raffleroyale.buzz/saudiaair/DSckRFfaHsExyK2D9BoXvz
172.67.220.49200 OK 365 B URL HTTP/1.1 raffleroyale.buzz/saudiaair/DSckRFfaHsExyK2D9BoXvz
IP 172.67.220.49:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash f0f0d4195f4cb687c5cec96d7fc70c22
5c9f1f4c75fdbb005e3d41b06d2b1bd0d1a8fb7e
117022ed04742b3533e273d30043a20319c0a4563f1e21c531a4c018f7247690
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /saudiaair/DSckRFfaHsExyK2D9BoXvz HTTP/1.1
Host: raffleroyale.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 29 Mar 2023 18:45:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZZxgMkS08MQ9EOk%2BMg7HY%2Fs5KndhmhUnZCyVSonnUUtOx4dNRhs7GRKeBU2%2FbDQg8aUvHgn%2F1eS6mpE1VptfT%2FnppK9DFg8KqTyyUw%2BBEhutjvmMSUuJ5vQh%2BRWnfk4ECeIug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7afa44e3cf291c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6725
Expires: Wed, 29 Mar 2023 20:37:23 GMT
Date: Wed, 29 Mar 2023 18:45:18 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b93010cbf31ba3ec785b4088e5d0f529
c0f1ab8a2aae3c445a8f24959a4eea433a345caf
2cc1a5865dee7636b82a68deddd3aff8b697e846e37789a694cc3c7c47340590
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC1A5865DEE7636B82A68DEDDD3AFF8B697E846E37789A694CC3C7C47340590"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15384
Expires: Wed, 29 Mar 2023 23:01:42 GMT
Date: Wed, 29 Mar 2023 18:45:18 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Retry-After, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 18:28:10 GMT
content-type: application/json
age: 1028
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2854
Expires: Wed, 29 Mar 2023 19:32:52 GMT
Date: Wed, 29 Mar 2023 18:45:18 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Ej3QFebCM3clnwhLz7SOOQKpN/36qhBnoHQams8CMcSGgWYQjGZ/JQqSYt4y97SKwGSGRWBhn+o=
x-amz-request-id: 50ZESARJMCMQ0TK1
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 18:02:36 GMT
age: 2562
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:18 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
raffleroyale.buzz/saudiaair/api/j.php
172.67.220.49200 OK 112 B URL HTTP/1.1 raffleroyale.buzz/saudiaair/api/j.php
IP 172.67.220.49:0
File type ASCII text, with no line terminators
Hash acf6c78611d967dfe1e4c70947e43df5
661ae06ff8ea55521b8f3135b2ba6106008cf769
ed1b60bbab2d430fb4c3e41a46850867b87a8abc6e6319231b81e817b092391e
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /saudiaair/api/j.php HTTP/1.1
Host: raffleroyale.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://raffleroyale.buzz/saudiaair/DSckRFfaHsExyK2D9BoXvz
HTTP/1.1 200 OK
Date: Wed, 29 Mar 2023 18:45:18 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVJH%2F1BCYspsjkIlJzjN%2BA%2BVrjbmIMMwKND0JeuF0UeQr8M0ZPUkl%2BIJ571itnzYMdKNpWDBmviURkW342dqu4aj2asAqdscwhUW1HDXVtv%2Bu9VgYt5LJDJqLMI2OsE5Rujz6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7afa44e6ac571c16-OSL
alt-svc: h2=":443"; ma=60
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.1/css/bootstrap.min.css
104.17.25.14200 OK 18 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap/4.6.1/css/bootstrap.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65326)
Hash cb456be7e553716fc4e534dd1e242b57
6f4445e0019dbefeef975c985748a5b2d70c055d
6003149a4edcca9484b20a4e5166995b5a986ca98dde735d60e22e54e2371f69
GET /ajax/libs/bootstrap/4.6.1/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:18 GMT
content-type: text/css; charset=utf-8
content-length: 17725
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "617ad19a-453d"
last-modified: Thu, 28 Oct 2021 16:36:42 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 592018
expires: Mon, 18 Mar 2024 18:45:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xak3J7rZKNLUqZQWi7gQnaqY46rHnyIixDY%2BHi8P8u31Utss1owh4GS2lLdIUNWqv5ZYQkZwNc41jB%2BOfPDhxuwMX7%2BPKEDJk1WtS%2FteV2ObpuwcOdSI%2FDZDdb1YiL%2FSQKTDdTWQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7afa44e95f391c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a740252e7b24892a3e34f6dfed6e3bde
d44d21abb95edd1ccc775632254f11ee94fb585e
e289995a2b4b340364dd7dfa32c79c7722ece6cc4b893b38fc68bbce680d2f94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E289995A2B4B340364DD7DFA32C79C7722ECE6CC4B893B38FC68BBCE680D2F94"
Last-Modified: Mon, 27 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4374
Expires: Wed, 29 Mar 2023 19:58:12 GMT
Date: Wed, 29 Mar 2023 18:45:18 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/select2/4.0.0/css/select2.min.css
104.17.25.14200 OK 1.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/select2/4.0.0/css/select2.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (14909), with no line terminators
Hash 915041662c90ebbe09bef2e44559deb1
dc9252dd0c614bbad55d08575b1c06f100c00764
fd64399b28f0628d7385c61453e2769afae3968f6182ec9517ba5b166af0b1b9
GET /ajax/libs/select2/4.0.0/css/select2.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:18 GMT
content-type: text/css; charset=utf-8
content-length: 1546
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fcb-3a3d"
last-modified: Mon, 04 May 2020 16:16:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 20560074
