r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11556
Expires: Fri, 02 Dec 2022 11:45:09 GMT
Date: Fri, 02 Dec 2022 08:32:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3037
Cache-Control: max-age=96556
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 08:32:33 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:21:49 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16633
Expires: Fri, 02 Dec 2022 13:09:46 GMT
Date: Fri, 02 Dec 2022 08:32:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 08:19:54 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 759
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /rXWWDUZjEhQe1Mdee+k/ii3gngL/ZppDXed/RjkZuyMIkG75gO0UOH1wp0XfgRErepIOrz9lvI=
x-amz-request-id: 7G62H28Y1FJT4W06
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 07:46:37 GMT
age: 2756
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 08:32:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 08:11:15 GMT
cache-control: public,max-age=3600
age: 1278
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3029
Cache-Control: max-age=91485
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 08:32:33 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:57:18 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6LdQqJ68p4ydOcFmKDjyAw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: R60+m7+TQtbPltMCAcQAc9XkbVs=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18018
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 08:32:34 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18018
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 08:32:34 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18018
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 08:32:34 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18018
Expires: Fri, 02 Dec 2022 13:32:52 GMT
Date: Fri, 02 Dec 2022 08:32:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d08081e2dd562ef50e4e98ebc0136698
b5118bca37feda2ada3001199dc1d80ac6d2aacc
5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPuZoyOu_QAqbZvTUaNy1J3BOqnR2ttrIhv9BwRmWnKeba-e6MZWKA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:55:34 GMT
age: 38220
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 38324
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d147ccb10bda82b153a596c3c967cd6a
ffd0763f997e71a8c1458523fc17cafe8849dfdf
1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 38623
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 9106
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tuKmV_nb4HVbqkhtCnZY3b33VB-bB6UxaBl6HsY_JgWesbUB8SPt-g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:09:38 GMT
age: 37376
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 38558
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
destroy.buythree.bar/
104.21.81.41200 OK 9.5 kB IP 104.21.81.41:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4423), with CRLF, LF line terminators
Hash 0bb743e0ec516ac75c8ea5b27189c034
6bc6ba92d0f65004bd9f4af64005dd3407d384b8
205926407343a010b87683dd1700d927c1d28352528bc71f83b9c8853f0ab94b
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 08:32:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: zenid=5d81fna75a9vjdlnppprogr957; path=/; domain=.destroy.buythree.bar; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2Bv09SHinRjazScbRcEH7mYfYdyv3jYJtYTnGigG0n%2F0Zje9%2BQTDmwKG%2B0jXjdI49s0rsH6TbiIt58xyX1%2Fn0oLUxjp%2FKmB4RbTvTdGAX9dHt3X%2BvjZaSx9eF21wghI1vBlRgc30Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7732b66d7fd5fabc-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
destroy.buythree.bar/includes/templates/lw_a25/images/head_menu.png
104.21.81.41200 OK 6.4 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/head_menu.png
IP 104.21.81.41:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 788a6a594debb15a4d1a6c17e0d3ab6d
89b866508f424fa08e9029f65555db9ecabed855
2f4ec22ea1e83387681989fa28a59d9e83d8d7b6646991f78563f11ed99d933b
GET /includes/templates/lw_a25/images/head_menu.png HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/png
content-length: 6413
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-190d"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uz8X9zOS7KS54Ft3Iuc5Y7UPq0SBv%2Bveu8I1rcnZ2o5zsKl%2F4%2FiD%2F%2B2CdUKp%2FYRNk7AVQ5lIzjEZebCx%2BwhVx2jw8LGgOXCbseHLdEC6dfgyriMW8PDTCN9UJcPJB3Rb3OBSbcHmhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b79b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/f-tit5.gif
104.21.81.41200 OK 2.5 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/f-tit5.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 320 x 30\012- data
Hash 1dcf48bb0d7f8ef84dfef16c135f2093
7f804dc4091179fc11efd6edccebfcdb9f81a0fc
83af079b667864e7434d741ef5c43579e34597f376447751d0b9834de9963dae
GET /includes/templates/lw_a25/images/f-tit5.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2530
