8794
Expires: Sat, 25 Feb 2023 22:02:51 GMT
Date: Sat, 25 Feb 2023 19:36:17 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fc91980e4635ecc08e4bd5f11284526f
77498253ba096c3e8c8876063119e1b08a395791
d4be9f3f25e40f0a682897f44dc8c19fe976f2f3a7d815e865ff6a0745f615f8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c61fa65db2b0649528a3908a0805d13
519a1fe9345f3aa51fa68d1e25b6c8c33ff006fd
753cf83a67ce001049736872db65156c5d6787e37533b173a4331fb6137e7c2a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b1e19d31dc27581c6c9a3723317b6390
4fb99b52cba1dd86baf13cb8ab723fc708403098
eabc65f98aba13e6dc6e3288d558b8174632c584c1aadd10b80e37648135784c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
50a84c29c8e80b16c8d141c9aefd9405
1c9138f46565ecf28fb287879bdfd59cb89ba74f
4a100aa494923fd2d49725747ee80607177c6330972f243984db43625b7e423a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c43d00019895e0feaa9453e07b4c37bb
ba943a3bbc3469146a56a75adeb8a9fdb8eafedf
89dc5449baa1242434c2505d484a38ec1a396f6e8048607aec8042642deaa83a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c43d00019895e0feaa9453e07b4c37bb
ba943a3bbc3469146a56a75adeb8a9fdb8eafedf
89dc5449baa1242434c2505d484a38ec1a396f6e8048607aec8042642deaa83a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

142.250.74.74

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size
33 kB (33333 bytes)
Hash
18351732b1849ba758e98884e186b3c8
d735af8661eda41ff4ffbf76e6a284a0e2deb81c
bfac625d304d52e04f2caeb19266354749929c888ca09d3d1e3edcbb8770d0f0

HTTP Headers

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33333
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 17:47:45 GMT
expires: Fri, 23 Feb 2024 17:47:45 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 179312
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c43d00019895e0feaa9453e07b4c37bb
ba943a3bbc3469146a56a75adeb8a9fdb8eafedf
89dc5449baa1242434c2505d484a38ec1a396f6e8048607aec8042642deaa83a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css

216.58.207.233

200 OK

7.8 kB

URL HTTP/2
www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (35959)
Size
7.8 kB (7776 bytes)
Hash
5aa2d3297bdc86bc81322aedecbb5e79
1c0a3c007e41726e167e79b70ddea76198650884
feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630

HTTP Headers

GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Feb 2023 11:17:19 GMT
expires: Sat, 24 Feb 2024 11:17:19 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 23 Feb 2023 05:52:11 GMT
content-type: text/css
vary: Accept-Encoding
age: 116338
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
60057da37b222312f0a09de3c79660a3
306e151a21840569317eaf312280915347bdc878
d9ff75b1ce5fd0eb9ed779cc256d9a9ade4cef67378869896b56b741d042cd87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

apis.google.com/js/platform.js

216.58.207.238

200 OK

21 kB

URL HTTP/2
apis.google.com/js/platform.js
IP
216.58.207.238:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1429)
Size
21 kB (20950 bytes)
Hash
2354fa28c58e16af89e7da6224aeca93
6bd3430a81730ed77c5d53f5406ddb40306ecabd
dc35ae752b7be035bd3a3bd4ae205e41afce5fa8f88e1bfe0e9524610df10f3b

HTTP Headers

GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20950
date: Sat, 25 Feb 2023 19:36:17 GMT
expires: Sat, 25 Feb 2023 19:36:17 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "03884666a30c671f"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c61fa65db2b0649528a3908a0805d13
519a1fe9345f3aa51fa68d1e25b6c8c33ff006fd
753cf83a67ce001049736872db65156c5d6787e37533b173a4331fb6137e7c2a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.blogger.com/static/v1/widgets/3455050996-widgets.js

216.58.207.233

200 OK

157 kB

URL HTTP/2
www.blogger.com/static/v1/widgets/3455050996-widgets.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2221)
Size
157 kB (157235 bytes)
Hash
e6ce13a1ababdfe296856b162daa4161
3891fe26727eb0b1f678ce46b84fc15183b0976d
8949bc9ccc884e72a4e01641de6d291b7a41110106c790b1ed95332a58dacfad

HTTP Headers

GET /static/v1/widgets/3455050996-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 157235
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 02:09:57 GMT
expires: Fri, 23 Feb 2024 02:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 23 Feb 2023 01:53:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 235580
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.ytimg.com/vi/CclpnB2iqXc/default.jpg

142.250.74.54

200 OK

4.6 kB

URL HTTP/2
i.ytimg.com/vi/CclpnB2iqXc/default.jpg
IP
142.250.74.54:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
4.6 kB (4628 bytes)
Hash
b68057d8bfebf50d1ba44bb4c3280bc8
6ff4296b81d309321c19114c891f73d65981b622
767a2bd4e3489f099d80019003e291354ed3dffb5c78c7e147fbbd13034ef7d9

HTTP Headers

GET /vi/CclpnB2iqXc/default.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 4628
date: Sat, 25 Feb 2023 19:36:17 GMT
expires: Sat, 25 Feb 2023 21:36:17 GMT
cache-control: public, max-age=7200
etag: "1551078421"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AHs97-nnFWtgQkVXuZvzjosyf8_UaOrVRDZtsl3Z-MTy9ocHB7Y6OIDCAka5J-09AYNbkTApYb1Gk4ncsFOCZIMoaVOw-yUV60HI8nEa9doZadXz6n4DexY=w72-h72-p-k-no-nu

