r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13032
Expires: Wed, 08 Feb 2023 12:17:50 GMT
Date: Wed, 08 Feb 2023 08:40:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3775
Expires: Wed, 08 Feb 2023 09:43:33 GMT
Date: Wed, 08 Feb 2023 08:40:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4522
Expires: Wed, 08 Feb 2023 09:56:00 GMT
Date: Wed, 08 Feb 2023 08:40:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 08:34:12 GMT
content-type: application/json
age: 386
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GiVqbHM9YacTcDGze1bRif5BZ6XK0/zeqE4y19U8weBnOMko+N5cYpn48ZU15HKekviZqO2st/xanEsxT9W0DA==
x-amz-request-id: XZMH0NVJWPXYWKM1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 07:45:53 GMT
age: 3285
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 08:40:39 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bloxburghouse12k.blogspot.pe/
172.217.21.161302 Moved Temporarily 183 B URL HTTP/1.1 bloxburghouse12k.blogspot.pe/
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash c8430a6cafaa65a5d7fc904319ed1d67
c5bc751642228c413c05c9ae091069037f052509
f733443fe9af1dbd33ad69e3f5644e3029e94d4577b823f5466452eeb69ab1b6
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: bloxburghouse12k.blogspot.pe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://bloxburghouse12k.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Wed, 08 Feb 2023 08:40:39 GMT
Expires: Wed, 08 Feb 2023 08:40:39 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 183
Server: GSE
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 07:51:20 GMT
age: 2959
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
bloxburghouse12k.blogspot.com/
172.217.21.161301 Moved Permanently 184 B URL HTTP/1.1 bloxburghouse12k.blogspot.com/
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 0627ab2b8edfc2fbf49a9a412068821b
c59655b117dd375ad73b76595a19e4d00f09d241
8123f6dc4e3ede555178781602289925763792581fe3f57b6a5cf93623883519
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: bloxburghouse12k.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://bloxburghouse12k.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Wed, 08 Feb 2023 08:40:39 GMT
Expires: Wed, 08 Feb 2023 08:40:39 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 184
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13331
Expires: Wed, 08 Feb 2023 12:22:50 GMT
Date: Wed, 08 Feb 2023 08:40:39 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 83e22821bb0489f9ffd588625ddc354a
631978b5167b8ee78608b27c6595779dcb48c252
ef35eab5ca69dd44e3d5bcf9229bc97c226ff44f38f53c096f14121714b3d234
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.148.70.121101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.70.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1un9eLMeTT0y2Sl1G301RQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aPNTS5MuAIndC9WsCMV21FF+pHk=
bloxburghouse12k.blogspot.com/
172.217.21.161200 OK 16 kB URL HTTP/2 bloxburghouse12k.blogspot.com/
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (14233)
Hash 1692952e2439816dca2726ffa74c449b
0cc472e9a953460d20fe7132247d7dbca284a8fa
8986190925fea4a80cba08b6014a1a49ac92d2045c8bf29a9ab335d53eea8da8
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: bloxburghouse12k.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Wed, 08 Feb 2023 08:40:40 GMT
date: Wed, 08 Feb 2023 08:40:40 GMT
cache-control: private, max-age=0
last-modified: Sun, 05 Feb 2023 16:37:44 GMT
etag: W/"878e1bcd94f1938ed263da7a8f948faa1535f856c630fb883df82cf1b97e70f6"
x-robots-tag: all,noodp
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 16468
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 83e22821bb0489f9ffd588625ddc354a
631978b5167b8ee78608b27c6595779dcb48c252
ef35eab5ca69dd44e3d5bcf9229bc97c226ff44f38f53c096f14121714b3d234
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3.bp.blogspot.com/-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png
142.250.74.161200 OK 6.7 kB URL HTTP/2 3.bp.blogspot.com/-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png
IP 142.250.74.161:0
File type PNG image data, 200 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash 8b2271ebafdb2a99c69f429d440c555b
38ab355f4cad880637c156f6afe451a9df8cba60
180547af487d795d7fd737f992fb288eb9ec53b79404955a49dd36569e96a230
GET /-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="logo_650c697d3a6002c8f63991bb43c0d6b4.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 6658
x-xss-protection: 0
date: Wed, 08 Feb 2023 07:36:01 GMT
expires: Sat, 28 Jan 2023 06:25:47 GMT
cache-control: public, max-age=86400, no-transform
age: 3879
etag: "v14f4"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4fe8a46e4fe7c971a068b163b275e25a
5ca9fb282e652f18298c755e61c5e38665ddc7b1
c4639e8bacf773e2ad7c0256587dcabb3db19ceda949ffd365358091e1eef0f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac8f87459207d7ff6339b7e5fdcfbd5f
680bb877146fd421db644129626d88b3d77f75f5
fbade03350661e25d319fa51111cf0279dfcb4f7d2517a28246e637dbb0e9402
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBADE03350661E25D319FA51111CF0279DFCB4F7D2517A28246E637DBB0E9402"
Last-Modified: Sun, 05 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9261
