robloxhackbydominusyoutube.blogspot.sn/
216.58.207.193302 Moved Temporarily 190 B URL HTTP/1.1 robloxhackbydominusyoutube.blogspot.sn/
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 94b633754d43b1546bcff5b45d2cc753
8db27b31bb0350b08a5d03c2820f74c02746759d
8c0894c0c71bfdbd83e3e94baa9a022e0537a8a61ab64af7530010dbe380c5ec
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: robloxhackbydominusyoutube.blogspot.sn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://robloxhackbydominusyoutube.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 06 Feb 2023 18:42:49 GMT
Expires: Mon, 06 Feb 2023 18:42:49 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 190
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8484
Expires: Mon, 06 Feb 2023 21:04:14 GMT
Date: Mon, 06 Feb 2023 18:42:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16210
Expires: Mon, 06 Feb 2023 23:13:00 GMT
Date: Mon, 06 Feb 2023 18:42:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 18:36:29 GMT
content-type: application/json
age: 381
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5065
Expires: Mon, 06 Feb 2023 20:07:15 GMT
Date: Mon, 06 Feb 2023 18:42:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LQiEVb2dESUByR1apUZBOttJgGdTD9V9St4W2Web0gJ0LzFuCHHF5e/WdaFYeldny6bHCC/PDQs=
x-amz-request-id: 4JBPS6JFR3A7R4VW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 18:35:13 GMT
age: 457
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 18:42:50 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
robloxhackbydominusyoutube.blogspot.com/
216.58.207.193301 Moved Permanently 189 B URL HTTP/1.1 robloxhackbydominusyoutube.blogspot.com/
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash df092692257509612652c3ac552d7f80
033858dda38a4aaaca9cde66a484f5c3e6d343d8
ce59df6047e62f12edc1efb62870c349751196ed6a35ed7f6ff749e6df3e45df
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: robloxhackbydominusyoutube.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://robloxhackbydominusyoutube.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 06 Feb 2023 18:42:50 GMT
Expires: Mon, 06 Feb 2023 18:42:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 189
Server: GSE
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b3c8c635ae4c79b1ee9fac94ff31b835
b14ee07e831161ae0ac1f775ef07ab9633534e7b
d3b5e095bd3356dc5e6790ee48d17a750c302e937228bd0b576a256a72358aa3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 18:07:20 GMT
age: 2130
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4212
Expires: Mon, 06 Feb 2023 19:53:02 GMT
Date: Mon, 06 Feb 2023 18:42:50 GMT
Connection: keep-alive
robloxhackbydominusyoutube.blogspot.com/
216.58.207.193200 OK 17 kB URL HTTP/2 robloxhackbydominusyoutube.blogspot.com/
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (14233)
Hash 1916cba3866f146825bc24d7d3d4c8f3
173c326df24784ee1b851bf448510d4486127e87
dc12924edcb5abed21dd4043f61ac2a787209e7c4c9fee0b53dc8635b52b5d38
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: robloxhackbydominusyoutube.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Mon, 06 Feb 2023 18:42:50 GMT
date: Mon, 06 Feb 2023 18:42:50 GMT
cache-control: private, max-age=0
last-modified: Fri, 03 Feb 2023 01:20:58 GMT
etag: W/"e9ba18c20f8df41755b5dbb23d931bd75764a7e1253087b73c365938f8de028d"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 16634
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash b3c8c635ae4c79b1ee9fac94ff31b835
b14ee07e831161ae0ac1f775ef07ab9633534e7b
d3b5e095bd3356dc5e6790ee48d17a750c302e937228bd0b576a256a72358aa3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3.bp.blogspot.com/-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png
142.250.74.161200 OK 6.7 kB URL HTTP/2 3.bp.blogspot.com/-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png
IP 142.250.74.161:0
File type PNG image data, 200 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash 8b2271ebafdb2a99c69f429d440c555b
38ab355f4cad880637c156f6afe451a9df8cba60
180547af487d795d7fd737f992fb288eb9ec53b79404955a49dd36569e96a230
GET /-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://robloxhackbydominusyoutube.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="logo_650c697d3a6002c8f63991bb43c0d6b4.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 6658
x-xss-protection: 0
date: Mon, 06 Feb 2023 18:42:51 GMT
expires: Sat, 28 Jan 2023 06:25:47 GMT
cache-control: public, max-age=86400, no-transform
etag: "v14f4"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 17f83c823a1789ea21760ac0ff91efd1
0a3c92a9639ce39aaab0e8b0d5b7ab512cc91e69
9cc7f497eb8e32d058f70339ff3cbee6d1d21c070242c490987b733b7420a62c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 17f83c823a1789ea21760ac0ff91efd1
0a3c92a9639ce39aaab0e8b0d5b7ab512cc91e69
9cc7f497eb8e32d058f70339ff3cbee6d1d21c070242c490987b733b7420a62c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 008ec668ac16e8385e24d1ffdd321745