216.58.211.1

404 Not Found

1.7 kB

URL HTTP/2
lh3.googleusercontent.com/blogger_img_proxy/AHs97-nnFWtgQkVXuZvzjosyf8_UaOrVRDZtsl3Z-MTy9ocHB7Y6OIDCAka5J-09AYNbkTApYb1Gk4ncsFOCZIMoaVOw-yUV60HI8nEa9doZadXz6n4DexY=w72-h72-p-k-no-nu
IP
216.58.211.1:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.7 kB (1716 bytes)
Hash
76d685222697449bb22b2d9c60645940
1f4eb39c8a68c4794b35a0c32f00cd56020315d6
39ea0297a8a04ec7c69402cf56924e2b27d6b4ffbb29962dd7f099d2a5e102bf

HTTP Headers

GET /blogger_img_proxy/AHs97-nnFWtgQkVXuZvzjosyf8_UaOrVRDZtsl3Z-MTy9ocHB7Y6OIDCAka5J-09AYNbkTApYb1Gk4ncsFOCZIMoaVOw-yUV60HI8nEa9doZadXz6n4DexY=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 25 Feb 2023 19:36:17 GMT
server: fife
content-length: 1716
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.38.163.97

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.163.97:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Mg9fve/cUFxoE218O8S7zA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TQTIH+mDy+TQ6Rj7bUhS9hJB1Fw=

i.ytimg.com/vi/r6AJ8mHMq6M/default.jpg

142.250.74.54

200 OK

4.5 kB

URL HTTP/2
i.ytimg.com/vi/r6AJ8mHMq6M/default.jpg
IP
142.250.74.54:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
4.5 kB (4531 bytes)
Hash
2b9c1dbf69e54db8e555001d0702b158
1889e9cb68fcee6f8740a8680e0a3415e80e13f0
d836970e2d2167ff9d7c448ad2a01ac7c60ea82be83c9903563decdafb5eb12f

HTTP Headers

GET /vi/r6AJ8mHMq6M/default.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 4531
date: Sat, 25 Feb 2023 19:36:17 GMT
expires: Sat, 25 Feb 2023 21:36:17 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AHs97-lOaWnHQCdlCfzGFXjz7tenAhXNUUzU1a3xRAVVxoA301dAzkFRVc7qdUdbFNtJAP8rt584mL1ZtnldAwI00fjr-mliaCutIs5LNTmXPKqLJVsRZ4-wKQ=w72-h72-pd

216.58.211.1

404 Not Found

950 B

URL HTTP/2
lh3.googleusercontent.com/blogger_img_proxy/AHs97-lOaWnHQCdlCfzGFXjz7tenAhXNUUzU1a3xRAVVxoA301dAzkFRVc7qdUdbFNtJAP8rt584mL1ZtnldAwI00fjr-mliaCutIs5LNTmXPKqLJVsRZ4-wKQ=w72-h72-pd
IP
216.58.211.1:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Size
950 B (950 bytes)
Hash
5fac55fb5f3cc2dc64507c7de50ce79a
f2def4034430b32f3dc8e57454120294c048686f
45fbbf8544b6289635ffed70a7ca7292d6b6e27e81f943e60090247de419b57c

HTTP Headers

GET /blogger_img_proxy/AHs97-lOaWnHQCdlCfzGFXjz7tenAhXNUUzU1a3xRAVVxoA301dAzkFRVc7qdUdbFNtJAP8rt584mL1ZtnldAwI00fjr-mliaCutIs5LNTmXPKqLJVsRZ4-wKQ=w72-h72-pd HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
timing-allow-origin: *
content-type: image/jpeg
x-content-type-options: nosniff
date: Sat, 25 Feb 2023 19:36:17 GMT
server: fife
content-length: 950
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.ytimg.com/vi/pDvG7vTWoSA/default.jpg

142.250.74.54

404 Not Found

1.1 kB

URL HTTP/2
i.ytimg.com/vi/pDvG7vTWoSA/default.jpg
IP
142.250.74.54:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
1.1 kB (1097 bytes)
Hash
e2ddfee11ae7edcae257da47f3a78a70
6e902fa6302eb30cd204579bca6a59b37233e262
20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711

HTTP Headers

GET /vi/pDvG7vTWoSA/default.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
vary: Origin
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: image/jpeg
date: Sat, 25 Feb 2023 19:36:17 GMT
expires: Sat, 25 Feb 2023 19:36:47 GMT
cache-control: public, max-age=30
x-content-type-options: nosniff
server: sffe
content-length: 1097
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AHs97-lLNeZzXuGgEV1MGASBaB1ETwI7FuPaDYQJuz2b8HJlfUHxCY6LGGPYCSREANlAWVBmSTEIapI-U7qBhuF3kba7RsOO7UWs7Y0vP8VpWaNiM14rTHBAKI0=w72-h72-pd

216.58.211.1

200 OK

2.5 kB

URL HTTP/2
lh3.googleusercontent.com/blogger_img_proxy/AHs97-lLNeZzXuGgEV1MGASBaB1ETwI7FuPaDYQJuz2b8HJlfUHxCY6LGGPYCSREANlAWVBmSTEIapI-U7qBhuF3kba7RsOO7UWs7Y0vP8VpWaNiM14rTHBAKI0=w72-h72-pd
IP
216.58.211.1:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Size
2.5 kB (2544 bytes)
Hash
bc8be1c81246ff435762f718b0c67f80
22e26e978bdd3a567553c9641c88ea36597b05af
cff266e2af140adff0f098038d0754d7371f7cb9916886f8d05057bc1d114c63

