r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2621
Expires: Thu, 01 Dec 2022 12:51:36 GMT
Date: Thu, 01 Dec 2022 12:07:55 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2160
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:07:55 GMT
Last-Modified: Thu, 01 Dec 2022 11:31:55 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 11:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2889
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5598
Expires: Thu, 01 Dec 2022 13:41:13 GMT
Date: Thu, 01 Dec 2022 12:07:55 GMT
Connection: keep-alive
clickwinner.icu/f037e861-96a8-4b64-9886-53f5f973a917
18.156.16.63302 0 B URL HTTP/1.1 clickwinner.icu/f037e861-96a8-4b64-9886-53f5f973a917
IP 18.156.16.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f037e861-96a8-4b64-9886-53f5f973a917 HTTP/1.1
Host: clickwinner.icu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Thu, 01 Dec 2022 12:07:55 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Pragma: no-cache
Set-Cookie: f037e861-96a8-4b64-9886-53f5f973a917-v4=wnN4p5S8YqnVEBqQ7kL3sR4-_dxVAh7kr2UgTetBRMU; Max-Age=86400; Expires=Fri, 02-Dec-2022 12:07:55 GMT; Domain=clickwinner.icu; Path=/; HttpOnly
cep-v4=aoWZgldiA59yjrZPAkZuJ-kzih_Vu7JHc3lppX3Xi_i-fy0pZ2oy6-tgPhli2NLGehMPj9GL-AfJXmD6NTRYXCGs-UCJPRpZTB73vFOedOHE1vakzAd1rldLYnh4PC_3RmGus5vmmTuodXHW5wYWnmJJnWVdpOEcSXHHzruvUjnZ-BQ7uiBe2SsbZzevqfgivu_8rU7psbo5lqxsWEQsxbC3XQeNQ2HwTf0Mwr4UzFAyXrWp10Ssfy_QrNSaU6OCQcAmkRALB1wk5VNhYCrWPiq_uJwT3eGbr7NsZb-_o4TRJAwL0V9GXiCnSujQ_gQYC4tWYpYmP8DLnwiXkAh_OvhhwknWs5nsyuQeUiw4rXA; Max-Age=86400; Expires=Fri, 02-Dec-2022 12:07:55 GMT; Domain=clickwinner.icu; Path=/; HttpOnly
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: w4FMxMYiu3BUF3zEMDoVJaSUyuWGAcwh3b2HF0CBppaXBb2fTTqKEDHnLGW/8qWf4SzffeHEETA=
x-amz-request-id: GET6XMMA5XMJWVRK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 11:45:39 GMT
age: 1336
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 12:07:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 11:08:56 GMT
cache-control: public,max-age=3600
age: 3539
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 2e55b491404e56691f1fd26086230cbf
df48449f15b9d71960b045bb853be5d9e1f05ac1
0a6cec8115fba875bcf22fbce58db7a9be904fb01204a66eedfb48a7ffb58a62
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 01 Dec 2022 12:07:55 GMT
Server: ECS (dcb/7EEF)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZLMUXREjq-4rJ3-vbZfPoYY18QDLm_pidTNb7_Kb9sv_7JVchl9_-A==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2144
Cache-Control: max-age=164077
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:07:56 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:42:33 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/loader.gif
54.230.111.125200 OK 5.1 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/loader.gif
IP 54.230.111.125:0
File type GIF image data, version 89a, 50 x 50\012- data
Hash ed786659a534e0d183c09a90c50abc9d
a6c3d90bfaa86a7cda490bc5d04c8939c31a414e
cbaeb154dcb93bff5f6e382cede5d51a11175a2295e56bb2790611910280ba97
GET /1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/loader.gif HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 5083
date: Thu, 01 Dec 2022 09:56:31 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "ed786659a534e0d183c09a90c50abc9d"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3Pp8HbNdGl7XJ6mIHBPppcF-n6HTOVxSYwFNxlcixNX8xh_Y7bcL4w==
age: 7886
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/css/app.css?id=2b8d5309d40668bd2ba4
54.230.111.125200 OK 309 B URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/css/app.css?id=2b8d5309d40668bd2ba4
IP 54.230.111.125:0
File type ASCII text, with very long lines (309), with no line terminators
Hash 2b8d5309d40668bd2ba4b65a45a635a4
32af532e13b8cbde6c4458330d0c64c9f8001654
b894064a5e464372c66d036df3a577a8d9a4e927c47f16a02c036d8625eb3ca3
Analyzer Verdict Alert fortinet Phishing
GET /1/prizewheel/iphone13/kh/css/app.css?id=2b8d5309d40668bd2ba4 HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 309
date: Thu, 01 Dec 2022 09:56:30 GMT
last-modified: Wed, 16 Nov 2022 08:56:31 GMT
