r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cd2bda30513692aa11a672c6a599935d
a944c3aa26b461063194a4bb95ce427d23a32d03
d975d1eab40c9fe4986ae0675d79e4f982eb9c0e2f503ca72b3bdf0ec9e7dfdc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D975D1EAB40C9FE4986AE0675D79E4F982EB9C0E2F503CA72B3BDF0EC9E7DFDC"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7255
Expires: Wed, 28 Dec 2022 08:28:52 GMT
Date: Wed, 28 Dec 2022 06:27:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 78f1f94544ef06b96bb43283f59d100f
fa2f1a3730a98c6fa5ebf976143fb6093a7298be
889af22ee304adea2e23491acbc89ebdcaf322e8c45af2bebf7520e3e9b0a6a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "889AF22EE304ADEA2E23491ACBC89EBDCAF322E8C45AF2BEBF7520E3E9B0A6A9"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9645
Expires: Wed, 28 Dec 2022 09:08:42 GMT
Date: Wed, 28 Dec 2022 06:27:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 28 Dec 2022 05:46:45 GMT
content-type: application/json
age: 2473
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b2d59bdbb1ca6324590988ec031cf1fc
bfd4e25af37dcde4bac38d9b178c5ac8e50f8834
cef2180120ef42ff09d54577229c058d41d2c569d485f5a6dcfadc74bf8aa647
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEF2180120EF42FF09D54577229C058D41D2C569D485F5A6DCFADC74BF8AA647"
Last-Modified: Mon, 26 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4609
Expires: Wed, 28 Dec 2022 07:44:47 GMT
Date: Wed, 28 Dec 2022 06:27:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SH/OsGlcYjDelypgZ3i9PlygBYi23tLwuSVHdQ2KdU4CFTNzTWykLX3az/L/YV54USJaCUFJNEs=
x-amz-request-id: PKZP341J8MMT8S8B
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 28 Dec 2022 05:56:02 GMT
age: 1916
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Dec 2022 06:27:58 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 28 Dec 2022 05:33:30 GMT
age: 3268
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60b8396db0bbfa5f2ae7e34c9d04ebcc
50b6c68aa2b2a459315a9989f5d3e326e8ad5539
c10a1e0f984b121958a5cfa3b45b746db85d33c9073fcacb019d9bb27ef3b073
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4475
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 06:27:58 GMT
Etag: "63aab5ae-1d7"
Last-Modified: Wed, 28 Dec 2022 05:13:23 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.51.98101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.51.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YXstnpoc6uM7UMM85oT2cA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kx7b/bq8TuMpovVW6pal54vxFDk=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7265
Expires: Wed, 28 Dec 2022 08:29:05 GMT
Date: Wed, 28 Dec 2022 06:28:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7265
Expires: Wed, 28 Dec 2022 08:29:05 GMT
Date: Wed, 28 Dec 2022 06:28:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7265
Expires: Wed, 28 Dec 2022 08:29:05 GMT
Date: Wed, 28 Dec 2022 06:28:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7265
Expires: Wed, 28 Dec 2022 08:29:05 GMT
Date: Wed, 28 Dec 2022 06:28:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd238a41-5dd3-4a9e-80cd-17fdf75ee403.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd238a41-5dd3-4a9e-80cd-17fdf75ee403.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 50a3433c386a2d8435a10b572d986161
a97620796ae1a146e719f4a46e98c57a4af472ed
b4954da0a678a4df8c3dd7df0376c04c446fad03b94f6363938b29b0b58b782a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd238a41-5dd3-4a9e-80cd-17fdf75ee403.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5577
x-amzn-requestid: b9f47205-66da-4ef7-bf83-f237bd4dd9e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0ys9FYKoAMFwWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab64b9-5bcf6f3b23d1f2b1206c91cc;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:33:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BynwJdv-JV-UFO98M3C5ZZIJqbx7wVQkR6aJAgJHAzuDGih4D-Izug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:42:19 GMT
age: 31541
etag: "a97620796ae1a146e719f4a46e98c57a4af472ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffac3a45c-6654-466a-910d-050f33cd238a.webp
34.120.237.76200 OK 2.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffac3a45c-6654-466a-910d-050f33cd238a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edb931e5faecaf2acda7b007d68f7708
0b2d5a0b7fe7fd8bb658052b01fa8c6b88f6ab18
6acfdf458c4feac90ba5e4274b1cedeecd24b49ff757ddbf7cfcce9aa9ea6b1c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffac3a45c-6654-466a-910d-050f33cd238a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2838
x-amzn-requestid: 6fd84b82-c489-4b50-adb9-523866b4165b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d01DkFZvIAMFXFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab687d-40c9798a4944a1c0641d7390;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:49:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: G_9U0fMD0QOH6157LGtKDxJiS7ob5b6WW9PTgPfUAnOucgENDDOhdA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:59:54 GMT
age: 30486
etag: "0b2d5a0b7fe7fd8bb658052b01fa8c6b88f6ab18"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F346e7d95-abf9-4783-baa6-85137bb9cc29.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F346e7d95-abf9-4783-baa6-85137bb9cc29.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ab36b0d168174ef2d960be9810fdb2d