Expires: Wed, 08 Feb 2023 11:15:01 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5bcb9125c18e4ed3562ceb950dc6eaad
a6c6944804b772de3a487723e3e866c0219de230
94947430d745a6648a2e87f163bf474b4fd4513519360bf4bfecfabc141e5ff1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/bg/1ltCRSOx5k-1I0D0UILHPXNozEC50ZuHf8HEjBLxTFM.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/bg/1ltCRSOx5k-1I0D0UILHPXNozEC50ZuHf8HEjBLxTFM.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36039)
Hash 9c79f8791efe0ba481ffd857e9f4eaca
354f3ccd41d151f8c4e160a695e66eb2df8db98b
cb86891fbc8e3c7fedf9fefa9d80940064e4e5fca9e9a17725ab7cc40d348864
GET /js/bg/1ltCRSOx5k-1I0D0UILHPXNozEC50ZuHf8HEjBLxTFM.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14207
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 18:35:50 GMT
expires: Tue, 06 Feb 2024 18:35:50 GMT
cache-control: public, max-age=31536000
age: 137090
last-modified: Mon, 30 Jan 2023 12:00:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 18eec2142c6436defbc7c12ebed6d3a0
be4647b53d4b64ba16f6ccc3e9afe884c065ad2c
833d2101bad220e693efaab9e2a1cafdd5b4cb738ea5bae1ceb5b7050698a07f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/3801814646-widgets.js
142.250.74.73200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/3801814646-widgets.js
IP 142.250.74.73:0
File type ASCII text, with very long lines (2221)
Hash 4b866f80aa72c49d02f36338402a59e5
ca95baa3565ec41d9635387ac90b2add0e05a47d
aff6590600f8a33efdbaf01cc67e5a435e38ec8997b3c6b1f34a1ca8ff72fe7e
GET /static/v1/widgets/3801814646-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56575
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 02:58:16 GMT
expires: Tue, 06 Feb 2024 02:58:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Feb 2023 00:50:58 GMT
content-type: text/javascript
age: 193344
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ed3f32fef9b843f5511bb882c0a38358
a1a60921f7cb6ab14b645c77bb7d77c20b8201ef
9a4b9e269aa66258c1d9b10fb1af899a3e669de3e244dcfd843a0bce87646f8e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 18eec2142c6436defbc7c12ebed6d3a0
be4647b53d4b64ba16f6ccc3e9afe884c065ad2c
833d2101bad220e693efaab9e2a1cafdd5b4cb738ea5bae1ceb5b7050698a07f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qph.fs.quoracdn.net/main-qimg-e6954a613534047a3419e71875938372.webp
162.159.152.17200 OK 33 kB URL HTTP/2 qph.fs.quoracdn.net/main-qimg-e6954a613534047a3419e71875938372.webp
IP 162.159.152.17:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 602x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 620f2a01c3fa53419823939f131ba42a
e39ddeb7eeb9a5eb5a7a417832b84f240a87a6ea
f31819e0e0be16788574ce6a4d182e955270df339dd40a02485ccfd5c30e2d7b
GET /main-qimg-e6954a613534047a3419e71875938372.webp HTTP/1.1
Host: qph.fs.quoracdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:40 GMT
content-type: image/webp
content-length: 32798
x-amz-id-2: QyPnt45CzTrib91SJBFqSi7Nh+7+bYsHTN4BHNqKR1T2ZCmPseyGSRwj7VyJbj3zPkIfQd9oULs=
x-amz-request-id: S0WTHPPFPG25KZJ4
x-amz-replication-status: COMPLETED
last-modified: Thu, 13 Apr 2017 12:53:01 GMT
etag: "620f2a01c3fa53419823939f131ba42a"
cache-control: public, max-age=471522807
expires: Sun, 17 Jan 2038 19:14:07 GMT
x-amz-version-id: lkRHK9mw35xuRM1..snhCqHyiKkGwDDQ
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
server: cloudflare
cf-ray: 79630fd38faa0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac8f87459207d7ff6339b7e5fdcfbd5f
680bb877146fd421db644129626d88b3d77f75f5
fbade03350661e25d319fa51111cf0279dfcb4f7d2517a28246e637dbb0e9402
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBADE03350661E25D319FA51111CF0279DFCB4F7D2517A28246E637DBB0E9402"
Last-Modified: Sun, 05 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9261
Expires: Wed, 08 Feb 2023 11:15:01 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
images-na.ssl-images-amazon.com/images/I/41DWzzwK7qL._SX466_.jpg
54.230.82.142200 OK 19 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/41DWzzwK7qL._SX466_.jpg
IP 54.230.82.142:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 466x466, components 3\012- data
Hash 53b34733ad80d1368f257c1688be21ba
20c8725b26baab370987e37987ed001ddf52baa4
c9da2ee905c738088ea40ac3c4d273cf4d400d1c460608671556fa57c4e94e2a
GET /images/I/41DWzzwK7qL._SX466_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 19167
server: Server
date: Mon, 06 Feb 2023 10:05:12 GMT
x-amz-ir-id: ed492f2a-4a3b-4a91-abde-b3a2117eed50
expires: Sun, 01 Feb 2043 10:05:12 GMT
cache-control: max-age=630720000,public
surrogate-key: x-cache-008 /images/I/41DWzzwK7qL
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
edge-cache-tag: x-cache-008,/images/I/41DWzzwK7qL
access-control-allow-origin: *
last-modified: Thu, 20 Sep 2018 10:59:55 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
age: 167728
server-timing: provider;desc="cf"
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DTusx0Q9Z6l6zjztKw8S0ONzWYHe3ETvQJrtt5sZZ6K1J-2_mAW54A==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a65648b9429f61d74180d0c398cf576a
8fa09ea82e9c5a0db838b6136674677df76cb258
7a12a0ac04246e9c477ba34438fa23fec362ccc278c0f2c5b3699072ee7e39bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7A12A0AC04246E9C477BA34438FA23FEC362CCC278C0F2C5B3699072EE7E39BF"
