Report - phjewellers.co.uk/owo.html

Report Overview

Submitted URL
phjewellers.co.uk/owo.html
IP
172.67.169.8
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-26 12:42:13
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Netflix
Phishing - Netflix

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	60 kB	34.120.237.76
quizzical-antonelli.128-199-0-180.plesk.page	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.4 kB	273 kB	128.199.0.180
detectportal.firefox.com	1601	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	428 B	34.107.221.82
phjewellers.co.uk	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	812 B	1.6 kB	104.21.27.68
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	840 B	12 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.7 kB	119 kB	34.102.187.140
shavar.services.mozilla.com	3602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453 B	204 B	52.35.225.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.236.232.139
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.76.226
getpocket.cdn.mozilla.net	1369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	40 kB	34.120.5.221
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.4 kB	93.184.220.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	phjewellers.co.uk/owo.html	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.js	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/logo.svg	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.mask.js	Phishing
2022-11-26	medium	phjewellers.co.uk/owo.html	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/modernizr.min.js	Phishing
2022-11-26	medium	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.ccvalid.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/modernizr.min.js	3.8 kB	2023-03-07	2024-04-24
Pretty URL quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/modernizr.min.js IP 128.199.0.180 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-24 02:57:40 Times Seen891 Hash a635a55ddb6339a3d0d01c641f670753 a6dee4a1df6c51b82ce2e67323514e7de4e165d4 a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44 Loading...

	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.js	87 kB	2023-03-07	2024-04-25
Pretty URL quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.js IP 128.199.0.180 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-04-25 08:02:52 Times Seen12145 Hash af4078402c5e090d3f81d1abd71e2250 9592732de681f4365e9b7016dc5cf76e2a55ee9b 8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6 Loading...

	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.ccvalid.js	7.4 kB	2023-03-07	2024-04-21
Pretty URL quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.ccvalid.js IP 128.199.0.180 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-21 18:50:38 Times Seen469 Hash 2f24b339e94eb18fdfd5cd5a60e82546 2abf52df7041eac55e0f59bf867053d4cb29891a ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b Loading...

	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.mask.js	8.1 kB	2023-03-07	2024-04-21
Pretty URL quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.mask.js IP 128.199.0.180 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-21 17:57:43 Times Seen359 Hash 9d8349c5ae98f1d6591ecce50e54403a 62f6a07fa6a0531ac0f6aae7988356ff28b09d73 38c89b667f0b98ab618ce6eef2947a58b9cac93e4dce667fec781562c34cd66e Loading...

	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php	665 B	2023-03-07	2023-04-01
Pretty URL quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php IP 128.199.0.180 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2023-04-01 11:11:03 Times Seen56 Hash f2f81f7bd23993f7026d546e7bde377f c332eba809abc20daa0fddcac318ceeae64ab3a7 5a1b791d5aa13fe655e41161a761849ae604a1d2c4d2ad622b6d3785c1813e68 Loading...

	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php	101 B	2023-03-07	2024-04-18
Pretty URL quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php IP 128.199.0.180 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:46 Last Seen2024-04-18 11:28:16 Times Seen212 Hash 374354644aaca754a721e58f06aeb655 e16bbcac015631fffe3fee7e41041ddbc8e3c527 4faa9064171cf2226162d76da9d7ef8437bce1ab506c405fd7bdd8d1c7ed5946 Loading...

	quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php	2.2 kB	2023-03-07	2024-02-10
Pretty URL quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php IP 128.199.0.180 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:46 Last Seen2024-02-10 18:38:14 Times Seen54 Hash 87c49a7d52914fda496f37d0c98dfa33 0a82d2cb5bbddd7782383e0b81dd20976064aab8 283addbd78bd697a061c1457ad9d219087f295813e881b701267f1a0ef0bfffe Loading...

