r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6412
Expires: Sat, 12 Nov 2022 08:23:07 GMT
Date: Sat, 12 Nov 2022 06:36:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5473
Cache-Control: max-age=105985
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 06:36:15 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 12:02:40 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 05:44:09 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3126
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8391107bfc5e4673e8a706f90f63768
5295ed0b1cb8bad4d3e851049acc7f0270937d12
ed5c27510100ffc4481be474ebcb020d147c645beb110604d5284eeeb8b97c02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED5C27510100FFC4481BE474EBCB020D147C645BEB110604D5284EEEB8B97C02"
Last-Modified: Fri, 11 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17960
Expires: Sat, 12 Nov 2022 11:35:35 GMT
Date: Sat, 12 Nov 2022 06:36:15 GMT
Connection: keep-alive
luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
104.21.86.39200 OK 1.7 kB URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
IP 104.21.86.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 852ad6af1a3eb9feee7d18cc2dc353db
5a1a7636792ada34221c958a62b1adbe1749839f
0b6d74f8aaeb080b666acd6b631b5d7ed3b02babf4a05bbc7d997bf329c69798
GET /ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 00:30:18 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uz2SOcrFR57b5z72L47LORfBq14uLKbbx8rrNXwF2fDneohFEBGxrYO17GX0E6MdE5d%2FqCdNCH92eIF%2FPPmvgnZPehX69%2BE7%2BOFH3BOx2zxdoyuwY189%2BbCsGDAzkFRP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 768d40916c830b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: edR/nLfVdsWK9ZHtLhlCSfabB7NErx7sIYbAp3yxJ9O/QSyVxmbnvWvODx8V9FyBgA28/2h6qXI=
x-amz-request-id: XMQXT9MAZ5VKEHF3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 06:12:53 GMT
age: 1402
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
luckyme.homes/ip13/id/survey_2az/img/app.css
104.21.86.39200 OK 170 B URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/img/app.css
IP 104.21.86.39:0
File type ASCII text, with very long lines (309), with no line terminators
Hash b5d43158e1817850386944b660cd1812
82a3b7d0d4105538585c3b81e134f87f7f4d2137
f7536532a967f9fb02f942226e6d5a8ab80f5e74e113aac5c0083a661dbeaced
GET /ip13/id/survey_2az/img/app.css HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 00:30:21 GMT
ETag: W/"6321209d-135"
Expires: Sat, 12 Nov 2022 11:46:12 GMT
Cache-Control: max-age=43200
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QOuIxUV9gZSOVm86rIFWQAZR0cU93uAjdNbqYAsRcq5TU8DEKJoM5if28N9qpvsA%2FY86LKurakezbhKDsQDPxb%2FppF3igRzhK668xNgf8He%2Fq4DRlUu%2F38afKwwu8AdV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768d40939daf0b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
luckyme.homes/ip13/id/survey_2az/img/app1.css
104.21.86.39200 OK 1.0 kB URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/img/app1.css
IP 104.21.86.39:0
File type ASCII text, with very long lines (2717), with no line terminators
Hash 646774d51b78aec4122cb433032741e8
82488274e09d3f4b48537a7eb9422f486db0ddbc
9e3b623c06f1b1975447ecc3d9d11f6378b0da157384b16fa3056e9a3e3abf29
GET /ip13/id/survey_2az/img/app1.css HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 00:30:21 GMT
Vary: Accept-Encoding
ETag: W/"6321209d-a9d"
Expires: Sat, 12 Nov 2022 11:24:56 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LNTfkZBmdeXdo6FiZ0S%2B2wcDS9R6YkqVLujMaVJMzICtt8Fi6Y6r%2BTj8CnAmwu4S7Ag8wsKs5kvoBZLGYd4YMTOS04Fhq8TWo8xux%2BxA%2BH8EMUYPsxFKGoal0yFsX35"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 768d40939f930b65-OSL
alt-svc: h2=":443"; ma=60
luckyme.homes/ip13/id/survey_2az/img/app.js
104.21.86.39200 OK 697 B URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/img/app.js
IP 104.21.86.39:0
