r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7610
Expires: Tue, 06 Dec 2022 06:21:20 GMT
Date: Tue, 06 Dec 2022 04:14:30 GMT
Connection: keep-alive
bugaia.net/
68.65.122.94301 Moved Permanently 707 B IP 68.65.122.94:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Tue, 06 Dec 2022 04:14:29 GMT
server: LiteSpeed
location: https://bugaia.net/
x-turbo-charged-by: LiteSpeed
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3191
Cache-Control: max-age=112200
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:30 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:24:30 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 03:20:21 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3249
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19627
Expires: Tue, 06 Dec 2022 09:41:37 GMT
Date: Tue, 06 Dec 2022 04:14:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Cko+3nCTn340udcJMGS32EtZ9ZIBppvscV6imv5qFMLwnDHElfqWd/aTS+oJRBDSjelYseznhRM=
x-amz-request-id: K07QER9EB9SBE4NT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 03:48:46 GMT
age: 1544
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 04:14:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 04:11:20 GMT
cache-control: public,max-age=3600
age: 190
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash fd03dd0bee409505cf715db73262603c
551564be8c1ea89f2f860670d3b43baae9687b11
4c886d6c325d2322f664186d19195f51ead826be0417837c1909dc6907cfad09
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 04:14:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:26:54 GMT
Expires: Sun, 11 Dec 2022 12:26:53 GMT
Etag: "551564be8c1ea89f2f860670d3b43baae9687b11"
Cache-Control: max-age=460942,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775231f149390b69-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3145
Cache-Control: max-age=107087
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:30 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:59:17 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.42.74.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.74.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: scAzNZY+PN3+HdWQSAadqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SrxDOnipGouBJWTt0lV2oVuP0hU=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b9e460c077e837add10b7e423b149f6e
cde6854da1c7108d3d6c8184f9a39d2d20ba0c78
874a4babc2bf54d880f94425142d3cce3151d964efd54c8bffec992b064c1be3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2953
Cache-Control: max-age=99358
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638d973c-117"
Expires: Wed, 07 Dec 2022 07:50:29 GMT
Last-Modified: Mon, 05 Dec 2022 07:01:16 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5817
Cache-Control: max-age=150449
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 22:02:00 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5817
Cache-Control: max-age=150449
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 22:02:00 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css
104.17.25.14200 OK 2.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (12795), with no line terminators
Hash 763b8aa8becf095178bc43d55da66e6d
c4a63a7fedd1693c5fa7dd18716ac8f8fd6570ae
1914fb16590956c63b1d05baca1201c6793b70ea52f7c256882d53dad7a199ca
GET /ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: text/css; charset=utf-8
content-length: 2695
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-31fb"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1117476
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fY99Pfij4MSQfvvFeeqbUBdImcQylZKXikfTjr8Mbp2i0SrOhmrw0Y3PE7udOqqA2PkcdOej2q2jzbnw3sHoNDAiLSWVqRnKcKe2yXxKT3eMNrGvNKgjhzsHa7BpIDbiKNY%2BCUHU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f53e14b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js
104.17.25.14200 OK 19 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js
IP 104.17.25.14:0
File type HTML document, ASCII text, with very long lines (31972)
Hash c8e69fc65287045e4f083a6bcd40b8e0
fa3a37740705510fe08c3b286ea9a81e2e4bb04d
bffefe5f48974eeda69bb6a53127b10ee8244ba7f9dd4a925f2f2c1bde189db0
GET /ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 19249
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-10a9d"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2114376
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yD4cg2jvzR34WUPH6HMje5BYu8nUgPiQdA0FemOPMTEogzUKGoAcei3KUpZ7hNmffS1wVKfujhHRdpqw70byfLmBhIPgkGDxLV8jahRK%2FysLl3tZqfOsTtz9du4VxxBh3sa3%2BS%2B6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f53e15b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5817
Cache-Control: max-age=150449
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 22:02:00 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.13.12/css/bootstrap-select.min.css
104.17.25.14200 OK 1.9 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.13.12/css/bootstrap-select.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (10879), with CRLF line terminators
Hash fa5a5f83784e8be2fc74e6a7ce9c5ec5
36c98dc25ca4c86522749860baf037a5a9407620
651daf006ddbba40e8f58095cbf404c26a3361ac20115c989448df1ef53e9b35
GET /ajax/libs/bootstrap-select/1.13.12/css/bootstrap-select.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: text/css; charset=utf-8
content-length: 1877
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-2b70"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15740077
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F3T%2F2pD8KkVwLQjxUokkodXochPaIzA%2BdVcLBHU9GQXvtiPlhRX0dqqecBnK%2BSHyVLcxEE7n6ZFTb1R%2BXFsSIKYg8pLMHolVYvSrPagfKwXqmRzpjxoLb77swpPBdI9VOh%2F7hMbY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f55e1fb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.13.12/js/bootstrap-select.min.js
104.17.25.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.13.12/js/bootstrap-select.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (51305), with CRLF line terminators
Hash ec0dada007fe525d9e7cb03a950257cc
306ed2e50d7c9104c65a22bb642421d8c1bbc988
2ceee82f2ec6e5f5bd21a443e2c9044caa5fbbef925a0938de93bf0e95022626
GET /ajax/libs/bootstrap-select/1.13.12/js/bootstrap-select.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 13484
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-c993"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15763844
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75UHmBpI5Vn%2BQN2d84kdZrwZ2Ny8RbB4SK8yZ9pUfdUq57b04xTm5CecTB0Ll8mVzYOAoZq%2BjZxhwhZbgRfYaAqXR4se%2FtfFx31j1aJ8Wakcg0ucuWFaQA%2B%2BHazGLJaes%2Bd3JvBz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f55e1bb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4934
Cache-Control: max-age=149566