expires: Mon, 18 Mar 2024 18:45:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnD7NMElWXj12Wq3TXhhpQt9bOceW5PeYSrRUY9T6fQCq0oreg06BsCIHJgzPI5s18vEqFPC5Z4Hat4Fi8evaVETfYa8m7UG%2B5ylD7zKoEJp077xTjCrghBDclTrx7QBiWoavcLb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7afa44e95f491c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
104.17.25.14200 OK 17 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65317)
Hash be9aeb2a05f665e3606faf11c09b542f
5644d0bd4e12fdfb7235166d2883fc7acd0a2c5b
13ace8ab3d9e2cbaf3fe1768b9ba1fc5313a5541607b4c07121c0abbb7fadfae
GET /ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:18 GMT
content-type: text/css; charset=utf-8
content-length: 17041
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "623a082a-4291"
last-modified: Tue, 22 Mar 2022 17:32:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1103100
expires: Mon, 18 Mar 2024 18:45:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wA3DPjTFhToVMsTJUAhJKDobYSIsjfNV7ntWxL9agKzXohpd9EKap6THoIp827YWw54pGqvO26C9KFD8uQ7GBV6XvCXuAfCCsZMriCEJ5KeaIeHGG5XVeBlz1Z%2F2S0CiCHBcQ%2Fm5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7afa44e95f4f1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, ETag, Expires, Alert, Pragma, Content-Type, Retry-After, Last-Modified, Content-Length, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 18:14:36 GMT
age: 1843
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HSR3+aQ75A0oobaCk8uAbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k1G3YRAyAxTjYOigm1LBvtdtiYM=
Date: Wed, 29 Mar 2023 18:45:19 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
u.img.social/res/69198285/img/sasasa-show.jpg
172.66.40.168200 OK 28 kB URL HTTP/2 u.img.social/res/69198285/img/sasasa-show.jpg
IP 172.66.40.168:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 520x317, components 3\012- data
Hash 04cb8bdda3f45d0a877faa0b53394c17
0551375e59e6b3059f61f310c983d15076f03342
5e089b8a6d854f12fef4b9643705849ff188fd3f9d274c9e2f94131455fcb844
GET /res/69198285/img/sasasa-show.jpg HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/jpeg
content-length: 28116
age: 2336
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=58669
content-language: en
etag: "c794c54871370c9bdbb573b1bd7a921b"
expires: Wed, 29 Mar 2023 19:06:23 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdss-SxTVPwmqAUC6REMUW0HzF33rFbSmOw-VhSDzM3HlU61Bqy41GHIuoIzX272y-1mHQO7wlghd93vQtBEU9x-
x-goog-generation: 1680079301516874
x-goog-hash: crc32c=dloxrw==, md5=x5TFSHE3DJvbtXOxvXqSGw==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 58669
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6KfqRA4zHSCpFtFHzzNSDjIRyXa1OB3RTcQGItGhscgrij3nTdkzqB%2F1hC%2BRyFxxBeRD0tUgOASpO4FmnV%2F5uK3Fl2aSEY515O%2BBx7w2EG0vfriSz%2B6%2BjMnkFfycA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ebfb2cb51d-OSL
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/shaeyou.jpg
172.66.40.168200 OK 1.7 kB URL HTTP/2 u.img.social/res/69198285/img/shaeyou.jpg
IP 172.66.40.168:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 84x80, components 3\012- data
Hash 925a9a4619601078323cee7af41c973f
f46324cb4f5ddb9075da22659eb104670eb265b4
b99c63996fd18f26374c5c3889c31188cc8804dc20e0ed2411e17f800a1e9f28
GET /res/69198285/img/shaeyou.jpg HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/jpeg
content-length: 1699
age: 2336
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=6110
content-language: en
etag: "77837671a6b934d6d42112bf41a6fa39"
expires: Wed, 29 Mar 2023 19:06:23 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdsBXJkcFyezkm8neQiQEjHKdR3fyKLVb6HcTXceQKa7zCMOTV2NBXZUry5aQoRpwBCZiJ_ETzXzqkKdERtzDBMW
x-goog-generation: 1680079301136631
x-goog-hash: crc32c=EhCxeA==, md5=d4N2caa5NNbUIRK/Qab6OQ==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6110
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TlkZdvqeqC7HD9LhEkWRRT2fKp1AYki%2BqebWJ4JG5YL80qnTR8lsexSZCKywdGPzySlb2zr9vj9E%2BNVVMz1pXaT60n5R2AVcObQxE6w5O0pMtodVwk5X5yG%2BVdoeag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ebfb2fb51d-OSL
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/shahuzuo.jpg
172.66.40.168200 OK 1.4 kB URL HTTP/2 u.img.social/res/69198285/img/shahuzuo.jpg
IP 172.66.40.168:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 92x80, components 3\012- data
Hash e74e3c25c594ad9ec335a46b137671d6
e2715f2b67895f0a744e5fb3f21c75ec79d84224
9d8257551d868dc4ea774cbd26a6183ab9dd0a885bbca8770786b117fe459d7a
GET /res/69198285/img/shahuzuo.jpg HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/jpeg
content-length: 1379
age: 2336
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=4487
content-language: en
etag: "f57f08a3cdc1f79d13e38f3c6dfc4961"
expires: Wed, 29 Mar 2023 19:06:23 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdsFRTcyEUuAxVbOSJrX62d6gi3WvU2_v5Dpxyf_nG_l8d26gDujDEg8AuQi9qaZ2UQbSMDzbMqbDk1U48dECD2i
x-goog-generation: 1680079301433914
x-goog-hash: crc32c=doSqjw==, md5=9X8Io83B950T4488bfxJYQ==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4487
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FnnPPQLSbQplGWnVP0d%2FzRwaWTBk74NnjsZFMYYcTEg49ufRamQr8ypX36ESWoxBxQDeF7Kv1JhEIOVYruPgYqLO%2FRFEeY1Nm231jodnyZEDC41sFPGO7HVNLrbmaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ebfb2ab51d-OSL
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/shatzho.jpg