7c8a7415cab3ef88b5d1204af214a687b1676dda
a1d842fd02273603db0090d34c317d7a3ce3e5f00f29271d45fc4ed6d09ee21e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F346e7d95-abf9-4783-baa6-85137bb9cc29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7817
x-amzn-requestid: 21a68509-6fec-48b3-8bce-fb2ebfab3289
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0yuCEVwIAMFUrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab64c0-5e23ceec731631d93e01e2c8;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:33:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1F1os87usGl0yMWsHxFZsVnrbmjJKydPf4ZXL4xsXjHau3fAS9Nf1Q==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:44:42 GMT
age: 31398
etag: "7c8a7415cab3ef88b5d1204af214a687b1676dda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b970ffab86fbe4a36726473524096ed1
92bc9a2cc454608eae4e310456f2ec180d4ccdca
9d9377466c1d69d25cbde0092dbebb8579ba3f172a001e3068690c7d7efc779c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9103
x-amzn-requestid: d35b52dd-fc72-47ca-8232-00e48cd6d209
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0z_EEruIAMFlQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab66c6-574a052f67683ba238966de5;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:42:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ohxADRAP902PofikgbhHb6N0yLainQlafqatm4eBQ1u5DHGr1r15Fg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:42:30 GMT
etag: "92bc9a2cc454608eae4e310456f2ec180d4ccdca"
content-type: image/jpeg
age: 31530
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83f96cfd-e656-4dfd-8a5e-c652f4aba467.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83f96cfd-e656-4dfd-8a5e-c652f4aba467.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 04ff669d78aa3b124777ed831dd75388
25a931a0c81b4cba304a1fd5c16c22fae2d1406b
df6dd60216b8005bece1f984af8ec5d857e04071c381f6ded1573ecb21c2d94a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83f96cfd-e656-4dfd-8a5e-c652f4aba467.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6372
x-amzn-requestid: 655f5e8f-4012-416c-935d-cd7f9d450061
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfXYGEUoAMFixw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa1295-5db4e5ce1016e3ab2bce1d21;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aCp_KcBesuyrbEXSeudG3_FXf0YY7c-zU3bbaVsSyCrs2QY8SQJp8Q==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 06:06:20 GMT
age: 1300
etag: "25a931a0c81b4cba304a1fd5c16c22fae2d1406b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F253147ed-dcee-41da-a58c-55d53457a842.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F253147ed-dcee-41da-a58c-55d53457a842.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70d7cfb90c78f9b238295103b092aa8c
69816b18c05ae710964cc2208f7eb87551f61786
85b651431437dbbba0a1b63f2c44fe07267f0ea8a71aaf77ab2b06d75470fc6a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F253147ed-dcee-41da-a58c-55d53457a842.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9589
x-amzn-requestid: 3fc23f08-db79-4d18-a518-50969103d1a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0ys7HyxIAMFeHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab64b8-6f12d8b74ee6b06d2a515ccc;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:33:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K6F8WXsXNIzutG56MlJOTPbwKhe35CFvHM-b5n3bSO0vCabUhKMtGg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:51:05 GMT
age: 31015
etag: "69816b18c05ae710964cc2208f7eb87551f61786"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
shot.buythree.bar/
172.67.138.25200 OK 8.6 kB IP 172.67.138.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4197), with CRLF, LF line terminators
Hash dded2e7c5154c18d694e26855dbe8612
308a86ae2653a5830c2046194c08366ae7d849c3
c5e9c656f9887267fe67290877060933b2cbf23cc69c4dc59b52fed7a58e9248
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 06:28:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: zenid=pq5tij5jl6umo067i5nmr04rl3; path=/; domain=.shot.buythree.bar; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dBlaNg%2BSJtjlWUQ%2BzVXM6yju%2FwAUL3fFLsgIKDgGpqApbjnvoFvdK9V9GdtGRVtEPb4NWaOpErNN8y9EArJbaTX7ESZ6BnQcunu31MhjG%2BaVf%2BmMW7lvZi%2FpWXZzN9pG4eFsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78083bae0e9db4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
IP 142.250.74.131:0
Hash 4fe94ed8d3df124b8bcb9dfb20bd7203
306b97cfb2029a91e31d669f787a66a07b95bf60
943025a470825ff3f03e596e679646aa0c64735f36b948967b23402d11811594
POST /s/gts1p5/oqNSXDbFjvs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 06:28:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
IP 142.250.74.131:0
Hash 4fe94ed8d3df124b8bcb9dfb20bd7203
306b97cfb2029a91e31d669f787a66a07b95bf60
943025a470825ff3f03e596e679646aa0c64735f36b948967b23402d11811594
POST /s/gts1p5/oqNSXDbFjvs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 06:28:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
IP 142.250.74.131:0
Hash 4fe94ed8d3df124b8bcb9dfb20bd7203
306b97cfb2029a91e31d669f787a66a07b95bf60
943025a470825ff3f03e596e679646aa0c64735f36b948967b23402d11811594
POST /s/gts1p5/oqNSXDbFjvs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 06:28:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