Last-Modified: Mon, 06 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6407
Expires: Wed, 08 Feb 2023 10:27:27 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
lh3.googleusercontent.com/BGwC8-y-5sLurq2TplAfaj613lBtDgdpspZTbcJxqpWlVDUd4v8pCRynpW3PStjJifY=h1024-no-tmp_new_adopt_me_roblox_tips_apk_install_update.jpg
142.250.74.97200 OK 607 kB URL HTTP/2 lh3.googleusercontent.com/BGwC8-y-5sLurq2TplAfaj613lBtDgdpspZTbcJxqpWlVDUd4v8pCRynpW3PStjJifY=h1024-no-tmp_new_adopt_me_roblox_tips_apk_install_update.jpg
IP 142.250.74.97:0
File type PNG image data, 800 x 480, 8-bit/color RGBA, non-interlaced\012- data
Size 607 kB (606815 bytes)
Hash 9c96304c3649889782610a632b0b98ff
6bedc235cdeaa857a40f6d157e9fc6f30d1b2a28
b5fd5b3a199792e718397c8ede70f42e22b53c2b8edb7c17758a3c746ee45e62
GET /BGwC8-y-5sLurq2TplAfaj613lBtDgdpspZTbcJxqpWlVDUd4v8pCRynpW3PStjJifY=h1024-no-tmp_new_adopt_me_roblox_tips_apk_install_update.jpg HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Thu, 09 Feb 2023 08:40:40 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 08:40:40 GMT
server: fife
content-length: 606815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4bed562aea9d3bf946f72bf3dea125e1
94940ebe5c1c5fbb0eb5436c5d784cde5937ced7
45cb26c47e685f85e8bc837a10d0af43207d2db808d344aaf13cb98882a06e2c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4203
Cache-Control: max-age=162407
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Etag: "63e32704-1d7"
Expires: Fri, 10 Feb 2023 05:47:27 GMT
Last-Modified: Wed, 08 Feb 2023 04:37:24 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4fe8a46e4fe7c971a068b163b275e25a
5ca9fb282e652f18298c755e61c5e38665ddc7b1
c4639e8bacf773e2ad7c0256587dcabb3db19ceda949ffd365358091e1eef0f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP 142.250.74.131:0
Hash b8a69e5f808adea173eb9a32eeb09fe7
5418e3e1cbce7ab87d5a9f3950b712c9e79d8cb3
74eade23b7d595c3bedcccfa885ce57ec9ab3d3e5bf37129025d24e859be3d76
POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14995
Expires: Wed, 08 Feb 2023 12:50:35 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14995
Expires: Wed, 08 Feb 2023 12:50:35 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14995
Expires: Wed, 08 Feb 2023 12:50:35 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14995
Expires: Wed, 08 Feb 2023 12:50:35 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14995
Expires: Wed, 08 Feb 2023 12:50:35 GMT
Date: Wed, 08 Feb 2023 08:40:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qYXu_I4vL00EOopA1nQcxCTMKf4nObKFk9XQozhw6FezKsfTDem3Mw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:35 GMT
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
age: 38046
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:22 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 38719
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d2eccb9280b851aa1725df5681f6bbd
b4e2b14ee5bc9ee6c9c05666c34b2d1b6ec425b5
c64ece16f4c550feb05db1bccbf74b49d839e77fea31893d48a3f0c267939c92
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10328
x-amzn-requestid: 0b0b3fcd-416c-47ac-afa0-51be0ab85665
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PPlGGqoAMFxYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c596-219ee5023d71e4ce17d49233;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pNBF_lBtNmvVWQAnBxCp0e03pdV_rbGOf9V1UvqeRO2vcZR3_lSE2w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:21 GMT
age: 38720
etag: "b4e2b14ee5bc9ee6c9c05666c34b2d1b6ec425b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e7140400336984afc6093c1246f863
59e0b21cdf4cfdac3f1ea05badd007727939ac42
4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: c474008d-a6a9-409b-88e2-c55062044575
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzQtnFGhoAMF5Zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddfb23-54dd67257ba25ad24e977a9c;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 06:28:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EHKG30r3kg-Lb-iZylZBFUY-Yp892ZN1W8YNykxPyP6NiVx-dKW-4A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:30:40 GMT
age: 36601
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bux.wellter.de/images/gamebaglogo.png
104.21.4.139200 OK 3.3 kB URL HTTP/2 bux.wellter.de/images/gamebaglogo.png
IP 104.21.4.139:0
File type PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Hash e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f
GET /images/gamebaglogo.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eb0bOvEhg2QxmMCFWA1M0w0duvXMSUnRPNu1SQt0rUEY83li%2BSypZMQKqaPIuPzZ3YWpsLixRb4daj396oH1IlmF17i6B5xmdnzat0KjlnWIoKw3mEu4K8Rea351n4oplA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e2db4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/ft-1.png
104.21.4.139200 OK 3.3 kB URL HTTP/2 bux.wellter.de/images/ft-1.png
IP 104.21.4.139:0
File type PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Hash e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f