040bf9b4c9248e4d05da2b69bdf3ed83c3c0452d
60a69a8456882f4f9261e3fe2f10bd9d114d41784f4d997872521adcd088ae23
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/ynkUY5TJeJs/maxresdefault.jpg
142.250.74.86200 OK 38 kB URL HTTP/2 i.ytimg.com/vi/ynkUY5TJeJs/maxresdefault.jpg
IP 142.250.74.86:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 138240.000000\012- data
Hash 469b976d188ec97c6882942b38150141
011d1a1405bb7b30d46dbce94cb9a44c120355ad
521f958ec72e3b27dd7cbaaad91b55268e4ffc3ff0745a358e5fb91f27444cca
GET /vi/ynkUY5TJeJs/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://robloxhackbydominusyoutube.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 37741
date: Mon, 06 Feb 2023 18:42:51 GMT
expires: Mon, 06 Feb 2023 20:42:51 GMT
cache-control: public, max-age=7200
etag: "1477173858"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i.ytimg.com/vi/te8IxpfCm7U/maxresdefault.jpg
142.250.74.86200 OK 64 kB URL HTTP/2 i.ytimg.com/vi/te8IxpfCm7U/maxresdefault.jpg
IP 142.250.74.86:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Hash c4a662125cf7abe89c0a4672cb0faa6e
708f0e739beb36ff5bda4e5c8792506d2f89be77
c5c405764bc4d2eb886a992298147ff1ac4072a5442cb13428180cbbebd7d608
GET /vi/te8IxpfCm7U/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://robloxhackbydominusyoutube.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 64094
date: Mon, 06 Feb 2023 18:42:51 GMT
expires: Mon, 06 Feb 2023 20:42:51 GMT
cache-control: public, max-age=7200
etag: "1560022853"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/1149436903-widgets.js
216.58.207.233200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/1149436903-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Hash b78721b4cce75b522d9ec0d1fae9e007
4ceaa4752e3e81867193004fe928875abc0af5ce
e85f67824ac9f31deedecf0b1d58878b6b3993bad9f2b48e8312928154012f06
GET /static/v1/widgets/1149436903-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://robloxhackbydominusyoutube.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 17:10:16 GMT
expires: Tue, 06 Feb 2024 17:10:16 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 Feb 2023 20:55:34 GMT
content-type: text/javascript
age: 5555
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1d1aa4ad88ba34d800f450aa8b3c8e8d
3146a99bf109d80817ecde097dd2a9f15f44b0df
417352ca073e3ce602b656facbc706f9c2188f8c4d2a0bdc6dccf77bc27c0ea6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6a24862b6ce51c945cd18a05ca4594cc
a8276e3db453c4a8f0d585dd6e77ec4a79dd44ba
3ebaa32aa407d3b21bff2f84adad62c2caf2f82439c99bf9fba2c4018688364a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
articles-images.sftcdn.net/wp-content/uploads/sites/3/2019/11/Where-to-find-Roblox-song-ids.jpg
151.101.193.91200 OK 86 kB URL HTTP/2 articles-images.sftcdn.net/wp-content/uploads/sites/3/2019/11/Where-to-find-Roblox-song-ids.jpg
IP 151.101.193.91:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2019:11:28 19:29:12], baseline, precision 8, 1280x720, components 3\012- data
Hash f3a188412a3e647e9ac867cc72927d92
7ef4d3baecf59830c8b89b4c6d9ee68ca6f1ccb7
4cfa5887104f346fd4d12b30335337b073f2f48d1f8882f07ef3eef670ab09a5
GET /wp-content/uploads/sites/3/2019/11/Where-to-find-Roblox-song-ids.jpg HTTP/1.1
Host: articles-images.sftcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://robloxhackbydominusyoutube.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Thu, 28 Nov 2019 18:30:59 GMT
etag: "f3a188412a3e647e9ac867cc72927d92"
cache-control: max-age=31536000
expires: Fri, 27 Nov 2020 18:30:58 GMT
server: AmazonS3
via: 1.1 5c2d36b0430d7877f1609d99fe01caa8.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: QU8NrPYWYskbV9IpFzv32kNH8F3aZpsQHgLJLCFVcF2Iefz3U9RLtA==
accept-ranges: bytes
date: Mon, 06 Feb 2023 18:42:51 GMT
age: 34393
x-served-by: cache-bma1657-BMA
x-cache: Hit from cloudfront, MISS
x-cache-hits: 0
x-timer: S1675708971.106640,VS0,VE66
content-length: 86014
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 645e667ce40e5e0615cfe33a0a32c938
d19b43264d673586310e0b544abfb9d3fe961cea
e2cc5e2883128590174f01aca19c69e63182fcadba856028df0e20393ead3905
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CC5E2883128590174F01ACA19C69E63182FCADBA856028DF0E20393EAD3905"
Last-Modified: Sun, 05 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 07 Feb 2023 00:42:51 GMT
Date: Mon, 06 Feb 2023 18:42:51 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 946a5ef2e5dd7032e7654d1435fd45b8
1b76eaeee4ba6615d4dda0c17027d37e5c455ba0
98a4c0fa4a73c9fa093b9ccb9db150602ea742ddf6f6a236a0d1fd0ed9d75143
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 645e667ce40e5e0615cfe33a0a32c938
d19b43264d673586310e0b544abfb9d3fe961cea
e2cc5e2883128590174f01aca19c69e63182fcadba856028df0e20393ead3905
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CC5E2883128590174F01ACA19C69E63182FCADBA856028DF0E20393EAD3905"
Last-Modified: Sun, 05 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 07 Feb 2023 00:42:51 GMT