etag: "2b8d5309d40668bd2ba4b65a45a635a4"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BEYE7e8QmjNPijlNC0KFTHD4305eWQCm-vzkPiwM_2eOYKRJSacEcA==
age: 7887
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/prizes/iphone-11-pro/default@0.5x.png
54.230.111.125200 OK 32 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/prizes/iphone-11-pro/default@0.5x.png
IP 54.230.111.125:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash c562f63263ffff2688791c38014b36bc
59fe19592cb3f6a2709c418026f0a1ddb12c1314
c331ce815fcd0ed99bc592c082eed6e51efd0f107d2ae967021d0273def59ae8
GET /1/prizewheel/iphone13/kh/img/prizes/iphone-11-pro/default@0.5x.png HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 32266
date: Thu, 01 Dec 2022 09:56:31 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "c562f63263ffff2688791c38014b36bc"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FVUnIW5Nobm3N64jH9W_UkO4D7QGrQsIU20651jPqlLmJXjeJ6VM4w==
age: 7886
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/notification.png
54.230.111.125200 OK 449 B URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/notification.png
IP 54.230.111.125:0
File type PNG image data, 30 x 28, 8-bit colormap, non-interlaced\012- data
Hash bd5203f2cc9e7a9125e4575e029541b0
9fa565ab2f4b55da4735b79e529562252b3c9afe
db94c8ae725f947f20e12df29e6b6c8ade5ffcd5a7dc9ffd9be0351d963f826f
GET /1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/notification.png HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 449
date: Thu, 01 Dec 2022 09:56:31 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "bd5203f2cc9e7a9125e4575e029541b0"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0qjIC01IKUO1a5z2Q0Ls-dAjemn2peBw7FHA6SyhfsJK6rq8PDo_XQ==
age: 7886
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/prizewheel_spinner.jpg
54.230.111.125200 OK 32 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/prizewheel_spinner.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1002x1002, components 3\012- data
Hash d4655cba21d806e849eed4e4119fbe1a
6453039d85005643e9d65074ca022f63b5d47cdd
90f2363aaebaf03f06fb20c6c02fb2e97497d7cd54b611281303ce7e10335ee7
GET /1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/prizewheel_spinner.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 32496
date: Thu, 01 Dec 2022 09:56:35 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "d4655cba21d806e849eed4e4119fbe1a"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XCEgEN6DarTBlRrmpbeXY49nBm-ooksiA7bCizPWkfqOs3EoubVkHw==
age: 7882
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/prizewheel_static.png
54.230.111.125200 OK 3.4 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/prizewheel_static.png
IP 54.230.111.125:0
File type PNG image data, 1002 x 1002, 4-bit colormap, non-interlaced\012- data
Hash dc484e0043b5ff6191b1880c8779863c
a5b67e3dff3dea3940eed090431aecbb36611b1d
30bc059973d84a6e1d22d16747bce062025561f2555cdd9cec012a87866abcb6
GET /1/prizewheel/iphone13/kh/img/landers/prizewheel-fb/prizewheel_static.png HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 3370
date: Thu, 01 Dec 2022 09:56:35 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "dc484e0043b5ff6191b1880c8779863c"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: T6iS1_J-tgALmmONXewGOSm75OBhdJ08hPVXXnvo39zwJCEy9d88Lw==
age: 7882
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/3@0.25x.jpg
54.230.111.125200 OK 2.8 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/3@0.25x.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash 8196857e051c12bf3fbc80c5d2706f77
6c5b5053cade51a1c872fd0fccd6425cac4654ad
e7da422e27935176f348741986684bb7579b8f27b00d5e740c0b205f35fd382a
GET /1/prizewheel/iphone13/kh/img/profiles/caucasian/female/3@0.25x.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 2833
date: Thu, 01 Dec 2022 09:56:35 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "8196857e051c12bf3fbc80c5d2706f77"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PAKpL1iaS8kj0WEp1cql6aQHrwVtwyzk33vEEol-7gAR9QI4ZSr1XQ==
age: 7882
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/male/10@0.25x.jpg
54.230.111.125200 OK 2.7 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/male/10@0.25x.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash 1112732142f99bb6c1631b89e0d3ab7d
23f5c0c1a491135b6e2e16f1f649773ac95d7bdf
fb6ecfa12b19fa686f2e8138fe5be303d5e08f270c995e2bc287c33b62faa503
GET /1/prizewheel/iphone13/kh/img/profiles/caucasian/male/10@0.25x.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 2736
date: Thu, 01 Dec 2022 09:56:35 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "1112732142f99bb6c1631b89e0d3ab7d"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qlNnztihxhFsoqeuTOMRXtwPqModhq3D9BhpTK2l5OS2c-JHGx9qlg==
age: 7882
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 62ee1baa9c05c73b03bfadfafde65ab4
3c821b4b1ebbaf13b10a36273acaa2ee5ce7cb85
03f459202542a90a186a8a002053a619d7f0d88289bbf821f26a6c29d1cadd6e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03F459202542A90A186A8A002053A619D7F0D88289BBF821F26A6C29D1CADD6E"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10407
Expires: Thu, 01 Dec 2022 15:01:23 GMT
Date: Thu, 01 Dec 2022 12:07:56 GMT
Connection: keep-alive
officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/1@0.25x.jpg
54.230.111.125200 OK 1.9 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/1@0.25x.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash fbd823b4b286d9441a68da275eeaf828
ed13e98d4b2615e7b00eb9c432c25d46c70389d6
3da1e9cfb273447e5e799ead9e3c1be32c4d95a1aef51982a3dfcaf76ab75afb
GET /1/prizewheel/iphone13/kh/img/profiles/caucasian/female/1@0.25x.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 1924
date: Thu, 01 Dec 2022 09:56:36 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "fbd823b4b286d9441a68da275eeaf828"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rCVGKdehKA0E8rJiFtGKOO7dY5adfqjJh8Pj-VSbaHKc_PPTY4OJMw==
age: 7881
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/male/3@0.25x.jpg
54.230.111.125200 OK 2.8 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/male/3@0.25x.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash 54fbc106f1b9db6ac824a4650d60f3bb
100e44c2fe78adb90e6f949045a50149bb7f3774
559cdadc5c3fcdf6e028d343c420ce52983ae44b1ae217c8c60f1067a081104c
GET /1/prizewheel/iphone13/kh/img/profiles/caucasian/male/3@0.25x.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 2844
date: Thu, 01 Dec 2022 09:56:35 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "54fbc106f1b9db6ac824a4650d60f3bb"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vwXMrP8wsz0NuaTH5QiGSsmByq-8ggdauAbU1KUZpcsmMwRXdLYMvQ==
age: 7882
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/6@0.25x.jpg
54.230.111.125200 OK 2.5 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/6@0.25x.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash 16b747e82cf312a2ced55303d0498d39
5e6d8443cb51b6ef2f1b8418e210c1cb4cb3272d
9689a7da01f10d4f058803fdfa77b6e874073e0eb3e7007c9c551d6a85b2e10e
GET /1/prizewheel/iphone13/kh/img/profiles/caucasian/female/6@0.25x.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 2496
date: Thu, 01 Dec 2022 09:56:35 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "16b747e82cf312a2ced55303d0498d39"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mUYIlogTEIPHvXN0kR08M66OF4m0DjZLZZemxjqv3NasM7XzbxLN6A==
age: 7882
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
54.230.111.125200 OK 6.5 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
IP 54.230.111.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1613)
Hash eb1b9b54d3e4ddbe004df7dff72b34c6
7344efffb656ce71e0913490ce367469e8dc9b77
9f6ef927a7aafcb5dc316dbffdfaa2d27958fdc1da8144708a1ba0dc431d589b
GET /1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542 HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
date: Thu, 01 Dec 2022 09:56:28 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: W/"74c6336eff16ef04b8c5a30c8b12b7b2"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6KBQSGIi3w82sjd0fVBG5XkRZ70RTdWFK1osKF9FqKKaVDW9OhPmfQ==
age: 7888
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/5@0.25x.jpg
54.230.111.125200 OK 2.6 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/female/5@0.25x.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash 5e930fa2efb8142b942712a603c0d112
82a6ab6fd202a0e973b4e83861cb9889294289cd
b15d6a868ff22d57beec85074fbac2b0bf4d94aba82586f91e28f1843bec2482
GET /1/prizewheel/iphone13/kh/img/profiles/caucasian/female/5@0.25x.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 2607
date: Thu, 01 Dec 2022 09:56:36 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "5e930fa2efb8142b942712a603c0d112"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jbyn6juh1j0wsK5lnp-Zlq82Z3heT1W380oprCMN-BjGSwgkvDgygQ==
age: 7881
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/prizes/iphone-11-pro/proof.jpg
54.230.111.125200 OK 23 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/prizes/iphone-11-pro/proof.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 339x450, components 3\012- data
Hash 029d38095e06ced0688fd67a58e70781
b5bdaddeb39b947c35f883f001f34dd163bcb362
5e41534f027f676ce89db3b87319ffbdc1a1e7515e379f80f476e0989fa4bcc1
GET /1/prizewheel/iphone13/kh/img/prizes/iphone-11-pro/proof.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 23152
date: Thu, 01 Dec 2022 09:56:36 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "029d38095e06ced0688fd67a58e70781"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: huQ4J7j90KXyNfu0SWyabqd2VZEefZch2QnaD0R53jJVtv-ACHc_Ug==
age: 7881
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.163.62.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.62.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IfBPMHdTJW4lJr7GILVvTw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QolADnaCOgh+TRLHl1Q0HzME3PE=
officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/male/2@0.25x.jpg
54.230.111.125200 OK 2.4 kB URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/profiles/caucasian/male/2@0.25x.jpg
IP 54.230.111.125:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash bfc6eca6ea03a0dae038e42188616d92
d8b88015604798d901a5929a2331e7f581baecfe
ac8b3a49e5e511cb0d40f376c87216e5116ec0f85a6de30e157e0fdf45fe7acd
GET /1/prizewheel/iphone13/kh/img/profiles/caucasian/male/2@0.25x.jpg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 2359
date: Thu, 01 Dec 2022 09:56:36 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: "bfc6eca6ea03a0dae038e42188616d92"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: b7r1E0jwvbay__fxCyG99MFMqMKPJDl9rsQ3D1gVdx_JNcPZRm57JA==
age: 7881
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5048
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:07:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5048
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:07:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5048
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:07:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5048
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:07:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5048
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:07:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: 2711a135-b390-43ef-9e95-92438058bc27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz81FIpIAMFs9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-742f7f293df074340ab6a217;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ygs-Qd7UU_k4t4_breZTyqkHqGjJzlH1UMa9ncww5_IGpJ1n781jfg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:51:55 GMT
age: 51362
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 61791
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
desekansr.com/pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js
139.45.197.250200 OK 19 kB URL HTTP/2 desekansr.com/pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js
IP 139.45.197.250:0
Hash b68b1ef7f085c696ec2b5a26ea40bc1a
bf0f15e222743e76677340bb69ff7e39a9ea32d5
5df7dd95aef06106db6f509f917609368fb143031566a01be4df36af1cf2e028
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js HTTP/1.1
Host: desekansr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 12:07:56 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 10:08:09 GMT
etag: W/"63887d09-997e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 51627
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 51357
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:57 GMT
age: 51300
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
desekansr.com/zone?&pub=0&zone_id=5378963&is_mobile=false&domain=officialwinner.xyz&var=&ymid=&var_3=&dsig=&action=prerequest
139.45.197.250200 OK 0 B URL HTTP/2 desekansr.com/zone?&pub=0&zone_id=5378963&is_mobile=false&domain=officialwinner.xyz&var=&ymid=&var_3=&dsig=&action=prerequest
IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=5378963&is_mobile=false&domain=officialwinner.xyz&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: desekansr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://officialwinner.xyz
Connection: keep-alive
Referer: https://officialwinner.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 12:08:04 GMT
content-length: 0
x-trace-id: 9de07ffee2e4f03775c03251bffd7b0b
access-control-allow-origin: https://officialwinner.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/js/app.js?id=2a3c65bfaa7fc3a94345
54.230.111.125200 OK 0 B URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/js/app.js?id=2a3c65bfaa7fc3a94345
IP 54.230.111.125:0
GET /1/prizewheel/iphone13/kh/js/app.js?id=2a3c65bfaa7fc3a94345 HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 01 Dec 2022 09:56:31 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: W/"2a3c65bfaa7fc3a94345a45aae5df385"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: koHbuyfX_Df0I-rnxkuZwE2zDBATiByQuGd3yILwl7-Y8hKwm2FezA==
age: 7886
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/img/fb-like.svg
54.230.111.125200 OK 0 B URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/img/fb-like.svg
IP 54.230.111.125:0
Analyzer Verdict Alert fortinet Phishing
GET /1/prizewheel/iphone13/kh/img/fb-like.svg HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
date: Thu, 01 Dec 2022 09:56:36 GMT
last-modified: Wed, 16 Nov 2022 08:56:31 GMT
etag: W/"765203989756e91925e8f947e660b644"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I-cFphosI3C30QM7n6gwR2lyNpZKxMlveVmJta7EEdMp6NFAMziMmQ==
age: 7881
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/css/landers/prizewheel-fb/app.css?id=196711fad784cce6b4c3
54.230.111.125200 OK 0 B URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/css/landers/prizewheel-fb/app.css?id=196711fad784cce6b4c3
IP 54.230.111.125:0
GET /1/prizewheel/iphone13/kh/css/landers/prizewheel-fb/app.css?id=196711fad784cce6b4c3 HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Thu, 01 Dec 2022 09:56:30 GMT
last-modified: Wed, 16 Nov 2022 08:56:31 GMT
etag: W/"196711fad784cce6b4c374dbb364f4f2"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RFFDs6xU-PD74otRQl2974NNRXgjQT1m9XZGM1nNeP6f5H0OUQdIUA==
age: 7887
X-Firefox-Spdy: h2
officialwinner.xyz/1/prizewheel/iphone13/kh/js/landers/prizewheel-fb/app.js?id=b607cc369ae717213291
54.230.111.125200 OK 0 B URL HTTP/2 officialwinner.xyz/1/prizewheel/iphone13/kh/js/landers/prizewheel-fb/app.js?id=b607cc369ae717213291
IP 54.230.111.125:0
Analyzer Verdict Alert fortinet Phishing
GET /1/prizewheel/iphone13/kh/js/landers/prizewheel-fb/app.js?id=b607cc369ae717213291 HTTP/1.1
Host: officialwinner.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/kh/index.html?brand=Desktop&domain=clickwinner.icu&cep=aXfiIBykjYS6Wy39w9h4HGIS1fE5xYzPtSoSruPEQlOCppybFdNg87tZbVZRuYDz3Mj8NzCCztXW9mA4QJVo_iEY98sovJKu5jN8kg_2ERQ-1huG0MFF4qkw6beCVffy0D1txLFvbIiXYUxsjkJumwBO_WMXtT3PZOEUjxUO2bPsISixSpJyIFdroGdgYrPlRs-NYpLz7P4HCB0VRVPbKwSNaczoYP1sMXduvjdP4c82DMjl6NtDKqzE2GtSgeS0Ql6OPIOqA3g9tNl9OKBWw6MYtNRUxZ0cDQWerfQBB2onE7PshNSJHAjHFzanW9pJuyqy3rvIktuWVM_8Opudun-_rgFAryit-t0WB54HilY&lptoken=16f169fd89e682ab7542
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 01 Dec 2022 09:56:31 GMT
last-modified: Wed, 16 Nov 2022 08:56:32 GMT
etag: W/"dc1f57369e9a5ad5a97d6707e2464ad8"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SkiTMUtR5hyLhGJwWio1AYR1eSSs-v5UWqKFOHDVmlDBk87zxWDp7Q==
age: 7886
X-Firefox-Spdy: h2