GET /images/ft-1.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=REWKzcUmM%2BQqx5KI8%2B%2F7vmGnNrUPK6nmfmHPSIgJuhpSQ9VuI04q74bCo7elU%2ByfFjq8CMJM7lT77Hwf7D%2FLUC1ENhs1yDQvieDXkdWDfkYBXJlWlwONe%2FsmsSQR3aRIKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e30b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0sEMzqETD-gbgXOXb_CJmLjYQmNGMN4-_ggiB7ifbifltHJYsTRRsQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:22 GMT
age: 38899
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bux.wellter.de/images/header.png
104.21.4.139200 OK 131 kB URL HTTP/2 bux.wellter.de/images/header.png
IP 104.21.4.139:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size 131 kB (131285 bytes)
Hash 35e93538f31d67876a2cb38bf94279d8
49bf97732e9bffb5371ad60d024901b09d83651b
95c1de9315834de2ff3608a2dc048a6aedc273e665f9b54eb956523a81fc91df
GET /images/header.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: image/png
content-length: 131285
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-200d5"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eQvTG6ly4wo90QVHsjKNSku7juTOvQLoPyPHfH5XX0f%2FVVQvPBM0EMOvWbS2j4ufd7Sep38hNb%2F7e05zc3XhvyUfNNs0hi4ZHRPDuAdQ9UNiIXQ0O0B%2FPJpcjjjaTRJsJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e2fb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 845e4e4051f1162b20d3df5f208e8d3e
076462f67531c60b31ec768a275c96317292306d
40996d8929ab92f342328fc018518d6131c6222b0ec23051775eda276a602026
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6ac124e-27b8-4818-9240-77708d007004.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4168
x-amzn-requestid: 24814225-0063-49fb-86ff-e78869538b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjQFS_IAMFtLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-67307c42182089b3096e98b5;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qLuHdYthPTS7qoVjS783M1Q-RtOluQpKozCi-zABez133FyvgBsBog==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:37 GMT
age: 39424
etag: "076462f67531c60b31ec768a275c96317292306d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bux.wellter.de/images/font-awesome.min.css
104.21.4.139200 OK 6.5 kB URL HTTP/2 bux.wellter.de/images/font-awesome.min.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (27546)
Hash 3ff4c779ba71cdbd02772143dc925ed7
3fc2e91811ddb57ae29ada7cb67488bef36f7364
4e09a5f18932ea513c212395a5f3ea73edcb48e2df040082acdf02213ac48389
GET /images/font-awesome.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-6c3d"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PXB19yfYBwR%2BlEiBGr8YsjI1sRSnEB1TYsRb43nV0U2nWEVQcpnMkI5oVMfhdTHdc8%2Fiiat1nuAvjcapIi3tPgHgwQT%2BirwEvo%2BulljaO3WeQbFSeb21QtWQCm7YCCg8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd85e0bb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
104.17.24.14200 OK 1.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (3201), with no line terminators
Hash 8e09ceb5490863a66cd2e83ca3d7e524
35e3d074516ec70c508d748f7ae01827bc0c28ba
cccbb374fd4cb6dcbac9df64456b49cb11530e7bafdac6c6c7e67ff2ed350db9
GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css; charset=utf-8
content-length: 1541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-c81"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1689046
expires: Mon, 29 Jan 2024 08:40:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BkBF1xWsxSZqpAbkJYvQYrL%2BjeYnlAwWQ1frSpaLfYtykrevS%2BNXTNYHNJ9UqM7c5pujzu3piH6C9j5dt83ViksqdkWIsParGFbT48hqqLfHG%2FgOLx7nN6RZs7nYnUH2dUZt%2BLh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79630fd8bf0fb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a2793786b1ce1206b70d285bea47b94
11747c77f2ef56d889b5148834faa184be7cfc07
af406b334b4df19c87a6911d78bbab5bc5628dc7ccac9d7d60050908c770fb52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1287
Cache-Control: max-age=129952
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:41 GMT
Etag: "63e2b3a2-118"
Expires: Thu, 09 Feb 2023 20:46:33 GMT
Last-Modified: Tue, 07 Feb 2023 20:25:06 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash 8c5f85d147ad85d1f49fccbb38462f5d
1bf801608b85dedb5b62542d91e90b3179d97214
0146434060bccbe0e9fc64d201d296dc516a7deb24bf6a64f5cb2fe46d2ef042
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 08:40:41 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "6C86EE78EB53949776A50B0C7C76BCBFABF83527"
Expires: Wed, 08 Feb 2023 20:00:00 GMT
Last-Modified: Wed, 08 Feb 2023 08:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1652
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79630fd8f95fb52d-OSL
bux.wellter.de/images/main-bg.jpg
104.21.4.139200 OK 838 kB URL HTTP/2 bux.wellter.de/images/main-bg.jpg
IP 104.21.4.139:0
File type JPEG image data, baseline, precision 8, 2560x1440, components 3\012- data
Size 838 kB (838330 bytes)
Hash ba5d619ee57cf5acc6ebee951a24e01a
a0627942a4e280318a098576257027078cbc40fc
ff5ca3b41fff989a535f80c1119cca50d67fa99c759545a3fc484cc8124cf836
GET /images/main-bg.jpg HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: image/jpeg
content-length: 838330
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-ccaba"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XYUTgtmcRCGvLBRZSepBmJmIh67F8jvrBZRXC5VyEyw0ywlCGFsA%2FPgslILPhBiL8fMzyWGbWo9VVEFfFt3QUaahOlHRyW2XSMwCcHLmFv7y3rdGpVsS2YUpJu0U9zGgZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd90eedb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP 142.250.74.131:0