Date: Mon, 06 Feb 2023 18:42:51 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b20ca2dd4557335acb88ccfbcfe46e82
2be82066b7b8853be32b5cb2a6994307093ddbd7
eaca92d4f59c8fbe1e840d7ad91d1eb685289652ff37f71b5d859c0dd5effd4b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6309
Cache-Control: max-age=115719
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:56 GMT
Etag: "63e05292-1d7"
Expires: Wed, 08 Feb 2023 02:51:35 GMT
Last-Modified: Mon, 06 Feb 2023 01:06:26 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8363
Expires: Mon, 06 Feb 2023 21:02:19 GMT
Date: Mon, 06 Feb 2023 18:42:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8363
Expires: Mon, 06 Feb 2023 21:02:19 GMT
Date: Mon, 06 Feb 2023 18:42:56 GMT
Connection: keep-alive
mtevor.com/cluster-v2/roblox-crn.js
172.96.187.226200 OK 4.3 kB URL HTTP/2 mtevor.com/cluster-v2/roblox-crn.js
IP 172.96.187.226:0
File type ASCII text, with very long lines (4802), with CRLF line terminators
Hash 8d2765a5b4d3eaa847822baa3914c611
76cfa6205dff2fe09aa6f623d88c9a4c88388236
cef3729b81c58f8f787e0cb1c6d2b715f46d4cc9543b2d8d449b0d7af99ea8b1
GET /cluster-v2/roblox-crn.js HTTP/1.1
Host: mtevor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://robloxhackbydominusyoutube.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: PHP/5.6.40
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
date: Mon, 06 Feb 2023 18:42:51 GMT
server: LiteSpeed
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8363
Expires: Mon, 06 Feb 2023 21:02:19 GMT
Date: Mon, 06 Feb 2023 18:42:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8453
Expires: Mon, 06 Feb 2023 21:03:49 GMT
Date: Mon, 06 Feb 2023 18:42:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:10:54 GMT
age: 73922
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gcy4nCriTOJhhTqFJBuks649uy0s4r3TVV3-yAcUhImLwqKpn1d2_w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:10:20 GMT
age: 73956
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d6107217bc206ebf204dfcf832cffc04
4f370e81106ef09ce9294eaa074ff6922197ded0
2cc25b8ddf56ceb274bd147d4e54f3fc386a97f984aa3a7bcc19f083fe68b94f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3943
x-amzn-requestid: 918fd8d6-0118-4548-9380-e3078577a876
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzWBtEdKoAMFwnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de03a4-6d8ffde860d89fbc513a20f9;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:05:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZRVPNp0hKlSBXYjgbVfF8MGqNMHCKF2T4fAqflvZz8z-Uy9bKR9HhA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 07:09:53 GMT
age: 41583
etag: "4f370e81106ef09ce9294eaa074ff6922197ded0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad2298793399bf73c51c7d60952065c1
816bd4c36ceea2c46489ae72fde0b4a94c7c4bef
dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z7HTSLYJmhfIGlCjeG2EeN3q2Cd9vKlq71nqo3iIuhwkgwlEAlRPmQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:51:02 GMT
age: 75114
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RYNzle5-l5dOMPWb2Bmu_T5aIJw9NX2FKuJsej8hzpYZcgD6coH9SA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:09 GMT
age: 75167
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13572f84ad268caedcc897f2ad7b9baf
afb91ab43953e8915a2169618d2ab5e330cde0a1
0fb8b09608dc293b2084953b948cc7d8a7aa7bcb525090a7e44d5cb2a725fab3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7851
x-amzn-requestid: 11d3fe95-844b-4e5d-b31c-f99e96e2b608
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHeEIAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-602b91422dff88a750b8e3e9;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F-bdQPU-zYhIlXtxcW_TiqE8ifPg3i0cg8gFuvJSfwoMDTe-Hqy1jg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:02:47 GMT
age: 74409
etag: "afb91ab43953e8915a2169618d2ab5e330cde0a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP 142.250.74.131:0
Hash 133367c6a697103164fb499fff79f957
49536280bd0f2f9a01b31cf3a78a33916f0a759a
d3f1a3452ea1d8afdf3c664a4cd06a84b80ea491e90492c7997c3fdf42582946
POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bux.wellter.de/images/gamebaglogo.png
188.114.96.1200 OK 3.3 kB URL HTTP/2 bux.wellter.de/images/gamebaglogo.png
IP 188.114.96.1:0
File type PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Hash e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f
GET /images/gamebaglogo.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5wQACTWAdnEaN3%2BzHO4zE4dgbF67etg8tGu1baNWCWEkEYNUcEVMSHTTqyLZPY3%2B5TfvXC%2BjCzbxBJrZ7k8%2B0CAwK8QY6%2BqAn2DgRw1nnztWIZM7W8q7x4P%2Fjk2zAtK1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075239a8b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/header.png
188.114.96.1200 OK 131 kB URL HTTP/2 bux.wellter.de/images/header.png
IP 188.114.96.1:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size 131 kB (131285 bytes)
Hash 35e93538f31d67876a2cb38bf94279d8