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-9e2"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qF513PsMWjFAYQJq92BIc%2F4TizPGLUu4DFCidi0p24gwlMdpBPo1TxlkC0jjn73FVAsuN1IGpSab%2F3cgG1RRKuhT9%2FMwURboNAdBabEOUu90UGTPQ7hO8K%2Bz3oIlDKw7LcXueNHhdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bc5b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/cart.jpg
104.21.81.41200 OK 4.9 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/cart.jpg
IP 104.21.81.41:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x40, components 3\012- data
Hash 3f7b16674159fda74fc6acbe1f15376b
86a630abdeb88163d3bf3fbe22eeb6a3d07f57ce
87ce5995f51129b5296b0b43a4b346eb87e7c802109c1d6e7ca8e6aa1edc87b3
GET /includes/templates/lw_a25/images/cart.jpg HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/jpeg
content-length: 4891
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-131b"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qY92eBzMwWVn%2FWlpIzgGWcxdN6yfZbt8pTD8lgi4tNC5ull5zQ2AMQJ9GktXCrV81fgBIR39stW6IaS7x6k5P1X9X3q5sfNTIdCX%2F8JAIdgESP2ozeXQxHd7N10S5MKJBHSclOIb2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b7ab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/rank_1.gif
104.21.81.41200 OK 2.0 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/rank_1.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 100 x 39\012- data
Hash c9c1a377b2465fa88eb90f7f21fc4943
c329224a6ff30a92cb75e8d055d12185c30b54c6
0362db86a76badda7ca8dec6954d760c2bfe7b5c3e438682ff3213926d5a5c08
GET /includes/templates/lw_a25/images/rank_1.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2024
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-7e8"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkDyDjCK3aEvrhapsrEthwQqisMZnerCkqVJ5VUQk6Kcxd5%2BxpJm8aSzXI3hq4Kf3q1qvPQfARaB5akF3HMZMTh0rkD4kHqliqgchj6Btgg3gkOJUWP9PeFNaoF%2BwZhqIo7aw2jXUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b7eb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/rank_2.gif
104.21.81.41200 OK 605 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/rank_2.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 100 x 39\012- data
Hash 8192f534aa798503e77cbf8e2eb15d57
24e72796481cfd7395cd43cdeb09edad3cf8446b
3616bc7d39ef97ce96d225530cc04796a283dabf239d3be97a21437f120832b9
GET /includes/templates/lw_a25/images/rank_2.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 605
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-25d"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jTwF%2BJgr6tXXjVnrkGzLDWyEf%2Bl6wRPpDka9lQGePzyKasF2y0tx%2FbuQHDXRQ3Z%2F8pkouFksAZ8DTIe2y8f4kyw9tufP9xn794KGLZDdFTZ9nFng0YvUNoItMzZzJ5eKBntQTcoYAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b82b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/f-tit1.gif
104.21.81.41200 OK 3.0 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/f-tit1.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 320 x 30\012- data
Hash 5fc248fec57e275dd1d85f3e969a10c1
3287a3886c354e1d7296519637b322ce8fd9e7b9
5a0a0b2fef441509a15fdb34ed6a2339b68f09c58f738f4cc821c62f155cebc6
GET /includes/templates/lw_a25/images/f-tit1.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2999
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-bb7"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FEvX%2B%2BxzbIZ53w4mlpSrJNSynEB8PIWnPoOG10eqiULNQpYBI1W3Op1C8WLow9wRkbuDc9ireGKJKr%2FP9MTrttwJKhj1MabkW0z8xujcdxza%2BRBHJwybNYFlg9NhJPWrvvaBsxBHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bb8b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/f-tit4.gif
104.21.81.41200 OK 2.3 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/f-tit4.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 320 x 30\012- data
Hash e791414bb8c91995d455b54317bef90e
9ed33f418e23389ccd1e030a036884135b4e1e7f
7e6e3ce4fee7a310834c270d57d679d3014fbb182965aaf1638fc296ce383e52
GET /includes/templates/lw_a25/images/f-tit4.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2309
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-905"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSlXFT6NpMP1j7bVIIDqjano54YMsBPVvQUvzVVHwe6%2Bpdh49QDHlYk83S9O0t5bpCyCQOpZHUyyp2Efg3p43R8qNrV5%2Fuv9MWxYVzqSyYxTQmevpzhycMaFNsPqSy%2B8GcQUHKd%2B3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bc2b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/f-tit3.gif
104.21.81.41200 OK 2.4 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/f-tit3.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 320 x 30\012- data
Hash 456c8659a2ebf715328b1c85791cf86c
b51b9418246994314128a77d4222434448a182dc
350a4b53e5bbcae08b514de27a610b2fc4bde11f5d23a1a93ff7512b2e79ec44
GET /includes/templates/lw_a25/images/f-tit3.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2353