File type ASCII text, with very long lines (1468), with no line terminators
Hash eec23f6831ab2694520d8df7aa954c4c
1f7689b66f9c104dc53703837478d386883c1c6f
f48c942826a30f94a45c4b0b8e049bca89b90925ba8e5cc06b88ce8af5ce7f0f
Analyzer Verdict Alert fortinet Phishing
GET /ip13/id/survey_2az/img/app.js HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 00:30:21 GMT
Vary: Accept-Encoding
ETag: W/"6321209d-5bc"
Expires: Sat, 12 Nov 2022 12:21:30 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Ay%2Bub3heE5A90q2q7PR%2FRXGSeo%2FP80qEPVM2LUarWrwORTanuouh2R%2BpcA8UrFff%2FkU5CuGXHp92zZNooQh3R9TlvI53K404mfDAU3kajzIN%2FXmqTLC2fwteyJ11Nad"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 768d40939939b500-OSL
alt-svc: h2=":443"; ma=60
luckyme.homes/ip13/id/survey_2az/img/default@0.75x.png
104.21.86.39200 OK 56 kB URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/img/default@0.75x.png
IP 104.21.86.39:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c107e1b5b8b9e124cc614ac3b1b7ce8
a4471830185258b840b8ba56297298ff4c121a5a
d113eb582f92abc89bcb5f15e3bdfa6165e2c3189ab8e6174cb63356a1ded746
GET /ip13/id/survey_2az/img/default@0.75x.png HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: image/png
Content-Length: 55706
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 00:30:22 GMT
ETag: "6321209e-d99a"
Expires: Wed, 30 Nov 2022 23:17:45 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 206574
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qWfgzhdTD8kDJ1kMEiOMEWJqKWgYDeJauO5esCOFPH9j%2FKkgMYtAiAW6AeAtX8pcgwLqPt8wvYPvKNkSb5KyYnWlwsIycqECuhxOKaFY4P6tLKE5lPL3wneeQ15QKp6A"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768d4094ea14b500-OSL
alt-svc: h2=":443"; ma=60
luckyme.homes/ip13/id/survey_2az/img/app1.js
104.21.86.39200 OK 51 kB URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/img/app1.js
IP 104.21.86.39:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6b0b16c24d708efbfa69229457bcfef0
a31b0752d1389f32ce3093677405c09c213ba624
7a1c9efaed2891934fe3bc4ec874f89dd39e446b12ad77fe916763e9b9e0e176
Analyzer Verdict Alert fortinet Phishing
GET /ip13/id/survey_2az/img/app1.js HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 00:30:21 GMT
Vary: Accept-Encoding
ETag: W/"6321209d-211f7"
Expires: Sat, 12 Nov 2022 11:24:56 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BC2UC%2Fnoc8AF3fkxC1i4KNDX65Lpo8%2FZly4De0ZeQ1G6IruoPGXfsdT5v2rNMhMd9x8MI885qdAGhXAB86g6FRdcFMLh9mBXYtuhuIIq%2B%2Fwu90oVru98huKMHcyMMxI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 768d40939926fac0-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4b46bbcd35c85c4678b0e3e409bba3bc
bb0705335e28414345ad5fcdd61104cf2fbbbbc4
6c3df7e6d0a8491fe24c03df2ccba059ba2f84155a680a4a22f217d3870cff95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 06:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
luckyme.homes/ip13/id/survey_2az/img/checked.png
104.21.86.39404 Not Found 167 B URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/img/checked.png
IP 104.21.86.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 4e93325cbd7d0a1bd9182c50a87ee855
4761e9470180e0a73ba9df2773318dab945e33be
c9741cd73b587f99806ca15ae0bf08ca7e78d0a805fc0258394b757107395c96
GET /ip13/id/survey_2az/img/checked.png HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8lhfcyIOPvBemi5LIFezp5nlRuCalONLzyD1Gn3P6ONmbT5PhfozgYLoF9%2BaOjQX5Ka2m3w%2FsnTfLpHMFUZP%2Bhh9RfvTZl4CmGWVqWFesg0hxdPPfOzv6CZ3M9EfYvzI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768d4094ebaa0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
luckyme.homes/ip13/id/survey_2az/img/spinner.gif
104.21.86.39404 Not Found 167 B URL HTTP/1.1 luckyme.homes/ip13/id/survey_2az/img/spinner.gif
IP 104.21.86.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 4e93325cbd7d0a1bd9182c50a87ee855