172.66.40.168200 OK 7.3 kB URL HTTP/2 u.img.social/res/69198285/img/shatzho.jpg
IP 172.66.40.168:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 314x80, components 3\012- data
Hash b84853a97c9db2c662878222f9909750
ad8c5fa8dda006ccee7addd714f18298e39839f8
1a67571be03cd5dd29f4bf7c2a52cc48e2075f7cb13ef6e45e066de7d203c8bc
GET /res/69198285/img/shatzho.jpg HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/jpeg
content-length: 7263
age: 2307
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=26783
content-language: en
etag: "63785d5375deb9b42c9e6a315aecb1a0"
expires: Wed, 29 Mar 2023 19:06:52 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdve25y_qtH8c0ZJ70cVHpz3egOY6c99XRBLZlFY8nDFB38NFUKBb7sbJ6a16SspCG63pMKBbqrCnSBWa-q1h16S
x-goog-generation: 1680079301551467
x-goog-hash: crc32c=VFkLMg==, md5=Y3hdU3XeubQsnmoxWuyxoA==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 26783
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zoyc%2FPnwE6Gyj0olLuyS6ywBjLk4LZ0C8%2BS2lyYeDGI0vzC8vYbRyrVcOVj55BfWyxlZWIXNr8Nv%2F7ZVcTAuhAh7umAJdGCOb4IUFL0duzB6mx6QJ3j%2Fau%2FUQLyT5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ecaca2b51d-OSL
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/sasasa-box1.png
172.66.40.168200 OK 18 kB URL HTTP/2 u.img.social/res/69198285/img/sasasa-box1.png
IP 172.66.40.168:0
File type PNG image data, 300 x 214, 8-bit/color RGBA, non-interlaced\012- data
Hash d2b936d01e288232bc40e982eef87297
235db1b63ffa9791a2d42edbb26974cda900d82f
1f1f7a8c96b79b75da70edce7bcbb5655e14eb357d54cf8bd558422a0d21efd6
GET /res/69198285/img/sasasa-box1.png HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/png
content-length: 18288
age: 2306
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: origSize=22887
content-language: en
etag: "f17ec9aa4ccfe64380a5d39a49ffff4b"
expires: Wed, 29 Mar 2023 19:06:53 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdsNuIZci07gvlJDKE1kr7CoeKmNsBOao9WZs_-ox3NHK4x6tQbJq9UwzctCarpFhUy5KiNcCX7ehelljdnKmXdntA
x-goog-generation: 1680079301317843
x-goog-hash: crc32c=3mfomg==, md5=8X7JqkzP5kOApdOaSf//Sw==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 22887
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CUj1i7qOoh0vtFvgd4bGjvugU2SfAESdSFUjdTqwpL9Q6dAcGlfQ%2Bf3ExBb4imYbXy%2BQ%2F8lGXDqOYt4hoMi42bY6SiOL42SyAeQw6qmLHyHh6iw5sPFBx5kAuQqcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ecbcabb51d-OSL
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/shaskoodllss.jpg
172.66.40.168200 OK 6.3 kB URL HTTP/2 u.img.social/res/69198285/img/shaskoodllss.jpg
IP 172.66.40.168:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3\012- data
Hash e6a636927fff7373b46842c3686ddd21
cd32ef0f8e5cd8d4d07716021672b138f3a5d831
33e142e39964d9ad33b55d9af6ef8c8ea15deb96b350c083fd0fbd0e6c3832d5
GET /res/69198285/img/shaskoodllss.jpg HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/jpeg
content-length: 6310
age: 2306
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: degrade=85, origSize=14488
content-language: en
etag: "f99c07f1ad5c13db780b3a6b7e542984"
expires: Wed, 29 Mar 2023 19:06:53 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdvZnoFX06J-HGF1CUDfBYazxT06S2yzLqgG4KGDMXWXvjLx823kokKabR58LQHuHr2hThm-S5Weo755c4-IiULFrw
x-goog-generation: 1680079301704200
x-goog-hash: crc32c=La6vmQ==, md5=+ZwH8a1cE9t4CzprflQphA==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14488
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2BQ1AlhvgwgmOO1WK3bZ8WOXTKV4EWDJasEK5ie6YpfdrKhO8WVVmhAPZdXO%2F0q%2FACm7EO683FhHhSrlMT10IqoUpNILsG5UxSAlWlHvWNLCloTz0qVxvHzzVax2%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ecbcb0b51d-OSL
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/sasasa-box2.png
172.66.40.168200 OK 5.3 kB URL HTTP/2 u.img.social/res/69198285/img/sasasa-box2.png
IP 172.66.40.168:0
File type PNG image data, 300 x 214, 8-bit/color RGBA, non-interlaced\012- data
Hash 536521f31db7ebd20b9660d71803baac
e7f4246766e7779c58b96fa1eefb7bde015de4c6
77884dc78146db58e2d8865e78ba834361e0c81a411507cf60377eb020b0cedb
GET /res/69198285/img/sasasa-box2.png HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/png
content-length: 5304
age: 2306
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: origSize=7399
content-language: en
etag: "815e174adf695f68ae4be19eb791fca4"
expires: Wed, 29 Mar 2023 19:06:52 GMT
last-modified: Wed, 29 Mar 2023 08:41:40 GMT
x-guploader-uploadid: ADPycdsHvRhRaCb1AToY-QBgiWyp3KHUl3xipWaM_kTeOKeH6nqR22F7p5ArZHQbhzlEPqbfr8LjDeP9qh07vCibOD-xPg
x-goog-generation: 1680079300845667
x-goog-hash: crc32c=pL1IdQ==, md5=gV4XSt9pX2iuS+Get5H8pA==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7399
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m58HxXoFP4X7DmAHWj5pY76gEhu8dptsXM6u5I8mM%2BUD1bvilSo5O1dlVheyLb8UlNswfDAWF8kaU9FgZV%2FN5Ypif2NgwJfdOKfPnR0U4pMEKsPXTHrQQXb6DnZZgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ecbcacb51d-OSL
X-Firefox-Spdy: h2
luckyway.buzz/l2vLtnyU28VAAauncaHh/cl5uY2ZaYGZrMDMxLy4qNDIqNw==
104.21.76.102200 OK 26 kB URL HTTP/2 luckyway.buzz/l2vLtnyU28VAAauncaHh/cl5uY2ZaYGZrMDMxLy4qNDIqNw==
IP 104.21.76.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash ca1080aceb7bee8903ceff825321102e