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-931"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4AGUszbWxkJAuv5nTQA5joCGKG9Vges3CF8bFg0fcBvNuHeAyBQrDzcpnB%2B8A9byT838k%2BT2Qrvx7695bskglc%2FGWygXOH9Q7Ujbl%2BQlIhWYNZ6EKW3qNyzfHwCncrMp47aooBDnhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bbdb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/f-tit2.gif
104.21.81.41200 OK 2.4 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/f-tit2.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 320 x 30\012- data
Hash 626898c2e99a2066db8ea79f690f0c1f
205c860441ffb609a23422c2c46665d6feabdcc7
9cd3136b487f2e85fe4369b1ca477553b156ecbd74c65d9a9745bb5e2c6f1594
GET /includes/templates/lw_a25/images/f-tit2.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2442
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-98a"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MWcNOxB0fDLgnBpC1eE70lpslmBy3ZqlITEI3DCeMgUPQUWGf9frQjEWmo4TrbWqlN%2F5bjyV3LVt9fk5t2GDxnA0C%2B6twvB9149h1Sznw5nIxBUu%2Fzfv%2BWsswHTaQu8nCcql9xAngw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bbab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/f-time.gif
104.21.81.41200 OK 8.2 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/f-time.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 320 x 61\012- data
Hash f64a01378edba0cc9a9ef837ca9bef2d
cc1d7b20da8fecd66eae980a7dc18f9f838e6302
e9127c59021b9f29fbaaafdf3848be117f4e574ce7cb422e36e820870be2a242
GET /includes/templates/lw_a25/images/f-time.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 8218
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-201a"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nkc52hwdJ9tY4KPhGCpsJ0a9DqzNeIk9e91dL6YuTizclYPAlb6FgLD6lzUaxtjUrqMESSMZBU7nSkjgsCbUsLCv8vu3qEpXrSG3Pt6%2B1iOopxUjH0npLYOl%2FJsy9QSmFkPMZ2tXsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bc0b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/gide_t.gif
104.21.81.41200 OK 2.3 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/gide_t.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 1000 x 30\012- data
Hash 71335595607692371a58c3d706b66408
6088d4ea50fe4522e0aea736e4c92910c626f3e5
4157bba04bede32ebda51f18d1732cea702f57def2fee0f0c55b8f91bc68f109
GET /includes/templates/lw_a25/images/gide_t.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2259
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-8d3"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DTcdkhzZK08MpxMKSHRldsZ3iLSdgjte5WiTHHY5%2FQPAsHuIba9cXEa5VNGm8Lj4fugLwZr%2FPewsAhpVGGcqja70mJgD9wJvU8B2S6U6%2BJt77NpSmL5fv6xNJdMuw1kwkwdfJ7Eqdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bb7b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/f-tit6.gif
104.21.81.41200 OK 2.8 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/f-tit6.gif
IP 104.21.81.41:0
File type GIF image data, version 89a, 320 x 30\012- data
Hash 6479dc5523627e0e1d7ce135a747486a
9d49e602e81b33e76a5b226d04e95379c70b87f8
7c8343f2d9abaaf6b75f34b6fea996436ef791b8066532b39fc48328193dd4f0
GET /includes/templates/lw_a25/images/f-tit6.gif HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/gif
content-length: 2799
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-aef"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQPgruy3%2FdboR2x12AcmSesDtNxbmxm43fI6cbDEgdY7cZJ0ZkxStcp72Z3d6w%2FEpc06Nd3mtLISuMGtTfsanvbh4IC4nFliDeEf2CC89BFiTuj87ExIeKxknElK88ApZ6ysZpaCBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bc6b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/logo.png
104.21.81.41200 OK 18 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/logo.png
IP 104.21.81.41:0
File type PNG image data, 300 x 105, 8-bit/color RGB, non-interlaced\012- data
Hash cb4e9395e38c95aa0989625c0565da37
53b0410b04d62ddd666fe2ba8f81d038591fab34
e95b5b3af9ef8b4e1a98e3c4b02798b0b453aa3bfbaf9e0f0712d032503349d0
GET /includes/templates/lw_a25/images/logo.png HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/png
content-length: 17450
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-442a"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iMPSY%2Bpo1eI2ohubIjt4oliw%2BMxM2NeU9eeNcGie0hpuTEhZaUvdAOpaZR6ST81ixUH0WfKpI6CeCnmR%2F78qSfP6L5BeonqORdQ11HPsKfuOHonOuaEu%2F2w5rUyzGOna%2Favjus%2FbLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b75b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/all_yj.png
104.21.81.41200 OK 21 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/all_yj.png
IP 104.21.81.41:0
File type PNG image data, 320 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 4193f1572e5a0c95125efbef8399c1f0
e60cb3f02b750ecf1be080eecf75cfbcac54eb36
323709d7cc5d328379211d091df52e375910d7c62009fff85b20e4254880d208
GET /includes/templates/lw_a25/images/all_yj.png HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/png
content-length: 20818