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 21:47:17 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6051
Cache-Control: max-age=150683
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 22:05:54 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/parallax/3.1.0/parallax.min.js
104.17.25.14200 OK 4.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/parallax/3.1.0/parallax.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (17272)
Hash 0bb455442d6528ba3d5c5dac37f7107e
7d59cba826ed9b3bc08bcf4c86cbe75b9fc61503
3c05436d103f8b7074c0f148209867bb8848da7f0cbc74be0b900ad0e228d3f3
GET /ajax/libs/parallax/3.1.0/parallax.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 4655
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f40-43a2"
last-modified: Mon, 04 May 2020 16:13:52 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5303101
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1rjhxHol3jyzdprBDByEagtv9vRclD7nVofx%2FKbwy%2Fq6zHJF25%2FgzCjCZBwjQ7SDrdtLvF7ppZE83aRdw%2BcLQeS1zbNhP6eyBmL0sngpZ8r3gS%2FNi4rcOqrYnc3U8j3lSvI%2FMKUC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f57e38b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/sweetalert2@9
151.101.65.229200 OK 18 kB URL HTTP/2 cdn.jsdelivr.net/npm/sweetalert2@9
IP 151.101.65.229:0
File type ASCII text, with very long lines (42473)
Hash 3d2d1d8f88b04245de2e6b5bceb87a51
224c6a193b5ddf089464884243db70694476473c
c45b919f19c21090fa43adba07faf4f6cd3db02f114b98b0dc155a119d554ad4
GET /npm/sweetalert2@9 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 9.17.4
x-jsd-version-type: version
etag: W/"1080d-uB5K/9b4efMtYCfkBM9HcldmPDk"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 06 Dec 2022 04:14:31 GMT
age: 20608
x-served-by: cache-fra-eddf8230067-FRA, cache-bma1660-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17636
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css
104.17.25.14200 OK 845 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (3184)
Hash 156afaf08dd47df971d3a40926c19974
d3f886560b55ff3c39d628ef16a71ca49cb7ecfb
e4f93dd20cb7feb2c6d408b396e194928381545d24584431ab341ed094fb31fa
GET /ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: text/css; charset=utf-8
content-length: 845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf0-d17"
last-modified: Mon, 04 May 2020 16:04:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 542026
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFBRmkDxXg1oYpxtAghbSuVis3GgFyVyREd1ccYOm1NLRoIDldxkMIMSqq9499qg%2Bj%2FY4dnIKJ%2BbmS2UyPBMvp%2BteRaBhz9mkycoDtFwJ0MU3lJFAhF8YFv9Tq4la55YrVehWsMY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f57e3ab523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b9e460c077e837add10b7e423b149f6e
cde6854da1c7108d3d6c8184f9a39d2d20ba0c78
874a4babc2bf54d880f94425142d3cce3151d964efd54c8bffec992b064c1be3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2953
Cache-Control: max-age=99358
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638d973c-117"
Expires: Wed, 07 Dec 2022 07:50:29 GMT
Last-Modified: Mon, 05 Dec 2022 07:01:16 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.1/jquery.min.js
104.17.25.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.2.1/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (32019)
Hash f8b4311e9b5b0b079b52cd057289c79f
950a8424cd75e591ac7a6de58d4db19ac42915b8
39422d6375b1232d550f801f848e49b7902f6c3117eb5670be1002b902ba3908
GET /ajax/libs/jquery/2.2.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 26983
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e7e"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1145417
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bySRGtoKklfhF4XeHCv%2FbskO8tnsIhGdQmRAk3p3x4K3U9bAj%2BqeO%2BFd1jEBLK6coxicyrWF0YnOIwz8LrxJb1bydijl1kazLw1u1Uev1lMft5fWtvqXBvVJ5zVlhauJaEQelMBW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f5be4bb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js
104.17.25.14200 OK 10 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (31997)
Hash da09af9c30411ac4ea58fa932c2bcdf1
3021a222be0168efcad5db279a305485935aeff5
19e819601b91eb75c0609dd6343a344f280a94b83e06e58595bafff5b12ca7f4
GET /ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 10158
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf0-ad36"
last-modified: Mon, 04 May 2020 16:04:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4101123
expires: Sun, 26 Nov 2023 04:14:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2F8S%2F%2BkU5Fs2ob%2F2BkjJCTbFixcNw2kXrP9Xch9g%2Bn2hzscGQGZrziG1GN%2BEJk9fPSubQAe9c6dO6CQegQlaIsLvTfhe6Po4GMWx8Ccy7NwmkxbsjJHafY3n0MenewxELuzQuGEZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775231f5be4eb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4934
Cache-Control: max-age=149566
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 21:47:17 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash c0fc9cb5cffb933db9bad8a49fb959c3
f47df948c2011914c2c77f5a871b68770d2c9601
ea0d43cc822237f8996d6b6a238a5362e0c845d84a57581210baaf00a879d7bd
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 04:14:31 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "599F53480ECBCB5E6D430BB4AFC8AEF2A74C29B1"
Expires: Tue, 06 Dec 2022 15:00:00 GMT
Last-Modified: Tue, 06 Dec 2022 03:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 907
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775231f5fcf91c16-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3ba864a4daffd79d4639e98e35cf5a8f
4e2dfdbff3ce773c1c39031bdf854e2b0a31131c
73a684466e34cc6ab4250dbab0c6afb73a92c4239e37076020b9e1c446b69b7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=123
172.217.21.168404 Not Found 1.6 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=123
IP 172.217.21.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 727d70112212cf2c949d12548932490b
8d0410504540d3657a17c4e046a0941ff8111808
80dff8ef8d861a942fbe7baad3ed0aa032f738c13c092fd238a4d0892cb70ad8
GET /gtm.js?id=123 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: text/html; charset=UTF-8
server: Google Tag Manager
content-length: 1574
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3ba864a4daffd79d4639e98e35cf5a8f
4e2dfdbff3ce773c1c39031bdf854e2b0a31131c
73a684466e34cc6ab4250dbab0c6afb73a92c4239e37076020b9e1c446b69b7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bugaia.net/uploads/stander/158713492852480.png.webp
68.65.122.94200 OK 35 kB URL HTTP/2 bugaia.net/uploads/stander/158713492852480.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 804efc7fa6c41ee41447bbb686473d65
e5caf8583ce97a0e69b96864aedcbab3ea22ff88
e1e157c751776682e3e785e4147cd9e149dfef0b651ba97502f76ace183da081
