Report - goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html

Report Overview

Submitted URL
goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html
IP
54.230.111.61
ASN
#16509 AMAZON-02
Submitted
2022-09-29 20:22:19
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
goodforcustoms.shop	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	61 kB	54.230.111.30
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	1.6 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	887 B	54.230.245.39
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	662 B	1.4 kB	142.250.74.3
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	34 kB	142.250.74.106
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.236.232.139
gloophoa.net	690538	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	9.8 kB	139.45.197.250
maxcdn.bootstrapcdn.com	724	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	420 B	947 B	104.18.11.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-29	medium	goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html	AT&T Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-29	medium	gloophoa.net/custom	Malware
2022-09-29	medium	gloophoa.net/custom	Malware
2022-09-29	medium	gloophoa.net/custom	Malware
2022-09-29	medium	gloophoa.net/custom	Malware
2022-09-29	medium	gloophoa.net/custom	Malware
2022-09-29	medium	goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	94 B	2023-03-07	2023-03-11
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:40 Last Seen2023-03-11 23:50:17 Times Seen1 Hash 8979c37c7e7cc70b431a8961cf518368 1e28ec2745eef77852ad94570be59e73d57072e3 e0f2501afe1535508171992ea2b8a48740acd87f6a38a482e49682bd4292a622 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	31 B	2023-03-07	2024-02-13
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:26 Last Seen2024-02-13 00:20:37 Times Seen23 Hash 5a6fc2c446cd958202c70acc50edceb6 6d4d365d41a11cf89760f020baddc8f58b155410 fd19510da4f10e3e212abae7b88a6f3990be081f8dfd122a986c33685d509980 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	41 B	2023-03-07	2024-02-13
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:02 Last Seen2024-02-13 00:20:37 Times Seen19 Hash f46cd32959be1ddae3459787a4201e4d b91cd058fd43f966ffa54cd6970ebad459ec59b2 12a671209b2ca47aa4c3886004994c8cbaad884dde586f30952bafd1202046d2 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	299 B	2023-03-07	2023-03-12
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:46:04 Last Seen2023-03-12 15:53:06 Times Seen1 Hash 85e4a7ce8978641e89f4252c5ce888c8 875e5315bc52b5301a598ed390bfc6df4d409511 9306790a33980398795c0d101dee36e286ca50ff009a13b4b9c45ecd142f39e4 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	67 B	2023-03-07	2024-01-29
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:02 Last Seen2024-01-29 20:13:51 Times Seen3 Hash 263c6033a9e3e1f50b62fb6c5c087f87 c6284970dc862ea3e11d181b9f2d9da5ac501e28 5429056fa06ba32d1768d838018601ffd64a0bc465aae4081b7ac7bef108228e Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js	93 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 19:11:34 Times Seen16802 Hash e0e0559014b222245deb26b6ae8bd940 e2f3603e23711f6446f278a411d905623d65201e 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	567 B	2023-03-07	2023-03-11
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:40 Last Seen2023-03-11 23:50:17 Times Seen1 Hash 70177b292eb79294edb71e2c051b1cf4 020b674ff72b4718a68383da998b6ef572a4f3e5 f8e271641b312597a0eb111a5119a28678e6935dc97f53ea92ecd278a6db2a4d Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	1.0 kB	2023-03-07	2024-02-06
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:57 Last Seen2024-02-06 12:53:56 Times Seen15 Hash 7cf39ddc3cd84b7fad76ce4db5d253d7 e63c8387fbd290d9a5b93ed8bd634e8d33177efc 7fa01ee9cfcb566a19818114b430a023fe7e223ed16ee790340a33ff4b6cc9f2 Loading...

