Overview

URL join.tourbygoldenvip.com/
IP20.189.78.99
ASNMICROSOFT-CORP-MSN-AS-BLOCK
Location Hong Kong
Report completed2022-09-26 09:13:20 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
2022-09-25 2 join.tourbygoldenvip.com/ Tencent
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-26 2 join.tourbygoldenvip.com/js/popup.js Phishing
2022-09-26 2 join.tourbygoldenvip.com/js/content.js Phishing
2022-09-26 2 join.tourbygoldenvip.com/js/counter.js Phishing
2022-09-26 2 join.tourbygoldenvip.com/js/google.js Phishing
2022-09-26 2 join.tourbygoldenvip.com/js/buktup.js Phishing
2022-09-26 2 join.tourbygoldenvip.com/ Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

URL img.zing.vn/products/pubgm/skin-2020/dist/main/images/bg/bg-nav.png
IP  113.164.15.82
Magic gzip compressed data, max compression\012- data
Size 4221
MD5 11c7f09d8a38456ae79b26156d05ca20
SHA1 9a7c56193e6079f521ce67cbacc1e3eb72920e38
SHA256 bae1927c989b5a8282feb6c349a0bcd7131e3d3d1df4df20b661e36086977b22
Analyzer Analysed Verdict Comment
VirusTotal 0/0


Passive DNS (19)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-25 13:18:42 UTC 104.17.24.14
mnemonic passive DNS join.tourbygoldenvip.com (17) 0 2022-09-24 19:32:56 UTC 2022-09-26 03:34:55 UTC 20.189.78.99 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-09-26 04:11:51 UTC 34.120.237.76
mnemonic passive DNS img.zing.vn (8) 512499 2012-07-30 15:21:26 UTC 2022-09-26 09:07:28 UTC 113.164.15.82
mnemonic passive DNS ocsp.trust-provider.cn (1) 0 2022-02-10 08:18:30 UTC 2022-09-25 04:31:41 UTC 47.246.44.205 Domain (trust-provider.cn) ranked at: 847612
mnemonic passive DNS esports.pubgmobile.com (1) 0 2020-06-05 11:36:09 UTC 2022-09-15 10:50:15 UTC 101.33.29.221 Domain (pubgmobile.com) ranked at: 49797
mnemonic passive DNS wallpapercave.com (1) 16507 2014-12-31 00:01:22 UTC 2022-09-26 06:47:16 UTC 172.67.29.26
mnemonic passive DNS r3.o.lencr.org (3) 344 2020-12-02 08:52:13 UTC 2022-09-26 04:35:11 UTC 23.36.77.32
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-26 04:12:35 UTC 142.250.74.3
mnemonic passive DNS ajax.googleapis.com (2) 12905 2014-10-18 20:16:48 UTC 2022-09-26 06:39:49 UTC 142.250.74.170
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-26 04:56:07 UTC 142.250.74.10
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-26 04:51:20 UTC 143.204.55.115
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-26 04:26:56 UTC 143.204.55.110
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-26 04:28:07 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-09-26 04:12:21 UTC 93.184.220.29
mnemonic passive DNS www.pubgmobile.com (1) 21653 2018-04-27 11:06:13 UTC 2022-09-26 04:21:11 UTC 23.36.76.227
mnemonic passive DNS stackpath.bootstrapcdn.com (1) 2467 2018-04-05 04:41:29 UTC 2022-09-26 05:41:54 UTC 104.18.11.207
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-26 05:45:55 UTC 35.163.147.190
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-26 04:26:58 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 20.189.78.99

Date UQ / IDS / BL URL IP
2022-11-15 14:51:56 +0000
0 - 0 - 45 eventts19.com/ 20.189.78.99
2022-11-15 14:47:11 +0000
0 - 0 - 3 confirmation-228910567730001.ml/upgradenext213.php 20.189.78.99
2022-11-15 14:44:25 +0000
24 - 0 - 28 bugcodashopp.2waky.com/ 20.189.78.99
2022-11-15 08:00:48 +0000
0 - 0 - 2 confirmation-228910567730005.ml/ 20.189.78.99
2022-11-15 02:29:30 +0000
0 - 0 - 28 richmaxprize.com/seasonm 20.189.78.99