HTTP Transactions (54)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 25 Nov 2022 14:57:06 GMT
Age: 78288
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

phjewellers.co.uk/owo.html

104.21.27.68

301 Moved Permanently

0 B

URL HTTP/1.1
phjewellers.co.uk/owo.html
IP
104.21.27.68:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /owo.html HTTP/1.1
Host: phjewellers.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 12:41:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 26 Nov 2022 13:41:55 GMT
Location: https://phjewellers.co.uk/owo.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5jgNHSoDTv%2Buyt%2FHUltg9xwVCrBCKl0xyFzazg059Pw%2BWcwdWZXKqBa0Nt5u44n%2BuAHKJ7U8uaK1wsqXJMRRU8EPMbnwQ3B5NrgKqBjUgnmfv1ZnIPTizagpWZhBVFrMFYJBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7702b3778b2cb505-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d0e1bad8c0e8789c312d5020d839fff0
7ba27c4977c98ac9697df3891e3974c0f2f643c2
7a0e3c0ed7c9ce558e091f945f748b0ad14a4f32ff16ce66cd0ee20a493b6707

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7A0E3C0ED7C9CE558E091F945F748B0AD14A4F32FF16CE66CD0EE20A493B6707"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2033
Expires: Sat, 26 Nov 2022 13:15:48 GMT
Date: Sat, 26 Nov 2022 12:41:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15931
Expires: Sat, 26 Nov 2022 17:07:26 GMT
Date: Sat, 26 Nov 2022 12:41:55 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

40 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
40 kB (39564 bytes)
Hash
7567d6adfd91966971b423af636a513d
4a17d888bad97ac00922e912138c3e22f7afecfb
8b598e82bce54579753f5b3038ea8f077fbfe5446064589a910b98f1431384e7

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: h8omHb9OZhdhue1t7liA1mYgTj8IDEi3MZhXI-ckgBDv2ujFizaJUw==
content-encoding: gzip
via: 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 12:34:09 GMT
content-type: application/json
content-length: 39564
age: 466
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10084
Expires: Sat, 26 Nov 2022 15:29:59 GMT
Date: Sat, 26 Nov 2022 12:41:55 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: uLG6C0Ir1nh1HeD9gk1HPE+G+sa69cxC3kC8Ga3BzqPdwOvOkbRvIf0jo3qV2lYrh3IabQItml8=
x-amz-request-id: SXZ2XS71BAP8TMSP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 12:23:49 GMT
age: 1086
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5240
Cache-Control: max-age=170193
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:41:55 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:58:28 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 12:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1362
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:41:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
0587cda4c942f90b29ca371fe239b01f
3d31eb40c17f6b965949ae446610155125e95ec6
4f32b1ff849ae371aef4808b5fe6dca0babfada20c3472fe3fe7f140cc980520

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:41:55 GMT
Server: ECS (amb/6B8F)
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
0587cda4c942f90b29ca371fe239b01f
3d31eb40c17f6b965949ae446610155125e95ec6
4f32b1ff849ae371aef4808b5fe6dca0babfada20c3472fe3fe7f140cc980520

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=97960
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:41:55 GMT
Etag: "6380e53b-117"
Expires: Sun, 27 Nov 2022 15:54:35 GMT
Last-Modified: Fri, 25 Nov 2022 15:54:35 GMT
Server: nginx
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
579c5055711abbbba8ff3b1e65e7052a
f4aae256ccf9a7de307d43c572d544ab182e62c8
67bbce66f27e9aa01790cb11b928a758694ee9789b3a62c6dd1c8ea8936c474e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4231
Cache-Control: max-age=109432
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:41:55 GMT
Etag: "63810184-1d7"
Expires: Sun, 27 Nov 2022 19:05:47 GMT
Last-Modified: Fri, 25 Nov 2022 17:55:16 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 12:08:54 GMT
cache-control: public,max-age=3600
age: 1982
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

52.35.225.239

200 OK

8 B

URL HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
52.35.225.239:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
8 B (8 bytes)
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Sat, 26 Nov 2022 12:41:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4025
Cache-Control: max-age=163920
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 12:41:56 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:13:56 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.236.232.139