	gloophoa.net/pfe/current/tag.min.js?z=3553227&ymid=null&var=null	15 kB	2023-03-08	2023-03-08
Pretty URL gloophoa.net/pfe/current/tag.min.js?z=3553227&ymid=null&var=null IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:31:55 Last Seen2023-03-08 13:48:56 Times Seen1 Hash 545d28a9a21c095f1433971c9ed69bb4 680c5b3b704ecbd02620b93adff1fbfd89ae8ae3 c8a0fb0320831047a2276f2759bd6650de39079719e9f0486329532239236d3a Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	2.9 kB	2023-03-07	2024-02-13
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:46:04 Last Seen2024-02-13 00:20:37 Times Seen16 Hash d41fd0202ad9d2dceef987af27373e11 0fbfda137703e91aa7b97a85e81aa55af60190f6 1375d5d5f13c914dcbc8e975d699d29f6753f66ff074cf8061975b9ed28d2365 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	32 B	2023-03-07	2024-02-19
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:02 Last Seen2024-02-19 09:14:51 Times Seen27 Hash 0a74411771d5b525ad8bbf2c97672a4d cb1e812336c212fc16f0afc5891f8e8c0ef93fb5 8501bb259cd68a46ddd0d0c2f10a3a88f8848e589b795d67f8b5fd9f609481a2 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	230 B	2023-03-07	2024-02-13
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:02 Last Seen2024-02-13 00:20:37 Times Seen19 Hash c31dc4599e334c1e4c6a49eeb57b84eb c2a572314f9924bb2db5e2280064dd0186989d69 5723c2b62ec5229d042b913272b1a25d99ccfafaf97fa545cf316472f13f313a Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html	608 B	2023-03-07	2023-03-11
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:40 Last Seen2023-03-11 23:50:17 Times Seen1 Hash 97e1eea878862ff8d93770e4a2218449 16188141799f8b9fef5037da3f0ac416d67b21e8 add142b2787dc45ea7a3c1afb4e1b92e7cb2bd0c7dbbfa8a65e13f3d50e64946 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js	37 kB	2023-03-07	2024-04-25
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-25 19:39:56 Times Seen54613 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	102 B	2023-03-08	2023-03-08
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:34:55 Last Seen2023-03-08 03:34:55 Times Seen1 Hash 4230ca701cf2d5245393274f27d53ea5 815e8ee9051b5e8c5238b406a02df2c48a0c54bb 5a66192dc54f6db3b8b47c2140939c05ad142a7986d323ceae8ff09089a05c47 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	14 kB	2023-03-07	2023-03-10
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:27:05 Last Seen2023-03-10 14:57:19 Times Seen1 Hash 3b36e76a87397236673d01160978b36c 7e847e52913183a145b549f7a8096c89803d3be6 32437f6aae855c15360895d5167848ec852db98cd2cf2d9680df2c41ad058ab1 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	521 B	2023-03-07	2023-03-12
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:46:04 Last Seen2023-03-12 15:53:06 Times Seen1 Hash 6707f587c25f12e6a35fcff6124f6826 8da914036d31a56166bd32b5323295f6cf7b28a5 e79c58325307ff64f1b054444ef8ebcb3cbc6477bd99032dbb16eb7f1967b469 Loading...

	goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=	102 kB	2023-03-08	2023-03-08
Pretty URL goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm= IP 54.230.111.30 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:31:55 Last Seen2023-03-08 13:48:56 Times Seen1 Hash d81397a5e000f17e2180d15b6520afb9 5613fa45aac39504cc6b2ba8a7c58417213e2bea bcbf8a19405ef6b4067be320a1a8ccbd4bd15efdd83705cd708e4c2ba0915d04 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 00915ad5bbe3c3781ff6cb25b0f924fd	79 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 03:34:55 Last Seen2023-03-08 03:34:55 Times Seen1 Hash 00915ad5bbe3c3781ff6cb25b0f924fd 3e254da90d7efed13e4d17dc3d9e0a68c4f7b3ca d4a4dd49830ca60fefcdc93a02e40697d89b1aa62bd1064e015773d9e1e9b203 Loading...

		Size	First Seen	Last Seen
	#1 Write - 121d46b74d8483bd99b97e1045fc9d0c	17 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 03:23:51 Last Seen2023-03-08 03:34:55 Times Seen1 Hash 121d46b74d8483bd99b97e1045fc9d0c 3de27686fef04ab782c9fe24a52fee0b7801fa78 24f4723db1460207b9b6186ae29c8cc0a25d1999665651aef2d7b17e0c80bea6 Loading...

	#2 Write - 78ae6f0cd191d25147e252dc54768238	8 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:36:43 Last Seen2024-04-25 10:23:55 Times Seen367 Hash 78ae6f0cd191d25147e252dc54768238 76031ddf92450ba52c1e3945097079807a9065c2 fc2662062ffdef9610020183ea2b087c21d71150d78a7c7463be8a9050bd3ac9 Loading...

	#3 Write - 7bbf2bdbe048653542424e6dd21321f7	18 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 03:19:01 Last Seen2023-03-08 03:34:55 Times Seen1 Hash 7bbf2bdbe048653542424e6dd21321f7 3a9cebd65689c3c682742758e9b7c9595b447cfc 92986030ad8222efec97bd182305a79b10408d7d7168fc17550566385c8da5ca Loading...