34cf32bc7017d815dc7d3dfdb8fba46ef98ba170
9e6d97b53b4291e3fc8b3881c46f1c9dd46785dd232378c89a0bd48043861bd3
Analyzer Verdict Alert fortinet Malware
GET /l2vLtnyU28VAAauncaHh/cl5uY2ZaYGZrMDMxLy4qNDIqNw== HTTP/1.1
Host: luckyway.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://raffleroyale.buzz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://u.img.social/res/base64.min.js>; rel=preload; as=script
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FGIDNA%2B3RB5hCSk4MD%2Ft2SAMUvydS1s%2Fn7IebCdLQD6zO2ynjIHbzC66FPqxQIoK0rZ5H1Q1h5Bg7V77FiwV2O%2BScTljG2oHqRA6KDyYHUNmSyQYvrsk6%2BeNqm28UIVq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7afa44e7e915b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
u.img.social/res/69198285/css/style.css
172.66.40.168200 OK 12 kB URL HTTP/2 u.img.social/res/69198285/css/style.css
IP 172.66.40.168:0
File type ASCII text, with CRLF line terminators
Hash c54f76c8baf68b84577141f97a5540c9
63160b3e8c73a5ee7ef20bbe1881ef8d6afca434
e0ab68ba5d92611e151d1f21029b5861613455766a1b6b4cc7de3bfff6882cd7
GET /res/69198285/css/style.css HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: text/css
x-guploader-uploadid: ADPycdvFegpuiZClJ25g4sa5Yu0EZnDBmYnPG9n0GOS3nAMbqFqSXjQlRdoPBJlvt4mvh3qU9ubCrnPbK-SxQ0y4zqRMxg
x-goog-generation: 1680079300155037
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 36809
x-goog-meta-goog-reserved-file-mtime: 1679671350
content-language: en
x-goog-hash: crc32c=vzoTxQ==, md5=BwPnMCiIXoEg+XAgm3kz/g==
x-goog-storage-class: STANDARD
expires: Wed, 29 Mar 2023 19:06:23 GMT
cache-control: public, max-age=14400
last-modified: Wed, 29 Mar 2023 08:41:40 GMT
etag: W/"0703e73028885e8120f970209b7933fe"
age: 2336
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7IbW6h5htIMPoWSCyLgLYU%2F6VsUwOlJdPByea2GRCJJY2wzAj0DuUymufvFm9cNeQgl9fOhrgXWBbGyv9ZcgIgDxu7BCdfI9kbpSqsJjtRWA2V%2FMz7eZ6qVxno054A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ebeb1eb51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/yhph13.jpg
172.66.40.168200 OK 7.2 kB URL HTTP/2 u.img.social/res/69198285/img/yhph13.jpg
IP 172.66.40.168:0
File type JPEG image data, progressive, precision 8, 290x300, components 3\012- data
Hash 9e8f22dc5ebf6365b5a78bf106e7d2e4
dfc16779198238d948891d05adbab7382442cb09
482d0073ca5949ffb10c5566cd9fcdf2578b7f21fb129b666facde27a384715a
GET /res/69198285/img/yhph13.jpg HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/jpeg
content-length: 7227
age: 2306
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: origSize=8087
content-language: en
etag: "d5429c1a55540902cf9b395fea83744a"
expires: Wed, 29 Mar 2023 19:06:53 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdtKRpof8eIlAIAi-55GHEnbhaW-XG9wLCnZjt7SMrV1RXb7bxmMKOZnXtEHL8iA2uOliN7t4G5F2i5nRsxHoTgQ
x-goog-generation: 1680079301263446
x-goog-hash: crc32c=pzWGEg==, md5=1UKcGlVUCQLPmzlf6oN0Sg==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8087
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9pYzyzpRYgvFxzQrzmQXVvz1ldlYAPC145yuRhuM%2FPVgkPh0sFZP%2BGp%2FHFASJtnnqtf0BB2c1eX%2FMTUP53Od2AtnSK%2FxBpT6%2Fk2lzWXLZkAqzngQJjQj3Sga7G36Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ecbcb8b51d-OSL
X-Firefox-Spdy: h2
u.img.social/res/69198285/img/yhph14.jpg
172.66.40.168200 OK 18 kB URL HTTP/2 u.img.social/res/69198285/img/yhph14.jpg
IP 172.66.40.168:0
File type JPEG image data, progressive, precision 8, 290x300, components 3\012- data
Hash 2ad63c0208866683c41ee3a9c1dcd86c
5eff842a2aad96aea723c47e3a3f37355ba971ba
ef640114d05630291552c78667eeb6c8042fd1da9a20985e3689248dd9f92a9e
GET /res/69198285/img/yhph14.jpg HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: image/jpeg
content-length: 17756
cache-control: public, max-age=14400
cf-bgj: imgq:85,h2pri
cf-polished: origSize=18970
content-language: en
etag: "9adb072daed6dc2befe18dfbda00e23f"
expires: Wed, 29 Mar 2023 19:04:22 GMT
last-modified: Wed, 29 Mar 2023 08:41:41 GMT
x-guploader-uploadid: ADPycdsbmw82pHVa1Yxez7I6gNP-aiAOOyFOFVmLSJZdDo-f2NiDwx1llbNZo9xaiCJVlC_Tf1zGFoeFYd4yaWJpJ3cBVw
x-goog-generation: 1680079301607695
x-goog-hash: crc32c=5jI9IA==, md5=mtsHLa7W3Cvv4Y372gDiPw==
x-goog-meta-goog-reserved-file-mtime: 1679671350
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 18970
cf-cache-status: HIT
age: 2306
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UtYvsnguvR8TNV%2F6l9lYrwi7nEjvh0HyHw3x%2FWOHIrKdqwfPAC1bWJkAv%2FDfgzyKGWyIy8TrIEOAT%2FC%2Fieef79NPpCTeSRTLtoREvQ08zycvv6Xpv6%2B%2B4eEAySxWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ecbcbdb51d-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7d20c01f09752b8c6ad0639f6bcc5c80
1f4e147e46fd72222f575f95415395cf23ce14f9
74435f7909164b540a16f904620d8890f96f3246288f07a68f084055a03b1c42
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "74435F7909164B540A16F904620D8890F96F3246288F07A68F084055A03B1C42"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5992
Expires: Wed, 29 Mar 2023 20:25:11 GMT
Date: Wed, 29 Mar 2023 18:45:19 GMT
Connection: keep-alive
qoaaa.com/7987c9ea3c6d567301b1/ca312ef06e/?placementName=default
185.66.201.42200 OK 15 kB URL HTTP/2 qoaaa.com/7987c9ea3c6d567301b1/ca312ef06e/?placementName=default
IP 185.66.201.42:0
ASN #201702 skHosting.eu s.r.o.