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.236.232.139:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hFs6UpQtslXKV+kaPe/Znw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: caFxBADc7Pe5oNSNVAMUHSsX3QU=

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669463831640%22

34.102.187.140

200 OK

22 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669463831640%22
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Size
22 kB (21675 bytes)
Hash
a5202fddfae9c683ce58033fbf60d801
e65dc57deccd56a719bf88f194af73c46b0ae477
72cba85fdbf4bdba810a0bf79b142bc4b40658f5095ed3bf75854c6ae8116d03

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221669463831640%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Sat, 26 Nov 2022 12:01:56 GMT
cache-control: public,max-age=3600
last-modified: Sat, 26 Nov 2022 11:57:11 GMT
content-type: application/json
age: 2400
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22

34.102.187.140

200 OK

6.6 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (6593), with no line terminators
Size
6.6 kB (6593 bytes)
Hash
173414a662e4d0d6c29b893819284fcc
e7823586afc7d40c1ffd732e3f0f98d22f9cb6b6
28a589a49cbca81692eb7cc6bb2725f5d56b11238143a58c97f33260a81eb750

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6593
via: 1.1 google
date: Sat, 26 Nov 2022 12:20:49 GMT
cache-control: public,max-age=3600
age: 1267
last-modified: Mon, 21 Nov 2022 18:37:18 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: qwZSw2XBZdmS/siXtZkY535D7l/fOlfUVM91kAuJu+4tj2MKUND4FxoXSTVgOdD2p5TGD5i6TzE=
x-amz-request-id: D7CV976E50A3D382
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 12:41:12 GMT
age: 44
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669390557029&_since=%221666483264567%22

34.102.187.140

200 OK

51 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669390557029&_since=%221666483264567%22
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (51208), with no line terminators
Size
51 kB (51208 bytes)
Hash
21b6a1c29930dd71addd901f726cce7d
fb0e9b091e6f6f41bbf72a4857653745b9f7ddba
7f75908497bee301b1803d7ec5a6ca5301de05da4c89832be9ab6e4f5e4884df

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669390557029&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 51208
via: 1.1 google
date: Sat, 26 Nov 2022 11:37:53 GMT
cache-control: public,max-age=3600
age: 3843
last-modified: Fri, 25 Nov 2022 15:35:57 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22

34.102.187.140

200 OK

27 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (27155), with no line terminators
Size
27 kB (27155 bytes)
Hash
ac619cf3864a0cc124ef2d8917355b2c
e7deb60297e8951331382468d8ad9b1804e51139
5c5aad45a1d663bbb00d9021e9920bfa636f15fd04fbf35fd58bffc22ef865aa

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 27155
via: 1.1 google
date: Sat, 26 Nov 2022 12:16:55 GMT
cache-control: public,max-age=3600
age: 1501
last-modified: Thu, 24 Nov 2022 18:46:35 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22

34.102.187.140

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
673c0c8594251318f6ddab69439200f0
dfdfdbaa6ea4d5e1f2b58917573fa74c84b73f96
26808cb3b91051a2e383451dad0b069836788756c6a97faba58fc23d11a88477

HTTP Headers

GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Sat, 26 Nov 2022 11:51:18 GMT
cache-control: public,max-age=3600
age: 3039
last-modified: Mon, 31 Oct 2022 17:42:02 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 25 Nov 2022 14:57:06 GMT
Age: 78291
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22

34.102.187.140

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1482), with no line terminators
Size
1.5 kB (1482 bytes)
Hash
151df207a4786253007ead8264c7a9fe
ef39481d3f610c25b27836fb375e24ac0f3c6b47
352e05fd634451861f76ed1790e01b4f9f8d8fe3993464263f846ada17eb343e

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1482
via: 1.1 google
date: Sat, 26 Nov 2022 12:36:24 GMT
cache-control: public,max-age=3600
age: 333
last-modified: Wed, 16 Nov 2022 14:02:20 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