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Date UQ / IDS / BL URL IP
2022-11-29 22:17:28 +0000
0 - 0 - 7 diadomesimperdivel.com/589458/422210y/product (...) 51.107.1.245
2022-11-29 22:16:27 +0000
0 - 0 - 3 www.meta-violationcontact.com/825661/404.php 52.149.125.177
2022-11-29 22:16:06 +0000
0 - 0 - 38 pvc.acessosupervisionado.com/ 20.164.207.158
2022-11-29 22:15:27 +0000
0 - 0 - 7 megablackfimdeano.com/589458/789520l/product. (...) 20.226.19.4
2022-11-29 22:08:27 +0000
0 - 0 - 2 www.attemplate.com/jpn/c1e5a355-9690-47b4-8d1 (...) 13.107.238.53

Last 2 reports on domain: tourbygoldenvip.com

Date UQ / IDS / BL URL IP
2022-09-26 09:13:20 +0000
0 - 0 - 23 join.tourbygoldenvip.com/ 20.189.78.99
2022-09-26 09:07:39 +0000
0 - 0 - 23 new.tourbygoldenvip.com/ 20.189.78.99

Last 1 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-15 10:50:20 +0000
0 - 0 - 26 pubgtournamentchampionship.com/ 20.189.78.99


JavaScript

Executed Scripts (8)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (62)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 08:15:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9LBez-9xu5HTztOWxqFfZ8ycgXok8OZHf7wy5Rp2Z2YJlkwM8viIKg==
Age: 3471


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9186
Expires: Mon, 26 Sep 2022 11:46:15 GMT
Date: Mon, 26 Sep 2022 09:13:09 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jh4gDCak0bdjan8-0h1Wm_u8ffG4Cx61j-u0WwEXX6dJh-mUd05q5w==
age: 16674
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 26 Sep 2022 09:13:09 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 26 Sep 2022 09:10:47 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Mon, 26 Sep 2022 09:19:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1tAkzHTsBSz0ivXVPfvbRWJTD6VXSuG2SYvO_o0AWAykQ2EThT_z7Q==
Age: 143


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Mon, 26 Sep 2022 09:13:09 GMT
content-length: 6252
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-14d38"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1525200
expires: Sat, 16 Sep 2023 09:13:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnaRTkvCKUDVe38lwnfVAtQdh5F6eTO%2BXUryc3Fkqt%2BWLCdsPeZO6OafhMjoYgIl01ACw0x3LdQUhk%2F9JjeJEaD%2BiDjjW5w%2FM%2FX69SWv9xx4XCunzeuMtHH53gyALV%2FM8hVNF8y7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 750ae1cc6a3fb4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   6252
Md5:    99918fca57628309f8f9d98576272cec
Sha1:   ab194d60583b16df155932a9f2d638298b356ed2
Sha256: 5d70e984ef355ffb6e1a01510a79aad3f24536bb3809498b815ea834701b473e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5265
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 09:13:09 GMT
Last-Modified: Mon, 26 Sep 2022 07:45:24 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4162
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 09:13:09 GMT
Last-Modified: Mon, 26 Sep 2022 08:03:47 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 09:13:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 09:13:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 09:13:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 14:39:25 GMT
expires: Fri, 22 Sep 2023 14:39:25 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 326024
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32180)
Size:   29707
Md5:    f16500423cc2867eff8b773df637c48f
Sha1:   1cd32d75b59a89c3a70274e383151a61ce0594f4
Sha256: 6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7
                                        
                                            GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 09:02:32 GMT
expires: Fri, 22 Sep 2023 09:02:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 346237
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32061)
Size:   29671
Md5:    b90b3d2618cce9d766152cd3092b5c27
Sha1:   496339457cd00caab8118e2e1f30ea18dc05b9f4
Sha256: b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41
                                        
                                            GET /css/style.css HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Sun, 19 Jul 2020 04:50:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 805
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   805
Md5:    07215dbcc46d5d7779093060d0c03f91
Sha1:   fd673e44de6c72d875f21d98c803c50133d3afd7
Sha256: 04b7f74116607749f513c38b5d50fe52cc763b2bf65c98ef3f1aff6d5747fa97

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /css/facebook.css HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Tue, 10 Mar 2020 04:08:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 683
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   683
Md5:    e229b2c6886d95ba933dbef6002d17c0
Sha1:   b938f58bfa1506793ab5d01c7dc6795c8f652190
Sha256: c52f52a23cd8c7e104de6676cf38ce40e92dfbf7b20c9e8755d3ed2e1f1ce8a4