4761e9470180e0a73ba9df2773318dab945e33be
c9741cd73b587f99806ca15ae0bf08ca7e78d0a805fc0258394b757107395c96
GET /ip13/id/survey_2az/img/spinner.gif HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/ip13/id/survey_2az/?cid=w7d6taadug2jamdki6mifjco&cep=qYbDcZlk-eEBss8P5k6ohALsSe6BMYHEmoTw3a6h4PZwN9zI4jhFSDZbEakzwzE4J1Vrz8E0vDd3mWdJYbZ2Po1DTWDCQx5LgjSVvSuVeO7_SveX4Xhs8Y-xcWJPXBRg0sCdDew_nwRX1Q7EoRAHe6sI5_XoOQAWsDOwNNGHt8NBrztYR7_JDCs-xf05Z8ykh8IIRg4BW6Krzz_rmrTtUnERf0-2z7hh2uj9n5hO6PTSEHwRmqOa4XgDnQ-P5VbO2dFL59bIx0x0hSLVufDYFA6YuPecmNl1YB4yDkODsI3m1wwAADQvAilO3GT1G9L4AKr0wbVSs1OFERHCKn4w0xAiOVKpB0ZIX8d0UBQaWqIkfe1w5776sfKvOgzCfyk25CywwBdBNeNbfsas-JEOcw&lptoken=162b68df234067a8588d
HTTP/1.1 404 Not Found
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=15COXna9uSJ0g8J%2Ff38VU82tsgcOwX4y8KRxo%2BcZIK1XXbe1KmW1FkuPyPzuTrrPCd6gNu9QBD8BKhcZ36QpBz26zQmHHFI2IfczBU2%2BkKQ5DOBZEvKBQdD6Ov8cLw4C"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768d4094e8250b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4b46bbcd35c85c4678b0e3e409bba3bc
bb0705335e28414345ad5fcdd61104cf2fbbbbc4
6c3df7e6d0a8491fe24c03df2ccba059ba2f84155a680a4a22f217d3870cff95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 06:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Pacifico&display=swap
142.250.74.10200 OK 823 B URL HTTP/2 fonts.googleapis.com/css?family=Pacifico&display=swap
IP 142.250.74.10:0
Hash 79cd620fd13c354f894581cfc96659a9
fecbf694d49dd60ca03008a88dc857f3e78fc584
8b59af4072a2c1044b98a8e8e01d3ca7164d560ceaf0529eaa07844b66f3f003
GET /css?family=Pacifico&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://luckyme.homes/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 12 Nov 2022 06:36:15 GMT
date: Sat, 12 Nov 2022 06:36:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
oogneenu.net/pfe/current/tag.min.js?z=3654242&ymid=w7d6taadug2jamdki6mifjco
139.45.197.251200 OK 6.0 kB URL HTTP/1.1 oogneenu.net/pfe/current/tag.min.js?z=3654242&ymid=w7d6taadug2jamdki6mifjco
IP 139.45.197.251:0
File type C source, ASCII text, with very long lines (14782), with no line terminators
Hash 49bba4bd04be925933ca503b4396b8cd
cf235dfd0d516a85fdfc42cb84ac0fde5e945e16
679373bcf60054aa88f94169123d54077209c0d95dd78daa89fa42f88f310bb8
GET /pfe/current/tag.min.js?z=3654242&ymid=w7d6taadug2jamdki6mifjco HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://luckyme.homes/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 12 Nov 2022 06:36:15 GMT
Content-Type: application/javascript
Last-Modified: Tue, 08 Nov 2022 14:20:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"636a65b7-39be"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e3f9965225cba49c71506d7dee4c1647
d1d30248236cfe679fa182860d69634d30f5b0ca
8a2641a2fa1026f8893b4acf7f7c78c633a1408779f3063c87ad292729300d97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 06:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/pacifico/v22/FwZY7-Qmy14u9lezJ-6H6Mk.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/pacifico/v22/FwZY7-Qmy14u9lezJ-6H6Mk.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30908, version 1.0\012- data
Hash 0637d53459cdc8ee092a8f96186b4097
060034f995d649902b3207d41fde9a6060241499
50488656aeea003d0042da0979cd15675c0bc1c028a21dddfafd7656d54c709e
GET /s/pacifico/v22/FwZY7-Qmy14u9lezJ-6H6Mk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://luckyme.homes
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 18:22:18 GMT
expires: Thu, 09 Nov 2023 18:22:18 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 09 May 2022 18:34:50 GMT
content-type: font/woff2
age: 216837
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 731ac78478965b01d80f06e0116ce94f
df2bf1d39c44c0de4778291f9570c2303c036491
e7844c00ab93e40923f76515e76df18892fd7c19f5cc2e5310cd7fa119611525