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-5152"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2kmwRwWtHlZurdfZtVYx%2FXEBZULIl%2F3E4rvsL4dSDdpTnrgXPe3jDxY7lhcw5EZyw%2FhP%2BoB7ZiqN32wDMJGLhfBHpaErkdY4slah%2FRSr0EHOxZ9htL%2F6XHIuHcNI1uaKFJ5%2BK0swxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bbbb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/imgrc0076862003.jpg
104.21.81.41200 OK 86 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/imgrc0076862003.jpg
IP 104.21.81.41:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=120, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1170], progressive, precision 8, 1170x120, components 3\012- data
Hash 9f5efad8e8ad513a435e545f99099b94
22846e4f5da66b58c7199393a3024f7315f58c3c
0817894ed5c661a32a0fee01f28cdce58848b8871eb89c4a72b954ec558b8628
GET /includes/templates/lw_a25/images/imgrc0076862003.jpg HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/jpeg
content-length: 85637
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-14e85"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNtwPFY%2FdTlRdkvuqYoaUVRHruMtuf3BD49yaddgyEPu1J%2FgHmIBQbBAfPEt9PF1p4j%2FHbxbtgvygqZXx0sELgevRwXK0pzgtkoAqkpkWfIUu5lqlxz2oqs2Jne6iz0iWEo8M5fAag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b74b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/mainslides.png
104.21.81.41200 OK 98 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/mainslides.png
IP 104.21.81.41:0
File type PNG image data, 910 x 364, 8-bit colormap, non-interlaced\012- data
Hash 06171e1b73c6d927dd7de9435e85fa4c
950e8f0b631ac2de3ac575223a94aa27d09555a4
2e65a1170de5f51b825219096c3ef3fff907a74b588a87edeb59cd407b335f11
GET /includes/templates/lw_a25/images/mainslides.png HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/png
content-length: 98380
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-1804c"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePvtpJKNP6lZ487iLh5zRlCu5ZIhzWK6AXwlqbPqW9KyNZVCQqYqNKRg4U%2BexIGTe2%2BMffcHStZ1QvBrP6uJGjXRYssxIIt1LuoabUjWPmRx%2FCfAPhhztjs%2BxjNiF1ifa2V7cLNfVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b7cb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/rr2.jpg
104.21.81.41200 OK 121 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/rr2.jpg
IP 104.21.81.41:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1000x1000, components 3\012- data
Size 121 kB (121150 bytes)
Hash 2a357e83760459a059854909283bc32a
e0838b8bb192e160464dae2efe6541d55c5c6d13
e0d523ff48978cd3b5104162fdd5e3b98fda71689ceabf05653ba0a035af1fc0
GET /includes/templates/lw_a25/images/rr2.jpg HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/jpeg
content-length: 121150
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-1d93e"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nlFK5PwLrHqCaIv0JUKYD5Tol40au4sfLGEzT%2FOg9suG2M%2FJ0FktdzElTaen0h77tkkrJ9lvA3b0MbeQLzERBNyJknm5tT7J8C%2BcOEBpkMM6YY1Ah6Gefkr2LgvEEHvgPCUg%2FsQAZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b8ab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/rr3.jpg
104.21.81.41200 OK 163 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/rr3.jpg
IP 104.21.81.41:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x1000, components 3\012- data
Size 163 kB (163017 bytes)
Hash dbbcac54933cfa315ae6ff32075d1cf3
543bf7457fdfcffbd41f939ad1154b9e82ba3c45
a4609bd491fd6380b8f3f14f9a9fa766ec1843853ed948297438c9f4d5e007c8
GET /includes/templates/lw_a25/images/rr3.jpg HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/jpeg
content-length: 163017
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-27cc9"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=baKr%2FpwzBIXSrWertt%2FXEZ%2FT7erxUDB%2FFLg8VtmnTeRmJAetsh%2BU9BvO2B7weXhp5mWrRlRFm3n6DPwgXGBhtNXT%2FSRX4K5NMDQ%2BZw2o%2FTIkUrlORidXgTHf4yq8j4azG13xnDmOAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b8db50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/images/rr1.jpg
104.21.81.41200 OK 127 kB URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/images/rr1.jpg
IP 104.21.81.41:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 1000x1000, components 3\012- data
Size 127 kB (126890 bytes)
Hash 37c48a034e0c37f4bc7a5f40c8578075
81f9ce193d85cebb26348685148388d892671b55
3fc44ae1f4958a75e200d6d81b54fb3ef6c92f116b49771a3063cdce058e91eb
GET /includes/templates/lw_a25/images/rr1.jpg HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: image/jpeg
content-length: 126890
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
etag: "63749f0d-1efaa"
expires: Sun, 01 Jan 2023 08:32:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDHYTTYtrR%2BSOVs%2BdaWLkN%2F1tOEOAB%2FIhegPpHqXa%2B0O7dOW%2FBLVN5HxlgQ%2F4t8BKV8Hxv9YvNv9R015oIkZMEZJVWL2QqOmmGqionzElqstl0CUuqtFpzOQYU48sy7auQzsGySTfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6814b88b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/favicon.ico
104.21.81.41200 OK 105 B URL HTTP/1.1 destroy.buythree.bar/favicon.ico
IP 104.21.81.41:0
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash f5755be425622c647f7b1bfc46c779d9