49bf97732e9bffb5371ad60d024901b09d83651b
95c1de9315834de2ff3608a2dc048a6aedc273e665f9b54eb956523a81fc91df
GET /images/header.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: image/png
content-length: 131285
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-200d5"
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zwy3A6Nn%2FsI9vuaHIVSDe8DtSNXZaXULnOGPrpyaidBW3nOuCJDtNzB0T16KSRABS%2BODSQJfuESYIBmJlU%2BQR12UZN2WTDMdhlZCg1paRqqARLRHUiL68gwzbTwnDaMXwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075239b1b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/ft-1.png
188.114.96.1200 OK 3.3 kB URL HTTP/2 bux.wellter.de/images/ft-1.png
IP 188.114.96.1:0
File type PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Hash e84f0caa809a15b2aaa9cb93bbe6669a
22a330ad580aaa6b2232307a87b981adc7fbf38f
1f98c982fd0c9b5e6af138a4cb160f509bda9fcc7fa0a9463fa6cf11513c151f
GET /images/ft-1.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: image/png
content-length: 3340
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d0c"
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2X%2FgdQtfXsb93eoXvJG2Yv%2BbbBMbdXqhrxLbbCBovZQaigLZ3FmrM4gBzYExTivNxZqb69agkyDKmAz6mOQ1S42s2tbEzAk8%2BqHPiN3LhicZZm1%2BGuHGONXqFT51Z9IV7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075239b6b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
188.114.96.1200 OK 4.5 kB URL HTTP/2 bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 65608ee276e42ebc7273dd09c06d8984
3a790f5ea648e0b57f6fd063d11c53cea1fd6b24
3e223ae8d59bd349f3e7af5e4618fbf2594d4a4703f4b965fdcd8ff17df39b5f
Analyzer Verdict Alert fortinet Phishing
GET /index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://robloxhackbydominusyoutube.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:56 GMT
content-type: text/html
last-modified: Mon, 27 Jun 2022 12:44:26 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EMl3g9rN6cG17KfPCrK3ijJTtyBAzkUE1C%2Fd7Bevb7XxvmSDU9bO2A%2Bnf8%2F71oAQtVAIzfI60jQ6I4ExtIdddPbzVB2sbQzUNJ0bCH3xVHFplpHaRM0nbQ%2FRc8PualceUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79560750f82bb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d6a7c3728ef33525953037c7160bfa44
6e015f6b46580246c6baf2ef3a8fe87c5f685888
b8c3b6f8e869888536649e48ac8aaddf24ccf23474b9435bbc26cbb81b6da6fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1714
Cache-Control: max-age=170179
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Etag: "63e13942-117"
Expires: Wed, 08 Feb 2023 17:59:16 GMT
Last-Modified: Mon, 06 Feb 2023 17:30:42 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
104.17.24.14200 OK 1.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (3201), with no line terminators
Hash 8e09ceb5490863a66cd2e83ca3d7e524
35e3d074516ec70c508d748f7ae01827bc0c28ba
cccbb374fd4cb6dcbac9df64456b49cb11530e7bafdac6c6c7e67ff2ed350db9
GET /ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css; charset=utf-8
content-length: 1541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-c81"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1552382
expires: Sat, 27 Jan 2024 18:42:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P2qc7mASvaeezfxuL%2Fd3Py24b2%2BiZcYIxRs7f48ff9YN86G%2BhY%2FKYqHx1TS35m1vio%2BB5LJA333S1swBA9Rp8heB0RNr5maEy0mh0EQBxOpuSnR7iwYcXvqVokFjs1MNu%2FyZHpEa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 795607529fb2b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery.countto.js
188.114.96.1200 OK 1.1 kB URL HTTP/2 bux.wellter.de/images/jquery.countto.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (1043)
Hash 40401247ccbc50684ffa89f7a49248e7
fe441eaec648ebba12fe6417c48f6e7e46d44c4a
2edcdd34b8cae690945c1af030e9afc057cdbf4f53046e7f6facf2c761e8d801
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery.countto.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3761
etag: W/"5d9ca488-eb1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIB3UZYQTrs8en99%2FQHBDWweaXx8WZHhlsTgaTtWFElndjILOCGt%2F%2Fz2WQf1N9H4wWMXkytBXSNkal8TECVsczHGQwXAKI%2BfvozfF4I4N3ZtLwte4mYCABZ70eYkZvuD%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075249c0b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d6a7c3728ef33525953037c7160bfa44
6e015f6b46580246c6baf2ef3a8fe87c5f685888
b8c3b6f8e869888536649e48ac8aaddf24ccf23474b9435bbc26cbb81b6da6fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1714
Cache-Control: max-age=170179
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Etag: "63e13942-117"
Expires: Wed, 08 Feb 2023 17:59:16 GMT
Last-Modified: Mon, 06 Feb 2023 17:30:42 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
bux.wellter.de/images/sticky.js
188.114.96.1200 OK 37 kB URL HTTP/2 bux.wellter.de/images/sticky.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (16920)
Hash 67933b580568513420943fbc36024a92
1e301356872a0b965ef5d4b713928a6f14da4822
310138e94ae24e26ab3a8af0558f32c04c01971808208cbd833dc7d4c8c2d4f8
Analyzer Verdict Alert fortinet Phishing