34.102.187.140

200 OK

681 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Size
681 B (681 bytes)
Hash
eaee4fcc2a30b5cb65768e7228765063
a618faa6e4c7c412584de1dbc760a8067e32b7d7
20565fc5642a0bc063da8706ee310dd2512ee2a096a39976c34056a13a2bc2f6

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Sat, 26 Nov 2022 12:17:24 GMT
cache-control: public,max-age=3600
age: 1473
last-modified: Sun, 20 Nov 2022 16:36:52 GMT
etag: "1668962212585"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

34.102.187.140

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1506), with no line terminators
Size
1.5 kB (1506 bytes)
Hash
202f8030219491c4a368c475aaa98861
b3f7120107465db6e1eb7a21efb451253a30e31e
379786244e20b5c0d5ed80b9f3c03e9a964615c7df36764c9d96528290754de4

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Sat, 26 Nov 2022 12:10:36 GMT
cache-control: public,max-age=3600
age: 1881
last-modified: Thu, 27 Oct 2022 18:14:21 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18807
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:41:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18807
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:41:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18807
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:41:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18807
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:41:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18807
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 12:41:57 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15818 bytes)
Hash
17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HgiyaodE2vJx5JL8QfOiTersSAgAwq74gtsPkpHUhnQ3In2vZ-3rbQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:09 GMT
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
age: 50928
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11150 bytes)
Hash
d0f860248042a8499ffb1701a880b2ba
845842c789e6e97fd1687e668d446bbb8309ffc7
9eca5258c7b6e4e145ca6576a3f3791f1324714404ffd7a56a61961f81e7bd44

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11150
x-amzn-requestid: 0b773c28-feda-41a2-9de6-8b559bd773eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC5EukoAMFxfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-3bfe118939abc352072c5af1;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RBv0V5RyDoApQfc5QIHFxVzmasUJvYZ6X4-kTTfI9UhtdjUWitlkJA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
etag: "845842c789e6e97fd1687e668d446bbb8309ffc7"
content-type: image/jpeg
age: 53733
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6789 bytes)
Hash
926df9839ec3d924b563b55d8bccace8
c47a3884465fc02b5c57faa5ffbd986ba29c64c2
a97cd625959aa81bc516024628315b2c6e2ce94f76cd579751a686a6611cc4d2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -6kE-HDfLIQMtzuaOuArCjtxgpQUgxMrpjcT7pDIdY7CDlJNK1GZWA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
content-type: image/jpeg
age: 53733
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7799 bytes)
Hash
96437d0cb1ceaffa77124f0dcfeb38cf
3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50
89244601b0a4bc150033e52dc56cf0fbe2846ebba7532c477146258a70783e05

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7799
x-amzn-requestid: 4b3bf619-fb69-4cfe-b8e7-7de4ea127853
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXADFOvoAMFXQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813866-77f561ae3496d84c75541300;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:49:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mxC9qkJyuCX0NOEgkK3Z0LWPpxbTcFIvkrDAJ6KBnMFLHToB50AEFg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:02:20 GMT
age: 52777
etag: "3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8078 bytes)
Hash
70fae9ac56bb7676177d4252757f0180
bd3027af47f20f4bb9ac36cd9e4493e28e6b041c
1378749f1b28b6c56b8e76418fc5dd59cf608a4e64c1e1067b4f19df10233afc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7c216e6-fb54-4285-8656-a1e15990a37a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: e199b062-09f2-46b8-a8ee-6d7b782f7359
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC7GT2oAMF5XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-485ea8fd3e785be748834efd;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yJdSAEHw1AFVsBFBSX5G6rqED3Kpi_P69vtTrVVE1vFDtl3XMsyJ4g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:03:54 GMT
age: 52683
etag: "bd3027af47f20f4bb9ac36cd9e4493e28e6b041c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3502 bytes)
Hash
a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:13:26 GMT
age: 19711
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f49279700980d6ba4193ca4300b79c50
658b9beac65b86f876cf09bf866c5e6fbde486fa
4892e7cf0dea9da1018c84e793e85532a94680d1938355ffe0de9ae13a35d440