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/stander/158713492852480.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 34584
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/
68.65.122.94200 OK 16 kB IP 68.65.122.94:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31892)
Hash a4e063115a400521effa667e732d2b4a
093be2096d8c0a69eb34dc734e48d6b00c42b5bb
50740567aacb63b4fc3a19ab9554f59f756ea84e4038c7ec018c17daeff70cac
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
content-type: text/html; charset=UTF-8
set-cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; expires=Tue, 06-Dec-2022 06:14:30 GMT; Max-Age=7200; path=/; secure
bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D; expires=Tue, 06-Dec-2022 06:14:30 GMT; Max-Age=7200; path=/; httponly; secure
content-encoding: br
vary: Accept-Encoding
date: Tue, 06 Dec 2022 04:14:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/css/icons.css
68.65.122.94200 OK 490 B URL HTTP/2 bugaia.net/assets/css/icons.css
IP 68.65.122.94:0
File type ASCII text, with very long lines (1727), with no line terminators
Hash ee4e819e82e0a6e7161c914c26b05df1
8e660fb7d5241d9a85d0834fcab45bc2139e4150
52d61cc8864bc8bab51a4a5a15ec8010c9d89e05db67b6e801dfe41f1da1a0c9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/css/icons.css HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: text/css
last-modified: Thu, 04 Feb 2021 23:49:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 490
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158967080612293.png.webp
68.65.122.94200 OK 1.2 kB URL HTTP/2 bugaia.net/uploads/Services/158967080612293.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0e6187be1467984517c7675b9f08a1bd
5ec6de974e939c8846fcf5ecfcebbe2620da8000
edb405d632fe7f8c1843e3b83805ffd88b7855ab2592e377bee94a92c9ad05ff
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158967080612293.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1222
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158967065682015.png.webp
68.65.122.94200 OK 1.7 kB URL HTTP/2 bugaia.net/uploads/Services/158967065682015.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 25474b023b3433bb262efd64f3c15b41
6f5a64ca8a2ab642420b1f681a0878ebd33e00b7
52a1908adf9167324893faf161d49bdda7d9730e95d6ba7f69d44ec3f1fc0b9c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158967065682015.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1700
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158967013253102.png.webp
68.65.122.94200 OK 1.1 kB URL HTTP/2 bugaia.net/uploads/Services/158967013253102.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash abb1c1ed3a4fbe6ce736ed9bb9f6be8b
4656ca2812b83b71313792629274d75e3d1f24cc
7b18e1a712fcac9693b560cdcabff5613089adcffeed720c5c5e66642a2be1a8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158967013253102.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1132
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158967043380709.png.webp
68.65.122.94200 OK 1.2 kB URL HTTP/2 bugaia.net/uploads/Services/158967043380709.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0e6187be1467984517c7675b9f08a1bd
5ec6de974e939c8846fcf5ecfcebbe2620da8000
edb405d632fe7f8c1843e3b83805ffd88b7855ab2592e377bee94a92c9ad05ff
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158967043380709.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1222
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158966926685223.png.webp
68.65.122.94200 OK 1.2 kB URL HTTP/2 bugaia.net/uploads/Services/158966926685223.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 11b3c8346c1081e645ba230bcec2716f
29cce8e6090cdd6c3ef056ebc3a3ce77f2c3b0ab
6ca05b99b862ee476f8bf502ac9d111f44ce28b973a972d13b82ad7386b78848
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158966926685223.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1190
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158966973110459.png.webp
68.65.122.94200 OK 1.1 kB URL HTTP/2 bugaia.net/uploads/Services/158966973110459.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c3f124353182f33df5e8e76f1eb0b68b
8b60e91d0e865942bd1c32ee43395413207b3e39
1dffdb67af4a038e546736f800f36bd34d687cf41a9e65e00486ff2b6b574639
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158966973110459.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1074
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158966903169880.png.webp
68.65.122.94200 OK 1.2 kB URL HTTP/2 bugaia.net/uploads/Services/158966903169880.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 11b3c8346c1081e645ba230bcec2716f
29cce8e6090cdd6c3ef056ebc3a3ce77f2c3b0ab
6ca05b99b862ee476f8bf502ac9d111f44ce28b973a972d13b82ad7386b78848
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158966903169880.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1190
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158966770775768.png.webp
68.65.122.94200 OK 732 B URL HTTP/2 bugaia.net/uploads/Services/158966770775768.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c7b9a3e399f6e85d002a7fe3fb9a0855
d77303f29fea5b13c07a2665e02abed03760a9df
78b1c1c73f68dd61d5ea18bb88d45f3a244133edf6ca2e873fcfc10e1724eeef
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158966770775768.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 732
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158966805523267.png.webp
68.65.122.94200 OK 1.2 kB URL HTTP/2 bugaia.net/uploads/Services/158966805523267.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 11b3c8346c1081e645ba230bcec2716f
29cce8e6090cdd6c3ef056ebc3a3ce77f2c3b0ab
6ca05b99b862ee476f8bf502ac9d111f44ce28b973a972d13b82ad7386b78848
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158966805523267.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1190
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/Services/158966433165945.png.webp
68.65.122.94200 OK 732 B URL HTTP/2 bugaia.net/uploads/Services/158966433165945.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c7b9a3e399f6e85d002a7fe3fb9a0855
d77303f29fea5b13c07a2665e02abed03760a9df
78b1c1c73f68dd61d5ea18bb88d45f3a244133edf6ca2e873fcfc10e1724eeef
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/Services/158966433165945.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 732
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/projectType/158974791852781.png.webp
68.65.122.94200 OK 2.5 kB URL HTTP/2 bugaia.net/uploads/projectType/158974791852781.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3f2bb96c3656fc0338b25112c21d4424
123569f1a5fe10922fa2b917e176a3ceb6eb5723
6e6e96e87278d65b1404dd4ed0fb15e59a3caba1e1f93e9b99b755ae19852776