IP 142.250.74.131:0
Hash 4fe94ed8d3df124b8bcb9dfb20bd7203
306b97cfb2029a91e31d669f787a66a07b95bf60
943025a470825ff3f03e596e679646aa0c64735f36b948967b23402d11811594
POST /s/gts1p5/oqNSXDbFjvs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 06:28:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
IP 142.250.74.131:0
Hash 4fe94ed8d3df124b8bcb9dfb20bd7203
306b97cfb2029a91e31d669f787a66a07b95bf60
943025a470825ff3f03e596e679646aa0c64735f36b948967b23402d11811594
POST /s/gts1p5/oqNSXDbFjvs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 06:28:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shot.buythree.bar/includes/templates/lw_a32/images/rank_1.gif
172.67.138.25200 OK 2.0 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/rank_1.gif
IP 172.67.138.25:0
File type GIF image data, version 89a, 100 x 39\012- data
Hash c9c1a377b2465fa88eb90f7f21fc4943
c329224a6ff30a92cb75e8d055d12185c30b54c6
0362db86a76badda7ca8dec6954d760c2bfe7b5c3e438682ff3213926d5a5c08
GET /includes/templates/lw_a32/images/rank_1.gif HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/gif
content-length: 2024
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-7e8"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uq8Ra1V%2F6fEsbQg%2FLpixlRiLKmFlDV44ftV90aI2S8YAN9vyudBMFcQO%2BXhCLAgLam%2FB97l7pgUJ8zzgx53yBYfhfJSHXn8%2BtDxOURsdulDrdgfvZgnK1%2Fx4ifQa7Y223qZOdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc32d8a0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/logo.png
172.67.138.25200 OK 9.7 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/logo.png
IP 172.67.138.25:0
File type PNG image data, 600 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c34917cce6723bcbdbd5da83d03723c
332a131c8311325272441f4fc418217e5f5d57b5
46700e3bb675b014cf206031a5b9883731f8f9ccc945ab16a0028fc184f01325
GET /includes/templates/lw_a32/images/logo.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 9692
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-25dc"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HV72I6uaz%2Bsglp23CE4NYuZpLu4Dno1YiByyZBOZIQFfMDrygdQXpE96K2yM04HKiN9AM30n7bDFriywU6eVdSY8kWJ%2BQDSUeq2AyiLgH8qccSjj6jVt01vetq6GuJxDMBJzaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc32d860b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/rank_2.gif
172.67.138.25200 OK 605 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/rank_2.gif
IP 172.67.138.25:0
File type GIF image data, version 89a, 100 x 39\012- data
Hash 8192f534aa798503e77cbf8e2eb15d57
24e72796481cfd7395cd43cdeb09edad3cf8446b
3616bc7d39ef97ce96d225530cc04796a283dabf239d3be97a21437f120832b9
GET /includes/templates/lw_a32/images/rank_2.gif HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/gif
content-length: 605
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-25d"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uggmmNAhMNID01r7bkfst%2FjCLEQcwjrwZmHDOk0CBrx36ymZx653CaadSwYOdn8MChQy8Cv6CVHLk%2BGlFgSjV%2B6uo3DgFAnEGG%2BykHwSxwKd9axzqBAlYFkb6DJNO4UUSe7MVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33d8c0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/oqNSXDbFjvs
IP 142.250.74.131:0
Hash 4fe94ed8d3df124b8bcb9dfb20bd7203
306b97cfb2029a91e31d669f787a66a07b95bf60
943025a470825ff3f03e596e679646aa0c64735f36b948967b23402d11811594
POST /s/gts1p5/oqNSXDbFjvs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 06:28:01 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shot.buythree.bar/includes/templates/lw_a32/images/gf_freedeli2.jpg
172.67.138.25200 OK 25 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/gf_freedeli2.jpg
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 474x120, components 3\012- data
Hash 4c0b6ba64d55e14bd52136b246e68e33
dd98c70814a14a1399ea2f28f6e5ecebfc2f0acd
a06fe74ac37b13eb9372297041d9ccb3dbf9f10df52df26b4a63ec934e6dcfb2
GET /includes/templates/lw_a32/images/gf_freedeli2.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/jpeg
content-length: 24825
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-60f9"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqvj%2FnqqS2wvGIGWkrWS4%2Ff1vujwxnaE7phM63sYpBVmwA97HXFp0X9eJZMxzDgC3wJ1YpLCIfp2gxjJKDtDMUGyn6s0Rfbu1BZ4dm761ZClujZfzn1yH2VBAVULgZeLKRLaLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc32d880b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/down.jpg
172.67.138.25200 OK 35 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/down.jpg
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2021:05:27 11:34:17], baseline, precision 8, 600x120, components 3\012- data
Hash 677018a5c359351471c1cdd4d2633a89
f88b241b8faa9a364798668f9cd7ec23b192ea9e
55282d8dce73f1d3cae176ac0673f831166730ab1b2e8b6b355fdd77b5520220
GET /includes/templates/lw_a32/images/down.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/jpeg
content-length: 35217
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-8991"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7C%2B6T8hOBLsjBd55vDgRl9DiEhJxVLCAakdq36Ea8I7lmSh15GXY5R%2Fb8GnjEcuP50pSZCbVmQei6MqDdqVpaZVa%2BT5C4oSyesbWoSJD1Jls%2FuRpERNg21dGEc2ggXzygLDkOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc32d870b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-shipping.png