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E7844C00AB93E40923F76515E76DF18892FD7C19F5CC2E5310CD7FA119611525"
Last-Modified: Fri, 11 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8770
Expires: Sat, 12 Nov 2022 09:02:25 GMT
Date: Sat, 12 Nov 2022 06:36:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 731ac78478965b01d80f06e0116ce94f
df2bf1d39c44c0de4778291f9570c2303c036491
e7844c00ab93e40923f76515e76df18892fd7c19f5cc2e5310cd7fa119611525
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E7844C00AB93E40923F76515E76DF18892FD7C19F5CC2E5310CD7FA119611525"
Last-Modified: Fri, 11 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8770
Expires: Sat, 12 Nov 2022 09:02:25 GMT
Date: Sat, 12 Nov 2022 06:36:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6165
Cache-Control: max-age=101602
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 06:36:15 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:49:37 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e3f9965225cba49c71506d7dee4c1647
d1d30248236cfe679fa182860d69634d30f5b0ca
8a2641a2fa1026f8893b4acf7f7c78c633a1408779f3063c87ad292729300d97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 06:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oogneenu.net/zone?pub=0&zone_id=3654242&is_mobile=false&domain=luckyme.homes&var=&ymid=w7d6taadug2jamdki6mifjco&var_3=
139.45.197.251200 OK 720 B URL HTTP/2 oogneenu.net/zone?pub=0&zone_id=3654242&is_mobile=false&domain=luckyme.homes&var=&ymid=w7d6taadug2jamdki6mifjco&var_3=
IP 139.45.197.251:0
File type JSON data\012- , ASCII text, with very long lines (719)
Hash 8267b0de85a6cdafeaef3ee01126ccbb
eb0b5e1e8b18ec08b7cdd58140675e866bdeada3
3d544e7cdabc88d4c86a8a0fdd750c92c0d3cf0d8f0b4903ce8b22c0e41d9f40
GET /zone?pub=0&zone_id=3654242&is_mobile=false&domain=luckyme.homes&var=&ymid=w7d6taadug2jamdki6mifjco&var_3= HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://luckyme.homes/
Origin: http://luckyme.homes
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:15 GMT
content-type: application/json; charset=utf-8
content-length: 720
x-trace-id: 7336044d26c030d1704dbff82dcbc4f4
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
oogneenu.net/custom
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://luckyme.homes/
Origin: http://luckyme.homes
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
luckyme.homes/propush.js
104.21.86.39200 OK 255 B IP 104.21.86.39:0
Hash a1647f188f9df09195a759f83846f6c6
3dbd4eb6f9833be13adf7a49581f4c86cccb103e
3353ee9c39276ffc3ee7023b256689255d5280438a85db82c48e89254be70abf
Analyzer Verdict Alert fortinet Phishing
GET /propush.js HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://luckyme.homes/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 06:36:15 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 00:32:09 GMT
etag: W/"63212109-1f7"
expires: Sat, 12 Nov 2022 12:42:26 GMT
cache-control: max-age=43200
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtB3rjA4Wq8q%2FhFNb1OTDWydRSnMMNqc8x9rz3dNVcRNW4JaWBWD4AkUF%2FIu83GS8CgpoHXS8NFk66IV70OlrH%2Fqdeus80q8uKoorH%2BstSsSHT6xoOfM7%2BzmI23tvQfp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 768d4093b941b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oogneenu.net/custom
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://luckyme.homes/
Origin: http://luckyme.homes
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
oogneenu.net/custom
139.45.197.251200 OK 0 B IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://luckyme.homes/
Origin: http://luckyme.homes
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
oogneenu.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://luckyme.homes/
Content-Type: application/json
Origin: http://luckyme.homes
Content-Length: 884
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4e4136e78a4e5a0e0450380f017aaf87