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4892E7CF0DEA9DA1018C84E793E85532A94680D1938355FFE0DE9AE13A35D440"
Last-Modified: Fri, 25 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16952
Expires: Sat, 26 Nov 2022 17:24:30 GMT
Date: Sat, 26 Nov 2022 12:41:58 GMT
Connection: keep-alive

quizzical-antonelli.128-199-0-180.plesk.page/homes/app

128.199.0.180

301 Moved Permanently

271 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
271 B (271 bytes)
Hash
745959b6c22e1ed8de6ce4da7b19937f
fd0222fc61e7a455d9b29e06febc37615ff20e76
74a06459068eeb39a59376c700c7d51123d0250b2479e8d35c52106cef31e9f5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 26 Nov 2022 12:41:58 GMT
content-type: text/html; charset=iso-8859-1
content-length: 271
location: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/
x-powered-by: PleskLin
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/

128.199.0.180

302 Found

0 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app/ HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sat, 26 Nov 2022 12:41:58 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: net/
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/

128.199.0.180

302 Found

0 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app/net/ HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sat, 26 Nov 2022 12:42:00 GMT
content-type: text/html; charset=UTF-8
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j; path=/
location: login.php
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.js

128.199.0.180

200 OK

30 kB

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.js
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29944 bytes)
Hash
2261fb0ea268c8446460b030524cf235
bda696bf3efa2253c7dcfc5e756399b99db112fe
5ab441e259691b3a1afce1bc88dc06e7fe9513388b671eaf6a9b01c88a95c762

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app/net/files/js/jquery.js HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:02 GMT
content-type: application/javascript
last-modified: Sun, 06 May 2018 12:07:04 GMT
etag: W/"5aeeefe8-15339"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/logo.svg

128.199.0.180

200 OK

864 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/logo.svg
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (793), with CRLF line terminators
Size
864 B (864 bytes)
Hash
c6a2d2f507cb0f90edba00682d0dc854
ce2d00824f3b9edfd660105e670945c960c65c22
8a421d5798accee1c284865ac05cee792ad3f6bcb3c70ce1dcb954d23e86fdad

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Netflix
fortinet	Phishing

HTTP Headers

GET /homes/app/net/files/img/logo.svg HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:02 GMT
content-type: image/svg+xml
content-length: 864
x-accel-version: 0.01
last-modified: Sun, 16 Sep 2018 10:52:30 GMT
etag: "360-575fada66d780"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/fb.png

128.199.0.180

200 OK

1.5 kB

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/fb.png
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1455 bytes)
Hash
a33ca47ef110b6e3ec5086b8776407d3
dff5bbbe61b4920a23fb21a7fca69ca9e94dcb6c
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Netflix

HTTP Headers

GET /homes/app/net/files/img/fb.png HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:02 GMT
content-type: image/png
content-length: 1455
last-modified: Sun, 16 Sep 2018 09:57:46 GMT
etag: "5b9e291a-5af"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/bg.jpg

128.199.0.180

200 OK

120 kB

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/bg.jpg
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3\012- data
Size
120 kB (120105 bytes)
Hash
5f6f14c7e213792c78d8fc08ced0840c
9700da5cdd4b261c657540b4d4d49c90cd57cdac
cde4074549e72df2b148594b13728b01118887d02d99e5e7d67c5d1e54cc6669

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Netflix

HTTP Headers

GET /homes/app/net/files/img/bg.jpg HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:02 GMT
content-type: image/jpeg
content-length: 120105
last-modified: Sun, 16 Sep 2018 09:57:46 GMT
etag: "5b9e291a-1d529"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/css/none2.css