1f51e79cef0a25e8d04783b4e0a7660b76b6f657
24bf4d92ad9b12374ae1fe9ab145e89e62c3953c5c6274dbbf017d2574ad8ce4
GET /favicon.ico HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://destroy.buythree.bar/
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 08:32:38 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 28 Dec 2017 23:11:02 GMT
ETag: W/"5a457a06-1536"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BtXA2k4V27o4pdQtev%2BFuDveD7g%2BXh%2BT1kkNUVS%2BAcCAs6oL2eVKiFN8PT5dUWjCHkPgJH3Hv%2BtjOz4ZxnOakfLEJwFBHLm5osG9icJfSzqWaErUQXrzSZQslaFRs08%2FljvOaasPwA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7732b6900e7ffabc-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNjRmYzEzOGFhZjJmMWUyMzM2ODI3NzkyYzU3MzkzYTBlNTRlMWVkMy9pLWltZzkwMHgxMjAwLTE2NjYyODM1MDBkMmFvNTQ3MjM2NS5qcGc=
104.21.81.41200 OK 183 kB URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNjRmYzEzOGFhZjJmMWUyMzM2ODI3NzkyYzU3MzkzYTBlNTRlMWVkMy9pLWltZzkwMHgxMjAwLTE2NjYyODM1MDBkMmFvNTQ3MjM2NS5qcGc=
IP 104.21.81.41:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x1200, components 3\012- data
Size 183 kB (183255 bytes)
Hash 18eb613a58654dfc83c610cb222d7b11
0bdadbd699d11d83ee8f40117575ae2b9423ccbc
8ec4907e7fcf015e43d27619c6a8367241ed635d9bf490213d55dfaef6046710
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNjRmYzEzOGFhZjJmMWUyMzM2ODI3NzkyYzU3MzkzYTBlNTRlMWVkMy9pLWltZzkwMHgxMjAwLTE2NjYyODM1MDBkMmFvNTQ3MjM2NS5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHhwkBzTrRJVLhaupE6yVcKRDVni6kH9GR1eAUSYH9tuxc0emgjxyL6C%2FdVBnk3yucXgopGxsMHC%2BjSX07hi7wtq41%2F1%2F0T2IGReZ9NWSKLJNK6WdhS96QvIsDoZ6OidBY7wqexkkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bb3b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvZGNmOGJlMjYwNzUyNDNlNDIzZjNmMWRkZTNjM2RmZDdjZTgxODY3ZC9pLWltZzg5OHgxMTk4LTE2NjU5Nzc1ODJidTI5YnExNi5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvZGNmOGJlMjYwNzUyNDNlNDIzZjNmMWRkZTNjM2RmZDdjZTgxODY3ZC9pLWltZzg5OHgxMTk4LTE2NjU5Nzc1ODJidTI5YnExNi5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvZGNmOGJlMjYwNzUyNDNlNDIzZjNmMWRkZTNjM2RmZDdjZTgxODY3ZC9pLWltZzg5OHgxMTk4LTE2NjU5Nzc1ODJidTI5YnExNi5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d0smKpUfP3d91IFPsvCCO74vzpmRFQyydTDdhcPmkqEi7sHBgqbBLQ9dKkeSxaGxl6VzffmyJcX8fbZ6WcQbch%2BKZ5tFR37U2vn64EXonITZZIBHt9D8tiZjwyKnu1yttBEvWEdlXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6814b80b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNDM1YzQzZGJlZDY5OWIzNjE5NDg5NDkyNGNlMTM1MDA5YjgyNDA2Ni9pLWltZzExOTh4ODk4LTE2NjYzMTE4NTZ0dTl5OHY4MTczMy5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNDM1YzQzZGJlZDY5OWIzNjE5NDg5NDkyNGNlMTM1MDA5YjgyNDA2Ni9pLWltZzExOTh4ODk4LTE2NjYzMTE4NTZ0dTl5OHY4MTczMy5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNDM1YzQzZGJlZDY5OWIzNjE5NDg5NDkyNGNlMTM1MDA5YjgyNDA2Ni9pLWltZzExOTh4ODk4LTE2NjYzMTE4NTZ0dTl5OHY4MTczMy5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:38 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJxndKZQfDbkEcmoNN4WUOgxLWFIz42t9kj9BvJoL26%2B1Pzybd%2BVYn5cb8E8%2B2MMEHFMNEQEROORP0AxKErjh9Vx2TPa5hgasnuX4QTDGpjyVetE5%2BEc2N0yf7ZL9J9nP5yJ5KjNcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bb0b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_tm.css
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_tm.css
IP 104.21.81.41:0
GET /includes/templates/lw_a25/css/stylesheet_tm.css HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
vary: Accept-Encoding
etag: W/"63749f0d-7a4c"
expires: Fri, 02 Dec 2022 20:32:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RE%2FKfJq%2B2%2BmeHiY4wyhBItrPArvBPWlcth4dOvnuMXcbAyEeYX6vHvSUgqSM0tUT8mVwMYLoOzmKOd8BJSLpBwOZ8MLpzHLyFoBFxhcQ%2BZi4fwKHeElcY8IWxdrS9nVQZ6Yq5tMF9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6814b73b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzFhZTE1YjlkZGUyZjA3ZmUwZDk3NjZkOWQ0ZTIyYzE4ZDJkNWUyYi9pLWltZzQ2N3g2NDgtMTY2NjMxMDA3ODhmOWt5dTgzMTM3Ny5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzFhZTE1YjlkZGUyZjA3ZmUwZDk3NjZkOWQ0ZTIyYzE4ZDJkNWUyYi9pLWltZzQ2N3g2NDgtMTY2NjMxMDA3ODhmOWt5dTgzMTM3Ny5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzFhZTE1YjlkZGUyZjA3ZmUwZDk3NjZkOWQ0ZTIyYzE4ZDJkNWUyYi9pLWltZzQ2N3g2NDgtMTY2NjMxMDA3ODhmOWt5dTgzMTM3Ny5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D3SjDjm1d%2FosD2mVBp9Zl6dYkqX%2FjOM%2BoAxbuJH8%2F8huNM3sZxTp8cCa0XRMYkeT%2FKySJL9yVO8zSpRpaNlahQpl41uHCWcJJTV1UZJmDqDUzA1m3%2FM0%2Fk46bka9L9EVFxoSioPaEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bb1b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMGM3Mzc0NDU0ZmNlZTMwMjI1ODYxNjVmZDczMzFlNTg0NTEwNmI4Mi9pLWltZzExNzB4ODY0LTE2NjYzMjE2MThndnBnb2M4OTIxMS5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMGM3Mzc0NDU0ZmNlZTMwMjI1ODYxNjVmZDczMzFlNTg0NTEwNmI4Mi9pLWltZzExNzB4ODY0LTE2NjYzMjE2MThndnBnb2M4OTIxMS5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMGM3Mzc0NDU0ZmNlZTMwMjI1ODYxNjVmZDczMzFlNTg0NTEwNmI4Mi9pLWltZzExNzB4ODY0LTE2NjYzMjE2MThndnBnb2M4OTIxMS5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sUa06%2F4WM2t%2B01JnkL7zrkdot1Nkx5E3we%2FLy6Khd6wI63z7lj6OSnjSEyN40UgeisbYoBOe%2BAQBeiBDEGVKeOOhHQMoyRIVus17%2Fsim1uDIWDRGK2VrvzU0EXiuoVFPR5tRz0tCBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bacb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 18:31:41 GMT