File type ASCII text, with very long lines (60664), with no line terminators
Hash a8e414cc09b664d40881b954c7c78529
147ae9591abddc2e052d4fc43eafd4369fa427f6
bab518842b75bef937b301ba233a9068e53a687e80b57fa7696dd2cff321ecab
GET /7987c9ea3c6d567301b1/ca312ef06e/?placementName=default HTTP/1.1
Host: qoaaa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: text/html; charset=utf-8
set-cookie: shown1=0; expires=Thu, 30-Mar-2023 18:45:19 GMT; Max-Age=86400; secure; SameSite=None
used_ad2889431=1; expires=Thu, 30-Mar-2023 03:59:59 GMT; Max-Age=33280; path=/; secure; SameSite=None
total_impressions=1; expires=Thu, 30-Mar-2023 03:59:59 GMT; Max-Age=33280; secure; SameSite=None
push_injection_86=1; expires=Thu, 30-Mar-2023 18:45:19 GMT; Max-Age=86400; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 10 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash 6cf2e6388283675657dda0669587dc19
23d39f1d67541231625504d23889fe23a309dd96
3fc4ba8c3fb34c871350bb208304cebef01da9768fd067a4a81bdecd7563a269
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B23D128EAB9EFBE00C7EB1796F709B9302119D23C1B6473B60D5A3567A79D81C"
Last-Modified: Tue, 28 Mar 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 30 Mar 2023 00:45:20 GMT
Date: Wed, 29 Mar 2023 18:45:20 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14313
Expires: Wed, 29 Mar 2023 22:43:53 GMT
Date: Wed, 29 Mar 2023 18:45:20 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14313
Expires: Wed, 29 Mar 2023 22:43:53 GMT
Date: Wed, 29 Mar 2023 18:45:20 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14313
Expires: Wed, 29 Mar 2023 22:43:53 GMT
Date: Wed, 29 Mar 2023 18:45:20 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14313
Expires: Wed, 29 Mar 2023 22:43:53 GMT
Date: Wed, 29 Mar 2023 18:45:20 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14313
Expires: Wed, 29 Mar 2023 22:43:53 GMT
Date: Wed, 29 Mar 2023 18:45:20 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fd1bc71c7e9eed7c086d752ea8b4b992
02a74cf88501d65b3dfcceb5adc79fd93ce785ed
a9a423d347533322d4d3ba90ee5fca5ca32f8d540f744ea2621deeda46df89f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7605
x-amzn-requestid: b7628073-4eb3-4ef6-b7d0-0224e0a75601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GFPoAMFebQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-445041c74356c54053f772a1;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: npXnMYBUM1bcf7FQIJEHng73EkILWwM0Jvey0QDUvmln0kAJUG_Rpw==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:57 GMT
age: 75683
etag: "02a74cf88501d65b3dfcceb5adc79fd93ce785ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXiCIy2ZqOyLvougeQikdsmaIJ9BfMPpOO4oU-3nEGY33FQGCm0ZoQ==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:44:35 GMT
age: 75645
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e828b7227de7aa7a7b7c54c96e0cef9a
9a717142ab25dabf9123485ef51ed586662d2a71
0390f8771432de010cc11e11be2e2dfa7c303664858a5b066e66a628a1f3dd66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 05cb5115-a27b-485a-89fd-670bdb5bb06f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbofHHPIAMFkQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-774bb5d725336b35088e2527;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: NcKs_URb5dFDbkEoCqy2_fjKWneX7mifmEbd5MA5unqkhiPAIH9GPg==
via: 1.1 22ea0ab0881473261b786ecbb5e00f54.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:50:14 GMT
age: 75306
etag: "9a717142ab25dabf9123485ef51ed586662d2a71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LAAUFZcFBIpdMUkaDQXGW1sdwLK9c_uhQQHLiJHGF7dEvfJ0KX7MaA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:37:00 GMT
age: 76100
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8afbc872d18847aaed67054dbfc2d31b
6eb894c4aa4fa53d9a3d4b948b5e65b7e9a76d5b
65c2b5fe2a3df654cfed7e7721b2d8f08665a72bb358b4d6e30e7cba853336e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5414
x-amzn-requestid: b6795b2f-1460-4516-bac0-9148e9868fa1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguaYF5jIAMFmiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ddb-42762e4f0aa5e6050f82d138;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:27 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 2uZtp6TgGSem59CZMyKKtawyKTmNiLyj5wu7RXTGq04n2tN_gefzsw==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:08 GMT
age: 75732
etag: "6eb894c4aa4fa53d9a3d4b948b5e65b7e9a76d5b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67889522-c6ea-4b17-93f3-ac6e2b4777c1.webp
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67889522-c6ea-4b17-93f3-ac6e2b4777c1.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0a85ec27ed4f7910e26b4ff023ab1fb
f35a6c0c18a7c25a5f644ed9bebef0d38f8c6ac0
fc31409ba6db565d4861a35ee6f74b7436eea5e5169bc1283f63cf6dfdb03764
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67889522-c6ea-4b17-93f3-ac6e2b4777c1.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: a6de82bd-5b03-4ffd-90dd-9bd03331d123
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GG2IAMFuzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-7cb1c8187fe3d2b0283fb3a0;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: lZBspmi0Dku2a7jY39WyiBC3wu5F4eAvbTwHF6_8pgHfw21XSW_NbA==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:58 GMT
age: 75682
etag: "f35a6c0c18a7c25a5f644ed9bebef0d38f8c6ac0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.puuush.me/js/pub.min.js
173.236.118.99200 OK 1.5 kB URL HTTP/2 cdn.puuush.me/js/pub.min.js
IP 173.236.118.99:0
File type ASCII text, with very long lines (2752)
Hash 31c303586c1b78e33984bd252b8e2644
8083e2aad4cbf8242a4e6fb53657d49552b85f82
d2c713c2734353dc0ef2896d057021e9b04f35bb7c851d920d390941769c66be
GET /js/pub.min.js HTTP/1.1
Host: cdn.puuush.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ocaba.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:21 GMT
content-type: application/javascript
content-length: 1482
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
vary: Accept-Encoding
etag: "631b2780-5ca"
content-encoding: gzip
expires: Thu, 30 Mar 2023 18:45:21 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
X-Firefox-Spdy: h2
cdn.puuush.me/sw.js
173.236.118.99200 OK 776 B IP 173.236.118.99:0
Hash 8fda40f0617ca3c4c8e9924a7b277892
fd9b7789a190b1106c00e8b076af8a47e57176f4