172.67.138.25200 OK 20 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-shipping.png
IP 172.67.138.25:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 312c0785edd7e59c81636334c05b2759
014c2b21fa1ea8a457a0b8027c427ae761c236e7
81ee56e2de839432c2d91faded3d4d0bb1cbf22edb8064f1c138e90108f08dae
GET /includes/templates/lw_a32/images/footer-icon-shipping.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 19906
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-4dc2"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNKBcR3nSHmZMQGGpiXptt8RYJb%2BvKp2IB5hWNk1zMo2meWEeti3I4%2FbB6MjIPnlp9xyzgz6Jo%2FBqKICBY9yA9OJ%2FWbKJhK1PMl%2B88vs%2Fjga0V7%2FeMp%2BM%2BWTJNqHwDNAi7vs3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33da80b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-return.png
172.67.138.25200 OK 19 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-return.png
IP 172.67.138.25:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash d081fc477fa5126ff3130d625376024c
4746477d39b90542109a79850141c0e903e8ddfd
d181983bfd79627013b15a0a70ff30db1999b465865b052cb435476b19f9fb7f
GET /includes/templates/lw_a32/images/footer-icon-return.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 18993
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-4a31"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OERB3GWMsEu%2FczD0lqguR2uD%2FyMduMNB2OgA09CG2FYPkiinOqqbirLFAfD4SpZXU3sHrrVR2TDeP1uJJGI9KWiDPYlOKKXmqmfL26Wm5bXAEhgvPXLvbfcmE95fSsZA3ddmxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33da70b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-pay.png
172.67.138.25200 OK 21 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-pay.png
IP 172.67.138.25:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 350602e85bf3f5e398bc23a1a42837b0
951c76c851b8faaa677ae7eb9780f1d25c8fc717
58e6040a9c2c9ef665fff2c79e4b0ebde3af2ddcc04af1b94cd80e047464c47f
GET /includes/templates/lw_a32/images/footer-icon-pay.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 20731
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-50fb"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gRE3ofRUdGtvmYkIJRQngihUyq9WU2tUvUBPqM6m71zegcdgLsxd20DC2WJoW1zLUmHcWoUxLAy4BygxpWtmDBxFVWcgHMaqHnKxNJQ4I7oG1bQ1AMybwgJAMg%2Fe%2Fqs69UHX%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33daa0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-onoff.png
172.67.138.25200 OK 23 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-onoff.png
IP 172.67.138.25:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 6123c7feb75a3c7da4b3a27823c4e553
1420b1d26af4ced92e9be5f576b4868a9fea04a3
ef7e18edb6acca77e6ac3ff6e0f5b468bd69b5ccecb847539627ce36f6d2f76c
GET /includes/templates/lw_a32/images/footer-icon-onoff.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 23025
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-59f1"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQ9limHGmvb5x2C990mnTvVOJq7BwncghNDumUUMHg3pPwz4EuROnfxYkRfa1Mj%2BWWYWFWRaWh4Yz9X8pfiXHWME%2BuiB5EoEdIFJOD05gtdO3hYSogG3kmBwEAx9U7brSXnO%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33da90b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-qna.png
172.67.138.25200 OK 20 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-qna.png
IP 172.67.138.25:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash e126def98267881f46160041fddcd283
b8f207b6e9a190c180422b99e0fb4ac4c83cd86d
b66849e3a8aebe6e23e4f8348f1f77155e6a96bb744b68d88e35ffcd80806a59
GET /includes/templates/lw_a32/images/footer-icon-qna.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 20517
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-5025"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dE3T1g%2F4gR4iDSEW2loLv28V5A23hbVgBHojWUN%2FoXv4TFGPaeFI7KjZT5VP5aPlSmYsFMHWLrGs9b57CLXEaIYS%2BVUpSaYmLrCiaavVygl%2B4QFSTVlfEv0wQaoviLhxLGSmDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33dab0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-userinfo.png
172.67.138.25200 OK 21 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/footer-icon-userinfo.png
IP 172.67.138.25:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 282776802dbe54ad44ef05a0231549b8
abd3240c130f6453aeefa78b9604766c52a85e7f
187fcf1d9346330a0b57ddc24ec15a8982a4bebbfa1d51de001d8eea7029314e
GET /includes/templates/lw_a32/images/footer-icon-userinfo.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 20729
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-50f9"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9Ae7FuaH%2BW%2BhAQI%2FldZCsS99XF89PusCjk7yv13XKHCtNVmiAw18i37oRjFYbP%2Fim30ut2I8y9yjFEiJz3jY7x1SFFSA%2BVDX5rNxUOd%2BSQXK9Sh30spAgz5Rynt%2BykxWRs2IQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33dac0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/mv_pc.jpg
172.67.138.25200 OK 58 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/mv_pc.jpg
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1038x270, components 3\012- data
Hash 2a5786725370da88a653eecd80000c30
7f787809c9ccc7acdf320cf1acc8ce85fd1721b3
1849785d21f27bc77620f2181efa9cf93de5a95b0b7261da7bf6a1e1b560174e
GET /includes/templates/lw_a32/images/mv_pc.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/jpeg
content-length: 57590