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5266
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 09:13:10 GMT
Last-Modified: Mon, 26 Sep 2022 07:45:24 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /css/twitter.css HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Tue, 10 Mar 2020 04:08:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 473
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   473
Md5:    a0f87eb68a85b44d85fc1ae23d59a29a
Sha1:   01bb247230598a3254b9a4b1dc596f94c8f80e32
Sha256: 1021e6a1c309deaefbb829c3be4c2ec8d1ef11ff62a73237717b5dc6473c137c

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /css/google.css HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Tue, 07 Jul 2020 10:39:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 882
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   882
Md5:    017680b61c75b979519369a765ff9503
Sha1:   14efea189aa8d33236f5a4bf659f47e54cca9712
Sha256: 8010a6abcbeddec073384e1ef0d87977b7957213bc22c12fa9dec554c6e949a7

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 09:13:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 09:13:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /id/event/royalepass10/images/icon_logo.jpg HTTP/1.1 
Host: www.pubgmobile.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.36.76.227
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 75149
last-modified: Wed, 15 Sep 2021 06:46:59 GMT
etag: "614196e3-1258d"
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=300
expires: Mon, 26 Sep 2022 09:18:10 GMT
date: Mon, 26 Sep 2022 09:13:10 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3\012- data
Size:   75149
Md5:    92c19dc5bd77186e5bb8ed35ce668979
Sha1:   646bf70d1c669c7d7388f95a0a33755e4721289c
Sha256: 0d9cf7eb8fb12be77685134e63f7dae9a95fbf9306ae0529bd0347582d18a8ef
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 03T8TSDpCWlSZUou2Atp5A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.163.147.190
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lgBc7bShUaNJ9MftJIQooUt8nuQ=

                                        
                                            GET /img/login/facebook_icon.png HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Sat, 27 Jun 2020 06:10:50 GMT
accept-ranges: bytes
content-length: 79439
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1600 x 1600, 8-bit/color RGBA, non-interlaced\012- data
Size:   79439
Md5:    84669eb4301059aa602096c83a13e15f
Sha1:   b8bdde81e76105c7fce0a4a95918074d869c3f75
Sha256: 4c5e70219e34e87735a3b1b930dd0ae8e344bef36b1732780d8a2ac0571c0be7

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /img/login/twitter_icon.png HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Sat, 27 Jun 2020 06:10:50 GMT
accept-ranges: bytes
content-length: 8862
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size:   8862
Md5:    4607476796cc93ca75cfeccf2661fd1a
Sha1:   632414eb759476693c20599e8b4f0851d8a54251
Sha256: fb71fa5156501b3ca8ff3c88e4501917c651ac60eaaf58c22c2bed6e933d82c5

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /js/popup.js HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Sun, 19 Jul 2020 04:54:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 95
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   95
Md5:    1c3b0b368d6ec29f49ad8693689fdecc
Sha1:   db29baca0c328522ca2719a23a22bb7ea82e891e
Sha256: 3fc9ac2701d56205bf187d5324d766999eda94881fa312a475e08c10dad5ff46

Alerts:
  Blocklists:
    - openphish: Tencent
    - fortinet: Phishing
                                        
                                            GET /js/content.js HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Tue, 07 Jul 2020 10:39:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 568
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (356)
Size:   568
Md5:    9d775aaa3f9e99d6d716e47fbbf6c1c3
Sha1:   f175e8db5ae00e726c403d8d9d080f74fc0675b6
Sha256: a099b4d1adf273cbb424d8803ab81a35233e904e74fb3859d130e4ca06102617

Alerts:
  Blocklists:
    - openphish: Tencent
    - fortinet: Phishing
                                        
                                            GET /js/counter.js HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Tue, 07 Jul 2020 10:39:52 GMT
accept-ranges: bytes
content-length: 177
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   177
Md5:    0472b5159c431764159ec28362d2621d
Sha1:   2cb9b2e30cadeb76fbed9ff6f8611b6f90d6b7bc
Sha256: b718921ce7a84d65aeda5be80f48f4d8aa42e8cc8b128915ce7438adafac3335

Alerts:
  Blocklists:
    - openphish: Tencent
    - fortinet: Phishing
                                        
                                            GET /js/google.js HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 404 Not Found
content-type: text/html
                                        
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 1238
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   1238
Md5:    0bde7d4b3da67537eaf9188e6f8049cf
Sha1:   64300fc482d01d38b40ab20e15960b6509665e5a
Sha256: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Alerts:
  Blocklists:
    - openphish: Tencent
    - fortinet: Phishing
                                        