Hash b8a69e5f808adea173eb9a32eeb09fe7
5418e3e1cbce7ab87d5a9f3950b712c9e79d8cb3
74eade23b7d595c3bedcccfa885ce57ec9ab3d3e5bf37129025d24e859be3d76
POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bux.wellter.de/images/panel-overlay.png
104.21.4.139200 OK 3.1 kB URL HTTP/2 bux.wellter.de/images/panel-overlay.png
IP 104.21.4.139:0
File type PNG image data, 960 x 661, 4-bit colormap, non-interlaced\012- data
Hash 2b026d93f79b384005e4252c80701791
87804a0d83d2e745b31526c8b60d026abecbe73a
b7a5d35c1c7be1953002244f054a14f38ed11912ad52d25a8e963774f7f52e0e
GET /images/panel-overlay.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: image/png
content-length: 3116
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-c2c"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZTpm4mtCl8AVYFagBCcV9ruhYS3HiTXyl%2BJUnKJoJQ%2BxAclP4Rsk1r%2FY0xS9%2BtBZGudtOBNqi8QycZEnGINGDf9ylXoER5AYVRDFAYl3fWq0VqgtXHX8h%2F%2BfJrU15wcTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd94f34b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
104.21.4.139200 OK 16 kB URL HTTP/2 bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
IP 104.21.4.139:0
File type ASCII text, with very long lines (701), with no line terminators
Hash da2204a870cb1cf5239f4cb8d5a54e73
1f21abcbf599cd78c13e60a7f8a68861891c9c6b
e176d5c8f1e34b7655db75393a7b0c84fca68f8bc9083fa6c302ede69dd28f24
GET /images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700 HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=773
etag: W/"5d9ca488-305"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EDf6NBCGGQSxWJva0oXefw6Wjmt0HP%2BBedncZ09u3bWaPG%2F9%2Fbaat%2Bc4zpMjIoUDS9cHjP9rBRtZDaK72K385uL4FXFs9ViCHDU6MsZcFms7v7c4qxyYFq5zSakW5cONg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd85e07b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/style.css
104.21.4.139200 OK 35 kB URL HTTP/2 bux.wellter.de/images/style.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (40387), with no line terminators
Hash 1c0560025b69e75b9c5cc46b3dc0cf65
f4f1f42efb71f8a1f6b8da21c13d505325ae032d
8cd235ec6dfa5ef3ebe40319ea6a7b743333e88bbbbd431fa0f968df78922a34
GET /images/style.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=50839
etag: W/"5d9ca488-c697"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uiaVocyIGoNLSvVid4Uw8eV%2FWNcI0j2XBviOEsQLB4I88ieg%2F9RJ%2BKTg6UDnrJI6kuLd7nglCWelSf0sgYmolQpum342ixKMrqAMNt42aUu36x7Tw9F87BZtrJZMjSJ0qw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e20b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/btn-img.png
104.21.4.139200 OK 2.0 kB URL HTTP/2 bux.wellter.de/images/btn-img.png
IP 104.21.4.139:0
File type PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash b750214f9a0276662f12acbbff0d37ce
65e094e10e2b933ab866a66b5f9b25321b99a0d1
db31dae896b9158c4d1c3f32525e6f63281fe9c671a5dc93236cac960013351b
GET /images/btn-img.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: image/png
content-length: 1977
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-7b9"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJ8S0N5KTFYugdkf1bqN1C6OHFd5wEJAQh4DG3AWayt89YOYAn4Y1OWpPhve5luv1OWfzIhlB4gfX2K1zytxu1z6NxSXQJG1bQT5BDtqlA%2FysmeXMbFLfdqPzZJjglmllg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd94f39b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/sweetalert2.min.css
104.21.4.139200 OK 3.4 kB URL HTTP/2 bux.wellter.de/images/sweetalert2.min.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (13988), with no line terminators
Hash 7ba57ba1250d38a61f064ebd1a742056
28e3e84281a145f6fe35987b746bf71ed7c0aaa8
7252641bc271399688693fc52d1218204d648af767641922ebe7936292b99d32
GET /images/sweetalert2.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-36a4"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Bu8rKW7dZ6NoOCTPfIJV7TDGpyNrfkbeJ8KZxZJSfv5Wmvjv9KhkNbNcC94CU8bCvQHSMwJh45A0XFNnNOhBhazZ0r%2F%2F3DvmmA7fk1OSC0XuXPPOmrmnZ1OSqx1wVKr1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd85e19b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/et-line.woff
104.21.4.139200 OK 55 kB URL HTTP/2 bux.wellter.de/images/et-line.woff
IP 104.21.4.139:0
File type Web Open Font Format, CFF, length 55220, version 1.0\012- data
Hash b01ff252761958325faab1535c90c87f
d33413e7bc42acc8837cc9030ca45d29c1ccf0c6
19d2f43d546ada73dd083f7778aa4a5cac1a8e7a3af56efccae580fce07a5e1c
Analyzer Verdict Alert fortinet Phishing
GET /images/et-line.woff HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/font-woff
content-length: 55220
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d7b4"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rBxOOHUnn5RxRt4Vb6LJIatF6IFShGr4JBFkLWtgJYGYRFYmC9mV7i7TViwotZt3ma5Ujn2kI%2FOnNFI5J3MR7dzvnoRAlfMWCBruqmCcEdxGbjiI1SQIPJ0kGKFdXzmgDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd94f3db4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/animate.css
104.21.4.139200 OK 4.4 kB URL HTTP/2 bux.wellter.de/images/animate.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (53418)
Hash dc1f8090e57ca67deb97bde0b42aa6dc
5107bbd5f120a00314244eddd7187d8be0a65e1f
c2503d71f9fd938d221d00b2a55f5ec8e9121c73bee8692f8f6a3e3f6176c2b6
GET /images/animate.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=68796