HTTP Headers

GET /blogger_img_proxy/AHs97-lLNeZzXuGgEV1MGASBaB1ETwI7FuPaDYQJuz2b8HJlfUHxCY6LGGPYCSREANlAWVBmSTEIapI-U7qBhuF3kba7RsOO7UWs7Y0vP8VpWaNiM14rTHBAKI0=w72-h72-pd HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Sun, 26 Feb 2023 19:36:17 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 25 Feb 2023 19:36:17 GMT
server: fife
content-length: 2544
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.ytimg.com/vi/GMvD-yCSNYk/default.jpg

142.250.74.54

404 Not Found

1.1 kB

URL HTTP/2
i.ytimg.com/vi/GMvD-yCSNYk/default.jpg
IP
142.250.74.54:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
1.1 kB (1097 bytes)
Hash
e2ddfee11ae7edcae257da47f3a78a70
6e902fa6302eb30cd204579bca6a59b37233e262
20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711

HTTP Headers

GET /vi/GMvD-yCSNYk/default.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
vary: Origin
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: image/jpeg
date: Sat, 25 Feb 2023 19:36:17 GMT
expires: Sat, 25 Feb 2023 19:36:47 GMT
cache-control: public, max-age=30
x-content-type-options: nosniff
server: sffe
content-length: 1097
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/blogger_img_proxy/AHs97-kFuajZnbZipR-9cx5B5_RFHw5JoYw6z7sKy7Zi56MP_RjHVAL_1tHmuN-g33EF31PFyCtUAk8ryuGZWbjXpVDR0xX_gwZUrVGqYdaO4fwRvwxpaLonzB5yT_m68vHjwi--rqE=w72-h72-p-k-no-nu

216.58.211.1

404 Not Found

897 B

URL HTTP/2
lh3.googleusercontent.com/blogger_img_proxy/AHs97-kFuajZnbZipR-9cx5B5_RFHw5JoYw6z7sKy7Zi56MP_RjHVAL_1tHmuN-g33EF31PFyCtUAk8ryuGZWbjXpVDR0xX_gwZUrVGqYdaO4fwRvwxpaLonzB5yT_m68vHjwi--rqE=w72-h72-p-k-no-nu
IP
216.58.211.1:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Size
897 B (897 bytes)
Hash
38b6247d7fbd9e6dbe2ee1bf761f437b
031fee177fb116ff0b59a7ad1aa3523cb763a894
bb2eaf1cfaa13d7a434ddbe81fe806b290e16f27e27ef3c744073dd730d3e669

HTTP Headers

GET /blogger_img_proxy/AHs97-kFuajZnbZipR-9cx5B5_RFHw5JoYw6z7sKy7Zi56MP_RjHVAL_1tHmuN-g33EF31PFyCtUAk8ryuGZWbjXpVDR0xX_gwZUrVGqYdaO4fwRvwxpaLonzB5yT_m68vHjwi--rqE=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
timing-allow-origin: *
content-type: image/jpeg
x-content-type-options: nosniff
date: Sat, 25 Feb 2023 19:36:17 GMT
server: fife
content-length: 897
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.ytimg.com/vi/T035R8TlFdY/default.jpg

142.250.74.54

200 OK

4.6 kB

URL HTTP/2
i.ytimg.com/vi/T035R8TlFdY/default.jpg
IP
142.250.74.54:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
4.6 kB (4620 bytes)
Hash
e5fac105ac34630b11618f53e8119a5d
7c69ca9f17f9126022bb68d8ab2377c0976a4827
551bc39acc5ac69fb0a9a0078a06ff20e853c0215673da60067e96e6012ff33a

HTTP Headers

GET /vi/T035R8TlFdY/default.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 4620
date: Sat, 25 Feb 2023 19:36:17 GMT
expires: Sat, 25 Feb 2023 21:36:17 GMT
cache-control: public, max-age=7200
etag: "1535489661"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.ytimg.com/vi/bIQokq0l0Bg/default.jpg

142.250.74.54

200 OK

3.1 kB

URL HTTP/2
i.ytimg.com/vi/bIQokq0l0Bg/default.jpg
IP
142.250.74.54:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Size
3.1 kB (3141 bytes)
Hash
95557f8235ce32684f2ff9d4706e6882
f464b0e14275a8b7b9624a4a1ace53f398a8d66e
d7dcd8c4497e0907f4d6f3c14c2b6c8f5204af234c5197ec520a2896f5b1ecff

HTTP Headers

GET /vi/bIQokq0l0Bg/default.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 3141
date: Sat, 25 Feb 2023 19:36:17 GMT
expires: Sat, 25 Feb 2023 21:36:17 GMT
cache-control: public, max-age=7200
etag: "1509821051"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
79962c4870e7da8513f29777e5d79f15
df9702b246bc468e6cdd7f8015a28b19e53da4da
09bea9e5e6eecddf7bd063144fe24584aea0f6fa55ffff57bfe6ba0e75ce384e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/blogger_img_proxy/AHs97-n9hOqfnsePqlMr7yOC5hFWYViBP4NCnW1TXffGgg9XJGnMbXmi-0FSWvhmiuz9EjWNX_hT_j4j6M7Q4FRvBeQKdugGquaTwiaW2gGbb1wY8OOqP_L0NW_ZyIrudeqT9ApgvWmwD__V91ht2w-uUFX0Wd8BYNrUU6iUuHzgcksCCizrBM3dvoaq1IR4vxVTMaSCcL10u2I8PWkABR0=w72-h72-p-k-no-nu