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
oogneenu.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://luckyme.homes/
Content-Type: application/json
Origin: http://luckyme.homes
Content-Length: 1138
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d076f9ab65eb626e6e374f065e4b9f39
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
oogneenu.net/custom
139.45.197.251200 OK 39 B IP 139.45.197.251:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://luckyme.homes/
Content-Type: application/json
Origin: http://luckyme.homes
Content-Length: 893
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0507745105039ce744bf09c3c299eced
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4862
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 06:36:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4862
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 06:36:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4862
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 06:36:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4862
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 06:36:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4862
Expires: Sat, 12 Nov 2022 07:57:19 GMT
Date: Sat, 12 Nov 2022 06:36:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facfcee70-832e-4f2d-8fc7-55d2bfff651e.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facfcee70-832e-4f2d-8fc7-55d2bfff651e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eac2ed4bece6282c8273a58a88371e2e
2d90ff66079e8ffbaaa367a6bfc08927e7cc424d
aea97fd7d90302edcb3e0c08507d682e02166e8ddd4d082fc4f5435af438594c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facfcee70-832e-4f2d-8fc7-55d2bfff651e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8633
x-amzn-requestid: 8bdfbfbb-5193-4c62-ba1b-c906f7548676
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhSEC1oAMF8tw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-39b4c2954dbc8e4c40a2c9d8;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lxrfhO5oOGvECIrlZYKsfXOTZZksAIIHAafyRM-FdRXAaBVZs5cEQA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:04:43 GMT
age: 30694
etag: "2d90ff66079e8ffbaaa367a6bfc08927e7cc424d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b650f84-0cd0-4921-bc04-f0ea0459e4d1.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b650f84-0cd0-4921-bc04-f0ea0459e4d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 084ca839d34b15916cd2f5034440a1ef
7764777ce9a862c1590712ef33032df72edefffd
b8893d7f327f88316cb909ded7fd8f4e1809190a7da807677785bf953f6e33fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b650f84-0cd0-4921-bc04-f0ea0459e4d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8482
x-amzn-requestid: 79e5e211-afc8-4531-b361-6f6f3386f16e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUGJsIAMF7Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-5a0ba4a93eba91c81ba3a9bc;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uZ6Nth8jaUp7GXRXknKB8k90AgzBj4Yv3YfduSF7yajyFESb9oOh3A==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:51:45 GMT
age: 31472
etag: "7764777ce9a862c1590712ef33032df72edefffd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f5d648-d178-4f63-98ef-7a2f4504174e.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f5d648-d178-4f63-98ef-7a2f4504174e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93d01c3c2422df3f7994d3496069dc37
96a4243e7f538fdd4e0aec4f39b058a08a4898e9
1fbc7efb3dfb058984abf1fbe60021212ff1bca8e366f03b1752c615e5249e55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84f5d648-d178-4f63-98ef-7a2f4504174e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7493
x-amzn-requestid: 077e815e-bbfc-472c-9d22-a9f0e7cda511