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/projectType/158974791852781.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 2458
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/projectType/158974783660719.png.webp
68.65.122.94200 OK 3.8 kB URL HTTP/2 bugaia.net/uploads/projectType/158974783660719.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0b16c42919e97a88b0b80bf4e1f66960
b289df371c61b9197190c9d6c7b2e86b9a0d6a3a
c7a21dccd13ffbd2f238ec8f41898a722e330c71d4da393ba33cc06ba8679fca
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/projectType/158974783660719.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 3794
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/projectType/158974761834881.png.webp
68.65.122.94200 OK 1.6 kB URL HTTP/2 bugaia.net/uploads/projectType/158974761834881.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b0ae54ba04c52a30912e058ec1a0be9
401a0a4904b0c179a468ab01f6efae8f1bb979d9
14d28ad602effa0237888043604025da5dfd7d655596a8871f6d9edfb910a22d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/projectType/158974761834881.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1608
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/shape1.png.webp
68.65.122.94200 OK 616 B URL HTTP/2 bugaia.net/assets/images/shape1.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 18a6abb4c45dc5117e0864219266f209
cac19d41408d1a42a5b2edde235f802d7fb4fb90
d439fe4555f6ffc3368e70b5aa68155124998c5458089660c401099fb53db8bc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/shape1.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 616
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/projectType/158974774544159.png.webp
68.65.122.94200 OK 1.6 kB URL HTTP/2 bugaia.net/uploads/projectType/158974774544159.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 92c20aa1f3497c66229a00e1ee46be9c
8f0d3da231876c45e0b9ab49acb48a0a2c99b693
b23ca8b148151d5a6433d4fd40f7efa87f94fee26e69ac5e8e0634c98324d4de
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/projectType/158974774544159.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1588
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/shape2.png.webp
68.65.122.94200 OK 522 B URL HTTP/2 bugaia.net/assets/images/shape2.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 25505703c463825944372be537523f08
095c8f17b5c1f950a3b9a7e2d9b1d385072d1187
2796305de92f51116bf734d0c4e335894cd1bf5f13da5fbbdbd2ee54b8dc20e9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/shape2.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 522
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/shape4.png.webp
68.65.122.94200 OK 2.9 kB URL HTTP/2 bugaia.net/assets/images/shape4.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 869a44093c4c8533d55bdac4c2132d6f
deb92ddbb6749fbaf6d6ced4f669184856de75e5
a573a11543f88f1eba68133c6f058ede53575cc8902b5d277aa2106633cf0f13
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/shape4.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 2920
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/stander/158713492837386.png.webp
68.65.122.94200 OK 29 kB URL HTTP/2 bugaia.net/uploads/stander/158713492837386.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5714a65bde303d10e0b41ad6ea8249ea
c5cb72c661ada632cdaf08b81800ea09e25aed9b
4f67009fb61e2a1bcf2a2ec53c7679ec48b46f61aedcb43575c0fcf7e9eb79da
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/stander/158713492837386.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 28726
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/shape3.png.webp
68.65.122.94200 OK 540 B URL HTTP/2 bugaia.net/assets/images/shape3.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 854d410d42538e696430f162ab9adffc
2418fc5ea71b75c66bb40c5adaa7fa1047c1ef14
9f696cbbbfe9334b5d2dd4fcdb0707cb856c93ccf05c3a2d6f121bdc25cf269e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/shape3.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 540
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/icon1.png.webp
68.65.122.94200 OK 1.6 kB URL HTTP/2 bugaia.net/assets/images/icon1.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash fdd03f3eb149561c41a90cfb12af2906
07f3af002d5f88d566290e406bfe4735af07c578
39e3034cc56567d2e0e3e678a17bc7340cae664cfe8670fcf61a80e75528e739
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/icon1.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1576
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/icon2.png.webp
68.65.122.94200 OK 1.6 kB URL HTTP/2 bugaia.net/assets/images/icon2.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5def227abb644ebd6d5565264034ba4b
7244e8efc9cb8c29aa04cfe58594ec41bdc67473
0edff7c738aae1811a298ffb0c7f0f876ba4c04479f01fc06db72b754a56390c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/icon2.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1630
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/icon4.png.webp
68.65.122.94200 OK 708 B URL HTTP/2 bugaia.net/assets/images/icon4.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c6a79c452014645d43c2f85576e703e6
47c2ab83b242948cb6fab546acff93197bddffb7
53429af8f0138763cdccd2a503ae375ef0a0175a76466e717a232a29f5d4af2d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/icon4.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 708
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/wrk1.png.webp
68.65.122.94200 OK 400 B URL HTTP/2 bugaia.net/assets/images/wrk1.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2c58bcdb293ad51fbd675fc96da340dd
4f6181f5a78e0e768ad71c4d9d55917f39cbfa23
087373c6060f81139e88845ad5053e80163694433d15d61bab4059a85fdf8af1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/wrk1.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 400
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/shape5.png.webp
68.65.122.94200 OK 7.2 kB URL HTTP/2 bugaia.net/assets/images/shape5.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6481922ad5f002ce089c500e8cc202de
df52fc654fca22b500c92730fe8b312f460e9ec5
dba62aebabe3d0c2b62c5ab4ee1352bdcdb5724958db1886a7e460d35f5930d1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/shape5.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 7214
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7555
Expires: Tue, 06 Dec 2022 06:20:27 GMT
Date: Tue, 06 Dec 2022 04:14:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7555
Expires: Tue, 06 Dec 2022 06:20:27 GMT
Date: Tue, 06 Dec 2022 04:14:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7555
Expires: Tue, 06 Dec 2022 06:20:27 GMT
Date: Tue, 06 Dec 2022 04:14:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7555
Expires: Tue, 06 Dec 2022 06:20:27 GMT