02caa9c572762102d15a9557cdfd626c3ba3717969e610d38bcbd4f653a327f2
GET /sw.js HTTP/1.1
Host: cdn.puuush.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ocaba.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:21 GMT
content-type: application/javascript
content-length: 776
last-modified: Tue, 28 Mar 2023 10:14:58 GMT
vary: Accept-Encoding
etag: "6422be22-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
a.trafficwithroi.com/click?pid=2084&offer_id=5813&sub1=30affC1680115519aff1239ec5f30098a956a43&sub2=29285321
172.67.148.80302 Found 0 B URL HTTP/1.1 a.trafficwithroi.com/click?pid=2084&offer_id=5813&sub1=30affC1680115519aff1239ec5f30098a956a43&sub2=29285321
IP 172.67.148.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=2084&offer_id=5813&sub1=30affC1680115519aff1239ec5f30098a956a43&sub2=29285321 HTTP/1.1
Host: a.trafficwithroi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 29 Mar 2023 18:45:21 GMT
Content-Length: 0
Connection: keep-alive
X-Adjust-Use-Original-Forwarded-For: 1
Location: https://prs.pinkyads.quest/5c0876c3-e241-4dd2-b3d2-95abb6abc477?var1=2084&clickid=642487418002f10001dcd6aa
Set-Cookie: afclick=642487418002f10001dcd6aa; expires=Thu, 28 Mar 2024 18:45:21 GMT; secure; SameSite=None
afoffers={"5813":1680115521}; expires=Thu, 28 Mar 2024 18:45:21 GMT; secure; SameSite=None
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rr6WCVr3Q74UBVbC9P9d1yKgsg6Zdf6MIX9afAbaON%2FAuwCXdwaBzwtFY7%2F%2BhRZeS4KtQWYUCca%2FbhWQakx8zyKIzzvpBUyb66P7HId09yFU3rFbECpETw%2BGhmCqLSaxizG5stAkTA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7afa44fa7fb30b4d-OSL
alt-svc: h2=":443"; ma=60
prs.pinkyads.quest/5c0876c3-e241-4dd2-b3d2-95abb6abc477?var1=2084&clickid=642487418002f10001dcd6aa
18.158.88.249302 Found 0 B URL HTTP/2 prs.pinkyads.quest/5c0876c3-e241-4dd2-b3d2-95abb6abc477?var1=2084&clickid=642487418002f10001dcd6aa
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /5c0876c3-e241-4dd2-b3d2-95abb6abc477?var1=2084&clickid=642487418002f10001dcd6aa HTTP/1.1
Host: prs.pinkyads.quest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 29 Mar 2023 18:45:21 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://mo.atosen.info/24424fa7-94ad-4965-bbcf-77da4e8ef080?var1=2084
pragma: no-cache
set-cookie: 5c0876c3-e241-4dd2-b3d2-95abb6abc477-v4=3njzgBiiicnMoghGbkSAaoDTnqDZZGWnEEEXBsfz9yk; Max-Age=86400; Expires=Thu, 30-Mar-2023 18:45:21 GMT; Domain=prs.pinkyads.quest; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=MQS8GUoRJ0G%2FwqwtzhSFm1WRCNdfCOiv6ldK26fcNfs0IWUvqipifrYkq5xADGzy0a9x1IxR%2FMjWikaqVTZE3I643JqfoqFONSo8cV%2FWGrSeIy1%2FVFNcQ3NPtovI976%2Bm1rFpKuv%2BZV8Oc2hXnLNKg%3D%3D; Max-Age=31536000; Expires=Thu, 28-Mar-2024 18:45:21 GMT; Domain=prs.pinkyads.quest; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
mo.atosen.info/24424fa7-94ad-4965-bbcf-77da4e8ef080?var1=2084
18.158.88.249302 Found 0 B URL HTTP/2 mo.atosen.info/24424fa7-94ad-4965-bbcf-77da4e8ef080?var1=2084
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /24424fa7-94ad-4965-bbcf-77da4e8ef080?var1=2084 HTTP/1.1
Host: mo.atosen.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 29 Mar 2023 18:45:22 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://softronline.click/offer?payload=eyJhY2Nlc3NfaWQiOjY0MTgsInByZWxhbmRpbmdfaWQiOjIwfQ==&click_id=wooaijskjhh17qkn2ni13qpu&subid=2084
pragma: no-cache
set-cookie: 24424fa7-94ad-4965-bbcf-77da4e8ef080-v4=uIuaGi9V1vyHYdTruuVmZ6u6S19pZMV2WDHiNxVV2xM; Max-Age=86400; Expires=Thu, 30-Mar-2023 18:45:22 GMT; Domain=mo.atosen.info; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=Im3qeAwS2srRGuLJQUr9DlRGlxxr0nemZnnRXtZcpOJcBa0rh5wD2Oji4cn1H%2FJyeQDnPe4PyQ3csBVXY1jgmu3v4qm%2BNVS4S71qsbI1RAZ8e9cDPof98SKDanWKdJ4fdusiw8uYmzttbi6hHNMp3w%3D%3D; Max-Age=31536000; Expires=Thu, 28-Mar-2024 18:45:22 GMT; Domain=mo.atosen.info; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b07c4d0f865cc97e95f5fa9c25e3c59b
53087457d159ac3f627b97b83a1dcdf96faac668
62d5c65cc7ba0e6ab0fe16920ab54ff69c2d687394f2395abd813b79df70f976
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62D5C65CC7BA0E6AB0FE16920AB54FF69C2D687394F2395ABD813B79DF70F976"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2703
Expires: Wed, 29 Mar 2023 19:30:25 GMT
Date: Wed, 29 Mar 2023 18:45:22 GMT
Connection: keep-alive
softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/age_verification.css
109.206.162.133200 OK 1.4 kB URL HTTP/2 softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/age_verification.css
IP 109.206.162.133:0
Hash 4e09a094762b686179e60e0127fa62f6
ac9193357e38b9e9dc5f8420480f56de2d62467d
e253df45cdc00575359e3c20ba01780ffd68e93a8ff1066837b3f28150e73035
GET /prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/age_verification.css HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
date: Wed, 29 Mar 2023 18:45:22 GMT
etag: "63beb6ba-595"
last-modified: Wed, 11 Jan 2023 13:16:42 GMT
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 1429
X-Firefox-Spdy: h2
softronline.click/prelanding?id=5d0d2e41-e32d-4c47-ac97-1b6103c51f52&click_url=aHR0cHM6Ly91cmwudG90YWxhZGJsb2NrLmNvbS82Mjg3YjhjZjIwZjZmL2Rvd25sb2FkLzQ2NTkvNWJlNDgzZDQtMDk3Mi00ZGUyLWEyMTQtYzY2YzZjYTkzYzJi
109.206.162.133200 OK 14 kB URL HTTP/2 softronline.click/prelanding?id=5d0d2e41-e32d-4c47-ac97-1b6103c51f52&click_url=aHR0cHM6Ly91cmwudG90YWxhZGJsb2NrLmNvbS82Mjg3YjhjZjIwZjZmL2Rvd25sb2FkLzQ2NTkvNWJlNDgzZDQtMDk3Mi00ZGUyLWEyMTQtYzY2YzZjYTkzYzJi
IP 109.206.162.133:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash a64a9ec547d09eaf42b34e6cbffb0b92
85b7847b5c615f5d26dbbeeaa955c49ef5d6d1f5
dddab1a80aff763a4203d52d69c88d3a8c8480d8ed5f930009b89310c5dd2ec1
GET /prelanding?id=5d0d2e41-e32d-4c47-ac97-1b6103c51f52&click_url=aHR0cHM6Ly91cmwudG90YWxhZGJsb2NrLmNvbS82Mjg3YjhjZjIwZjZmL2Rvd25sb2FkLzQ2NTkvNWJlNDgzZDQtMDk3Mi00ZGUyLWEyMTQtYzY2YzZjYTkzYzJi HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Wed, 29 Mar 2023 18:45:22 GMT
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
my-pu.sh/9668f6a5b437ef48b15e/af7248ffce/?placementName=default&user_param=274662&user_check=1128105005
185.66.201.58200 OK 856 B URL HTTP/2 my-pu.sh/9668f6a5b437ef48b15e/af7248ffce/?placementName=default&user_param=274662&user_check=1128105005
IP 185.66.201.58:0
ASN #201702 skHosting.eu s.r.o.