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-e0f6"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hX4tP5iSfLsFx0tCcFPAHUNb4spc55AdabA91F6UNSTxRHsj8HxJK4KpxSmSgxsp220%2FSf5jDS%2BJvX0SPIbLzE4HuvkkWTABf1Hbd5tR6ocIbyobhu4EGJOWaOzSIrYpZN9IQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc32d890b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/news_01.jpg
172.67.138.25200 OK 96 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/news_01.jpg
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1040x1040, components 3\012- data
Hash 43dd8cac23bdd8859c31ef91d6f2d26c
0b334115f3d14d49640c9421ef956fd32de06ee6
94dbf3b21095908f55312b5f4a3b1df6962982afe9d0bc407cfd905e6829959f
GET /includes/templates/lw_a32/images/news_01.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/jpeg
content-length: 96527
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-1790f"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNDVRzbtbNFAe5jfbgi8Djk7hW3C9S%2FnQ7PleKYecjZRH5ty1ldg1NrPfcXcE%2B9ByncztC1RLfypsz5ME4SY%2BTXftXbDMtAjngNCzL%2Fig%2BPOChCiPeqYzDEm8lAs%2FYxZ8mLytw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33d8e0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/gflist.png
172.67.138.25200 OK 1.3 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/gflist.png
IP 172.67.138.25:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash c705ca442bd5ed4249d797ff9c1e08f8
23590302b0f016cdb38d0a1c79a9cf199fd8fddb
634757d8eaaafaaba9c2fcd1988e41b4291781d28b13a8f2a0be988198d21faa
GET /includes/templates/lw_a32/images/gflist.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_tm.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 1345
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-541"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdWjjsUWEsOs4woQUZlP6PTIbtGkvduCeN%2BD7mzI5UlYc4JI82LNawhpjioFuJCyGPpLjL6KkeHwdcPtxarKUJ1cW9BJBmIC3OpZcLZ1vQigpSRyGGpf4TkrNcuRQ3G4GuG2sw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc56e5d0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/news_03.jpg
172.67.138.25200 OK 174 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/news_03.jpg
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 1040x1040, components 3\012- data
Size 174 kB (173851 bytes)
Hash 9abeb46f20bc23e2fe70099ec64057ad
0994dbf6f369accde555f0c087578038f3d899db
54f493cf63fde3fce1f07f97a34e65a38582f9ce000333dc3ef035a09cd6dd5a
GET /includes/templates/lw_a32/images/news_03.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/jpeg
content-length: 173851
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-2a71b"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgNysmmTCqLrK7Dp%2FENZ7BdH4gyFdSovIKmmqdzvIl8%2BOd20dniC5dHVaOZnuyWoGJt9fzMx6B7A%2FrfOIrKQcPAdsZCF8XKmHcC71iAnwRKumP8bahIpwbAn6pOl82Bb0LF1Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33d910b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/bg4.jpg
172.67.138.25200 OK 146 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/bg4.jpg
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1226x563, components 3\012- data
Size 146 kB (146215 bytes)
Hash 97317c3b38a3f3ec63c7ece1ce3a312d
3742d3a1f8c944e5826c457ef042158a0c7c4812
1a7907f83ba912a80094e352974593750a0aca3c87a5db3b1cc04193b657d1fc
GET /includes/templates/lw_a32/images/bg4.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/jpeg
content-length: 146215
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-23b27"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbr1Fl2lj6nyEay0NBo5RvIz7HPLXCU0E%2Fo6sG6gDu4RXzGxmRjX2ebQ7WyYa96VB5XL9s6D2x0Kj%2BiuY%2B2mYKkB8N6bMKcVoB1cLdZosndYDqxqofkY1PMOQPCD%2FaIMPFs8Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33da60b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/gfnavi_bg.png
172.67.138.25200 OK 1.2 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/gfnavi_bg.png
IP 172.67.138.25:0
File type PNG image data, 189 x 64, 8-bit/color RGB, non-interlaced\012- data
Hash 5ea7228bef8c6155297de7caa8f7b464
5d225d5df13a5ede84df80d905457085925d937a
de0616cd0a538e7c6443bd90684d63f0babbaa9fc80ad7be21fe647076d0507e
GET /includes/templates/lw_a32/images/gfnavi_bg.png HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_tm.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/png
content-length: 1168
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-490"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBgyEfq%2F%2FEaEttLlYolKdBkWQzs3ewjKwNyhaTJYFeI5H1dPFh7I70HL5tvmLYpeHkwo7T7A%2BEmEoz64euIosBqMv1K1v%2BFQb75BMF2%2FoCdgQ8DsXvTf4J9vDDNaPRiEx522GA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc55e5a0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/news_02.jpg
172.67.138.25200 OK 371 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/news_02.jpg
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1040x1040, components 3\012- data
Size 371 kB (371300 bytes)
Hash 07bf3445dc2a95dd7d1ef8edb3bc15ff
efdc9b0e95af08afee4f2d9ad60eda679b5a3b76
a4e3f3bbd4754b7d6508413dbaaa6a2a18ec8c7d3068a5eda737f8dce45c5f49
GET /includes/templates/lw_a32/images/news_02.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: image/jpeg
content-length: 371300
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-5aa64"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=seXzP2nGMLDapJY0ZmbB5%2F0eip%2FKfQunHDIA9xgjo9tH0DPHX0npVaTQI2dY82UroQo4uHjXrCe0hFr5UHyO0O7NrdMifeKAucxZ21IxTHSGva4HOuWUwtOQQdKQeGzjexwwlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc33d8f0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/images/aku.jpg