Date: Tue, 06 Dec 2022 04:14:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4193f05dfd1de8bf795f433d4387243
b76ea6ae9df756f131ec16b01cdc7ab19b2d01be
b56231f3c788519751528b849a442d5c7ed828ea4ce3321fd629ca27440ea6e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6920
x-amzn-requestid: 05ec2698-a5ee-4046-be77-0036755f2946
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwaEd-IAMF_-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64cf-783b236b79b1e9ba22098cb2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:23 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GgMHlvU3WIDYMF9fmZAajw_Y3zmPm2zojn7FTqgqtBj7e4qeu8Uokg==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:53 GMT
age: 22119
etag: "b76ea6ae9df756f131ec16b01cdc7ab19b2d01be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeae6973-c3cb-4597-8dcc-f36e4cd35fda.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeae6973-c3cb-4597-8dcc-f36e4cd35fda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5529617b0748f2d8c82ef99c1ac116a8
a862b74508113ae72b56b9b3de0c75ba559b9032
376a82ae4a5b80f59fb746be79bca569b03a74c345845c7bbf15189964b0bb96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeae6973-c3cb-4597-8dcc-f36e4cd35fda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11469
x-amzn-requestid: f60a3f0d-38f7-4f82-bdd5-9e31814ab1d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuZGAXIAMFwuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-5b4b99e779a0aaa71a311a1c;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: El70-nSITf6MuEV19s_OMrwTcWIKO-u4JsghVUSzolero071AVGvjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:38:28 GMT
age: 23764
etag: "a862b74508113ae72b56b9b3de0c75ba559b9032"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30d72693680b3ac91c0eee4d47a26196
cd923a5a3810bfe86be2eca4b97c739d76756d93
69ca9e172f6b0c5bf158022d533701b89282630deaa0ce7df27ed459c9bfe75e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8656
x-amzn-requestid: cfc71f7f-d1c6-47c9-8107-864701dbf3c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwkEHmIAMFUnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d0-6705510852d26ae24b3e5ea4;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:24 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zTGiKMan3uG3edx5AsFabNE4eG_dmzrIIOFCWcOxYN0UgSCGTNTtxw==
via: 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:25 GMT
age: 21127
etag: "cd923a5a3810bfe86be2eca4b97c739d76756d93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3801236dc22938e1cc18947e90ea5326
5979d7dc3ba0eb61947282a4adeac8208b4148ae
3bd4eab29590ec3c316597abd2be65281cd9a6137add037ad57c093f1fca12e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5995
x-amzn-requestid: 25b34277-c486-4642-aea7-21e0598babc3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzOGGjoAMF4kw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e1-6f43ab8e0c1a5260327bce11;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cO5j7BIPh3GSOUqKDYYY2qmG6__Hn2XB9lFhhYT_WpOXya-9TTGtgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:24 GMT
age: 21128
etag: "5979d7dc3ba0eb61947282a4adeac8208b4148ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcb8fe0c4ba323ab2483fa290c291051
6706e02d6b95edc3a33c951f07d04b0fb7415b77
6be68deb3a330955027ec16eaca2cdf4e2776620ffb7cb995922664b24400f02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8749
x-amzn-requestid: ee03c447-299b-45d5-b8c6-12d4d1dc436d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_spHdBIAMFywQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-0c9805c6112ec9ec6b9d1544;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tsL8hmcWaBeKYVG2b4g7ebl-sQ0Z5jZaexEfvldfzq9COcOdzqLhUA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:21 GMT
age: 23171
etag: "6706e02d6b95edc3a33c951f07d04b0fb7415b77"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e1b54923ba506fde6b21c5bfb51ccc8
366aa3ab0790c496ea51bc08d1f2ff3358530d9e
a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10594
x-amzn-requestid: eee9f193-eef5-44bf-997a-877fa206749e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyIHpGoAMF1fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-0a9190f7698dbf2f73bb1575;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f-KQCOuDl461V8MBPsSOj1ILCU91Q0pCSENaldkMHR2oZdrEUnHeaA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:03:16 GMT
age: 22276
etag: "366aa3ab0790c496ea51bc08d1f2ff3358530d9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bugaia.net/assets/images/icon3.png.webp
68.65.122.94200 OK 2.4 kB URL HTTP/2 bugaia.net/assets/images/icon3.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3880a86d96ece6bf5e92ede3c38b57f8
52b0b19be8ac5c9750f275b149732caa6c2a977c
f2772ffb610cba5c3505c29a11c4f7aac16d815fff4ed0ed2d939df2901650b1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/icon3.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 2358
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/user.jpg.webp
68.65.122.94200 OK 326 B URL HTTP/2 bugaia.net/assets/images/user.jpg.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 32x35, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3f10b8041a94f8db6cf9366b697a4cbd
2f4d5a507199cd9c04c1ca63ea84d09a6c72e5b2
cd7c06b27bcae80c8c38059efd8818d07f8319797dd41eefef13037fae4aca81
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/user.jpg.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 326
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/159080333517670.png.webp
68.65.122.94200 OK 1.7 kB URL HTTP/2 bugaia.net/uploads/client/159080333517670.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 939b2751d9cbcf12a870124be63c94e2
bbbc6bf90ed2ebaf37baa646dde3bac0d9e71bd1
86694968f02190881631620c5ed6d86955dc18c22bc75397dd6f821556d9e43c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/159080333517670.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1712
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/160008936383142.png.webp
68.65.122.94200 OK 2.7 kB URL HTTP/2 bugaia.net/uploads/client/160008936383142.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ef6b6c61882c0de3d278573a713ac1be
40609523468795ce214563f4abb4ff207d578890
741eaca7f135cfd82502f9e88b9d4a0a86f45a745e8f399c0f5f5b181f6955ff
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/160008936383142.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 2668
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/159080339152875.png.webp
68.65.122.94200 OK 1.3 kB URL HTTP/2 bugaia.net/uploads/client/159080339152875.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3c62b24551e884e89f610e13fe70d380
0e16558275f21ae61cab2b6a3d5c2e3749a23f37
da099f36129fe24c8e4f38e9e21b4ec25f021a5400629b2aa614a441fd8a0b14