etag: W/"5d9ca488-10cbc"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5c%2FwBvHtvqDLF1uoCqH8ZWfl7m6EP6zaLM%2BvXuqWlPT8uk%2BFAI7RB6oP8MSOQiR8wHJWlXekAeZJzFkBxY33GGkW0Wjri50mEubY4kLpujCj%2FhpVZewqpcQ0JcbOUFNRhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd85e18b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5c88d3bea11b5e4ab55139b12afd6481
e6f6a45f9cad1fe06edbc5371887199387f51b5f
897d20199934381ef24f0c9c9d1738f5cc504b0ccd5d16005eeb8837955d3ff6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5531
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:41 GMT
Last-Modified: Wed, 08 Feb 2023 07:08:30 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf
216.58.207.227200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf
IP 216.58.207.227:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansRegular1.10;1ASC;OpenSans-RegularOpen Sans RegularVersion 1.10OpenSans-Regularhttp://ww\012- data
Hash 8c20320e2a77d984348f9e9aa7296b9d
0939a63b6a9982ab64f044dfc3a21dac2bca0499
0be48b762bdf588db02112492dfadcb3a098fad3ac5aa2ccc80568b799462c52
GET /s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17789
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 05:00:34 GMT
expires: Wed, 07 Feb 2024 05:00:34 GMT
cache-control: public, max-age=31536000
age: 99607
last-modified: Wed, 14 Jun 2017 16:46:31 GMT
content-type: font/ttf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bux.wellter.de/images/fancyselect.css
104.21.4.139200 OK 67 kB URL HTTP/2 bux.wellter.de/images/fancyselect.css
IP 104.21.4.139:0
File type ASCII text, with very long lines (3595), with no line terminators
Hash 77b2175ecb7512ca58e70ef9bf42fe0d
82727e343a3871ba8c01544d51d89f8d748256eb
7d1342a291b45ad58f3830382bcfc9284495aa3dc9240b079a12de2fe6bb3d67
GET /images/fancyselect.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4253
etag: W/"5d9ca488-109d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4H67S6ii5n2bfZD4DybAuqWSEJYA9EXuOHGMJxBs48CQ%2By2sQxU611KNCfT4k3%2FUMzLkUoSOb76TyN3PVzJuF%2BTD5l7LpyJNBNNLh9IcElECaLCtJK8kqdAUiTGia8G3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd85e1eb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf
216.58.207.227200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf
IP 216.58.207.227:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open Sans LightRegular1.10;1ASC;OpenSans-LightVersion 1.10OpenSans-Lighthttp://www.apache.org/li\012- data
Hash a69c5fa643b7208c4922909701e399ac
0560e8f641340a70d9c36b3d4106e42ac395f829
0a8b75177ccda56113a7a1bb9214c38276257846f9323226f74831f74ffc721f
GET /s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18391
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 07:35:31 GMT
expires: Sat, 03 Feb 2024 07:35:31 GMT
cache-control: public, max-age=31536000
age: 435910
last-modified: Wed, 14 Jun 2017 16:45:42 GMT
content-type: font/ttf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
216.58.207.227200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
IP 216.58.207.227:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansBold1.10;1ASC;OpenSans-BoldOpen Sans BoldVersion 1.10OpenSans-Boldhttp://www.apache.org\012- data
Hash 5498784000b038638befe230ea392271
efef80115bdabd927501563197827a7ae837a19f
5848ca5f4af491c37907f2e4cb0e240166572edc90615a96d4702f2dce34800b
GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 03:39:36 GMT
expires: Wed, 07 Feb 2024 03:39:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jun 2017 16:46:24 GMT
content-type: font/ttf
age: 104465
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5c88d3bea11b5e4ab55139b12afd6481
e6f6a45f9cad1fe06edbc5371887199387f51b5f
897d20199934381ef24f0c9c9d1738f5cc504b0ccd5d16005eeb8837955d3ff6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5531
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:41 GMT
Last-Modified: Wed, 08 Feb 2023 07:08:30 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3f3962ef574ee0069c41f7cbcabd1ef3
c4b6aefa8563432c5e5901488c38ae7da3c83fd7
9518b917cc6f0b1724d687d6aac4d8c1851d46949eeb4926acdb26a84728fdc0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 08:40:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a1d86c0ad2e32468f61d915e8ea3474c
3a6b7b7f26c1d57217677a52050b8241bc45ded4
f613f134e0bc497dfbb902d42f37402e09dfc9e3ed188f7a22f25803210caccf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F613F134E0BC497DFBB902D42F37402E09DFC9E3ED188F7A22F25803210CACCF"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2505
Expires: Wed, 08 Feb 2023 09:22:26 GMT
Date: Wed, 08 Feb 2023 08:40:41 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:36:24 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 537985140
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i2&@j1675845695050&@k4843371&@l2&@mRoblox%20Robux%20Generator%202022&@n0roblox-abx.js=nilasiong|template=Fastink.xml|nilasiong=bloxburghouse12k.blogspot.com|bloxburghouse12k.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Fbloxburghouse12k.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-98365984&@b3:1675845695&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd&@w