                                            GET /js/buktup.js HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Tue, 07 Jul 2020 10:39:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 176
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   176
Md5:    64f3612d625206028f7c27ea6403665b
Sha1:   872d11f32648eb2589ddf743c3a77e2f6275169e
Sha256: 004a4fcf2a74453e7cfa3e66430edf4d7ea8effedc2cb6b49a8e849e12c80fb7

Alerts:
  Blocklists:
    - openphish: Tencent
    - fortinet: Phishing
                                        
                                            GET /img/login/facebook_text.png HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:10 GMT
last-modified: Sat, 27 Jun 2020 06:10:50 GMT
accept-ranges: bytes
content-length: 28789
date: Mon, 26 Sep 2022 09:13:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced\012- data
Size:   28789
Md5:    74190b93fc4f5d88f0c8e6411ba20bd8
Sha1:   89ce2ecb660a90b8e6ed1b335443d7767c59f28a
Sha256: 092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /img/login/twitter_text.png HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:10 GMT
last-modified: Sat, 27 Jun 2020 06:10:50 GMT
accept-ranges: bytes
content-length: 4298
date: Mon, 26 Sep 2022 09:13:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size:   4298
Md5:    fef946b8bba756359e2a1e87ccd915ea
Sha1:   acc364946077b0e32b2343474ce4066ad3ee524c
Sha256: 1be5d05ce6faad469f7f9c5a5879f2d9f8d267b60eb394e92c19217268bcea8f

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /img/login/google_text.png HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:10 GMT
last-modified: Tue, 07 Jul 2020 10:39:52 GMT
accept-ranges: bytes
content-length: 3934
date: Mon, 26 Sep 2022 09:13:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 180 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size:   3934
Md5:    c198051c3b22e6fa2e26712e855da980
Sha1:   6cac1226aff75d94809534c373f43a28253879da
Sha256: a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /img/login/google_icon.png HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Tue, 07 Jul 2020 10:39:52 GMT
accept-ranges: bytes
content-length: 178034
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2400 x 2404, 8-bit/color RGBA, non-interlaced\012- data
Size:   178034
Md5:    5449b457bf8afbf05607d77b7a4e60c8
Sha1:   92024d9bed8317d2f0c6e3663d8d10590cceab7c
Sha256: 4aa8aea0dd718063826bf70c190e4abe7732a4b4cbdbd74ba8e779898f9df813

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            GET /img/bc2.jpg HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: image/jpeg
                                        
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 09:13:09 GMT
last-modified: Wed, 13 Apr 2022 04:59:03 GMT
accept-ranges: bytes
content-length: 342202
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=690, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x624, components 3\012- data
Size:   342202
Md5:    2c8ab294de1392aa4acef4740b6bfc3e
Sha1:   61db9ee423b54feab1cd0153b438ca9b9ead7389
Sha256: 211baeded2de5e55939acf2866712db83f5acb78103a6e80f7e94bd002d75c6c