172.67.138.25200 OK 62 kB URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/images/aku.jpg
IP 172.67.138.25:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 335x200, components 3\012- data
Hash 5c553e1f28c1d4370efcc48fd6fb8584
575e1bafdebe28943f85f952df054f4417112ed0
8472416261dafc2d5508f6bcfaf4bff91b54fd58108b8963c606bdd2c3fab4ad
GET /includes/templates/lw_a32/images/aku.jpg HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_tm.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpeg
content-length: 61609
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
etag: "63749f16-f0a9"
expires: Fri, 27 Jan 2023 06:28:01 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVkTFidNidwgZ8Q3Q94Bf7Tm3b38otOaQwk1GGu2DJT%2B1wXAz%2FrZoa%2FgvcA89ubUF80IoOEDDTNxIl7%2B%2FfKfhHA9acCUVfZqkESZmgJyYOIOXgCc0R3yPgvKiYiZMuqJPxrguw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78083bc55e590b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZXhhbGZhLWltcG9ydC1kaXZfYjA4cjVyM3ZyMw==
172.67.138.25200 OK 29 kB URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZXhhbGZhLWltcG9ydC1kaXZfYjA4cjVyM3ZyMw==
IP 172.67.138.25:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3\012- data
Hash 9121fc712659a9d8ebdf73844cdb1df0
3ce064d0e70dc0cb1a36ab21bd69fd761d02e286
073f634e8649790763805eff6398ab01e11eeb7714d9b8ddd51200e3e049f393
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZXhhbGZhLWltcG9ydC1kaXZfYjA4cjVyM3ZyMw== HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WI%2Ft7YAm8TGnJ4eifGFgbwIsYb153WIQg17nsZIQOoSy%2BKBFrRQ%2FCnubDuq7V6jWBRWeFHwNTPm0w7UKpCL1BPmx6gSe9ygoSbbMyo2ITbr13HH3Xch1Ldvg2Xb%2Fas2lAJnGCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d980b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/css/style_categories.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/css/style_categories.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/css/style_categories.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-6cd"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5sw5secdSh22yQ4tHNw2926BV785c5mKsYOLCJVVDZCu1IH6iN1WUakEysBoiG0karkvgC0tYYrGJKlJckdPOJkWOGT8oIBuvr3DhhKjpQefwZ%2B72GiolDY7s75%2B1bLa9W7oSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33dae0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/css/stylesheet.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/css/stylesheet.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/css/stylesheet.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-372d"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6TkRTwkX5Be9EKDYtghusGY8VGDv%2BwVt4BUEnxIZ1J%2FjDQaHhDpe6QtppNO22W5Bo3gZz7v58rSARXRMqBK9uFbhmLyImiXnJz8Au6co2DDkG%2FNhOoin9mO%2BwDtrLDcEx5tBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33daf0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZS1oYWthcnVfZnM3MjJsMzAtZnVzby15MTM5NDc5
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZS1oYWthcnVfZnM3MjJsMzAtZnVzby15MTM5NDc5
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZS1oYWthcnVfZnM3MjJsMzAtZnVzby15MTM5NDc5 HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcDFKwQsbatz6xG%2BeczCMfe2owZ9dSWgJvG7Zedt2aYK%2Bn4%2BcJFsL2lQwadDyLn7VCyvGaYxVR8JhqysASr%2FQ447HWHPQHwKW%2B8yhOBUT%2Bv8S%2BHsJMZp99fQko%2FpziShtbAC6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d9b0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vdHJhZnN0b3JlXzE2MDQ5OTU1ODg3X2lfMjAyMjEwMTQyMTA4Mzk=
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vdHJhZnN0b3JlXzE2MDQ5OTU1ODg3X2lfMjAyMjEwMTQyMTA4Mzk=
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vdHJhZnN0b3JlXzE2MDQ5OTU1ODg3X2lfMjAyMjEwMTQyMTA4Mzk= HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8f59CvUbwLchbEd3e0nsYtHzNLZLD2WhCgLfOWaAAnCZZB%2FE7yRklCHmndF2wo4pG2cVGwbLUehIr1gCggYTJXh8SVDmdm4vMcnyVlDR6x%2FuaFCGZskJJZ259xnKnZvvNA%2BxEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d970b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZ2FkZ2V0LXRhY2tfZS1obHMtMTg0NWhwX2lfMjAyMjA3MjgxNjMxMjE=
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZ2FkZ2V0LXRhY2tfZS1obHMtMTg0NWhwX2lfMjAyMjA3MjgxNjMxMjE=
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vZ2FkZ2V0LXRhY2tfZS1obHMtMTg0NWhwX2lfMjAyMjA3MjgxNjMxMjE= HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tE3YCAT9UXZ4f3yREZduwiHtLd1FFgkJG9dEB7qLV1TQNeKZZZtfK5uBfMrFQGfdyeOU5zxuJnFzWqAD8uZkCv9rq%2Ffawx6fOTVnZFe8VcQL0nWrXvcE9TfUGgvm%2BaZtPdHCQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33da30b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vanl1dXNldHN1LWRvX2t2ay13azcwMDAxMzM1
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vanl1dXNldHN1LWRvX2t2ay13azcwMDAxMzM1
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vanl1dXNldHN1LWRvX2t2ay13azcwMDAxMzM1 HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9co%2BQQ%2B1gNVpxriNat1qkcciDvvvfzlhxFPV2OVu5hLzaCRB3ZnkPsRipvJvSp4dsRfItVcUymo6nkxzU5Z6XCmMMGAc3ci%2BpbP%2Blg6yFuJQYQR3VC3egOAgEIJIRkCj7zO2lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d960b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24va2FrYXN0b3JlMTExX3Zpc3VhbC1zdHVkaW8tZW50ZXJwcmlzZS0yMDIy
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24va2FrYXN0b3JlMTExX3Zpc3VhbC1zdHVkaW8tZW50ZXJwcmlzZS0yMDIy