Hash 06dce0f687e43d6e282198601b3443af
c2910da218f6281659c044cdb7ce4fb36cf1fc40
4d2454cb02c062a65d88dac95bf779d0612abfd69be0e41f613fcac01dc1fcdc
GET /9668f6a5b437ef48b15e/af7248ffce/?placementName=default&user_param=274662&user_check=1128105005 HTTP/1.1
Host: my-pu.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ocaba.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:20 GMT
content-type: application/javascript;charset=utf-8
set-cookie: shown1=0; expires=Thu, 30-Mar-2023 18:45:20 GMT; Max-Age=86400; secure; SameSite=None
used_ad2694267=1; expires=Thu, 30-Mar-2023 03:59:59 GMT; Max-Age=33279; path=/; secure; SameSite=None
total_impressions=1; expires=Thu, 30-Mar-2023 03:59:59 GMT; Max-Age=33279; secure; SameSite=None
push_loaded=yes; expires=Thu, 30-Mar-2023 18:45:20 GMT; Max-Age=86400; path=/; secure; SameSite=None
expires: Sun, 01 Jan 2014 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex,nofollow
content-encoding: br
X-Firefox-Spdy: h2
softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/static/translate.js
109.206.162.133200 OK 3.5 kB URL HTTP/2 softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/static/translate.js
IP 109.206.162.133:0
Hash 00d4538acf6e8965c399c40be7a3b1d5
5fc635ecfe8a00e7e71239e26596eb3059d98a8e
8e227e744b6ec4ced67bb6d426391457609da4b54775a96ea136f5535515b6ff
GET /prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/static/translate.js HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
date: Wed, 29 Mar 2023 18:45:22 GMT
etag: "63d41dfa-dbc"
last-modified: Fri, 27 Jan 2023 18:54:50 GMT
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 3516
X-Firefox-Spdy: h2
softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/shield.png
109.206.162.133200 OK 2.8 kB URL HTTP/2 softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/shield.png
IP 109.206.162.133:0
File type PNG image data, 120 x 158, 8-bit/color RGBA, non-interlaced\012- data
Hash e2c8f35680e9d1a3c1fb76071eab5975
d92aa8114761d8ea1b8df1fe5479c8503cff7aae
fbd2fc8716419ab2a980799d2ade4797f5e0f6db9d22bfcf00ab96fa52219b06
GET /prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/shield.png HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
date: Wed, 29 Mar 2023 18:45:22 GMT
etag: "63beb6ba-af3"
last-modified: Wed, 11 Jan 2023 13:16:42 GMT
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 2803
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.6.3.slim.min.js
69.16.175.42200 OK 25 kB URL HTTP/2 code.jquery.com/jquery-3.6.3.slim.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65241)
Hash c8bbcb87f36a1bde5fd6925a4c519473
f343711cfa28a2173165f9b83c4a16f55e18339e
5cd072598ee4f8dd85ea2861e0a5fc5fd6a25e6813515df6261c84cd27bbc1e9
GET /jquery-3.6.3.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://softronline.click
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:22 GMT
content-encoding: gzip
content-length: 24764
content-type: application/javascript; charset=utf-8
last-modified: Tue, 20 Dec 2022 21:10:40 GMT
accept-ranges: bytes
server: nginx
etag: W/"63a224d0-11c72"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680115522.dop016.sk1.t,1680115522.cds237.sk1.hn,1680115522.cds254.sk1.c
X-Firefox-Spdy: h2
softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/jizfRExUiTo99u79B_mh0O6tLQ.woff2
109.206.162.133200 OK 47 kB URL HTTP/2 softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/jizfRExUiTo99u79B_mh0O6tLQ.woff2
IP 109.206.162.133:0
File type Web Open Font Format (Version 2), TrueType, length 47048, version 1.0\012- data
Hash 87a1556b696ae2cb1a726bd8c4584a2f
1be0f6f39e0cf316f9827f945eeeaef8294cc37b
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
GET /prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/jizfRExUiTo99u79B_mh0O6tLQ.woff2 HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/css2.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
date: Wed, 29 Mar 2023 18:45:22 GMT
etag: "63beb6ba-b7c8"
last-modified: Wed, 11 Jan 2023 13:16:42 GMT
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 47048
X-Firefox-Spdy: h2
softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/jizaRExUiTo99u79D0KExQ.woff2
109.206.162.133200 OK 45 kB URL HTTP/2 softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/jizaRExUiTo99u79D0KExQ.woff2
IP 109.206.162.133:0
File type Web Open Font Format (Version 2), TrueType, length 45300, version 1.0\012- data
Hash 5fe660c3a23b871807b0e1d3ee973d23
62a9dd423b30b6ee3ab3dd40d573545d579af10a
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
GET /prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/css2.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
date: Wed, 29 Mar 2023 18:45:22 GMT
etag: "63beb6ba-b0f4"
last-modified: Wed, 11 Jan 2023 13:16:42 GMT
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 45300
X-Firefox-Spdy: h2
softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/static/favicon-32x32.png.webp
109.206.162.133200 OK 752 B URL HTTP/2 softronline.click/prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/static/favicon-32x32.png.webp
IP 109.206.162.133:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9210de0312911adbb02be34f66ef9774
7368de6216f39ddfdd8f64b7e7261b0fcd75e32b
cd0dbcc662dce83822ba1976a55e8d12437cda3e365aaa4d663eafb3e3cbe891
GET /prelandings/5d0d2e41-e32d-4c47-ac97-1b6103c51f52/static/favicon-32x32.png.webp HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
date: Wed, 29 Mar 2023 18:45:22 GMT
etag: "63d2da0e-2f0"
last-modified: Thu, 26 Jan 2023 19:52:46 GMT
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 752
X-Firefox-Spdy: h2
ocaba.live/go.php?go=http%3A%2F%2Fa.trafficwithroi.com%2Fclick%3Fpid%3D2084%26offer_id%3D5813%26sub1%3D30affC1680115519aff1239ec5f30098a956a43%26sub2%3D29285321&do=ad0d18477a40084e1a7dc48df83dbbad&push=86|79274662
185.66.201.8200 OK 0 B URL HTTP/2 ocaba.live/go.php?go=http%3A%2F%2Fa.trafficwithroi.com%2Fclick%3Fpid%3D2084%26offer_id%3D5813%26sub1%3D30affC1680115519aff1239ec5f30098a956a43%26sub2%3D29285321&do=ad0d18477a40084e1a7dc48df83dbbad&push=86|79274662
IP 185.66.201.8:0
ASN #201702 skHosting.eu s.r.o.