Alerts:
  Blocklists:
    - openphish: Tencent
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12539
Expires: Mon, 26 Sep 2022 12:42:10 GMT
Date: Mon, 26 Sep 2022 09:13:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12539
Expires: Mon, 26 Sep 2022 12:42:10 GMT
Date: Mon, 26 Sep 2022 09:13:11 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8703b7f0-bb10-4a43-a50f-a8a5c8857499.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10045
x-amzn-requestid: a01e6cef-fe8f-498c-aa68-2603a66b1121
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvwHPwoAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-1a4405e54c54eccb4f0846a2;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dBJjUHYsSR4YA1SMcbZJ_iNdvPOhtXlltVN3f36IduFe2h2zsMT_Yw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 40995
etag: "c529507a70247c7e03c849c3ff45f93eada6f0c4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10045
Md5:    38f828e3aa86057cc3b686ca9d4accc5
Sha1:   c529507a70247c7e03c849c3ff45f93eada6f0c4
Sha256: 76016d51352ff6a8372b92206119d88747600874ecee5315573ca4e539e03c6f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:19 GMT
age: 41752
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2719e8b8-4e41-4309-8ca2-8780fbed9e48.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 15624
x-amzn-requestid: 966db920-27f5-496f-8aea-4e0628e6dc7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhF3xIAMFzaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-1f62801d573715e14518564c;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: LH8Nx22zSbIDy8OoiC6xx7Mxfz6je1pmA2u9tqsLTtCiAyvjyVnq0g==
via: 1.1 e124ba8d7ba1d81e2fdc59ac89f11b70.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:07:18 GMT
age: 39953
etag: "5df91bc07da358644dc16e12f509ee364ec17bcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   15624
Md5:    1823d1bb11ceec44419af17b32275cb5
Sha1:   5df91bc07da358644dc16e12f509ee364ec17bcb
Sha256: f7aa5f13f0d469d4ffe569b2c21cb599a9c70c490caa31e0e83c36fe2dd49a8b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20fede81-e065-476d-b8c9-466c4d80f419.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7998
x-amzn-requestid: beedf4d8-29c0-43c6-92d0-40af6b9ee9f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTibE5LoAMFXLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cc75-1be97f2a525b9a5e3146d4be;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:47:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: i8BwIohBNqfEavPXBqSWshg7G-WF9UkBBScnDcyH4qEYV9TzreLXWA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:05:32 GMT
etag: "5c4ee294c98e8fc9312a7d481b6ec165494cf852"
age: 40059
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7998
Md5:    27d324b1fb661c318aced98468501b3c
Sha1:   5c4ee294c98e8fc9312a7d481b6ec165494cf852
Sha256: 937296b5da48df0495ebd0cb3509b7c00059725c00c5b97f475ba2382a0e5437
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pt7rJi8EIQFBk0gHQZ1WnjvThPba86XZCGFs83l1ZW2dj-_6bZprAA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 40995
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5980
Md5:    ef17205adb2b478d3bff54b048208d22
Sha1:   12aac1bd22e675f09a220de08b4656e801c2e647
Sha256: 620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6443
x-amzn-requestid: b6f3be01-6086-4fc1-8bec-c4caa1fe806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSKMG04IAMFRxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330ca41-5452d1805d3f4d71303142c9;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tx-lL61dT3iakJd8VZw31hzMklubUDBQxE6LBhxsJUqyMM0bqCk73g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:07:18 GMT
age: 39953
etag: "36310320605833289e78cd248c45915363a0a0c3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6443
Md5:    3a75be68e82e6a0ba74932fbe74c7b30
Sha1:   36310320605833289e78cd248c45915363a0a0c3
Sha256: 56d709b77802037254b7922e3f85d1b1652b70dfc4b6c65b03e4149d3b1f22ca
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 09:13:11 GMT
Server: ECS (amb/6BB4)
Content-Length: 471

                                        
                                            GET /products/pubgm/skin-2020/dist/main/main.js HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:10 GMT
Content-Length: 328449
Connection: keep-alive
Last-Modified: Thu, 04 Jun 2020 07:38:55 GMT
ETag: "5ed8a50f-50301"
Expires: Sat, 25 Mar 2023 09:00:55 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (35795)
Size:   328449
Md5:    cde9018151590a466f186634777a17e8
Sha1:   cce7ca6b0b8b0b7abad693a64f23b8184a2b05ec
Sha256: 498f589cd376a4801a684b81f38229386b8b2f849ab48ee6f644cc19513eacfd
                                        
                                            GET /products/pubgm/skin-2020/dist/main/main.css HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:10 GMT
Content-Length: 835049
Connection: keep-alive
Last-Modified: Thu, 04 Jun 2020 10:59:52 GMT
ETag: "5ed8d428-cbde9"
Expires: Sat, 25 Mar 2023 09:00:47 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (65411)
Size:   835049
Md5:    d100f85cb486fe28a915d9bf10e39070
Sha1:   057c20c59edab893ee8ccd1850a159a0aebd0afb
Sha256: f9e873ed49fe5fafdd56758d55af1a1ab8321c44e5e2f50f17a981af4af45e2a
                                        
                                            GET /css2?family=Roboto+Condensed&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Sep 2022 09:13:09 GMT
date: Mon, 26 Sep 2022 09:13:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1019
Md5:    5a0e247e4398f3d60318b34f5533e352
Sha1:   f20b9fd06c5d031d6fa26e99de49d77cb5d7d6c4
Sha256: 88285c02fbb72d24e35d234413747aba87494633f249357f83e3b67db572e71d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 09:13:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://join.tourbygoldenvip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 16:04:44 GMT
expires: Sat, 23 Sep 2023 16:04:44 GMT
cache-control: public, max-age=31536000
age: 234510
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Size:   15700
Md5:    3d7f7413fca69bff4d231ebdc50aaab0
Sha1:   cb18e7943b6a8a0e3672d7242197c19a226b92e8
Sha256: 6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
                                        