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNDhGYvIAMFygQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec216-3a8a5a6f41b8ade53ff48dce;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:50 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OLdVee-O7P-RLfbeaNBvTK8UX-hcx51-athqqaRuIzrtlIAPxw3BPg==
via: 1.1 feda34dcbf6a00e232656b7983c2c7f0.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:00:37 GMT
age: 30940
etag: "96a4243e7f538fdd4e0aec4f39b058a08a4898e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lp5eW92D8SbFtcQLk-LRSaSKNMNFYCW7XTALdNdrJxN6ebgdH8_1Dw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:42:55 GMT
age: 32002
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6fac57d-aa5c-42c2-904b-58aa73c59975.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6fac57d-aa5c-42c2-904b-58aa73c59975.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 701700f42e1b0e528a63c3bd2a4c54e7
a3af603900538ea10e094981d298a0b37d0ab896
c84ac2d3524eb950a433aa01e1226d995d87948452e4e135a4661094923ca465
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6fac57d-aa5c-42c2-904b-58aa73c59975.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4268
x-amzn-requestid: 19d2f4e7-b6c1-4093-b54c-70a9a476ad89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhSEwYIAMFg7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-6e2f5a6147153e5c32cc4499;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RPDkAR4fjBR89lWuee42HxnCGQv_vd6tWbOavmEsGCkZeKwjW_99Dg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:44:57 GMT
age: 31880
etag: "a3af603900538ea10e094981d298a0b37d0ab896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash faa8e3cf2ab3c1d53a1735def5bb7476
ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f
e81a8fa312ec478871427f1d04ba7fe563573c683809153f75dec8df979d6efe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F073ec866-b693-4f96-82bf-76ba051797c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6577
x-amzn-requestid: b4587cfb-6041-453c-9e74-fa35ecd31448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMjIGHRoAMF26g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec147-29e7ec741b0e6f6f674aef75;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2y97S3ITb7MLXuIIAQfCCKjgvOXisdCT5mod7OD588LOhPCy_OrUXQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:02:21 GMT
age: 30836
etag: "ccc1ec5ebb5090c6255dcb1e8899e95cdd91e12f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
luckyme.homes/of2_az.js
104.21.86.39200 OK 0 B IP 104.21.86.39:0
Analyzer Verdict Alert fortinet Phishing
GET /of2_az.js HTTP/1.1
Host: luckyme.homes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://luckyme.homes/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 06:36:15 GMT
content-type: application/javascript
last-modified: Mon, 31 Oct 2022 23:17:05 GMT
vary: Accept-Encoding
etag: W/"63605771-4ac"
expires: Sat, 12 Nov 2022 11:24:56 GMT
cache-control: max-age=43200
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1HG0trRtb6oNbos7TWJfo%2BrebxDzmKEkm6wafB%2FqCsBdS6C5TODbnXjtaJ4XsovY5hyjKbC9OLf738ptz%2B3sd0G9h7zvkkDcD88TzQ9VnJTll8xQHdv%2BIzyM%2F7nJVFO5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768d4093b942b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oogneenu.net/pfe/current/universal.min.js?v=3.1.403
139.45.197.251200 OK 0 B URL HTTP/2 oogneenu.net/pfe/current/universal.min.js?v=3.1.403
IP 139.45.197.251:0
GET /pfe/current/universal.min.js?v=3.1.403 HTTP/1.1
Host: oogneenu.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://luckyme.homes/
Origin: http://luckyme.homes
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 06:36:15 GMT
content-type: application/javascript
last-modified: Tue, 08 Nov 2022 14:20:39 GMT
etag: W/"636a65b7-180b9"
access-control-allow-origin: http://luckyme.homes
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2