etag: W/"6387a18d-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D26pdD%2Fpba2Hrgt%2Brtkk0IhL%2B35fzLq5yRSKkeEwBl%2B341RoPuzL97Uv0b8iEXlDs1E0KiIsECqQUNgG%2FzNd0VnA4HEBIka0t8s%2BPczIkPW2SyL7nPXJuXa70pQV9nZ%2Ftff%2BYzQ%2FNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7732b6815bc7b50b-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 04 Dec 2022 08:32:36 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDUvdXNlcnMvNTk2MzdkZjg1ZjkwNjlkOWYyNGQ4Yjk2OGNkMDYyZGE1NGZlNzViOC9pLWltZzYwMHg2MDAtMTY1MjcwNjYyMGc0Y21ybjI2MTQzOS5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDUvdXNlcnMvNTk2MzdkZjg1ZjkwNjlkOWYyNGQ4Yjk2OGNkMDYyZGE1NGZlNzViOC9pLWltZzYwMHg2MDAtMTY1MjcwNjYyMGc0Y21ybjI2MTQzOS5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDUvdXNlcnMvNTk2MzdkZjg1ZjkwNjlkOWYyNGQ4Yjk2OGNkMDYyZGE1NGZlNzViOC9pLWltZzYwMHg2MDAtMTY1MjcwNjYyMGc0Y21ybjI2MTQzOS5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7oY8RuXEm0r6IDjIS8v2VDTiSaBBMKFnQYWFkXUVvUS8WtrY1KcCUoSP2h7%2FRZWpmoDUMdrVdTbsnivcJ57D3fE03HwMfa2FOooNa03ka%2Bq0zYlvP5K%2Bn%2FCM4pBPxA16eZfHpnh8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815ba8b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMDBlY2FhMjdjY2Q4M2JjZmZiYzgwYTFhOGRlOGU3YTlmNWQ3YTI2NC9pLWltZzUwMHgzNjItMTY2NjMyNjQxOGJlbDJoNTE4MTIuanBn
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMDBlY2FhMjdjY2Q4M2JjZmZiYzgwYTFhOGRlOGU3YTlmNWQ3YTI2NC9pLWltZzUwMHgzNjItMTY2NjMyNjQxOGJlbDJoNTE4MTIuanBn
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMDBlY2FhMjdjY2Q4M2JjZmZiYzgwYTFhOGRlOGU3YTlmNWQ3YTI2NC9pLWltZzUwMHgzNjItMTY2NjMyNjQxOGJlbDJoNTE4MTIuanBn HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iP2zNTBCK9nPPQ1UtlITljFIp%2FT7cty0n9vXfHC%2FGfX38LuEo937Itlr9rGvg92cJ83ltliTrHpFjMwWIeYyoivds0if8Jv8bmv%2Fn69H%2FLo%2F1KBdTyQMV0ZyMYDwgDFp8pRExXPPHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815baab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYTk2YzBmN2JmM2Y5MWEyZmY5ODM2OWUxMDRmMDYxMzVjYzQwMDE2YS9pLWltZzEyMDB4OTAwLTE2NjYzMjUwODFoNjZxems5MjE2NzQuanBn
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYTk2YzBmN2JmM2Y5MWEyZmY5ODM2OWUxMDRmMDYxMzVjYzQwMDE2YS9pLWltZzEyMDB4OTAwLTE2NjYzMjUwODFoNjZxems5MjE2NzQuanBn
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYTk2YzBmN2JmM2Y5MWEyZmY5ODM2OWUxMDRmMDYxMzVjYzQwMDE2YS9pLWltZzEyMDB4OTAwLTE2NjYzMjUwODFoNjZxems5MjE2NzQuanBn HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78vUfmBOVo7wk7EGTbwFuHj%2FlXvxC6%2F9QRpo3k%2BqMrsN8mMA1SyZcQr6iZk1DBvrgWobxwPUbZ3zykESmzaokLZmrqtf3DWeiNzJUR0MZUQZ7DgqEcDXWVkHLtcvIWKZtamITKpVYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6814b70b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/css/style_categories.css
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/css/style_categories.css
IP 104.21.81.41:0
GET /includes/templates/lw_a25/css/style_categories.css HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
vary: Accept-Encoding
etag: W/"63749f0d-6cd"
expires: Fri, 02 Dec 2022 20:32:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQ%2FXzBB8e%2BPPY37XYc1%2Flr%2BT4wNPJksXJkdlxgAjgGD6Qm6fxM7IpR2a%2BdzZbtv%2F7FXT%2BeI68Ed5gpMYfVov%2FbbWgEjUCtgxxsD4yccgioQMnlwrXS6UWzVHxInTaHgtnRJ9rgXucw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6814b6cb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_css_buttons.css
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_css_buttons.css
IP 104.21.81.41:0
GET /includes/templates/lw_a25/css/stylesheet_css_buttons.css HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
vary: Accept-Encoding
etag: W/"63749f0d-553"
expires: Fri, 02 Dec 2022 20:32:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEfMUSKDyxOSjEkmhAxc07o02XDtIw4YCQhAXzL2hug6LLJarH%2BnmVKkjYqCo9lnGgMH4PPdS6EY75JmZkB2YtH6zTaX9cGPnOTUo5id2wXTTdvZHTq8XFTnIef0h2D%2Bo3AKb0%2BUbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bbfb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNDVlODRkZTliZmUzNGQyOWJiYjFlYzgwMzMxNDQ0Y2YxNTg2MTk3MC9pLWltZzY0MHg2NDAtMTY2NjMwNzQzNW1qc3c2NzQ4MDE5NC5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNDVlODRkZTliZmUzNGQyOWJiYjFlYzgwMzMxNDQ0Y2YxNTg2MTk3MC9pLWltZzY0MHg2NDAtMTY2NjMwNzQzNW1qc3c2NzQ4MDE5NC5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNDVlODRkZTliZmUzNGQyOWJiYjFlYzgwMzMxNDQ0Y2YxNTg2MTk3MC9pLWltZzY0MHg2NDAtMTY2NjMwNzQzNW1qc3c2NzQ4MDE5NC5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqXSDUC7F3ve0ExgTbO5hHcvrvRrCky52a6lElzu2iBr9BBxDzfge3Y2%2BBYloxQV6JbKB59mBB8ms4erJw7m5DYVchdjjuR%2Bu64U1c4KnY0xmUMBKS7xg%2BaRaPYrq2XfGWgBp8Q%2FNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815ba3b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_related.css