GET /images/sticky.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=20845
etag: W/"5d9ca488-516d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6BYXAleVMAT2P5LsX9jLNLz4FFQjVFH4z5dlfilMRFaUQqz0BA9wlRkysTXoE00aycE9mMV3cHbxd08HnHANzE9D6%2Fr17vZeQdQNoi4poKOBVxtxBmFFpygRWHtosR0aKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075259dbb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/button-dot.png
188.114.96.1200 OK 672 B URL HTTP/2 bux.wellter.de/images/button-dot.png
IP 188.114.96.1:0
File type PNG image data, 15 x 15, 8-bit colormap, non-interlaced\012- data
Hash 478aefab2e280b16b0372e607414d3c2
710f5aaa706ec23cbf45006d7c1d25be76b4fa64
a651e77df132fc0c4dbccb7c56f84923c28dcb159f4b7a112bde8bbc548632bc
GET /images/button-dot.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: image/png
content-length: 672
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-2a0"
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAu40fiONLT1dL2YTp55P0pXX%2ByBpRyKagn9z36UxAHbdV7Msy9rKA3dLoM7BnHv8k9OWPUVgflYVyMyBKnIaQGOvXvffNOZdbnlleAwhGp1H2SPmyB8dWBeP0jAclwBRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79560752fabbb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIk-tcsd5xo
IP 142.250.74.131:0
Hash 133367c6a697103164fb499fff79f957
49536280bd0f2f9a01b31cf3a78a33916f0a759a
d3f1a3452ea1d8afdf3c664a4cd06a84b80ea491e90492c7997c3fdf42582946
POST /s/gts1p5/PIk-tcsd5xo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bux.wellter.de/images/jquery-3.2.1.js
188.114.96.1200 OK 44 kB URL HTTP/2 bux.wellter.de/images/jquery-3.2.1.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (1237)
Hash ff71403899e3576072525025a5d27468
1ab1d6142e6f5da0350c6bbc645da8e58b9cb64b
d59729076087e8fcfd06fff70efdd63245babd37ea5ed959dec3fbd835f743e0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery-3.2.1.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=268039
etag: W/"5d9ca488-41707"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIX50mvfP9NGaY%2FoDKQynOU6bZjfVJdBAh9oBFW%2BFg9rQHoXfygqYLTcNZBdMh2HzmokY7Jk%2B3KgvXu26tcc3VPwdajIdsjxqORtP%2F70CgeQLX6xMG%2B3h3GDfCpn%2FnDTJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075239b7b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/pr-l.png
188.114.96.1200 OK 16 kB URL HTTP/2 bux.wellter.de/images/pr-l.png
IP 188.114.96.1:0
File type PNG image data, 960 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Hash 6073469203244cc95b8fbe0996b8c405
60c3fe75fa9d7e3ae7f42f9a247d103b9841982a
7509fb455029a48272466bce43b17cf8247f769f9a4b9c51a03eba55924e11f3
GET /images/pr-l.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: image/png
content-length: 16083
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-3ed3"
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YKmZfU%2FgFcsN6XNJPMWAGWFW7vRDRv2sGTKuZtV%2BA5%2FAHviBvVi1QYekVYVX4dRlusz2SksP0bGeqSR7F4beQlTXDlEKcPTmxGFfMAnP7llVBqZ5PE48iE7igPxgWhvV7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79560752fab0b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/btn-img.png
188.114.96.1200 OK 2.0 kB URL HTTP/2 bux.wellter.de/images/btn-img.png
IP 188.114.96.1:0
File type PNG image data, 150 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash b750214f9a0276662f12acbbff0d37ce
65e094e10e2b933ab866a66b5f9b25321b99a0d1
db31dae896b9158c4d1c3f32525e6f63281fe9c671a5dc93236cac960013351b
GET /images/btn-img.png HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: image/png
content-length: 1977
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-7b9"
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JnvqARKcORLY3rPkYz3Kl1JWVkSxiiPmw79mI2osYkxjobWKPCInbU56%2BOOZZFvCDhvCLiNEdgKetnYtjBRXXQ%2BqLtL%2F6RtCMGEtskMoQQxu2GdVAhN6b7XnprMuybYYlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79560752fabcb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8e6c8a904a6275f4d478ff38411ca6b7
36f7ab0cfcd1da5101ce8d9e385e3a31061d029d
a3147f1f023affaf8a81efa9c13663417dab8d8cad5a5b676484a9944c008410
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6396
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Last-Modified: Mon, 06 Feb 2023 16:56:21 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bux.wellter.de/images/com.js
188.114.96.1200 OK 70 kB URL HTTP/2 bux.wellter.de/images/com.js
IP 188.114.96.1:0
File type C source, Unicode text, UTF-8 text, with very long lines (15173), with no line terminators
Hash 15c73b8d0cfbe028e0e715b47afa8124
a53b7e69e7c04efd16fda2b96421d8fceb7ea626
520f7689f00de0dde143aa62b91327cd52bef788ee977a65c8600f5fe9c1f595
Analyzer Verdict Alert fortinet Phishing
GET /images/com.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=17963
etag: W/"5d9ca488-462b"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xNulIrq4jcdSKaMVOPhUKLiu1L9LaxDYf9RcbLlKdJpl1k75wobResYAgBoTuzzUvkOHR2tUXRnDyMmn2giWnt4gBTcMGtR6RkrhPlHMYxOl6T%2Fbp6H6kXxhyOJbpFZnIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075249c6b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bux.wellter.de/images/sweetalert2.min.js