149.56.240.129200 OK 51 B URL HTTP/1.1 s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i2&@j1675845695050&@k4843371&@l2&@mRoblox%20Robux%20Generator%202022&@n0roblox-abx.js=nilasiong|template=Fastink.xml|nilasiong=bloxburghouse12k.blogspot.com|bloxburghouse12k.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Fbloxburghouse12k.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-98365984&@b3:1675845695&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd&@w
IP 149.56.240.129:0
File type ASCII text, with no line terminators
Hash 4d176d6d1edcbe6ffc3501a0603c5f4b
b56f8e64fd125975e5e453c4ef8fb68a2da1fb92
1082587a185d77c13838e8fea311b40e728c4c7230596e49ecf3f25822fac63f
GET /stats/0.php?4275781&@f16&@g1&@h1&@i2&@j1675845695050&@k4843371&@l2&@mRoblox%20Robux%20Generator%202022&@n0roblox-abx.js=nilasiong|template=Fastink.xml|nilasiong=bloxburghouse12k.blogspot.com|bloxburghouse12k.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Fbloxburghouse12k.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-98365984&@b3:1675845695&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 08:40:41 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i1abBvjQY4dXbxTHyy0Wxxn9PCvTO0YkAO8PS8kKA9Zl5TeiUEtErw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:49:59 GMT
age: 39048
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bux.wellter.de/images/com.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/com.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/com.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=17963
etag: W/"5d9ca488-462b"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDt4e1%2F8uFcbklqj%2FlT44h1aOtGNBZ9O1kq7%2B%2FdY30U2S11y%2FlPp%2Fsr1%2BHQyS%2BoHCBO0uLzZGTm4eaCG%2Fr5Sxy2Um8ktBiBgaesi7gEmyiEd3zYKkJiBSqDk5H0PDFeIxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd87e3eb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/scripts.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/scripts.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=225
etag: W/"5d9ca488-e1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xm83N9nUinpcNRB6RNk56mtnt78eusDnTj0dXkLzr8aIG2ABvP8x2rNPzubNp4HB%2BWen6uPnMIRC%2BzACk8yu8WDU%2BOa1c8A4K8Mx%2BaUKbVJFK78ot8hpqvLpFzYCw2tmPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd89e68b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/bootstrap.min.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/bootstrap.min.css
IP 104.21.4.139:0
GET /images/bootstrap.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-1d990"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQV6wuEekJBMqp0eYfPb83p%2Bmw6Xt8xRWVxcY%2FZBjtgM3EyJcJf%2F6UwNqcgCdGkodV8%2FwksRtUEBJLmHSc9M9z4%2BKMKYcv2TF1ZZEVPHvyhXoUhLYVVcYQASPkhw0hg%2BQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd85e16b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/fancyselect.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/fancyselect.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/fancyselect.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6778
etag: W/"5d9ca488-1a7a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2N3KrOygz6ARNeJYwQogxx5kW%2BytfONWWWfoUQiybZMLZjLvJ7rJiSZAwg7pn59J23fRfJrukMjxZFXuk7%2BvGqf6jtva0mzUVqFhcb57aMhZtI%2BbbtUMgvsvJhHvF4%2BRjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e37b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/form-scripts.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/form-scripts.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/form-scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1469
etag: W/"5d9ca488-5bd"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3AwQkkFnSljrMtm%2FEtkXWr4C9ACsUpBCoavzkiz5608VTEgV39wKRwGPS%2FSf7wBJ3EfythMctqYVVvaMKXFOhvqpOrRVzvAC9N%2F8xU0qoKOmeWoPtTGhyqgx3szDQ7H2aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd87e3fb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/main.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/main.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/main.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38451
etag: W/"5d9ca488-9633"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HnkUhqYD7%2Fukx01Yg%2FB3wXTwamQ5hkAVKbHXKVl9cKCf82fFyr9%2B0xNcU1lMxQR7gk7djk5A%2FXYlGZcZ%2FLcnk%2FQBuo8QMCI9I5Wys3rutO1X1%2Fk24TZsVQa%2BcKKZvrnSKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd89e66b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:40 GMT
content-type: text/html
last-modified: Mon, 27 Jun 2022 12:44:26 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SGn%2Fc3Z4NaKoAvxb%2BURiNV60vOQoZnFNvQDouKRunva0KfIbWGSGrnPp%2FcZVRIWoRmP8oL3e%2B%2BGyoKM1qsAmVZvMwYQ2KmgNxzO8qOPXvRAXzTRCegFWJ62PAh%2BtQj2a6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79630fd75cabb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/sweetalert2.min.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/sweetalert2.min.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/sweetalert2.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-4f51"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=36e9OQ4sDMNeo51XiryOnWREjx7RUd9FToO7cX2EJfSJodAcC1Z9EQa%2ByO%2FhlS9dDMgqZsrqxUmTycCgvi0ebZbA4htMC3%2BuRnqspACfN2eV01PRdgbm8MChl6rUrX7E%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd87e3ab4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery-3.2.1.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/jquery-3.2.1.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery-3.2.1.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=268039