216.58.211.1

404 Not Found

1.8 kB

URL HTTP/2
lh3.googleusercontent.com/blogger_img_proxy/AHs97-n9hOqfnsePqlMr7yOC5hFWYViBP4NCnW1TXffGgg9XJGnMbXmi-0FSWvhmiuz9EjWNX_hT_j4j6M7Q4FRvBeQKdugGquaTwiaW2gGbb1wY8OOqP_L0NW_ZyIrudeqT9ApgvWmwD__V91ht2w-uUFX0Wd8BYNrUU6iUuHzgcksCCizrBM3dvoaq1IR4vxVTMaSCcL10u2I8PWkABR0=w72-h72-p-k-no-nu
IP
216.58.211.1:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.8 kB (1812 bytes)
Hash
5bf5744fc16516a72ab7d005bdd8d59f
02a16fd377961e191d0b7f56cfeefd1cb58925b9
a0c10d843b262aba78a2ed5df36c862da8670cc5fa941bf874226107751cb235

HTTP Headers

GET /blogger_img_proxy/AHs97-n9hOqfnsePqlMr7yOC5hFWYViBP4NCnW1TXffGgg9XJGnMbXmi-0FSWvhmiuz9EjWNX_hT_j4j6M7Q4FRvBeQKdugGquaTwiaW2gGbb1wY8OOqP_L0NW_ZyIrudeqT9ApgvWmwD__V91ht2w-uUFX0Wd8BYNrUU6iUuHzgcksCCizrBM3dvoaq1IR4vxVTMaSCcL10u2I8PWkABR0=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 25 Feb 2023 19:36:17 GMT
server: fife
content-length: 1812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c097c52b999b332336e4f3d86d3073d6
d5b56e700f47fa6f84f421b66c1ab3c487fa62dd
fe0efdfe994a6e3abb0c12e6a5c0d65f46ec5900f9abdb88c40f66d751ab06eb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c43d00019895e0feaa9453e07b4c37bb
ba943a3bbc3469146a56a75adeb8a9fdb8eafedf
89dc5449baa1242434c2505d484a38ec1a396f6e8048607aec8042642deaa83a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
60057da37b222312f0a09de3c79660a3
306e151a21840569317eaf312280915347bdc878
d9ff75b1ce5fd0eb9ed779cc256d9a9ade4cef67378869896b56b741d042cd87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/blogger_img_proxy/AHs97-lIsGvPDVY0fGnabAXPkgN37dSD8ydZ-kXOh2WNki7MLydmntQWpvQY6U95xzs5z9IAUYVKHyTX6DOBExdfq0ntF78=w72-h72-p-k-no-nu

216.58.211.1

200 OK

2.9 kB

URL HTTP/2
lh3.googleusercontent.com/blogger_img_proxy/AHs97-lIsGvPDVY0fGnabAXPkgN37dSD8ydZ-kXOh2WNki7MLydmntQWpvQY6U95xzs5z9IAUYVKHyTX6DOBExdfq0ntF78=w72-h72-p-k-no-nu
IP
216.58.211.1:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 72 x 72\012- data
Size
2.9 kB (2890 bytes)
Hash
0427135f863359ddeb3889fcf3aec993
00632ba0765896b3005ff4b2278b576c3b2678a9
84c27c4b4a861513fd3b91b43ca239534c1b083a13f0ab1654073aec5672848c

HTTP Headers

GET /blogger_img_proxy/AHs97-lIsGvPDVY0fGnabAXPkgN37dSD8ydZ-kXOh2WNki7MLydmntQWpvQY6U95xzs5z9IAUYVKHyTX6DOBExdfq0ntF78=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Sun, 26 Feb 2023 19:36:17 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.gif"
content-type: image/gif
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 25 Feb 2023 19:36:17 GMT
server: fife
content-length: 2890
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gerailagu.com/cluster-v2/roblox-gs.js

172.96.187.226

200 OK

1.6 kB

URL HTTP/2
gerailagu.com/cluster-v2/roblox-gs.js
IP
172.96.187.226:0
ASN
#32475 SINGLEHOP-LLC

File type
ASCII text, with CRLF, LF line terminators
Size
1.6 kB (1610 bytes)
Hash
c4f8039a56450ffa1b17f442747191d5
51863e2f1970f24fedeb50066058bfc37a2183d8
a6e8ecac1d87603c0f0ebd29e6cdcf4ed8c156ef6eb58a9784487876cd1d0779

HTTP Headers

GET /cluster-v2/roblox-gs.js HTTP/1.1
Host: gerailagu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-powered-by: PHP/5.6.40
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
content-length: 1610
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Feb 2023 19:36:17 GMT
server: LiteSpeed
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c50eb7d54774a9133bc950f2233d5dd1
409c992d3cd996e3e5294e1b93c29dba5e5f7cca
a596501254b44f4bbf4396865636698f372870890634e57af5dbc607d3b12235

HTTP Headers

POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bux.wellter.de/images/gamebaglogo.png

104.21.4.139

200 OK

3.3 kB

URL HTTP/2
bux.wellter.de/images/gamebaglogo.png
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3340 bytes)
Hash
e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f

HTTP Headers

GET /images/gamebaglogo.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wMZoIfgR0YnqK2AsfQoUj%2FTsmQpZCKmFGOS4sD8YBRQ%2F8niQ%2FOjiFMJY%2Boveq3Lrbh4mukHoPLJ7Fem2sG82naxNrQhs0p8yIUZfX6Ck1UIKlBXShRoIwgffBGGyW3eXcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ba74b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/ft-1.png

104.21.4.139

200 OK

3.3 kB

URL HTTP/2
bux.wellter.de/images/ft-1.png
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3340 bytes)
Hash
e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f

HTTP Headers

GET /images/ft-1.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8mjY6DFOaos44QZ8MMfKYas1DV2x2%2F9%2B2VjKMP4yxLdKSALcdcNHg%2FlWm%2BGAY90L%2Bx9d1s6f8dZeBcl%2Fs2Y%2BjaSJk7WxzO7eitVYjgVFZOHFpQAEnvYBX6hjzVOLpNTasQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ca87b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/header.png