188.114.96.1200 OK 24 kB URL HTTP/2 bux.wellter.de/images/sweetalert2.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (20305), with no line terminators
Hash 6cc31fcc37991491d06de094f3d7dbe5
d795b9c4fbe3dea20bc8b8129e27d161099f1223
beb8d16c64063e07a9d5b62ba3653961d4f05404dd37695eb8a613ae75775fc6
Analyzer Verdict Alert fortinet Phishing
GET /images/sweetalert2.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-4f51"
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BBYrwku%2FN33pNcN9c9zW%2Btep%2FyIecK0imhspTAX4GQ%2BxntoPIZZhWgh9aDF8Qwb2rJDk9QMceLf9AQazgUnB6vxdCATBybo1biSrdrzN0WFDmsFoCkcL5JleEY6FF5%2FQ3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075249c1b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/et-line.woff
188.114.96.1200 OK 55 kB URL HTTP/2 bux.wellter.de/images/et-line.woff
IP 188.114.96.1:0
File type Web Open Font Format, CFF, length 55220, version 1.0\012- data
Hash b01ff252761958325faab1535c90c87f
d33413e7bc42acc8837cc9030ca45d29c1ccf0c6
19d2f43d546ada73dd083f7778aa4a5cac1a8e7a3af56efccae580fce07a5e1c
Analyzer Verdict Alert fortinet Phishing
GET /images/et-line.woff HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/font-woff
content-length: 55220
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-d7b4"
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijKK0TcCoUXuBDc%2FQzWnZykL3mPezqIRhUiwzxO4W1N90YR6DWF%2FHniMfy2%2BlVg8o0PYSJq5Q3S1hnaKeRzvomm8p2FT9m%2FfvAj2XRiGkUT61xd7Uii34z9c0PuxOXymvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795607534b15b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery.magnific-popup.min.js
188.114.96.1200 OK 26 kB URL HTTP/2 bux.wellter.de/images/jquery.magnific-popup.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (21014)
Hash 5c36d26a1215515bf1a54189beaa1b7b
dabe2bd25ef86e4e383bbdbc0c9e975d3040996b
18f55101f420106cace7e092c74021c331d4918c29135d7f4dbad08ba765573f
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery.magnific-popup.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-5297"
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVSgcJC%2B9cjQ7wTWCkmnDmewGVPAZ0Mtxf%2FYSnmySKjGPLoabv267HPIIqExQQFGQf9J7I0dY1MEP%2BR1g9zMDCcj7u4nWNXJfK%2FoI4t3G%2F0d9itlk9QNmQQY4uGt6R2GNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075249d2b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
216.58.207.227200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
IP 216.58.207.227:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansBold1.10;1ASC;OpenSans-BoldOpen Sans BoldVersion 1.10OpenSans-Boldhttp://www.apache.org\012- data
Hash 5498784000b038638befe230ea392271
efef80115bdabd927501563197827a7ae837a19f
5848ca5f4af491c37907f2e4cb0e240166572edc90615a96d4702f2dce34800b
GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 02:07:16 GMT
expires: Fri, 02 Feb 2024 02:07:16 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jun 2017 16:46:24 GMT
content-type: font/ttf
age: 405341
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8e6c8a904a6275f4d478ff38411ca6b7
36f7ab0cfcd1da5101ce8d9e385e3a31061d029d
a3147f1f023affaf8a81efa9c13663417dab8d8cad5a5b676484a9944c008410
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6396
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Last-Modified: Mon, 06 Feb 2023 16:56:21 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 18:42:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 98089acb98ec0b3bf3e4b751487d1796
fe28a756381710ce40bf337358f66fb5f4acbeeb
41d62a039809f0a2d6b6b4862fa30e7cfcb188ef00c19cc41ddec01d45a27c11
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41D62A039809F0A2D6B6B4862FA30E7CFCB188EF00C19CC41DDEC01D45A27C11"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20991
Expires: Tue, 07 Feb 2023 00:32:48 GMT
Date: Mon, 06 Feb 2023 18:42:57 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:34:52 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 1063158728
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1675709023674&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-crn.js=rasyakurniagmailcom|template=Fastink.xml|rasyakurniagmailcom=robloxhackbydominusyoutube.blogspot.com|robloxhackbydominusyoutube.blogspot.com=direct|ref=direct|tags=roblox-crn.js&@ohttps%3A%2F%2Frobloxhackbydominusyoutube.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:76930269&@b3:1675709024&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ&@w
149.56.240.128200 OK 52 B URL HTTP/1.1 s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1675709023674&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-crn.js=rasyakurniagmailcom|template=Fastink.xml|rasyakurniagmailcom=robloxhackbydominusyoutube.blogspot.com|robloxhackbydominusyoutube.blogspot.com=direct|ref=direct|tags=roblox-crn.js&@ohttps%3A%2F%2Frobloxhackbydominusyoutube.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:76930269&@b3:1675709024&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ&@w