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/159080339152875.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1276
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/159080345421906.png.webp
68.65.122.94200 OK 2.5 kB URL HTTP/2 bugaia.net/uploads/client/159080345421906.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 42278ee5070d2c9176a56c6f4b1dd4c8
c35a9a5aa2dd052a0721fe85cd7d212bb2b9619b
7ad12ce0d9e3ddd9f72e5dd942a3efdbe999a99abd782356f1ca46731304d12b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/159080345421906.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 2514
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/js/bugaia.js
68.65.122.94200 OK 525 B URL HTTP/2 bugaia.net/assets/js/bugaia.js
IP 68.65.122.94:0
File type ASCII text, with CRLF line terminators
Hash bc837126bb740df96bdd8d189fd51892
d6c0d6f6a8a76d3bdd08d295d07f6155c65da769
df4fa6d8f7c79bfb468639c4da117dffd666088a24823de48f310ee4cfeffe26
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/js/bugaia.js HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: application/javascript
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 525
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/160008931775531.png.webp
68.65.122.94200 OK 2.3 kB URL HTTP/2 bugaia.net/uploads/client/160008931775531.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8476e7bb5eb46ba51101fdb247efc24a
7f11fe548aa335b82a553805199f40965f914ac2
5a480cf6d16e5e2953fe84b84ff9f19d37f98dc00b52468b73b4721d4d9a5aed
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/160008931775531.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 2306
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/js/main.js
68.65.122.94200 OK 1.1 kB URL HTTP/2 bugaia.net/assets/js/main.js
IP 68.65.122.94:0
File type ASCII text, with CRLF line terminators
Hash 17d0c33ac9352156d650f8002539f02e
f585053133bc91eb43d0e5c6865debab7e27ad04
fc1817688c83b38c600058615b47b445e788ddb8f26e168573424e06f4dad1ac
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/js/main.js HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: application/javascript
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1078
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/stander/158713492871545.png.webp
68.65.122.94200 OK 34 kB URL HTTP/2 bugaia.net/uploads/stander/158713492871545.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a2c21e13efe563451e7d299361bdf7a7
134aaeacd19dde8c7aab68ca25031e1db3e1cf81
50ea62e7d2fea1eee578c82438576d7d482faa28e45119fe0480b3ab4ffdc976
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/stander/158713492871545.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 34392
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/project/160009065495381.png.webp
68.65.122.94200 OK 27 kB URL HTTP/2 bugaia.net/uploads/project/160009065495381.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x924, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c88dcd27459ba55ae8000af97b58372a
d6e5df2c683aa64496b6c7ca6ea53b4088adfda5
d04f0a57e0bceb97b8d8c2684981e16d20063a1c2348b313498bf2e5fe78b00b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/project/160009065495381.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 26750
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/blogs/158975598286182.png.webp
68.65.122.94200 OK 30 kB URL HTTP/2 bugaia.net/uploads/blogs/158975598286182.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1378b3a2f48a9a4d86d8b55c71b1822f
0c92e02232932ff2ef2a28a354cfa9ebedce9c43
99761e417dbc4be96fffe2866881607396c44dd7538a2b3a3c979e6ddf450fa0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/blogs/158975598286182.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 30376
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c526adaea6313d4245617c7471617d8e
b98308ddb5d0801b87a16ad87396033e59b61a9b
de9de78225ca1deceb99777f143debb1f33e11f7c4656c6baab99c10369b312a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 637
Cache-Control: max-age=127284
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:32 GMT
Etag: "638e0d5f-118"
Expires: Wed, 07 Dec 2022 15:35:56 GMT
Last-Modified: Mon, 05 Dec 2022 15:25:19 GMT
Server: ECS (amb/6B91)
X-Cache: HIT
Content-Length: 280
bugaia.net/uploads/blogs/158975212448488.png.webp
68.65.122.94200 OK 30 kB URL HTTP/2 bugaia.net/uploads/blogs/158975212448488.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1378b3a2f48a9a4d86d8b55c71b1822f
0c92e02232932ff2ef2a28a354cfa9ebedce9c43
99761e417dbc4be96fffe2866881607396c44dd7538a2b3a3c979e6ddf450fa0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/blogs/158975212448488.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 30376
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/blogs/158975454857803.png.webp
68.65.122.94200 OK 30 kB URL HTTP/2 bugaia.net/uploads/blogs/158975454857803.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1378b3a2f48a9a4d86d8b55c71b1822f
0c92e02232932ff2ef2a28a354cfa9ebedce9c43
99761e417dbc4be96fffe2866881607396c44dd7538a2b3a3c979e6ddf450fa0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/blogs/158975454857803.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 30376
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/159080329590334.png.webp
68.65.122.94200 OK 43 kB URL HTTP/2 bugaia.net/uploads/client/159080329590334.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b4b2d035791d40c88f28b17c1bfa672a
a0adc6de367ed947b42eee258d47779c2b8da7a0
050bef9dc31ac316aa47ae06c636e0598a5174f8e96e7690b46e7f592eaec698
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/159080329590334.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 43298
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/159080354649987.png.webp
68.65.122.94200 OK 19 kB URL HTTP/2 bugaia.net/uploads/client/159080354649987.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ed3cda0f77fb06d048521e02f98e9d5a
dd012def2bd00d5d8d961cba46fc97d84bda8659
234b905d5a01816a3652d1d9c50faf1e9bac783e16b6f2bdf0e1fbeaf93ab803
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/159080354649987.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 18664
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/client/159080342639278.png.webp
68.65.122.94200 OK 17 kB URL HTTP/2 bugaia.net/uploads/client/159080342639278.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 49602e20704d13569d624dec4e574309
550b25bcbd1e3a3d623a872c58f01d311e4f8509
a7a70f477797f43a48c3fd70a2cd0b9f8e9f3f74f2de04afb15564a4a48b6c4a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/client/159080342639278.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 16734
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/prj0.png.webp