HTTP Transactions (38)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 20:15:55 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0GglRfZ3s3x4mAxEUDPTSb1Tf0eH954z9xiY6owG4JfGD4ygoXZkTA==
Age: 373

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6205
Expires: Thu, 29 Sep 2022 22:05:33 GMT
Date: Thu, 29 Sep 2022 20:22:08 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GbZAIHyKeYkzj6MMsamfGdJDvoo_7bnZ8Q1aqb7a_0MFO3BB3JiPTg==
age: 53621
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
308fd9a342406de01b976f883c981cf4
8ebb0978a9b209be1452245e7207719e9e37ab5a
8a97c933fb2302c6cbfbe0122f09ee36d85c5063fe763feccda1b9de127b5590

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 20:22:08 GMT
Etag: "633484da-1d7"
Server: ECS (dcb/7EA2)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: N5b3ocwsMwMAx-enx1RiTwk0LK1LQcdcv74ACK_KZmE29gGTUVxP6Q==

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3e9d3eab1fba386c4fdf3af9a757cfa9
b50127a1072c95ed71110b07dd58eab72747e6f8
869e09d135cff97a1073e32fa1808d0068195421369d138ad6bba86cfef18091

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

142.250.74.106

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32072)
Size
33 kB (32954 bytes)
Hash
d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd

HTTP Headers

GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goodforcustoms.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 15:35:04 GMT
expires: Tue, 26 Sep 2023 15:35:04 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 276424
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
707ae9fcdd83ff2684b843a21df14785
b32e881855867f5436205cca76f1f75062dbedf0
9b8c1f6775cc9961816ab6c78a406036ff4e1278141f3950868bc6dfc87fe3fb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 19:29:33 GMT
Expires: Thu, 29 Sep 2022 19:46:28 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: g9uzxYzMG9zaNeF5GBmWE23IZkWXjXEgCbq6ixGTOAqkYJoV57O-PA==
Age: 3155

goodforcustoms.shop/favicon.ico

54.230.111.30

403 Forbidden

726 B

URL HTTP/2
goodforcustoms.shop/favicon.ico
IP
54.230.111.30:0
ASN
#16509 AMAZON-02

File type
data
Size
726 B (726 bytes)
Hash
ec4a796707d9f5c160b6d43c10e07601
5d9be4b0077c732207e64f6e313de9642e643e79
0e1f2711730d638e4423e5956ea4d527d76acf5732e5ab1551459c6d331854ed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: goodforcustoms.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 403 Forbidden
content-type: application/xml
date: Thu, 29 Sep 2022 20:22:08 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IvvnkAMQ2iII0-qTihTycSGlMka8Sa5EFBTfjEXJVMAYliy9swr3tA==
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
11b97da8520a83b6d2de987dd77fefe0
f6895cab626a3685081e3c47bf7359f84b38168b
eabdad0f29753b7cd0057f88e19828469812099bdac86eb5f8c11d56da34a768

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3422
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:22:09 GMT
Last-Modified: Thu, 29 Sep 2022 19:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
11b97da8520a83b6d2de987dd77fefe0
f6895cab626a3685081e3c47bf7359f84b38168b
eabdad0f29753b7cd0057f88e19828469812099bdac86eb5f8c11d56da34a768

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3422
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:22:09 GMT
Last-Modified: Thu, 29 Sep 2022 19:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

goodforcustoms.shop/ps/us/ipad/fa1/tt/ip11.png

54.230.111.30

200 OK

38 kB

URL HTTP/2
goodforcustoms.shop/ps/us/ipad/fa1/tt/ip11.png
IP
54.230.111.30:0
ASN
#16509 AMAZON-02

File type
PNG image data, 154 x 154, 8-bit/color RGBA, non-interlaced\012- data
Size
38 kB (37679 bytes)
Hash
d37027c2abf53b85ecd46a91f8e6c1df
92a6e2de9113be2460b6143739c2301162db0a55
9a29da5dd4cc866af3831ce4bc77fb5e1d592dce76f81b097537a84dd0251f1f

HTTP Headers

GET /ps/us/ipad/fa1/tt/ip11.png HTTP/1.1
Host: goodforcustoms.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 37679
last-modified: Fri, 09 Sep 2022 07:54:47 GMT
x-amz-meta-cb-modifiedtime: Wed, 13 Oct 2021 07:43:07 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 20:22:10 GMT
expires: 604800
etag: "d37027c2abf53b85ecd46a91f8e6c1df"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: x2DCSZzakOd3xWvrgZ9Tvfpe_alVccd-1rdov4geiN0Q6HMbFgSy8A==
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
11b97da8520a83b6d2de987dd77fefe0
f6895cab626a3685081e3c47bf7359f84b38168b
eabdad0f29753b7cd0057f88e19828469812099bdac86eb5f8c11d56da34a768