                                            GET /s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://join.tourbygoldenvip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 22:59:06 GMT
expires: Wed, 20 Sep 2023 22:59:06 GMT
cache-control: public, max-age=31536000
age: 468848
last-modified: Tue, 19 Apr 2022 18:53:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15528, version 1.0\012- data
Size:   15528
Md5:    595fe3fc0b85f3cc9ef5aed2d519abc5
Sha1:   96e76de44987e9dec2f97f1e5eb7a18c738daf5d
Sha256: 747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 09:13:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /products/pubgm/skin-2020/dist/main/images/icons/Logo-mb-game.png HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:12 GMT
Content-Length: 1216
Connection: keep-alive
Last-Modified: Wed, 12 Feb 2020 11:15:32 GMT
ETag: "5e43de54-4c0"
Expires: Sat, 25 Mar 2023 09:13:13 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: MISS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 46 x 35, 8-bit colormap, non-interlaced\012- data
Size:   1216
Md5:    aa360933ad6c431bf8be7852e6ed700c
Sha1:   082804878018b08b5d00ef59cfa8ac6a19863656
Sha256: 0f8a4bbb3fb310a4941582a4fb2dda936058389500b1ecee69459e2477b968c3
                                        
                                            GET /products/pubgm/skin-2020/dist/main/images/bg/bg-nav.png HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.zing.vn/products/pubgm/skin-2020/dist/main/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:12 GMT
Content-Length: 3478
Connection: keep-alive
Last-Modified: Tue, 04 Feb 2020 09:19:21 GMT
ETag: "5e393719-d96"
Expires: Sat, 25 Mar 2023 09:13:13 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: MISS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  gzip compressed data, max compression\012- data
Size:   4221
Md5:    11c7f09d8a38456ae79b26156d05ca20
Sha1:   9a7c56193e6079f521ce67cbacc1e3eb72920e38
Sha256: bae1927c989b5a8282feb6c349a0bcd7131e3d3d1df4df20b661e36086977b22

Alerts:
  File Analyzers:
    - virustotal: 0/0
                                        
                                            GET /products/pubgm/skin-2020/dist/main/images/bg/bg-bottom-banner-home.png HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.zing.vn/products/pubgm/skin-2020/dist/main/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:12 GMT
Content-Length: 3532
Connection: keep-alive
Last-Modified: Thu, 13 Feb 2020 05:02:49 GMT
ETag: "5e44d879-dcc"
Expires: Sat, 25 Mar 2023 09:13:13 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: MISS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 1988 x 100, 8-bit colormap, non-interlaced\012- data
Size:   3532
Md5:    ca63bcd9c7cab394e3d69580f7064f01
Sha1:   7d17fbaee1bf8d703339c5b8ac7f1f1841f65af3
Sha256: 169b6989c2800b5e81484935edf18b73e67f02adf21aec680832884bbce5d653
                                        
                                            GET /products/pubgm/skin-2020/dist/main/images/_sprites-f1.png HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.zing.vn/products/pubgm/skin-2020/dist/main/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:13 GMT
Content-Length: 7184
Connection: keep-alive
Last-Modified: Wed, 12 Feb 2020 11:15:32 GMT
ETag: "5e43de54-1c10"
Expires: Sat, 25 Mar 2023 09:13:13 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: MISS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 260 x 147, 8-bit colormap, non-interlaced\012- data
Size:   7184
Md5:    3574889df99f2d2feead3928f43c78c8
Sha1:   476f1deef6a08a3f828fcd0e9afba544a2a101c9
Sha256: e3398f3317d88171f703ba78cb6164d009ea13bc0fd30f4739cc5ab8885725d2
                                        