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24va2FrYXN0b3JlMTExX3Zpc3VhbC1zdHVkaW8tZW50ZXJwcmlzZS0yMDIy HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nu4mUPVo7GZqPzcFm%2BtTVncrxXX5ILJ4CObBYQvauQIPpkiIfFPXCC5I%2FiDRGqxpDtBPdb1CbOubhH3HYm4pKQAPzCgqFKmrYN%2FDq5r%2BxjsULAqDQVT2MOjWvpz8J7KshK0g9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d950b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vd2l6a2tfYS1iMDlydjU5OW4xLTIwMjIxMDEzX2lfMjAyMjEwMTMyMjI3MzY=
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vd2l6a2tfYS1iMDlydjU5OW4xLTIwMjIxMDEzX2lfMjAyMjEwMTMyMjI3MzY=
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vd2l6a2tfYS1iMDlydjU5OW4xLTIwMjIxMDEzX2lfMjAyMjEwMTMyMjI3MzY= HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmUyP2QbOHy%2BrHF6JSJ%2FCMvmn5oLECIzKaozdYvV%2FRuf8x6Qw7wrHN7PkBSXEi4E93utCratmL2IECUhsumi8TLYnZHr%2FJ9pBkflNDDj2UG8pMq53r8np68jUVer88fnq3%2FXtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33da40b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24va291Z3VyYWt1aWNoaV80Nzg2NjM3
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24va291Z3VyYWt1aWNoaV80Nzg2NjM3
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24va291Z3VyYWt1aWNoaV80Nzg2NjM3 HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuME%2FXbWgCmEMvCCc0RPkc6viWjLbpa%2B1y3SV5IpoNcNlR95uQgn2m9orq2CUVOaJwpW3odGwYEjwvJb8vtHVKpuDhE5ZXFuUZ%2Fi74QSYulg3hxOlWmhtNhUzvSVtHYiYcacsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d920b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24veWFua29jaGlfMjAyMjA5MDYxNDAxNDEtMDAwNzdfaV8yMDIyMDkwNjE0MDcxNw==
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24veWFua29jaGlfMjAyMjA5MDYxNDAxNDEtMDAwNzdfaV8yMDIyMDkwNjE0MDcxNw==
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24veWFua29jaGlfMjAyMjA5MDYxNDAxNDEtMDAwNzdfaV8yMDIyMDkwNjE0MDcxNw== HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZW51NPmmLNmD3lYu59Mu6Wx9QqMlj4HinMxKqj6%2FCGTwQJ4eIj%2FqWsA3yHzXud7b6I61DRxSVZaJWl3o1Hi%2BgBt4EA%2BlX3HIoVyenXY0CYGqDEujLp6KyC3rgE9mZiRj7Oahw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d9f0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_related.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_related.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/css/stylesheet_related.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-80e"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7535nwRCIUtT5PoXMaINWeLJeSkY%2Fg8laSol124LP2UHewhrkXdbc2X4drdHLrHoQ%2FsvRr0xTpOpIGpDcdq1BvSZMJcnk2joMEHqWg%2FLRtNfo7m5Yk0%2FUqhsJ4EQ2%2BV7A8SH3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc32d840b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYmVzdC1kZW5raV80MDkxNzMxMDEwX2lfMjAyMjA4MjMwOTA2MzU=
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYmVzdC1kZW5raV80MDkxNzMxMDEwX2lfMjAyMjA4MjMwOTA2MzU=
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYmVzdC1kZW5raV80MDkxNzMxMDEwX2lfMjAyMjA4MjMwOTA2MzU= HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zaR9GwjlV3VC2cvUPpeoY7YmBLbxpOfSZrk4pt%2Bc6UeeNTuHRAq6RLT1edJJupb0O%2BHG1gUhVHVpmPlfrgy0J%2BB5%2BwDQi6gGTSDRCstzPqdxH8pfsov%2B2o7h%2F2eZBX9donXOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d8d0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vbWFuaWFjcy1zaG9wX3BkLTAxNjIzMjY0
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vbWFuaWFjcy1zaG9wX3BkLTAxNjIzMjY0
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vbWFuaWFjcy1zaG9wX3BkLTAxNjIzMjY0 HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5neIjQ8lo6pwDvQjMwVP4wraNYrR9YI2v6Uwt%2FTp8yCg6KUx%2FemU48Aktj3VpOx3JlHuDTQddHNsdEcyLkqdTBaWIlwcqy1ew9KqEjnW%2FwXhk1P2P5X84x8p37vm96tv4BEWeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d990b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaWRlYWxlXzAxMDEwMDU2
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaWRlYWxlXzAxMDEwMDU2
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaWRlYWxlXzAxMDEwMDU2 HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fVV1vSwbo99XFn7sJmRyw5m2ALBBFfILg1ETOlpTDjuiqS6PMAtUCKVk9vDOUI%2Fa01BVagFs59OkGWTHbleqoQk7QDrdOdXxHWVdjS6UhKuDWDXVjBiDj%2FkXh2biEiAG4S46A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33da00b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYWdyaXpfaXdkLTk4MDQwLTIwcw==
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYWdyaXpfaXdkLTk4MDQwLTIwcw==
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYWdyaXpfaXdkLTk4MDQwLTIwcw== HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IIZ4CI6V2sYxM3Vyrm3GSphFZGB9K0uMcbL1Nsq0YnBU579ydvkpgJJhAlhlIe7rVA8q9xrqMuaNcSWjYhaYiVxOcp35av4F2zuVuNeRFXSX92nhCBHbHRfGBqrPDBzXgJJ4hw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d9d0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaWVzdG9yZV9teS03NTFyZi1zaV9pXzIwMjIwODA4MTc0OTU0
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaWVzdG9yZV9teS03NTFyZi1zaV9pXzIwMjIwODA4MTc0OTU0
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaWVzdG9yZV9teS03NTFyZi1zaV9pXzIwMjIwODA4MTc0OTU0 HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cn2UJ8%2FHaUssBWITCQvlB0HpDn%2BM4SB8A72VOOBu%2Bez36MtYQ870NPJdKhvLwNT%2BWSOfnxjFqmouzRm%2FUVGh1llFznzaCnwRJVG4YguXMEgEhhBtrPLTOVamNu%2BETkcjMeU47g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33da50b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYnJlYWtvdXRfaGVhZC1nZW5pdXMtYm9hcg==