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_related.css
IP 104.21.81.41:0
GET /includes/templates/lw_a25/css/stylesheet_related.css HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
vary: Accept-Encoding
etag: W/"63749f0d-80e"
expires: Fri, 02 Dec 2022 20:32:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9muq4m26SAOt%2BHg02ZyDvpQ6MltoosMNslpGPMzdKQ%2BgUN1JQBSwybGlN5EgtHzThw5A%2F4Ds1J6RhwbQ2kzhQ44mz3Q%2F36GV1s%2Bm8K2RxJD71ILKhD7HCmW1barV3bAi%2FimAkLQYSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bc3b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDcvdXNlcnMvMDhiMGM1YzNlOWVkZjYzNGNlMmM2YzQ2MjUxZDY5OTMzMGRkMjEyZC9pLWltZzcwMXg2NjktMTY1ODcyNDQ4NzA1eWZkcTMyNjE0MC5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDcvdXNlcnMvMDhiMGM1YzNlOWVkZjYzNGNlMmM2YzQ2MjUxZDY5OTMzMGRkMjEyZC9pLWltZzcwMXg2NjktMTY1ODcyNDQ4NzA1eWZkcTMyNjE0MC5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDcvdXNlcnMvMDhiMGM1YzNlOWVkZjYzNGNlMmM2YzQ2MjUxZDY5OTMzMGRkMjEyZC9pLWltZzcwMXg2NjktMTY1ODcyNDQ4NzA1eWZkcTMyNjE0MC5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2FKtQJIa3L6HDU%2BQFakgXjeYhgjizSF%2BqaJfUzYWBtvUxTtKShlaKfpe%2BmiAF5WxNpQWfA6%2Fo59u4y4PQLwRuBMBUHaU%2Bkqz6%2FGMfxJOH0rTJICrOGm5%2BxTlKMm7XyW2n5OhccNpyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815ba0b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_index_home.css
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_index_home.css
IP 104.21.81.41:0
GET /includes/templates/lw_a25/css/stylesheet_index_home.css HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
vary: Accept-Encoding
etag: W/"63749f0d-dfd"
expires: Fri, 02 Dec 2022 20:32:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KwkT87zhaFhBF%2B28M87ZZ8PgkTicWfoIdkiH6YJnKRjTzEFHyb1P2SLp1Dkc1Yn89aFHoeZjOITb0zEESVVDJV1gaEaIGD%2BEeTvYkLrZ15JH6dv5%2F%2BPRyBHw1vue54cFg8ZBozwlgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bc1b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet.css
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet.css
IP 104.21.81.41:0
GET /includes/templates/lw_a25/css/stylesheet.css HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
vary: Accept-Encoding
etag: W/"63749f0d-372a"
expires: Fri, 02 Dec 2022 20:32:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0X%2B8XuwxE9K4HOFw9KkkouBGVRqGM7zvN1e%2FtsyJj540QKVXQZ6c9qIDDzoqmB71Avwbykwls083jVAhK1AzwGcnu7wQJ7MFHFZuEuWswaJ0bmp1%2FkZ3NnZrwg55AsF3jYAc5KvYXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bb9b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNzVlY2QxOTg2NzM3NzZmNmIxNmRiNzgzY2JkYzY2ZGFjNjE1MzI5OC9pLWltZzUwMHg1MDAtMTY2NTAxOTk3M2tvdnBsNzMzNTgxOS5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNzVlY2QxOTg2NzM3NzZmNmIxNmRiNzgzY2JkYzY2ZGFjNjE1MzI5OC9pLWltZzUwMHg1MDAtMTY2NTAxOTk3M2tvdnBsNzMzNTgxOS5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvNzVlY2QxOTg2NzM3NzZmNmIxNmRiNzgzY2JkYzY2ZGFjNjE1MzI5OC9pLWltZzUwMHg1MDAtMTY2NTAxOTk3M2tvdnBsNzMzNTgxOS5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNmPJE%2FgF2%2FNt5Br85as%2BNo9rfTlLiwGLO1697ytQutzhvfXbmI3Vgd77mZv64JBhR%2FoogysD9MzVKHSBdaWxbcPmg0X4W58H6Vx%2BBa%2BosZCI27LfL3%2Fjs1xvob3PnD7fkHw5Set%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6814b91b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDIvdXNlcnMvYWVjZmUzMGE1ODcwMmI1NTAyODE5ZTg3YWVlNzBlMzFjMTM5MmNmMi9pLWltZzM1OXgzNTUtMTY0Mzc2Mjc4OHR3ZWtpNDIyMzIwLmpwZw==
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDIvdXNlcnMvYWVjZmUzMGE1ODcwMmI1NTAyODE5ZTg3YWVlNzBlMzFjMTM5MmNmMi9pLWltZzM1OXgzNTUtMTY0Mzc2Mjc4OHR3ZWtpNDIyMzIwLmpwZw==
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDIvdXNlcnMvYWVjZmUzMGE1ODcwMmI1NTAyODE5ZTg3YWVlNzBlMzFjMTM5MmNmMi9pLWltZzM1OXgzNTUtMTY0Mzc2Mjc4OHR3ZWtpNDIyMzIwLmpwZw== HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dUYRWZ5VDVo%2Fw2R4pMw6Or%2FJ6I5unY4iDptSjtLGWYupr%2BTNqE2GKwwr5E7a8Sq%2FNQ6V7SZrGJpTp223DInRL5DLuPWkKSa%2FjmGClYXYtCq6clHHF%2F%2FI0K06NPL4OGVfG7WEEqbv0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815b99b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDkvdXNlcnMvNzNiYzEwMjI0OTRlMjA4YmI4ZjE1NDRiNDJhNWQ4MWNjNzRhNDkwYi9pLWltZzgxOHgxMjAwLTE2NjI3OTA0ODEzbzJ1cDI2NzgxNi5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDkvdXNlcnMvNzNiYzEwMjI0OTRlMjA4YmI4ZjE1NDRiNDJhNWQ4MWNjNzRhNDkwYi9pLWltZzgxOHgxMjAwLTE2NjI3OTA0ODEzbzJ1cDI2NzgxNi5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDkvdXNlcnMvNzNiYzEwMjI0OTRlMjA4YmI4ZjE1NDRiNDJhNWQ4MWNjNzRhNDkwYi9pLWltZzgxOHgxMjAwLTE2NjI3OTA0ODEzbzJ1cDI2NzgxNi5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWJ%2FhvWpNsILeYTK9dD98JWGon2xlpaDZzp%2FNYUmijz9g2hYV4wYxLqMpwOSXU8WfglzmeTrPkVKvg5y%2FlDOZZkKcsDPkq%2FRXYo3MevH83XTUCVFMWnnJJ4V6nDhsS1zVG73l%2BkECw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6814b86b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzI4ZmNhMzc0MzFiNTg0ZDBiYWFjYTMzMjUwOGYwNDg3YzY1ZTMyZS9pLWltZzU2OHg2NTMtMTY2NjMwMDc5MXZjdXMyaTc2ODY4LmpwZw==