                                            GET /products/pubgm/skin-2020/dist/main/images/_sprites-nav.png HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.zing.vn/products/pubgm/skin-2020/dist/main/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:13 GMT
Content-Length: 9731
Connection: keep-alive
Last-Modified: Wed, 12 Feb 2020 11:15:32 GMT
ETag: "5e43de54-2603"
Expires: Sat, 25 Mar 2023 09:13:14 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: MISS
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 389 x 180, 8-bit colormap, non-interlaced\012- data
Size:   9731
Md5:    8c44124105c6302835934f0bdad8cfa1
Sha1:   f1fb408bd148343bfc1b2e5f3790e7c579ae0e64
Sha256: 10aaa743106aab5b136c4e6291660dd25368a94ed25a9be4e95cfee8ea28ea3d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.trust-provider.cn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         47.246.44.205
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Tengine
Transfer-Encoding: chunked
Connection: keep-alive
date: Mon, 26 Sep 2022 09:13:15 GMT
last-modified: Mon, 26 Sep 2022 04:44:28 GMT
expires: Mon, 03 Oct 2022 04:44:27 GMT
etag: "218a62a22a983c9ea65c037a4063b9d2d945c5df"
cache-control: max-age=591580,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb5
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
accept-ranges: bytes
cf-ray: 750ae1ee4c159036-FRA
via: cache4.l2de2[319,0], cache1.se1[341,0], cache3.se1[343,0]
timing-allow-origin: *, *
eagleid: 2ff62c9716641835952055379e, 2ff62c9716641835952055379e

                                        
                                            GET /products/pubgm/icon.ico HTTP/1.1 
Host: img.zing.vn
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         113.164.15.82
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Mon, 26 Sep 2022 09:13:13 GMT
Content-Length: 4286
Connection: keep-alive
Last-Modified: Fri, 14 Feb 2020 06:41:57 GMT
ETag: "5e464135-10be"
Expires: Sat, 25 Mar 2023 09:00:46 GMT
Cache-Control: max-age=15552000
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size:   4286
Md5:    4ce88b8dea1c75323eb527a29ca08a24
Sha1:   b95297c72dd4368534f8a75ee8933af3a633ad93
Sha256: 8fdf25dae27911773057ffdb2bd187a34d9242c548cbcd7b74d84dbf9c4c3dbe
                                        
                                            GET /pmco/img/bg2.9102c7f7.png HTTP/1.1 
Host: esports.pubgmobile.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         101.33.29.221
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
date: Mon, 26 Sep 2022 09:13:16 GMT
server: Apache/2.4.6 (CentOS) PHP/7.4.0 OpenSSL/1.0.2k-fips
x-powered-by: PHP/7.4.0
vary: Accept-Encoding
x-cache-lookup: Cache Miss, Hit From Inner Cluster, Cache Miss, Hit From Inner Cluster
content-encoding: gzip
cache-control: private, no-cache
content-length: 2123
x-nws-log-uuid: 8775880739449951567
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   2123
Md5:    e881f8e66a93d0960ba6fad410094769
Sha1:   7f1bd10fd60815735fad95387ecaed0cfaf3b287
Sha256: b43a9db67408b4398f147b571163d5b272af8c46eb4dca9f1bc2be44a6ded26d
                                        
                                            GET /wp/wp2249200.jpg HTTP/1.1 
Host: wallpapercave.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.29.26
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 26 Sep 2022 09:13:16 GMT
content-length: 663350
last-modified: Sun, 23 Feb 2020 08:42:20 GMT
etag: "5e523aec-a1f36"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 750ae1f51b3eb4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2560x1600, components 3\012- data
Size:   663350
Md5:    b6fb31aa2ecd2bcb15907f8afd65ba38
Sha1:   c69b2257dc6bf18cb2ba83ce0bcdd2bf90479f8b
Sha256: 31e5245d5eb76fa579bba62cf84539d17f43dd9331c2d35d96c7994968e961da
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZRG0Axnhc5RY5rDbnnbauco9dpPeFdkP01UxkpNYI5pgSbfGKWcikw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:16:26 GMT
age: 39412
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11728
Md5:    968b9c138702fb5994d1d9eab1a697fa
Sha1:   9660bb2d38079182efbd11d7a687bfc7f9d30751
Sha256: 5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6
                                        
                                            GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 
Host: stackpath.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://join.tourbygoldenvip.com
Connection: keep-alive
Referer: https://join.tourbygoldenvip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.11.207
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Mon, 26 Sep 2022 09:13:09 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 08/20/2022 02:30:56
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 601
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 3aeccaea0bf2398b73844f976bb0445b
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 750ae1cced77b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET / HTTP/1.1 
Host: join.tourbygoldenvip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         20.189.78.99
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
content-encoding: br
vary: Accept-Encoding
date: Mon, 26 Sep 2022 09:13:09 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Tencent
    - fortinet: Phishing