GET /go.php?go=http%3A%2F%2Fa.trafficwithroi.com%2Fclick%3Fpid%3D2084%26offer_id%3D5813%26sub1%3D30affC1680115519aff1239ec5f30098a956a43%26sub2%3D29285321&do=ad0d18477a40084e1a7dc48df83dbbad&push=86|79274662 HTTP/1.1
Host: ocaba.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qoaaa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:20 GMT
content-type: text/html; charset=UTF-8
content-encoding: br
X-Firefox-Spdy: h2
ocaba.live/favicon.ico
185.66.201.8404 Not Found 0 B IP 185.66.201.8:0
ASN #201702 skHosting.eu s.r.o.
GET /favicon.ico HTTP/1.1
Host: ocaba.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ocaba.live/go.php?go=http%3A%2F%2Fa.trafficwithroi.com%2Fclick%3Fpid%3D2084%26offer_id%3D5813%26sub1%3D30affC1680115519aff1239ec5f30098a956a43%26sub2%3D29285321&do=ad0d18477a40084e1a7dc48df83dbbad&push=86|79274662
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 29 Mar 2023 18:45:20 GMT
content-type: text/html
etag: W/"61b0d57b-17"
content-encoding: br
X-Firefox-Spdy: h2
ocaba.live/sw.js?v=1680115545020
185.66.201.8200 OK 0 B URL HTTP/2 ocaba.live/sw.js?v=1680115545020
IP 185.66.201.8:0
ASN #201702 skHosting.eu s.r.o.
GET /sw.js?v=1680115545020 HTTP/1.1
Host: ocaba.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:21 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 09:58:09 GMT
etag: W/"637362b1-2d"
content-encoding: br
X-Firefox-Spdy: h2
ocaba.live/go.php?accepted=0&id=86
185.66.201.8200 OK 0 B URL HTTP/2 ocaba.live/go.php?accepted=0&id=86
IP 185.66.201.8:0
ASN #201702 skHosting.eu s.r.o.
GET /go.php?accepted=0&id=86 HTTP/1.1
Host: ocaba.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json; charset=UTF-8
Connection: keep-alive
Referer: https://ocaba.live/go.php?go=http%3A%2F%2Fa.trafficwithroi.com%2Fclick%3Fpid%3D2084%26offer_id%3D5813%26sub1%3D30affC1680115519aff1239ec5f30098a956a43%26sub2%3D29285321&do=ad0d18477a40084e1a7dc48df83dbbad&push=86|79274662
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 18:45:21 GMT
content-type: text/html; charset=UTF-8
content-encoding: br
X-Firefox-Spdy: h2
softronline.click/offer?payload=eyJhY2Nlc3NfaWQiOjY0MTgsInByZWxhbmRpbmdfaWQiOjIwfQ==&click_id=wooaijskjhh17qkn2ni13qpu&subid=2084
109.206.162.133302 Found 0 B URL HTTP/2 softronline.click/offer?payload=eyJhY2Nlc3NfaWQiOjY0MTgsInByZWxhbmRpbmdfaWQiOjIwfQ==&click_id=wooaijskjhh17qkn2ni13qpu&subid=2084
IP 109.206.162.133:0
GET /offer?payload=eyJhY2Nlc3NfaWQiOjY0MTgsInByZWxhbmRpbmdfaWQiOjIwfQ==&click_id=wooaijskjhh17qkn2ni13qpu&subid=2084 HTTP/1.1
Host: softronline.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
date: Wed, 29 Mar 2023 18:45:22 GMT
location: https://softronline.click/prelanding?id=5d0d2e41-e32d-4c47-ac97-1b6103c51f52&click_url=aHR0cHM6Ly91cmwudG90YWxhZGJsb2NrLmNvbS82Mjg3YjhjZjIwZjZmL2Rvd25sb2FkLzQ2NTkvNWJlNDgzZDQtMDk3Mi00ZGUyLWEyMTQtYzY2YzZjYTkzYzJi
server: nginx
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
u.img.social/res/base64.min.js
172.66.40.168200 OK 0 B URL HTTP/2 u.img.social/res/base64.min.js
IP 172.66.40.168:0
GET /res/base64.min.js HTTP/1.1
Host: u.img.social
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luckyway.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 18:45:19 GMT
content-type: application/javascript
x-guploader-uploadid: ADPycdslRCA8gJoodMSe_joFmc29v7N1yXUJdtGF-ws5-dWO64F1T2abot08oLqkbmjkswwsDbf30EjuTc8CNr8EPerP
x-goog-generation: 1680079313976580
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4770
x-goog-meta-goog-reserved-file-mtime: 1679671350
content-language: en
x-goog-hash: crc32c=1SjhAA==, md5=1GRUiJax9HF8yMeEDZKEAA==
x-goog-storage-class: STANDARD
expires: Wed, 29 Mar 2023 19:06:22 GMT
cache-control: public, max-age=14400
last-modified: Wed, 29 Mar 2023 08:41:54 GMT
etag: W/"d464548896b1f4717cc8c7840d928400"
age: 2337
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIn%2FYad0cSFUIdFRP%2BGQmB4CU%2Fa2ets9lPkuoYiilbMC5h4ECtlzGzOLBIn5HhjKS0OgXUfQbLRyxNqQsoQXVXv0cEczZnF3sLjJwVBqOSffOBhc5xS4pQNu3bxNnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7afa44ebfb30b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2