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzI4ZmNhMzc0MzFiNTg0ZDBiYWFjYTMzMjUwOGYwNDg3YzY1ZTMyZS9pLWltZzU2OHg2NTMtMTY2NjMwMDc5MXZjdXMyaTc2ODY4LmpwZw==
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzI4ZmNhMzc0MzFiNTg0ZDBiYWFjYTMzMjUwOGYwNDg3YzY1ZTMyZS9pLWltZzU2OHg2NTMtMTY2NjMwMDc5MXZjdXMyaTc2ODY4LmpwZw== HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YGwh3tM5KOTbV5t2tb3KfKhYxOnr8hlJix5CIvDObjJ%2BZzM79rzF7euEsrnDW6gBXy5lwjytOv8yYU2RJtyrlS4Oq6ETQ7LpGBvt9u5caNgsgnZK6OeG7v%2Fh%2FPj9O2o5V9X5WflQeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bafb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_cart.css
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/includes/templates/lw_a25/css/stylesheet_cart.css
IP 104.21.81.41:0
GET /includes/templates/lw_a25/css/stylesheet_cart.css HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:36 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 08:27:57 GMT
vary: Accept-Encoding
etag: W/"63749f0d-214a"
expires: Fri, 02 Dec 2022 20:32:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cCBt1Cn5OkMHWu28l5QUM3m5gT58263gmnAaD28KfGzlpAKRm5eahHqrWwnCCFP7ppRSJWYc%2Fstjv3bKd8m%2BhMMcDLA80Lu8s8A%2F1PU67WgaBPqPD3E17Uo2KXAlIINn20xSWszUlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815babb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvN2RhYTg1NWEwZGJlMTgzOTMzYWYyN2U0ZTEzMzAyODE0YTNlZDUzNC9pLWltZzgwMHgzMjAtMTY2NjIxMzAxNHNhNGQ5ajQzNTQxOC5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvN2RhYTg1NWEwZGJlMTgzOTMzYWYyN2U0ZTEzMzAyODE0YTNlZDUzNC9pLWltZzgwMHgzMjAtMTY2NjIxMzAxNHNhNGQ5ajQzNTQxOC5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvN2RhYTg1NWEwZGJlMTgzOTMzYWYyN2U0ZTEzMzAyODE0YTNlZDUzNC9pLWltZzgwMHgzMjAtMTY2NjIxMzAxNHNhNGQ5ajQzNTQxOC5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xikXduvUUFQkIoMclMuDXKkfURHpalQT4upXUXRhdsvqu5AVRvlm3NeY0XAkrrXGE%2FNydZHDMYQ3qOzGvvzJYg3CFJWvo6uZtvzJBSGapbDo0OmcvENK2Qm3au0zU9fq4V7wV51hDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6814b72b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzI4ZmNhMzc0MzFiNTg0ZDBiYWFjYTMzMjUwOGYwNDg3YzY1ZTMyZS9pLWltZzU2OHg2NTMtMTY2NjMxNjQzM3VnZmNrdzQ5MjA2NS5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzI4ZmNhMzc0MzFiNTg0ZDBiYWFjYTMzMjUwOGYwNDg3YzY1ZTMyZS9pLWltZzU2OHg2NTMtMTY2NjMxNjQzM3VnZmNrdzQ5MjA2NS5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvYzI4ZmNhMzc0MzFiNTg0ZDBiYWFjYTMzMjUwOGYwNDg3YzY1ZTMyZS9pLWltZzU2OHg2NTMtMTY2NjMxNjQzM3VnZmNrdzQ5MjA2NS5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uRyM6iB26W0d0E0grvjA2Hf07s6ZghIGoQwsWEhsRmojqPUg%2F3bql3B0G0X1ldMi2wK2nl%2FUisBQpwMl07KYLMPZ2t%2FoyrdaNwaYprH1Fr7nrpVgAehCFpc4DA6D%2BkXBmb4ieMg6Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815b9cb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMzhmODlmZDM3ZDA0NjEzZjY4OWVlNzdmMDg3MTJkYWM5YjRmM2IyNi9pLWltZzY0MHg0ODAtMTY2NjI1NzQzMXYzbnlobzgwOTY3NC5qcGc=
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMzhmODlmZDM3ZDA0NjEzZjY4OWVlNzdmMDg3MTJkYWM5YjRmM2IyNi9pLWltZzY0MHg0ODAtMTY2NjI1NzQzMXYzbnlobzgwOTY3NC5qcGc=
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMTAvdXNlcnMvMzhmODlmZDM3ZDA0NjEzZjY4OWVlNzdmMDg3MTJkYWM5YjRmM2IyNi9pLWltZzY0MHg0ODAtMTY2NjI1NzQzMXYzbnlobzgwOTY3NC5qcGc= HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9DUQU4djfCkCe99RXheBe4MX4aht91Zm4OvHNQGLd1OEsbUXACgZzUTKVz9X0iXiasT%2FLuWR2f7FEgWMuOXV4ZhTt57IVhJpgYu8SIB%2FL1swgXQ4JMqVvfD13Bg8fUiUZ6FIqwmsdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815bb6b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDgvdXNlcnMvNjlmMTU3N2EwM2VmN2JhZDlmODE2NzBmNGE0YTA2ZTdkN2NmN2ExNy9pLWltZzExMTR4MTIwMC0xNjU5NTYzNzgwb3B5b2s3OTEwMTQuanBn
104.21.81.41200 OK 0 B URL HTTP/2 destroy.buythree.bar/imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDgvdXNlcnMvNjlmMTU3N2EwM2VmN2JhZDlmODE2NzBmNGE0YTA2ZTdkN2NmN2ExNy9pLWltZzExMTR4MTIwMC0xNjU5NTYzNzgwb3B5b2s3OTEwMTQuanBn
IP 104.21.81.41:0
Analyzer Verdict Alert fortinet Malware
GET /imgcdn.php?pic=aHR0cHM6Ly9hdWN0aW9ucy5jLnlpbWcuanAvaW1hZ2VzLmF1Y3Rpb25zLnlhaG9vLmNvLmpwL2ltYWdlL2RyMDAwL2F1YzAzMDgvdXNlcnMvNjlmMTU3N2EwM2VmN2JhZDlmODE2NzBmNGE0YTA2ZTdkN2NmN2ExNy9pLWltZzExMTR4MTIwMC0xNjU5NTYzNzgwb3B5b2s3OTEwMTQuanBn HTTP/1.1
Host: destroy.buythree.bar
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://destroy.buythree.bar/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 08:32:37 GMT
content-type: image/jpg
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MU1iTN%2B4gVOQLB30Gb10AZTifkVk4m0hFD2wkiwBtIlnv5hVY8VuIdmH4mGk5t7ee65m36JxnwE7c5earMe0isYRyYCpfgUZpiVyqCKzvneINQwJ5GQ3wKw9qiwFqv3caBv5c9ux6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732b6815ba6b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2