68.65.122.94200 OK 41 kB URL HTTP/2 bugaia.net/assets/images/prj0.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 96fea818fcfd5e709170cd5f29cfbc6b
031f6a38169fee9573825e7e19ab2f50a8e31e55
959b1b448944107d32a449b65b8c21bab55f1b24e0e90f218076139b6268b086
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/prj0.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 40568
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/project/160009056766991.png.webp
68.65.122.94200 OK 57 kB URL HTTP/2 bugaia.net/uploads/project/160009056766991.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x927, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 84cf513e68f6e5f79f847ffaf7b5793e
a13c4af6b873d9307139e80e87fc1479dcf62552
94e5f541974fc619b86d7f319b0dcf20f26693a8aebe2e4b1e94df0c8d1eb9da
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/project/160009056766991.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 57328
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/project/160009059712052.png.webp
68.65.122.94200 OK 60 kB URL HTTP/2 bugaia.net/uploads/project/160009059712052.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x921, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5769888a0af507380805df3571920292
3a865bff2259001dce31b7bcd7eccc92753ccd41
9f9f3d0ac9413113c709f946d5cbd9fe3ae5210a2a62554809849c601617dd63
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/project/160009059712052.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 60406
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/footer.svg
68.65.122.94200 OK 9.9 kB URL HTTP/2 bugaia.net/assets/images/footer.svg
IP 68.65.122.94:0
File type SVG Scalable Vector Graphics image\012- exported SGML document, ASCII text, with very long lines (10270), with CRLF line terminators
Hash e05ac56009837c297fde9eeff4c3f731
b853aa17e87b6edd11ab4ad265364d6512047536
194cc8d7bfca82536749d4d6a7d96e532f5791dea0b07c75543820e250ab6053
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/footer.svg HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/main.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/svg+xml
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9891
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/mountain_header.svg
68.65.122.94200 OK 870 B URL HTTP/2 bugaia.net/assets/images/mountain_header.svg
IP 68.65.122.94:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (464), with CRLF line terminators
Hash 7fcaa028293b37c7f2c679fbc147a940
0aeea91950beadc1e5f2c1e715779405489c2e18
96eeb8f0d8996d86f875c2d39123729bece1f13d23a73ae34a6d16d5949bd8f3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/mountain_header.svg HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/main.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/svg+xml
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 870
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/line.png
68.65.122.94200 OK 15 kB URL HTTP/2 bugaia.net/assets/images/line.png
IP 68.65.122.94:0
File type PNG image data, 1857 x 342, 8-bit/color RGBA, non-interlaced\012- data
Hash d33098935f6c5ead76b10bc33e578dd4
81ab01e4bf12755ecb383c64f40fdd5767378ed5
f11753061280a8971a26771126aa6de2cc338593280b865f13ebb4c8375cd6f2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/line.png HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/main.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/png
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 15191
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/images/border.svg
68.65.122.94200 OK 292 B URL HTTP/2 bugaia.net/assets/images/border.svg
IP 68.65.122.94:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash d0c68c1eb2d67225fe79b494947c5b9a
2738abce3a32ccee47290342f6366eb613f382a9
f8a970ad4624aa4bb15ebccf357e973e73cb5295c5570913350e5e20be40091c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/border.svg HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/main.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/svg+xml
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 292
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/fonts/icons/icomoon.ttf?j739wf
68.65.122.94200 OK 6.0 kB URL HTTP/2 bugaia.net/assets/fonts/icons/icomoon.ttf?j739wf
IP 68.65.122.94:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash 4924b41e1a178d65bc129ed1070fba6f
4da5f9363bc4c97d699b61324bb42f58974605e9
7da7287976498ed44b1b374efee17965b221bb3e7abf27d0ba46d64dadc227ec
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fonts/icons/icomoon.ttf?j739wf HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/icons.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: font/ttf
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 6000
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/uploads/project/160009063425370.png.webp
68.65.122.94200 OK 196 kB URL HTTP/2 bugaia.net/uploads/project/160009063425370.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x933, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 196 kB (195742 bytes)
Hash c405cdc6017cf7685e35731e1cf36cab
c2424f88a08866a47e044c01e6fb148dc6438c3e
e9061dae9549c949c7e1419f50f0de0bf1d1b095d534b6467eeeb29a9b20a39d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uploads/project/160009063425370.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 195742
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/fonts/TAJAWAL/TAJAWAL-REGULAR.TTF
68.65.122.94200 OK 56 kB URL HTTP/2 bugaia.net/assets/fonts/TAJAWAL/TAJAWAL-REGULAR.TTF
IP 68.65.122.94:0
File type TrueType Font data, 15 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, (c) 2017 by Boutros International. All rights reserved.TajawalRegular1.000;1bou;Tajawal-RegularV\012- data
Hash 6b10b55e4df612910047b7e5d596a9d5
c13a0a9b2d0deb648b29442ac81a56516153f201
e04f9ee8d10ee25525bfbb4c44f856853568bd39de59c7bc9a2da1683fee01c3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fonts/TAJAWAL/TAJAWAL-REGULAR.TTF HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/main.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: font/ttf
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 56088
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.11.207200 OK 68 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP 104.18.11.207:0
File type ASCII text, with very long lines (32033)
Hash 68104fbed6174c3456c7d5155ca4bee9
6989867127139e026a4f4507e29ad9c86cd944a5
e99066ef04c6307878082711f41344199da7a7deaa9c811ad618100d146515d4
GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 12/13/2021 20:18:53
cdn-edgestorageid: 755
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-proxyver: 1.02
cdn-requestid: 48135f30fbfcba704628453df5764d8f