104.21.4.139

200 OK

131 kB

URL HTTP/2
bux.wellter.de/images/header.png
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
131 kB (131285 bytes)
Hash
35e93538f31d67876a2cb38bf94279d8
49bf97732e9bffb5371ad60d024901b09d83651b
95c1de9315834de2ff3608a2dc048a6aedc273e665f9b54eb956523a81fc91df

HTTP Headers

GET /images/header.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: image/png
content-length: 131285
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-200d5"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEQGQFO%2B45YD6a6QSaFAV6mEXqmoMtC3DW%2B0Y194DcgRW6SatGEE6rh4pyONGWswm3zdz5qhS2GhErIEfGK818tMCzfNB8KtIWHAL2eIOU3x%2FnTIWb3DzvOMROpwyu53pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ca83b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c50eb7d54774a9133bc950f2233d5dd1
409c992d3cd996e3e5294e1b93c29dba5e5f7cca
a596501254b44f4bbf4396865636698f372870890634e57af5dbc607d3b12235

HTTP Headers

POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css

104.17.24.14

200 OK

1.5 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3201), with no line terminators
Size
1.5 kB (1541 bytes)
Hash
8e09ceb5490863a66cd2e83ca3d7e524
35e3d074516ec70c508d748f7ae01827bc0c28ba
cccbb374fd4cb6dcbac9df64456b49cb11530e7bafdac6c6c7e67ff2ed350db9

HTTP Headers

GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css; charset=utf-8
content-length: 1541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-c81"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3197182
expires: Thu, 15 Feb 2024 19:36:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7f03zXPWheiOzo4%2BeeUymR0c8xXHxfEBlRGeanq4HmeMINicC%2FhaONQQymbjlnVOSVAe%2B8l5Y5ArBN9voH%2F1Ka4J6wen5Bq1SByjF1DuqP%2F0wbsezk6fHWXUxDLBmuOG3vozLzHS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79f2e3983af20b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js

151.101.1.229

200 OK

2.1 kB

URL HTTP/2
cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (4802)
Size
2.1 kB (2068 bytes)
Hash
18914b05d782cca37716837edf14fa8a
c563d127cf718dd86389fdd007b4c51b6bb58dc3
4bded663a5f9ccaa1eb7c1692c1c7df756a7d0e037d19466979fb90c56fbefdf

HTTP Headers

GET /npm/js-base64@3.7.2/base64.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.7.2
x-jsd-version-type: version
etag: W/"1405-lMmxLE0z8/TnsipvbhQg5ckAA8Q"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 25 Feb 2023 19:36:17 GMT
age: 299730
x-served-by: cache-fra-eddf8230050-FRA, cache-bma1660-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2068
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
f701fe9e00fcf6501b3dffef4e3def13
183a08d413113a96cba2a438ecae99c2927cf059
77aca065e969fd26d5a6911450d55616117991b9e3eed11133d193130fc72c84

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 25 Feb 2023 19:36:18 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "A9A5CE83D7390A60A23B236052B7293EFAC9AC7D"
Expires: Sun, 26 Feb 2023 07:00:00 GMT
Last-Modified: Sat, 25 Feb 2023 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 176
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79f2e398881e1bfe-OSL

bux.wellter.de/images/form-scripts.js

104.21.4.139

200 OK

839 kB

URL HTTP/2
bux.wellter.de/images/form-scripts.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (516)
Size
839 kB (838812 bytes)
Hash
10af6a269ebf8f04c9434a8b9a828821
a7923357b25b1ac28f313e862a16787b402ebbcb
ed228c6eee684465f0a5aea403d5d8cb835387145fbb453d302b85c916c60ea6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/form-scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1469
etag: W/"5d9ca488-5bd"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJl8mSTzl%2BMGsTWQeoJHop4iD%2FKYUBvt09bZ6rHj7Wgkp07%2BEqd%2FcPkpwRrfXcMhmEa%2BeZ4vU%2FMp0MSOeJrQmIWsDAU570rET3fUDhAn4M6dHHX3rSuBN%2F0GF8PcGPrQ2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397daa1b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/scripts.js

104.21.4.139

200 OK

3.2 kB

URL HTTP/2
bux.wellter.de/images/scripts.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
3.2 kB (3231 bytes)
Hash
688043bd3271e21f697c54d0a625a487
0f2ddd2cbe8fd9ef18d0f971b2069e6ec4abc274
6c7b9e4d38d68ea2100565f7d73e83d9e41150c8fe45351cf8d8e206b0a3950a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=225
etag: W/"5d9ca488-e1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpfcDd4PzKTysyOLMn7CxTUqgHhEZugNz1yxMQFIZt8VxCObyEOFSkcSRUffTNOGoM%2F6kbO9UNUyAApIiLDnS1EML%2B%2BHQfxX65iTsilHeORtfWkDD7OqcMkuO5nMoWSLSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3980adab4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

188.114.99.234

200 OK

67 kB

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP
188.114.99.234:0
ASN
#0

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:18 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2592a65eb99a2e0b1589fa2d13a6191c
cdn-cache: HIT
cf-cache-status: HIT
age: 93368
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79f2e3999dfdb515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/com.js