IP 149.56.240.128:0
File type ASCII text, with no line terminators
Hash 3041c235d7291abe7cf4a3b49a307b8b
108ed74d1393dbf0e9b5b824e19537449b2ba380
5ebfafe3a8cf1b352f72b7a1a25d6afe37cf568ce6b3bae16913c607fc959854
GET /stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1675709023674&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-crn.js=rasyakurniagmailcom|template=Fastink.xml|rasyakurniagmailcom=robloxhackbydominusyoutube.blogspot.com|robloxhackbydominusyoutube.blogspot.com=direct|ref=direct|tags=roblox-crn.js&@ohttps%3A%2F%2Frobloxhackbydominusyoutube.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:76930269&@b3:1675709024&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 18:42:57 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 52
Connection: close
cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
104.16.89.20200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
IP 104.16.89.20:0
GET /npm/js-base64@3.7.2/base64.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 3.7.2
x-jsd-version-type: version
etag: W/"1405-lMmxLE0z8/TnsipvbhQg5ckAA8Q"
x-served-by: cache-fra19151-FRA, cache-yyz4532-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 292964
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXQsdOA6ulXpg7KoaSGf221Y7KggfNvwrbzny%2B3lq53C5QLJrGpo9O9ZwhP%2BvBmfiz9PesUBnj67FAoZAEgRni9Pp473BeOyekUwiYcY0%2BqBlf6ooItGGnhBCTpy2jJhhb4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795607529b4bb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/animate.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/animate.css
IP 188.114.96.1:0
GET /images/animate.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=68796
etag: W/"5d9ca488-10cbc"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BYdMW1F486z%2FZKOOZv5a0nXjHPVINtRCS7xmon%2BdEe%2B1SL4FpYHoc4%2BY4S0Is2E6GoOaW9owu93N4%2BjMqEBLP1hk9SEdngIB1LKEioxsVz%2BdjhQ7z5tZPkm9P5mjpqwM3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79560752299bb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/sweetalert2.min.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/sweetalert2.min.css
IP 188.114.96.1:0
GET /images/sweetalert2.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-36a4"
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eBU4w58%2F989zCpe7LwGUkH2ZwPtrpjeyC7G9DQ32PTiGqMY3APmKNa8b%2FVYHSMKw2OGDbpoYyCp1BnIktaco%2F5vaMRBReA%2B8FYufOIy9J51RaNSk%2B0GNoZdaVX7%2BNBne7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79560752299db52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/font-awesome.min.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/font-awesome.min.css
IP 188.114.96.1:0
GET /images/font-awesome.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-6c3d"
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cyvGqnrFhnV%2BgYOm03FSZj%2BfDPlq9SpO3obv3luMk1XcX5ckaenN3tEZDeujq654MxtOTkaSfWEudkbCV64lNQb3%2Fq8cvMQdCUf6iWa1iGw1%2FV7UXzZC8Jx9Drl0uvbEyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795607522993b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/validator.min.js
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/validator.min.js
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /images/validator.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-17a7"
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAsyz5u8kb6XjXG0zAfsZ1Enk%2FOZXfBjLMArqxr%2FIifM%2FtPZRqfAZcSuA7QD1zthWNh7vJlvT3lvftLy7rzaC2hmsqafXiPprwF4mS%2FGCu0edcEOJNxAW9FrCYY4uoQYeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075249c3b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/magnific-popup.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/magnific-popup.css
IP 188.114.96.1:0
GET /images/magnific-popup.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7946
etag: W/"5d9ca488-1f0a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtZRgk%2BMB0xthpDMsb80fQVsxb1QNaWGVydryN64cUv3q1Hq8loY4kM2Zi8Z%2BRf0bpRrQ2k9WtIyuZx1hVCFmWiwlRwLsCxtmOW9RsLIMCG6nie0JOhTjuhUGrOjXYMYaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79560752299eb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/jquery-ui.min.js
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/jquery-ui.min.js
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /images/jquery-ui.min.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-30da8"
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVAR5JQKKHfrO6YgVw0lnUFoWQIsw9ucZn%2BRg53Ho59lMzrA0wfpSA2VO39X73zq7z0Kj9spzMgEMmstRDN%2BRimX2s1LoqdfEMVHd7ggSI4ul8F8UKrcDvqE%2BPztkwmQNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075239bab52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/main.js
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/main.js
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /images/main.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38451