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3422
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:22:09 GMT
Last-Modified: Thu, 29 Sep 2022 19:25:07 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

goodforcustoms.shop/ps/us/ipad/fa1/tt/s22.png

54.230.111.30

200 OK

20 kB

URL HTTP/2
goodforcustoms.shop/ps/us/ipad/fa1/tt/s22.png
IP
54.230.111.30:0
ASN
#16509 AMAZON-02

File type
PNG image data, 112 x 154, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20146 bytes)
Hash
d19b80d898b452f663c02825e107fb14
fca519b65082bd04e6cdb2adf47f929ef8e5a3a5
24f2131ecd967f888792fc6687715d3d540df7a4b240ad2c82b6b58b01a8c499

HTTP Headers

GET /ps/us/ipad/fa1/tt/s22.png HTTP/1.1
Host: goodforcustoms.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 20146
last-modified: Fri, 09 Sep 2022 07:54:47 GMT
x-amz-meta-cb-modifiedtime: Wed, 13 Apr 2022 03:09:10 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 20:22:10 GMT
expires: 604800
etag: "d19b80d898b452f663c02825e107fb14"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SGDaY-7MvHaMI8phU9yP5FxbwUqjPWQBn1D4ONeWx5rcDBUco5EPIQ==
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.236.232.139

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.236.232.139:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vB9TBh27yX13U4TyN8vI5g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: COPp9ZohN4Jrl6sT41vXssuor1U=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dd3bb526a22b28076b914d200f4d59ad
5b68123cf5b84a0700f5c6c3a88c5e4fa30fcd67
5b5490cac427aa177ce5861606e27d847a038bea1777a7bc875e469e6237d768

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B5490CAC427AA177CE5861606E27D847A038BEA1777A7BC875E469E6237D768"
Last-Modified: Tue, 27 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Fri, 30 Sep 2022 02:21:51 GMT
Date: Thu, 29 Sep 2022 20:22:09 GMT
Connection: keep-alive

gloophoa.net/pfe/current/tag.min.js?z=3553227&ymid=null&var=null

139.45.197.250

200 OK

6.7 kB

URL HTTP/2
gloophoa.net/pfe/current/tag.min.js?z=3553227&ymid=null&var=null
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
6.7 kB (6748 bytes)
Hash
ee35cc52e22e191fcd5d996aa8f9cc22
e77e6bc7f87189bcb90a1bd9b1b438151e9a4246
36c431c4a09cdec0bf5104691a6e05cbdd061650bc0e7993b557622cf82b3821

HTTP Headers

GET /pfe/current/tag.min.js?z=3553227&ymid=null&var=null HTTP/1.1
Host: gloophoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goodforcustoms.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:09 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

gloophoa.net/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
gloophoa.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: gloophoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://goodforcustoms.shop/
Origin: https://goodforcustoms.shop
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:09 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://goodforcustoms.shop
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

gloophoa.net/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
gloophoa.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: gloophoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://goodforcustoms.shop/
Origin: https://goodforcustoms.shop
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:09 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://goodforcustoms.shop
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

gloophoa.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
gloophoa.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: gloophoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goodforcustoms.shop/
Content-Type: application/json
Origin: https://goodforcustoms.shop
Content-Length: 444
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:09 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4bd62e06d1ed04e530a6d318064f8ea9
access-control-allow-origin: https://goodforcustoms.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

gloophoa.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
gloophoa.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: gloophoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goodforcustoms.shop/
Content-Type: application/json
Origin: https://goodforcustoms.shop
Content-Length: 808
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:09 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 37c74396feda1b96be8c16c755f53d6b
access-control-allow-origin: https://goodforcustoms.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12248
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:22:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12248
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:22:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12248
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:22:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12248
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:22:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12248
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:22:10 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg

34.120.237.76

200 OK

4.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.1 kB (4093 bytes)
Hash
aed4d25286420a1405c3274931194002
c17c7bdfa4b40f9a0634da65c610869e5c410bf1
f32058bdd49930b927d1f9fdfd204ed054b4f85e0d679eff067d522d42ac504a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4093
x-amzn-requestid: 88076712-b2bb-4aee-81a7-ae35201748ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKZtEXeoAMFVbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334bdd7-317a47e2018160b928a40ff9;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:34:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VztBCwvlCphzQJw_HAODqlJjRAaYDoKFzmkAYhrhUTZJ5rmNtNSzuQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:50:26 GMT
age: 81104
etag: "c17c7bdfa4b40f9a0634da65c610869e5c410bf1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4235 bytes)
Hash
30471179bd7cdeecea2fa4ea98701aef
2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb
967e070aec3942c64cc6c4cfdc13d430825c9e5c26dbec5bb3d66237d5978dfc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4235
x-amzn-requestid: 60825c64-7743-4b16-b80d-d1195ccb0f23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK2nFsDoAMFRwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be90-1898e5d9111db7c843c1ebb4;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C-XC9qsktkENdI6lWZp5RQjeEvrrFMUfBq1mA5dxEjRq5tkfL5Jsxw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:55 GMT
age: 80235
etag: "2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9654 bytes)
Hash
36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7961f184-9476-43de-bf35-8ccb50ee1760
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYsHA6oAMFvRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-05f567f7606462ac44f89987;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XaB4TwXv4xy0Sy3dncNYZWEPEnHY5BkEHR7fZDK59APYkzH9DPdT7A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:40 GMT
age: 57690
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7859 bytes)
Hash
c62a6368c456e9614ca4c8e360a2ef12
35ec6e80d324bb215796c590a7ffafbaea55d88e
90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uzwIgEsYiWch9RE2mlWZO__ZajkuFHafOjSxtq4oW_cxZJ1FwDT8eA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 19:04:20 GMT
age: 4670
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10023 bytes)
Hash
f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:58 GMT
age: 80232
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14073 bytes)
Hash
11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dyDhatfeYzzSQpRY7JpOIu3VhjlI8IOWcKCLCBWYaxJ1CYgCxqdQjA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:42 GMT
age: 81148
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gloophoa.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
gloophoa.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /custom HTTP/1.1
Host: gloophoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goodforcustoms.shop/
Content-Type: application/json
Origin: https://goodforcustoms.shop
Content-Length: 453
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 12a1c8090d19bbd4b251736da72722b0
access-control-allow-origin: https://goodforcustoms.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html

54.230.111.30

200 OK

0 B

URL HTTP/2
goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html
IP
54.230.111.30:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	AT&T Inc.
fortinet	Phishing

HTTP Headers

GET /ps/us/ipad/fa1/tt/index2.html HTTP/1.1
Host: goodforcustoms.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
last-modified: Fri, 09 Sep 2022 07:54:47 GMT
x-amz-meta-cb-modifiedtime: Wed, 06 Oct 2021 07:05:31 GMT
server: AmazonS3
content-encoding: br
date: Thu, 29 Sep 2022 20:22:09 GMT
expires: 604800
etag: W/"4a28f56f8ea299bc5d64806a1042e275"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cSoxUt6Rtq1g35EtFOIfyWwwzMT1u3vqIQlXp89C4eGz_-rG0cq5Xg==
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

104.18.11.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goodforcustoms.shop
Connection: keep-alive
Referer: https://goodforcustoms.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 29 Sep 2022 20:22:09 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 08/20/2022 02:31:21
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 756
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 97934e65bf155ba093b9ae480c599370
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75276de31f8d1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=

54.230.111.30

200 OK

0 B

URL HTTP/2
goodforcustoms.shop/ps/us/ipad/fa1/tt/content.html?dm=
IP
54.230.111.30:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ps/us/ipad/fa1/tt/content.html?dm= HTTP/1.1
Host: goodforcustoms.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goodforcustoms.shop/ps/us/ipad/fa1/tt/index2.html
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/html
last-modified: Fri, 09 Sep 2022 07:54:46 GMT
x-amz-meta-cb-modifiedtime: Wed, 13 Apr 2022 03:21:05 GMT
server: AmazonS3
content-encoding: br
date: Thu, 29 Sep 2022 20:22:09 GMT
expires: 604800
etag: W/"286d66f5711291d99732c62e766a507c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s44Vx0unC6hw0gXeFYMpUAVpVLcrH0TXAuBaJXu_fsFEBwYGYC7Kjg==
X-Firefox-Spdy: h2

gloophoa.net/pfe/current/universal.min.js?v=3.1.396

139.45.197.250

200 OK

0 B

URL HTTP/2
gloophoa.net/pfe/current/universal.min.js?v=3.1.396
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: gloophoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goodforcustoms.shop/
Origin: https://goodforcustoms.shop
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:22:09 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1fafa"
access-control-allow-origin: https://goodforcustoms.shop
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations