r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3967
Expires: Fri, 27 Jan 2023 03:35:15 GMT
Date: Fri, 27 Jan 2023 02:29:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4911
Expires: Fri, 27 Jan 2023 03:50:59 GMT
Date: Fri, 27 Jan 2023 02:29:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 01:42:58 GMT
content-type: application/json
age: 2770
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6284
Expires: Fri, 27 Jan 2023 04:13:52 GMT
Date: Fri, 27 Jan 2023 02:29:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: r0Nc0nAOizY//HVzqMPY6suHr7NGTJbjpkTrnpc2IomFU3mCl+sMSt8Bo4VN0iE8cupxUlicdig=
x-amz-request-id: VZK3S4JFT394P9WV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 02:20:21 GMT
age: 527
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 02:29:08 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 01:41:40 GMT
age: 2848
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
rezadero.tk/
172.93.123.102200 OK 1.7 kB IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1665), with no line terminators
Hash d3396e9cda14c7af79fa4a839c1dc6dd
73849a6b3159a691419cb83dbce0f7e49611f24d
f9d7b0852b753e70ed281d1580fbe67aeb371d71ca0119656e5002191c13e206
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET / HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:08 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 1673
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2971
Expires: Fri, 27 Jan 2023 03:18:40 GMT
Date: Fri, 27 Jan 2023 02:29:09 GMT
Connection: keep-alive
rezadero.tk/css/app.a96e9499.css
172.93.123.102200 OK 23 kB URL HTTP/1.1 rezadero.tk/css/app.a96e9499.css
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Unicode text, UTF-8 text, with very long lines (22980), with no line terminators
Hash a934d373618561e550c1c702e08eaf58
9501671c5df7211a7d4a5cc12bb7b83bce3cd69f
0074214fbd8e0358f8228516aa8c19b1c30423ac1d0065c7d07b299b2fa54e21
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /css/app.a96e9499.css HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:09 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 22988
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
rezadero.tk/js/app.a2349ce5.js
172.93.123.102200 OK 16 kB URL HTTP/1.1 rezadero.tk/js/app.a2349ce5.js
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Unicode text, UTF-8 text, with very long lines (16132)
Hash 6a52699e17e5036774bb465404be78ed
49dbe7eea1645e22b24f671e00e5a1db1d682ecf
0f18b116d1d21bdfdcf9436d41ebaa83f15444a532b4ec2f9cb706613c4dd6b4
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /js/app.a2349ce5.js HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:09 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 16181
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
52.39.49.137101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.49.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8Enb2LpcW9a8XSZoAA+NCA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jJwf114IzF+JmS1BiHhD44xIIJk=
rezadero.tk/fonts/OpenSans-Regular.55835483.woff2
172.93.123.102200 OK 47 kB URL HTTP/1.1 rezadero.tk/fonts/OpenSans-Regular.55835483.woff2
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Web Open Font Format (Version 2), TrueType, length 47016, version 1.6554\012- data
Hash 55835483c304eaa8477fea2c36abba17
9b18ae04f11fc74d27f281737b23b45a4bad5937
4c1c2e95835201077586a3698cd47806dd18df10d32a1e6cb6aa9e47224a55e3
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /fonts/OpenSans-Regular.55835483.woff2 HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rezadero.tk/css/app.a96e9499.css
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:10 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 47016
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2
rezadero.tk/js/chunk-vendors.4819e3ac.js
172.93.123.102200 OK 606 kB URL HTTP/1.1 rezadero.tk/js/chunk-vendors.4819e3ac.js
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Unicode text, UTF-8 text, with very long lines (41631)
Size 606 kB (605497 bytes)
Hash 823ca9eafb2b8d9cbd120abc413a95ad
30173c4f2a290e1c1cc4d045cf4d1d9ef26d9598
4d28fae18a632eadeac17dfe13a4e541ecba49ce4d4e3516917def8af821d943
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /js/chunk-vendors.4819e3ac.js HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:09 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 605497
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12434
Expires: Fri, 27 Jan 2023 05:56:24 GMT
Date: Fri, 27 Jan 2023 02:29:10 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bcb79affeb160fb0be74c0bd630d4ecf
d6b4b7f6c234b3ee6170769baf1d8d0c9017cee4
f05e61766c803bc148a274a1b0ca5b97478177c5e5a2baf9266331d96ee37429
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6562
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:29:10 GMT
Etag: "63d24c78-117"
Last-Modified: Fri, 27 Jan 2023 00:39:48 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12434
Expires: Fri, 27 Jan 2023 05:56:24 GMT
Date: Fri, 27 Jan 2023 02:29:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:59:56 GMT
age: 16154
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zH3wYMLXCFCcoop-xy3r_wXiY2g684Ei-o6BVntyzqjNeX1UuvQsxA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:25:48 GMT
age: 79402
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b8fa26c-af88-46ea-a5c6-1122db65d6d4.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b8fa26c-af88-46ea-a5c6-1122db65d6d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3605538118d3aaef721a03d482b0f9a
2e2e770d552a05a0f24f4bbb1110266440b2bf76
1011d275125968599a8dd082810deca07e82770efad760b3f1ebf7f74ebab78e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b8fa26c-af88-46ea-a5c6-1122db65d6d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9063
x-amzn-requestid: 8eb82d16-63f8-4e6e-b9fe-1795c7703c03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2EbSoAMFUwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-67a0958d7cd1f132605d93be;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fEX2-oiOwaU7l9OQzljVzFI-CQOwn4yQjUJ_fv0pmjc6C8evz1LDbQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 11:12:36 GMT
age: 54994
etag: "2e2e770d552a05a0f24f4bbb1110266440b2bf76"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e96f3ea585b5fa8ed6446ed16e2b4b2
f90c205f370a2426dffe3c21b24bfa551b385556
6967ba25887f87200fcb39a3e6f065fd27596b2ebcf0d33a2751c655d6e724f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e051c22b-c2ec-4e59-b29b-ba1464d8015b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRz28G13oAMFeeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d099c5-48b013ff34b9702a6d2fd560;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:53:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X4SfAYS0JvW4sUNqSuBERNBwaI_xgKugxZ76_fsih_LSnImMC7Pnzg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:20 GMT
age: 48890
etag: "f90c205f370a2426dffe3c21b24bfa551b385556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a3d856f57bcfd0bb18253cd77dd6541b
9d9680fb1a9232bb2b42b824dc11633666bfa31a
f2a03384e72a4d3350ee6addc49d6a507837eb195647016ea001e846eaccb0e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6055
x-amzn-requestid: dd44b3ab-6248-419a-995a-f3aaf59dae77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLRhMFPYIAMF91g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfc6d-4df410b022dbbb55297e6ac7;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:18:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b0NnMvzF8QzmCB6erAH6gTky4A2vBwI6huYmgX8hLTatYq_NHhQl1A==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 15:23:32 GMT
age: 39938
etag: "9d9680fb1a9232bb2b42b824dc11633666bfa31a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:26:22 GMT
age: 50568
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bcb79affeb160fb0be74c0bd630d4ecf
d6b4b7f6c234b3ee6170769baf1d8d0c9017cee4
f05e61766c803bc148a274a1b0ca5b97478177c5e5a2baf9266331d96ee37429
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6563
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 02:29:11 GMT
Last-Modified: Fri, 27 Jan 2023 00:39:48 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
rezadero.tk/img/icon-teaser-magnify.4b693845.svg
172.93.123.102200 OK 2.3 kB URL HTTP/1.1 rezadero.tk/img/icon-teaser-magnify.4b693845.svg
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1005)
Hash 4b6938455aa3d71d0405b5a67e1d5e38
15cb34d30745ded06adf89abc9e402197fa9eb69
95b6af6df04ea28daee05d78c1de48f9b386294a6a87503b9eae94d3e8ceff70
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /img/icon-teaser-magnify.4b693845.svg HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 2271
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
rezadero.tk/img/arrow-right.c3b16664.svg
172.93.123.102200 OK 801 B URL HTTP/1.1 rezadero.tk/img/arrow-right.c3b16664.svg
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c3b166645313ca63e2910da99f97abb4
f86cfd0de09a0f4674de4451b0eae7311ffb15ea
451770ba091160eee511e9e1ad0ec7681f8d1849614081afa350c8093e9828f2
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /img/arrow-right.c3b16664.svg HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/css/app.a96e9499.css
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 801
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
rezadero.tk/img/icon-teaser-arrows.c8551e0e.svg
172.93.123.102200 OK 2.3 kB URL HTTP/1.1 rezadero.tk/img/icon-teaser-arrows.c8551e0e.svg
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1033)
Hash c8551e0ed6f820f4be47c4ad37c67330
f0970f0055896390b4e99df2e5591d3405d8c2fa
667e25b67585a8da45125ea470976ef8ae9df1b8c9413388b32fc7a45549b632
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /img/icon-teaser-arrows.c8551e0e.svg HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 2303
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
rezadero.tk/img/eye_off.50dba418.svg
172.93.123.102200 OK 748 B URL HTTP/1.1 rezadero.tk/img/eye_off.50dba418.svg
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (633)
Hash 50dba41881ff70430c6589473fc300c4
5da09e9b2247beaccf08c77e956abe59bdf7da39
c9b195475a3f38e0828aded7ea31494e35f49052b44644f9718d4946e81c8f63
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /img/eye_off.50dba418.svg HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/css/app.a96e9499.css
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 748
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
rezadero.tk/img/lock.3d56b55f.svg
172.93.123.102200 OK 1.7 kB URL HTTP/1.1 rezadero.tk/img/lock.3d56b55f.svg
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type SVG Scalable Vector Graphics image\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (301)
Hash 3d56b55f1782f3856540a9389156a995
0778949c0824d1094cdd8ad504b7d9a6fee9b130
ff5a7ccafdf5655b806f5fc619bd47fb43e9858021a5d72e742dd5f647e8ffee
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /img/lock.3d56b55f.svg HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/css/app.a96e9499.css
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 1737
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
rezadero.tk/img/logo_immowelt.12a36ea2.svg
172.93.123.102200 OK 4.2 kB URL HTTP/1.1 rezadero.tk/img/logo_immowelt.12a36ea2.svg
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1697)
Hash 12a36ea277732f464361d90291ad3224
8c23997454b2f6031ada0e694615fba678cb2410
23938eb4314413660e24c2a78dd20ae6bfeff839962ebea8ab2a19dee5ae226a
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /img/logo_immowelt.12a36ea2.svg HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 4184
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
rezadero.tk/fonts/OpenSans-Semibold.08952b02.woff2
172.93.123.102200 OK 64 kB URL HTTP/1.1 rezadero.tk/fonts/OpenSans-Semibold.08952b02.woff2
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Web Open Font Format (Version 2), TrueType, length 63728, version 1.6554\012- data
Hash 08952b029e4decbc8ef9fb553cae8cea
931f5105f0e909f90bdea2e246a1a230809a699a
df0231affb521137bf135898b6ce4c2ce59a79e3e23068a673868366c7ac68bb
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /fonts/OpenSans-Semibold.08952b02.woff2 HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rezadero.tk/css/app.a96e9499.css
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 63728
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
rezadero.tk/fonts/OpenSans-Light.39d27e13.woff2
172.93.123.102200 OK 46 kB URL HTTP/1.1 rezadero.tk/fonts/OpenSans-Light.39d27e13.woff2
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Web Open Font Format (Version 2), TrueType, length 45900, version 1.6554\012- data
Hash 39d27e13dce3dfe4cdc70a281ccdf113
ad2af0f0a073835100e66ee93b50def2e57a28df
1e2ca939c8ea6e474d75968c821c6b0e9a7d326dab593bb97478012372b20617
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /fonts/OpenSans-Light.39d27e13.woff2 HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://rezadero.tk/css/app.a96e9499.css
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 45900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
rezadero.tk/favicon.ico
172.93.123.102200 OK 15 kB IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash d51c5a4d951041c0f3d27ccbd9615808
7dc3fe8ce664c4dbad683abbd86fa1cab1e004ea
e030aec0ead2916a959657ef45b3aaa5356e5cc7054f60653f1ff8f2192f18da
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /favicon.ico HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:12 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 15086
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/x-icon
rezadero.tk/img/login-default-lgm.0c8b3467.jpg
172.93.123.102200 OK 135 kB URL HTTP/1.1 rezadero.tk/img/login-default-lgm.0c8b3467.jpg
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1440x1620, components 3\012- data
Size 135 kB (135408 bytes)
Hash 0c8b3467f9256fc4e46dca096fdf5c43
abe393d4e3755652d325123a52cb3e551c8b27c2
eee230b896f349558bb52c66ffe6d2428452a5f0de5860fc3ac57c3e161bfb5a
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /img/login-default-lgm.0c8b3467.jpg HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rezadero.tk/css/app.a96e9499.css
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:11 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 135408
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
rezadero.tk/js/challenge.8e8e3ca9.js
172.93.123.102200 OK 5.6 kB URL HTTP/1.1 rezadero.tk/js/challenge.8e8e3ca9.js
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Unicode text, UTF-8 text, with very long lines (5562)
Hash 6b90e4e1cc4faf11119fca8e4a6aa0c1
0241e0c9b56db89bce6aa6742daad078781f5108
f364985cc32806a754dd105c67a85754002ec5bb7951e04e18b1f51d4b7fc2e0
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /js/challenge.8e8e3ca9.js HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Moz: prefetch
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:12 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 5616
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
rezadero.tk/css/challenge.7d7d8a08.css
172.93.123.102200 OK 8.8 kB URL HTTP/1.1 rezadero.tk/css/challenge.7d7d8a08.css
IP 172.93.123.102:0
ASN #393960 HOST4GEEKS-LLC
File type Unicode text, UTF-8 text, with very long lines (8541), with no line terminators
Hash 8f471ef413f742b527b90d90f1a87484
84dfda739fa9ccbef6193ed0e9f278aa3b33677a
e15f459f61fee5af32f855d3744a892ae97dccc5011df9ae0f8e8d9e854235c3
NIDS Severity Alert suricata medium ET POLICY HTTP Request to a *.tk domain
GET /css/challenge.7d7d8a08.css HTTP/1.1
Host: rezadero.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Moz: prefetch
Connection: keep-alive
Referer: http://rezadero.tk/
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 02:29:12 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2021 11:11:44 GMT
Accept-Ranges: bytes
Content-Length: 8823
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
api.ipgeolocation.io/ipgeo?apiKey=c3d5f6657fb948268b78af1363397efa
104.20.61.122200 OK 0 B URL HTTP/2 api.ipgeolocation.io/ipgeo?apiKey=c3d5f6657fb948268b78af1363397efa
IP 104.20.61.122:0
GET /ipgeo?apiKey=c3d5f6657fb948268b78af1363397efa HTTP/1.1
Host: api.ipgeolocation.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rezadero.tk/
Origin: http://rezadero.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 02:29:11 GMT
content-type: application/json;charset=utf-8
access-control-allow-origin: http://rezadero.tk
vary: Origin
access-control-allow-credentials: true
x-application-context: application:production:8002
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 78fe0f260ba61c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2