128.199.0.180

200 OK

95 kB

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/css/none2.css
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (375), with CRLF line terminators
Size
95 kB (94711 bytes)
Hash
18b9ee6c9a9cc675466b0769630c3064
faedc868c29037e2dee233d8f8e52a5c81a766a6
43d35be440db43d9a32f4a4b482ca652350d0ab9eacd590d7f4a5df4dc73fbc4

HTTP Headers

GET /homes/app/net/files/css/none2.css HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:01 GMT
content-type: text/css
last-modified: Mon, 16 Nov 2020 07:42:38 GMT
etag: W/"5fb22d6e-28bf6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/favicon.png

128.199.0.180

200 OK

1.8 kB

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/img/favicon.png
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1755 bytes)
Hash
3d194514babc5d7d010308a0f808ca51
867e51e9b4a474c19da52d6454076c007a9d01f2
7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Netflix

HTTP Headers

GET /homes/app/net/files/img/favicon.png HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:02 GMT
content-type: image/png
content-length: 1755
last-modified: Tue, 18 Sep 2018 09:48:30 GMT
etag: "5ba0c9ee-6db"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.mask.js

128.199.0.180

200 OK

20 kB

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.mask.js
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (537)
Size
20 kB (20157 bytes)
Hash
2bba917409d73456143a1fae1ab0f3d5
88ffddf2457e3027ef7ee69a7855b5156dfb48d0
e88857d3b4a8fd52f14e992ca8e3f622a67356dabebd09e5d6ec9e4f676a4134

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app/net/files/js/jquery.mask.js HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:02 GMT
content-type: application/javascript
last-modified: Sun, 06 May 2018 12:07:42 GMT
etag: W/"5aeef00e-1fad"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

phjewellers.co.uk/owo.html

104.21.27.68

200 OK

0 B

URL HTTP/2
phjewellers.co.uk/owo.html
IP
104.21.27.68:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /owo.html HTTP/1.1
Host: phjewellers.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 26 Nov 2022 12:41:55 GMT
content-type: text/html
cache-control: max-age=3600, must-revalidate
expires: Sun, 26 Nov 2023 12:41:55 GMT
last-modified: Sat, 26 Nov 2022 09:28:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Srk0K%2FNIP2FZ2lj0nCuVxdl28qZPVbW8WdK1jET7hclUjUFPllOPrLQUAclyPl2I323NW%2Bd%2BSPEIY3%2F5OGBmmyZQdkY%2Bxd0ngakgcgCMQ5cN8OODtqq3DSjVvnzHXLu%2BA%2Bi8Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702b37a9a7e1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/css/none.css

128.199.0.180

200 OK

0 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/css/none.css
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /homes/app/net/files/css/none.css HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:01 GMT
content-type: text/css
last-modified: Tue, 22 Dec 2020 14:11:34 GMT
etag: W/"5fe1fe96-245ae"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php

128.199.0.180

200 OK

0 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app/net/login.php HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:01 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/modernizr.min.js

128.199.0.180

200 OK

0 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/modernizr.min.js
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app/net/files/js/modernizr.min.js HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:01 GMT
content-type: application/javascript
last-modified: Tue, 22 Dec 2020 14:10:10 GMT
etag: W/"5fe1fe42-edf"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.ccvalid.js

128.199.0.180

200 OK

0 B

URL HTTP/2
quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/files/js/jquery.ccvalid.js
IP
128.199.0.180:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /homes/app/net/files/js/jquery.ccvalid.js HTTP/1.1
Host: quizzical-antonelli.128-199-0-180.plesk.page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quizzical-antonelli.128-199-0-180.plesk.page/homes/app/net/login.php
Cookie: PHPSESSID=vquh6san5e3io3d9pju7k3132j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 12:42:02 GMT
content-type: application/javascript
last-modified: Sun, 06 May 2018 12:05:54 GMT
etag: W/"5aeeefa2-1d12"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (54)

URL HTTP/1.1

IP

ASN

File type

Size