cdn-cache: HIT
cf-cache-status: HIT
age: 15749556
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 775231f52cb5b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bugaia.net/assets/fonts/TAJAWAL/TAJAWAL-BOLD.TTF
68.65.122.94200 OK 57 kB URL HTTP/2 bugaia.net/assets/fonts/TAJAWAL/TAJAWAL-BOLD.TTF
IP 68.65.122.94:0
File type TrueType Font data, 15 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, (c) 2017 by Boutros International. All rights reserved.TajawalBold1.000;1BOU;Tajawal-BoldTajawal\012- data
Hash 79bb19e04937c19974260fcb4128270e
e08459c45d81723a0275d1940c39b2c53f6e677c
4e73466ce60e5c69df0c5da4cf0ae6e60e5b29951ffbd9d3ce3b4cb68b391f74
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fonts/TAJAWAL/TAJAWAL-BOLD.TTF HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/main.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: font/ttf
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 56568
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
bugaia.net/assets/fonts/TAJAWAL/TAJAWAL-EXTRABOLD.TTF
68.65.122.94200 OK 56 kB URL HTTP/2 bugaia.net/assets/fonts/TAJAWAL/TAJAWAL-EXTRABOLD.TTF
IP 68.65.122.94:0
File type TrueType Font data, 15 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, (c) 2017 by Boutros International. All rights reserved.Tajawal ExtraBoldRegular1.000;1BOU;Tajawa\012- data
Hash 7bbbfd28e8dbd463c9f449aa96ffd7ed
e0fc35c5b78b529a489597740eb49e134b81b690
853befc42ac27357f2041fab7e63947ad40b40f3caa51aede698b2eb5599ac90
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/fonts/TAJAWAL/TAJAWAL-EXTRABOLD.TTF HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/assets/css/main.css
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:31 GMT
content-type: font/ttf
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 56292
date: Tue, 06 Dec 2022 04:14:31 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c526adaea6313d4245617c7471617d8e
b98308ddb5d0801b87a16ad87396033e59b61a9b
de9de78225ca1deceb99777f143debb1f33e11f7c4656c6baab99c10369b312a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 638
Cache-Control: max-age=127284
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 04:14:33 GMT
Etag: "638e0d5f-118"
Expires: Wed, 07 Dec 2022 15:35:57 GMT
Last-Modified: Mon, 05 Dec 2022 15:25:19 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
bugaia.net/assets/images/fav.png.webp
68.65.122.94200 OK 1.5 kB URL HTTP/2 bugaia.net/assets/images/fav.png.webp
IP 68.65.122.94:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 78411bc82e7f67621db63765c2d92113
a0db23ce103822623a57ba5d78b7ed90aa964257
b7ec8b763196f50d909a605332bf178a5e8e4e9425188a93bca168ab4f37b543
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /assets/images/fav.png.webp HTTP/1.1
Host: bugaia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Cookie: XSRF-TOKEN=eyJpdiI6IjRod3dmZG1mMTRDMGlDOER0VEVhbGc9PSIsInZhbHVlIjoiY1I3eHowbDFHK1poQ1V4V0FRTkgrSENXS2ZENE5IUXNVTjR1aElwRGI1Q3N4XC9KRWZRVWVCNDZ4WXNmcytYZ1wvIiwibWFjIjoiYjEzYWQ5ZTI5OTYyNDU5ZjYwMmY1YjlhNzdlNGQyNDQ4MTI3NmM5NDU1NWQ2NzZlZTViYjYwOWM1ODE5Y2M0MyJ9; bugaia_session=eyJpdiI6IkcxYThMcTEzNjJ0Qk11K0NBYWh6MlE9PSIsInZhbHVlIjoiTmV3Q0Z6cGxxN3V3MUtJMUFYQTI3czJoK3p4ODhqczgxVGRJV0tDZHo4Y1pMZGd3SkNIQW8rTHpOXC9Od2NsZU4iLCJtYWMiOiJhMjc1OTY0MzRjOWNhYjQ2ZjA0YzhkNTU5MWM2YjRkZGZkMjFkNzAyNjU3MTRjNzNhMDcxZjdjMTBlMDQxZGVkIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Dec 2022 04:14:33 GMT
content-type: image/webp
last-modified: Sun, 24 Jan 2021 16:50:16 GMT
accept-ranges: bytes
content-length: 1546
date: Tue, 06 Dec 2022 04:14:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:31 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 18410408
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 775231f50cadb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-main.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-main.js
IP 104.22.24.131:0
GET /_s/v4/app/637ddf31c8f/js/twk-main.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bugaia.net
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:33 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 08:52:37 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77523202b897b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-chunk-vendors.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-chunk-vendors.js
IP 104.22.24.131:0
GET /_s/v4/app/637ddf31c8f/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bugaia.net
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:33 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 08:52:37 GMT
etag: W/"70dac54eca3bb2143032bc4db3237623"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77523202b89db4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-runtime.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-runtime.js
IP 104.22.24.131:0
GET /_s/v4/app/637ddf31c8f/js/twk-runtime.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bugaia.net
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:33 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 08:52:37 GMT
etag: W/"9075c2f5460b2832318d3c7217cc68cb"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77523202c8a0b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-vendor.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-vendor.js
IP 104.22.24.131:0
GET /_s/v4/app/637ddf31c8f/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bugaia.net
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:34 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 08:52:37 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77523202b89bb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/5ae10d755f7cdf4f05339e3f/default
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/5ae10d755f7cdf4f05339e3f/default
IP 104.22.24.131:0
GET /5ae10d755f7cdf4f05339e3f/default HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bugaia.net
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:33 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-637ddf31c8f"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 775231fe9ed8b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-chunk-common.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/637ddf31c8f/js/twk-chunk-common.js
IP 104.22.24.131:0
GET /_s/v4/app/637ddf31c8f/js/twk-chunk-common.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bugaia.net
Connection: keep-alive
Referer: https://bugaia.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Dec 2022 04:14:33 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 08:52:37 GMT
etag: W/"bde99510bdf9ab7bbc9ce82519a19a36"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77523202b89eb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2