104.21.4.139

200 OK

21 kB

URL HTTP/2
bux.wellter.de/images/com.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type
C source, Unicode text, UTF-8 text, with very long lines (15173), with no line terminators
Size
21 kB (20802 bytes)
Hash
c0921b3d47dfbdc015b2849c50ce2832
5f27bc013ce3a4ad971066666d83126c5f14c93d
b9f4c291d940bbdb9da41a5e9244338cc5ec32781a98dea5674c2d84158599bd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/com.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=17963
etag: W/"5d9ca488-462b"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MU0jnQmPmg1IMp6VMi8dyedkC6shZL5SkVO88Bz3NBxaYfRwaU%2BIgtlovBcBPHnaNYEuz4Jmlulxo3INBLY8YWLe1wAKBLG4%2BcXGqZVXWmJdXwX6xqgwTYLcJQ1bbxHLKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397da9db4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf

142.250.74.35

200 OK

18 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open Sans LightRegular1.10;1ASC;OpenSans-LightVersion 1.10OpenSans-Lighthttp://www.apache.org/li\012- data
Size
18 kB (18391 bytes)
Hash
a69c5fa643b7208c4922909701e399ac
0560e8f641340a70d9c36b3d4106e42ac395f829
0a8b75177ccda56113a7a1bb9214c38276257846f9323226f74831f74ffc721f

HTTP Headers

GET /s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18391
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 17:53:15 GMT
expires: Fri, 23 Feb 2024 17:53:15 GMT
cache-control: public, max-age=31536000
age: 178983
last-modified: Wed, 14 Jun 2017 16:45:42 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf

142.250.74.35

200 OK

19 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansBold1.10;1ASC;OpenSans-BoldOpen Sans BoldVersion 1.10OpenSans-Boldhttp://www.apache.org\012- data
Size
19 kB (18604 bytes)
Hash
5498784000b038638befe230ea392271
efef80115bdabd927501563197827a7ae837a19f
5848ca5f4af491c37907f2e4cb0e240166572edc90615a96d4702f2dce34800b

HTTP Headers

GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Feb 2023 10:12:26 GMT
expires: Sat, 24 Feb 2024 10:12:26 GMT
cache-control: public, max-age=31536000
age: 120232
last-modified: Wed, 14 Jun 2017 16:46:24 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4432722afb07ba74051c88ed8a3d0c96
e5715d828785bd764f820cde1e387e4e83aaae99
bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 19:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d34d62c1b25d882e260e5638c353472c
2518cf7a90df0729df734a40fc089cf6bf1b4160
82a7125f2789e8de64c9e8d7bd139157b06135b501317ad50b227bd065bac9f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82A7125F2789E8DE64C9E8D7BD139157B06135B501317AD50B227BD065BAC9F4"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Sat, 25 Feb 2023 21:47:50 GMT
Date: Sat, 25 Feb 2023 19:36:18 GMT
Connection: keep-alive

s10.histats.com/js15_as.js

46.105.201.240

200 OK

4.4 kB

URL HTTP/2
s10.histats.com/js15_as.js
IP
46.105.201.240:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with very long lines (11440), with no line terminators
Size
4.4 kB (4364 bytes)
Hash
ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1

HTTP Headers

GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:35:12 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 993625615
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7785
Expires: Sat, 25 Feb 2023 21:46:03 GMT
Date: Sat, 25 Feb 2023 19:36:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7785
Expires: Sat, 25 Feb 2023 21:46:03 GMT
Date: Sat, 25 Feb 2023 19:36:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c930829bdcc2bf23ff3014e5dd21f270
7e175882efd19d1649537da3c2c2e70833558d87
c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7785
Expires: Sat, 25 Feb 2023 21:46:03 GMT
Date: Sat, 25 Feb 2023 19:36:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5269 bytes)
Hash
f5c457f02a50b085b748b7e806f166f7
a7b75438ba91b71e023e2e6e355563ac2635bf25
7607c112a56f9893b0c491cad54d7d83be0fa414e69dd44c251e074e15877f6a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5269
x-amzn-requestid: e6460273-d038-41fa-9915-5f5762feecab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiUFqhIAMF5sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-6c3baead0e2b8845557bf7e9;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 07pNAHZlG7fP3dgG0eb-onMglfj9-wP2RAFShvr3b-MkOECPQZaSdA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:40:19 GMT
age: 78959
etag: "a7b75438ba91b71e023e2e6e355563ac2635bf25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9093 bytes)
Hash
2a5f3d376fe6a3a78a5d1fe136f962fb
3e9b03cc296e954d63526a4e7e75beea3130fc3b
c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 3fd9f8c8-cf10-4222-a2cc-5f18ff7b2e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9D3HqmoAMFeBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb2-352315613cc0c2bc7eb28e05;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S8s54RJtScNtsl6uEFtBEHnTj4lb3l5xIWR96Kvr_SdwQQQMgSKNxA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 79281
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6979 bytes)
Hash
d434142b05e07062707138da8999445e
d4796a582b28b1afcb1d7c8d06d78664a62bc880
0baf0e2b4c5975bac7d8543156bdb412cb8a703a768c765a90eedb95fb8ab1ec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6979
x-amzn-requestid: 19ffbbf5-7950-405e-b558-43c6c011785c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9M7FrMIAMFzCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbec-7c65361d479d30c129f9d1d0;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:34:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uAlLA8M3mpkJ6q6lSztfNbhSpQu3pFgjZ53BjU-jkLAVX3DoTHH2vA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 00:10:20 GMT
age: 69958
etag: "d4796a582b28b1afcb1d7c8d06d78664a62bc880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9610 bytes)
Hash
a1598be3f85d30c5999ee301f974603a
f74df5e6145c1a10d64dd1f5a09bd90363a8eb59
57f179081f7cf17e985b0628cd07bacc744fcea97131594bb03b11c2a8b52d7c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58e71ab7-6d45-4fe0-96bb-7faa4a54fe6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9610
x-amzn-requestid: defacc06-ccad-4190-9442-9b603acbe6d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9M6EnsoAMFx4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbeb-651f70531153842f6f431d69;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:34:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0rbTTBo65VZcX_9i1P_tu4xfDdGhauiJMBxtxLJ2QBnpmegxn85N2A==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 79281
etag: "f74df5e6145c1a10d64dd1f5a09bd90363a8eb59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.5 kB (2472 bytes)
Hash
07de4b2f670ddb3d7188529f2a663e32
6eb14318c585598c0ee9e7e5d694eb190f2cfbbc
6f6c649e01b654856df8a17db50787b7888dc063a4d68a337ce8bfad275bcadd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2472
x-amzn-requestid: 8666c3f8-25a1-4204-8a9e-717f95bc6f60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AqYMpF96IAMFRcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f4071d-3e4dce5a5b119a44096124ff;Sampled=0
x-amzn-remapped-date: Mon, 20 Feb 2023 23:49:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s0lEI3Louq5N7FwRFgTmXEChzb0SHOvk2nSKDp_xIHeTuvxGL1CVwQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 18:00:26 GMT
age: 5752
etag: "6eb14318c585598c0ee9e7e5d694eb190f2cfbbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.4 kB (2433 bytes)
Hash
94622f58aa91b60efcab072bbfc1b8fc
481c511819075f80bacc5cca0b50c3650b5789d1
767c220ed09fbb28216023785c3609993185463dea0fcdc6cb355d6d00acd6b0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2433
x-amzn-requestid: 1eb77631-515a-41f7-ac18-59c8cd22c4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ax_KCHgAoAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7123f-051da60474344e58658cc980;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 07:14:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KStkU8id8VhC4s3kYYvxctpem7798i9K7jNQUVNahm_mycuGOaE72g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 07:44:04 GMT
age: 42734
etag: "481c511819075f80bacc5cca0b50c3650b5789d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1677353852073&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0&@ohttps%3A%2F%2Fkiaphamrobloxdungeonquest.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-9904420&@b3:1677353852&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html&@w