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYnJlYWtvdXRfaGVhZC1nZW5pdXMtYm9hcg==
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vYnJlYWtvdXRfaGVhZC1nZW5pdXMtYm9hcg== HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fal8e1b1BVC0sY6JVhEnKpTqfoycd0r1DkmpAP%2FMEUPk4GyIYleH9SVMxCGJZPAAkvtr7j6ODire%2Fjb94qI095fR1djtNciQN4Omi1tT33Az8ruYB7d8whmZLvae8hBCx2wNeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc32d8b0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_tm.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_tm.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/css/stylesheet_tm.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-99d5"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oU16n%2FoWGmDdBK88GtVatCWzDuWk7BsEbmbr2lMsedfRG3hwpF%2FgfcHpRbDETGdGDRc6x8UqHPA1BPaqhECkEd8zhLxc11PpcXxqAAlFHoph46TgWeRj14ltsnWzZqJuFvIr2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc32d850b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/font/css/font-awesome.min.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/font/css/font-awesome.min.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/font/css/font-awesome.min.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-7918"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCk77d8jhlPzegc3Tl240zPnTQMW7DBXJWvWNWpdM0N%2BD%2F7haN7cqxLvdI%2FGrCjMK8ekgEnPgAOdAbHN1Z7sUkGwOAkRhCQFQ6XUgPVxcp3HHivC1Hp5urEn1YFn%2F%2B5Pl%2FjHYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc32d820b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_cart.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_cart.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/css/stylesheet_cart.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-214a"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fd58j%2F6UZBoeHUPQ6KLyFq8DhkYGUzdTxC12GL%2FkzmV%2FLMuKV0nT8AGFfUiyYLNgrsYVL45WD2TlyUiwr2JY17IceuEKL2IR9fagFwPJ7rTUBhyCxM882WuddxMyoqNitqnQOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33dad0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_css_buttons.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_css_buttons.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/css/stylesheet_css_buttons.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-553"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zlnran4mln%2F3vetex1NWYmClz8DTLi1AQTzMjzTCAekhEE02qd3OOq18PMDRNv8UGYFo5MX78%2BVXAGMO%2Fl8Y8NLzVW51W%2FMJAzITnLFOqAr3Z%2Bds7aBj1zCulFBid6dv%2BR%2BOAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33db00b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_index_home.css
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/includes/templates/lw_a32/css/stylesheet_index_home.css
IP 172.67.138.25:0
GET /includes/templates/lw_a32/css/stylesheet_index_home.css HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:01 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:28:06 GMT
vary: Accept-Encoding
etag: W/"63749f16-dfd"
expires: Wed, 28 Dec 2022 18:28:01 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1nkEp57PnBkoaLcQ9p2aejfPJ%2FdmEXLFF7fg2NUINaII9DoFHCQY6id%2B535et5DC4YbYtNgzGZvk8vK3GRH0IV6OwfSkkVmUMeWA%2BHwGk40%2FCSFzF5hH7DEQRLFaAwqZfjkbBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33db10b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vbWF0c3V5b3NoaV8wMDg2NjQyNjA1
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vbWF0c3V5b3NoaV8wMDg2NjQyNjA1
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vbWF0c3V5b3NoaV8wMDg2NjQyNjA1 HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmdRwnvqh8C%2BN7edGGVLb6TLdNEWWwgpxO2cMJNxuBbNhATEETH98BFs1NcbO4ihobArGKsSWd%2F4UDcVF4Kv8VuwK5KXay%2FfCkPLh8LYstCEL980YdlUBLfihC4nxSpj8%2BS6Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d930b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaGFpZ2VfeXAyNGxtMzJwbg==
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaGFpZ2VfeXAyNGxtMzJwbg==
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vaGFpZ2VfeXAyNGxtMzJwbg== HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:02 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5OwRJuTwBkHq2zAgOhrqc%2FNxcLpg1nN2O6E8l461KuV3XILkdc%2Bhd9AajD7Co0fgD98I%2FkeQJYJjCa6uhUJLZxambsxFQod6AeKb0eDg9x1xXgDlK%2BCtJpRpEV59AQ%2FAVgGWow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33da20b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vdGNlLWRpcmVjdF81NDcyMjQxMDFfaV8yMDIyMTAxMTEyMjMzMg==
172.67.138.25200 OK 0 B URL HTTP/2 shot.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vdGNlLWRpcmVjdF81NDcyMjQxMDFfaV8yMDIyMTAxMTEyMjMzMg==
IP 172.67.138.25:0
Analyzer Verdict Alert fortinet Phishing
GET /imgcdn.php?pic=aHR0cHM6Ly9pdGVtLXNob3BwaW5nLmMueWltZy5qcC9pL24vdGNlLWRpcmVjdF81NDcyMjQxMDFfaV8yMDIyMTAxMTEyMjMzMg== HTTP/1.1
Host: shot.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shot.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Dec 2022 06:28:03 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0VBq8Ldn3njfJfJbCRQoPjCu6jFevyl3C76u3C1EngN0C5nrLot%2Ft3IIZFvGU8w0HS4RN8tiPjANpe53E9ZlIOt%2BY%2FNwSGda%2FcYJs2MvU4Qph7OeplYX%2FeC1wYUcBU9Uf3fvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78083bc33d9a0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2