etag: W/"5d9ca488-9633"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ne64vrSSEDtt5%2Fi4L58OzM8HuOvvNM4Thu1NS7Mj3KtDae5uFFFNH4tJIPzjaVFYyW8eQOqwEkPfJ%2BcJtGgvMcptUpxi92DhoYEzGoxu69FHSi9RlCY0OWUsC8ddOEQyFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075259deb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/main-bg.jpg
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/main-bg.jpg
IP 188.114.96.1:0
GET /images/main-bg.jpg HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/images/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: image/jpeg
content-length: 838330
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: "5d9ca488-ccaba"
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyuocQbNFQzZWSuOpMG4zCz7GXC2jIl%2Br13i8oTX4gLbITbt9cqwEqcrW%2BExzVQFTX78OLIMJcFLYn1CwZhpDVs2eMYTyycAmVonui0I6n1OcnxoZ13PqR69KaTU1frFYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79560752da8cb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/bootstrap.min.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/bootstrap.min.css
IP 188.114.96.1:0
GET /images/bootstrap.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-1d990"
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwHYX%2FsTlOXGOFE4Sk%2F5O6h4gbXbVnx05VaYbYwHcZU2QrYvYjZjLC4awU9ZHpvw9DnFvb%2FjC2b3JZsR%2Bjr0nWSW6iTkQ%2FgCVEsmLONpPSFG4C%2BZ54IGYmQtwaZpdTq4Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795607522997b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/custom-css.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/custom-css.css
IP 188.114.96.1:0
GET /images/custom-css.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1790
etag: W/"5d9ca488-6fe"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dcp1KfTElnnHGFdQjXcqklcTyaJgdz4PS%2BcwUHzGXvVbUlY6Av76b76fUc9EinsdlU2RnoRAln49Mmxv%2FnI5AzCMRzWx%2Fhw6y6DFXavBuoSW51dtY6xDnEvNY5UtWSbB5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075229a4b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/fancyselect.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/fancyselect.css
IP 188.114.96.1:0
GET /images/fancyselect.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4253
etag: W/"5d9ca488-109d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UROIcYk%2BAzzFFqWrg6kghziooIJJNaAfaDVKi8TuYqFfHpJtz5TxUBHLG60T5bdR6auHBhmv%2BjYb9M5KeBZAYgh2VRo5UuzhK0XKQu4ltmE7SKV%2F3AMTw2a4z%2B3boFilYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075229a0b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/form-scripts.js
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/form-scripts.js
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /images/form-scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1469
etag: W/"5d9ca488-5bd"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mYRht8kOwj0RsPvIiWn6sasmlLP8F%2F8haRK%2BC0v9MhAxa9KDBNFyUvrGRja856uA4lZJpIko5fU4p%2FbRLbqWHpfuYi9ZIwpDNTcor2Og4PMWmsPe34SCZvi7qjzY1fwyxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075249ceb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/scripts.js
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/scripts.js
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /images/scripts.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=225
etag: W/"5d9ca488-e1"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJXmR6rPksGfLbpSLK5l%2BloZbskSslHAEHCdRfPMI5I156lATxht83pXTvOoGT9nDAgeabh1DjO2e8z6ciX4uN47uyzluxON%2F2uZjSywgQHhl2CqZT4xMGkiw0WQcggUMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075259e1b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/style.css
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/style.css
IP 188.114.96.1:0
GET /images/style.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=50839
etag: W/"5d9ca488-c697"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OM8Yy7kAI2v2PaZZHVY%2BzTmPmzyLqTbq2SEjnKmCed0IuwZFTu9Yax9fRq0VSmUTvErD0pOjPQtqbQgftsiVmP929YRrQ7MG%2B9fCliwI%2FQxGTI9Qn%2FK1go3gAHo0xidjyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075229a3b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/fancyselect.js
188.114.96.1200 OK 0 B URL HTTP/2 bux.wellter.de/images/fancyselect.js
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /images/fancyselect.js HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtY3JuLmpzIiwicmFzeWFrdXJuaWFnbWFpbGNvbSIsInRlbXBsYXRlIiwiRmFzdGluay54bWwiLCJyYXN5YWt1cm5pYWdtYWlsY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwicm9ibG94aGFja2J5ZG9taW51c3lvdXR1YmUuYmxvZ3Nwb3QuY29tIiwiZGlyZWN0IiwicmVmIiwiZGlyZWN0IiwidGFncyIsInJvYmxveC1jcm4uanMiXQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 18:42:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=6778
etag: W/"5d9ca488-1a7a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FzcHX%2F4It3SWcnDYwAzKG5MfksGTiRjQSARvsFuly05ht0h0eYHZUlq0B%2FWb70dGPC9IufuxI6pS76Jgmr9vsfyU%2BQNgyVDRFMLRshSyKcCej9MTiWE7Zexbdsg%2ByOkvyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7956075239bdb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2