149.56.240.129

200 OK

52 B

URL HTTP/1.1
s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1677353852073&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0&@ohttps%3A%2F%2Fkiaphamrobloxdungeonquest.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-9904420&@b3:1677353852&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html&@w
IP
149.56.240.129:0
ASN
#16276 OVH SAS

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
e109dfadbe17668ddef5b1e7e7591a65
ecae162b1ba679da53a3375f27883a3ad68d53b9
b25ad84853cadef5b3385ed485cdd43940261ff1ece7b34937c1ed4431ef3027

HTTP Headers

GET /stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1677353852073&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0&@ohttps%3A%2F%2Fkiaphamrobloxdungeonquest.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-9904420&@b3:1677353852&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 25 Feb 2023 19:36:18 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 52
Connection: close

bux.wellter.de/images/jquery-3.2.1.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/jquery-3.2.1.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery-3.2.1.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=268039
etag: W/"5d9ca488-41707"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCqDFffO%2BDfnIjQAANBaZU5ze2hAePwUyAo68mgvDDl7WyS%2BHN227SKoxH2HjqQ5qpX6Ufo24KczD9INqU4XIQ%2By6xp%2F0FrCHk89fWO%2FVeEyEF7vl%2B0YBhWi2m%2F84Rzk%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ca88b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/fancyselect.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/fancyselect.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/fancyselect.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4253
etag: W/"5d9ca488-109d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=No8VQHGTn4apdXf45UYlX843G8QPfpjxtOsUfEvfLfHgbc3r8pyCkulvJTzATx%2FJb6UDia%2BMrphelNSK2VMDOWeBHrCM44r6FqGh7uCylLDYu6UIo391PaHaJxPHHNQYOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397aa63b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/bootstrap.min.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/bootstrap.min.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/bootstrap.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-1d990"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1ScUGZ7cLMfFxuKTvdW1eUQ%2Flqt761fLT%2BL%2FQcvQcBfzC9z0fnKFfhCwvHRIgKBLrGJ4W5sSZQendfq0k7OgPadbEyH3%2FHG%2FTjH74tgJTXGuBhBDZMRrPCHv2bO%2BzGP%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397aa5db4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/fancyselect.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/fancyselect.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/fancyselect.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6778
etag: W/"5d9ca488-1a7a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ahXs%2Fyyim9vRtFjQyptLt4UEAIl480fdcKfXdkmSM5Gbx%2Fou61vBAmoEGEAyF%2FXhHE7axEilWGwZCgNz6poCCjOCX3foMxbZ%2FN7ta7NVszxyVV%2FlfdJoGKjD4SW4DxY8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ca8cb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/sweetalert2.min.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/sweetalert2.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/sweetalert2.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-4f51"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yv5UY39qTsMq5p9HRk2aRXt3YFoWwRrt6T2RbXi23jeyuReoy3YWnypT%2FU7Szad2x19D4SYHEU05fEbUnSvh2%2FOa4%2BORqkvXcdvYNTFNXcY7reZCnYbJUQmhiWRVpP1JJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ca8fb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/magnific-popup.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/magnific-popup.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/magnific-popup.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7946
etag: W/"5d9ca488-1f0a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9lP%2BejkT8PI%2FK4D4EKMDXOcAckkL6sJDpn%2BZ%2ByU9z2Op92a29qs2sWANKIzzPGVms8AqfdkrMuMR6FP0J7B8OocFBHknkfrvQibh17woXYvU8Qcbfyf1dxfpp8Zm%2B8oFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397aa62b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/jquery-ui.min.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/jquery-ui.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery-ui.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-30da8"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IhGgPJFn3%2BbWeNCu6OEZkLhVCNPftfrdOFiVUOysFWNj37Z6zMak58w7spCtuS%2BEIbL%2F84775np%2BWIrHHKvwH3iJxrqobAE4jXON7zrPPelqVrTO7ZwzqYiIDknMuoqg9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ca8ab4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/main.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/main.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/main.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38451
etag: W/"5d9ca488-9633"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vqi80C9uFdWWlLqhKpL5fUM7goKUySYKTeAQVkDanh%2FzTLMi5uUrTJ%2Bvu6wlDBmyilw%2FTXIbngrVgM5Qi3nolxQfoHsCQ8xygqDUDyaCAOcAW86paUrQn1givsAGZwp2zA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3980ad8b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/style.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/style.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/style.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=50839
etag: W/"5d9ca488-c697"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMNtu7PBhfBH6dcrMjU2MMkuGiwUrQM9295aJf96IwoJ9MiBV%2FcvsDXUk9epW3FBkDjekk%2Fr9IrSVMcm37ocvUPcoN9%2FA0tiGXvjRAPyA2FlaCU%2Fv1xVl6DmTZOymEZ%2B1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397aa65b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/custom-css.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/custom-css.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/custom-css.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1790
etag: W/"5d9ca488-6fe"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rr3%2BcA6OYWUE10MqkSVucktNLOqetqJI9XQR225Si3N5CEgRDKDaPKAu1%2Bxqfjva8FrA3aY2JmULYn30uOavw%2BvIbN7QVn3YGlhD%2FC5qjpIYhq0YSFT46Se5uZ%2FqYOuyZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ba6bb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/validator.min.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/validator.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/validator.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-17a7"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=twh5O%2F2ywDH%2F8qN53nX3isX1zRxWKBxr6Cfv8pJLPLe8ve5FkSuPFxzzNJHFZUHeoWvuaWuAHcVbC1eBad%2Fqono4mjD%2B1eG8IMGfeF3XRcCsvRp4xIJl9rTeRFkT%2FKmL4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397da91b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/index.html