etag: W/"5d9ca488-41707"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fd0fwCGoY2n93m5Kncngay4NWFzJmS8JEnANDSW2DErsl73VnX8vHyuTxhebHwgyUNAAigUcO18vcGmE5nR7RKyDBzIkK0kH9JW9H0QtHCLGNuDQUjhndBaQsOce1Pokow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e34b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery-ui.min.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/jquery-ui.min.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery-ui.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-30da8"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PIffLeOJ4C578%2BieY6uJ3h%2BwHhBQtGmYIZd1Kv7QFgxhqWobFxGmWTKamaY1tZZKM3egijpCOFCVzSBYD6FpUWQr7oXNs0N3s37YrKfSvE63IItVgIT229tnOqRWCnxqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e36b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/custom-css.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/custom-css.css
IP 104.21.4.139:0
GET /images/custom-css.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1790
etag: W/"5d9ca488-6fe"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PM960YnUK7nVgGrSOqwWZdIPJCT0Y4HiSp2XPSpJhl2bKCTZJoAqNfVYedwAvysJKviSxZrbQ6g2ouKq%2Fa%2BzVqxhG6rdJ8QHIWKd2QYrd1JooF6xHe5eMP5resLUoZ3ihw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd86e27b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/magnific-popup.css
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/magnific-popup.css
IP 104.21.4.139:0
GET /images/magnific-popup.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7946
etag: W/"5d9ca488-1f0a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NXezWIh1%2BXqfJXO03DYRK9MGQnUEY2IrD%2FWheeHqsK7A5wslv0ZPMInJ%2BelwFCf7iL%2FTK0kUdJP9DtTqPhCu79qglfc3VWbkh32%2Ft5QKWjTDv%2BUBrKyV2v2E1HCvMQcuLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd85e1cb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery.countto.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/jquery.countto.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery.countto.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3761
etag: W/"5d9ca488-eb1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z56N5uV7ESFKkJNt8SBWoAJOhld9KPtbQpNEwat7jKAgop8SY6pNKOc41Lm6e35iHmViNJ2BBp0RdFCtJvAm0C98lBB3ua7Tfn8%2B3bQmTODMciT1rpN%2BD%2FcB64klMFhxXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd87e39b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/validator.min.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/validator.min.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/validator.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-17a7"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ciCGXe9paA5PJ9yYUx1ofIz8QH%2FE5g2jiuTQ5XEBRDSLP8t7r3DLisFMXOb8i%2BFT71WkmxBMMBeGLRHpSFnjsRjWMkaPLwa395Ek4DdF60IOPrI145d3kAy4EXLrJ9lHnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd87e3bb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery.magnific-popup.min.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/jquery.magnific-popup.min.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery.magnific-popup.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-5297"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l29jNCJaKy%2BtQilC0ebhi3smXv6EJhyfUqRfQ0ZZgMNOwfJ65Bt%2Bz2els6shEDqhmyMvl6CWt3Jjb8AjQNnHNP%2FpzZU1tqGj39dUXXN2kmLdb40%2BCoHW43TItqxOWKbV0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd87e4db4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mtevor.com/cluster-v2/roblox-abx.js
172.96.187.226200 OK 0 B URL HTTP/2 mtevor.com/cluster-v2/roblox-abx.js
IP 172.96.187.226:0
GET /cluster-v2/roblox-abx.js HTTP/1.1
Host: mtevor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bloxburghouse12k.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: PHP/5.6.40
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 08:40:40 GMT
server: LiteSpeed
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
bux.wellter.de/images/sticky.js
104.21.4.139200 OK 0 B URL HTTP/2 bux.wellter.de/images/sticky.js
IP 104.21.4.139:0
Analyzer Verdict Alert fortinet Phishing
GET /images/sticky.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwibmlsYXNpb25nIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsIm5pbGFzaW9uZyIsImJsb3hidXJnaG91c2UxMmsuYmxvZ3Nwb3QuY29tIiwiYmxveGJ1cmdob3VzZTEyay5ibG9nc3BvdC5jb20iLCJkaXJlY3QiLCJyZWYiLCJkaXJlY3QiLCJ0YWdzIiwicm9ibG94LWFieC5qcyJd
Cookie: HstCfa4275781=1675840851679; HstCla4275781=1675840851679; HstCmu4275781=1675840851679; HstPn4275781=1; HstPt4275781=1; HstCnv4275781=1; HstCns4275781=1; c_ref_4275781=https%3A%2F%2Frobloxpincodesforrobux.blogspot.com%2F
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 08:40:41 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=20845
etag: W/"5d9ca488-516d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCxoDgTVIXE54ft5t9skSrxI1yKvAvo7besV4kjQJF9Nn6Krf935VaO6xcUAJ7oG1LEyW6ChGVkENyl4T47pUmTHB3d%2BToFIxhj8oUVvHd%2Bak7zmgBJZbHtKh5%2BN%2FO7tJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79630fd89e64b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2