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/index.html
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /index.html HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kiaphamrobloxdungeonquest.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/html
last-modified: Mon, 27 Jun 2022 12:44:26 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tAJH%2FdBY6qJX4a%2FGFHNfULSt4nZdD9fcj6FBsUYor%2FwqxIrCN9rj78YzQ%2FnxDZFkWqclV5ib3cy3VEhN3cuVwiZUuUyFNyMvXoolTt8hujaxMS46TGF%2BmXS7wHkq8WnwVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f2e396d91fb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700 HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=773
etag: W/"5d9ca488-305"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QbcZTq%2B%2BOmYXHtZ37LFOAwmHwIj%2B8eXzL5BFjzoiegZNoeNFtnPySRaEbr7xMKgC710b%2Fjieb8NiLCizf4q5AZlLLOg6hmjRMJkfPw92CmWl6p5Yb1Ut%2F9ndEyl%2BGgsGAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3979a50b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/font-awesome.min.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/font-awesome.min.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/font-awesome.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-6c3d"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uARuAlKopKJN7ad2hNuio4SHd1fVSujBBzlPmQJCw2PUdrZqsNDoQTc%2F8GpXXP%2F5kEsA49ZZ8OJz3O%2BAi1byGqogrzSCcDokV3jg8KlDWy0yOdSwVkONh%2B9zP3r8P6n8sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e3979a52b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/sweetalert2.min.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/sweetalert2.min.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/sweetalert2.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-36a4"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YcBPOs1HCbpJR%2FuRWOLtOVdOnv1pT6FhdUjb2Ki0fYQmaxSwnTjMCmsGgaVTHC2ANJnXyLpA9J9nCIPgTb168byR2DCJtyqJUpdE1gz2djZ6ImkxxwuJov0ZrRyEeAN0Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397aa61b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/animate.css

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/animate.css
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/animate.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=68796
etag: W/"5d9ca488-10cbc"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IHhUTyKxNwjWpocvsuty4M9zmoo9xGcE8U1EjFx9xTjywsypbASIkXjw2GCMQv3cemqNUTgwsweCH8acxlWrrFTEjyqM%2BXN3ftaFgTFVzMBjoUjjB6B3YMXPosak1xSdYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397aa5fb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/jquery.countto.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/jquery.countto.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery.countto.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3761
etag: W/"5d9ca488-eb1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GVucKr4JQADiqjeuIneCDOQADuHNynO%2BgXMVBdChc7xpp6U8a3GGkuUME%2BIMMXusxiyTtktVv4nTJRpM5P6PyEAWTprPEt4AbDX72WUGOlbtmq%2BU%2B4Nu9cn2K66N0B01Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397ca8db4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/sticky.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/sticky.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/sticky.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=20845
etag: W/"5d9ca488-516d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IA9D5OW5DVSNlvmRMhpQXB28a4WTRsGMcjwLrMaMg8CWiBy4UWr8wKtbyhdyBavz%2BkoSlvBd9eVfQaeivVqPNra5WtNFcmrOs4Mdc9xhaCbvKCdQaS5onKo8qe43KjVU5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397daa4b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bux.wellter.de/images/jquery.magnific-popup.min.js

104.21.4.139

200 OK

0 B

URL HTTP/2
bux.wellter.de/images/jquery.magnific-popup.min.js
IP
104.21.4.139:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /images/jquery.magnific-popup.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 25 Feb 2023 19:36:17 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-5297"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5QA7c6Pjfuqy6eow%2BYLRAQFGWf%2B3oCFCKmkxy0eOKQ%2FJkoeNRdCOgREVP3Wid1VBFXS9ZwabbrhyvlfeqqA7P9YxP1ic8JBy7oTdX3%2B8Wgr8YFWSURfQPhpv6%2FJg21aow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f2e397daa2b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL