r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15420
Expires: Tue, 10 Jan 2023 16:13:53 GMT
Date: Tue, 10 Jan 2023 11:56:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eecebe0566883e33558e8e67beaccb29
acdd8fd09e2066ed5ecfbc3f11c4a2d61218ecc7
65e21170242bf41eb529fa422385dbe5af65a61e374e6dd5669e7e5f927948af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65E21170242BF41EB529FA422385DBE5AF65A61E374E6DD5669E7E5F927948AF"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11570
Expires: Tue, 10 Jan 2023 15:09:43 GMT
Date: Tue, 10 Jan 2023 11:56:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 10 Jan 2023 11:48:29 GMT
content-type: application/json
age: 504
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89a058935fd04697c87e9441fbb466a9
59b5b08119374b1da34cff7e43a7c6dc80103f6e
3a3261f495323ff0f60067b2930b8d0e5e4e5cd6ae9b14929a88047587b735da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A3261F495323FF0F60067B2930B8D0E5E4E5CD6AE9B14929A88047587B735DA"
Last-Modified: Sat, 07 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10123
Expires: Tue, 10 Jan 2023 14:45:36 GMT
Date: Tue, 10 Jan 2023 11:56:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Fyb3J5B7fPQ2i0jGLXd0KcK0+eM4IqRGcb42rGgx1Erb2S5IOuky1JBYMpGC6MQ3aUU1Nf7Q/Mk=
x-amz-request-id: WRKTEEAR89XS4B7P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 10 Jan 2023 11:16:36 GMT
age: 2417
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 10 Jan 2023 11:56:53 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login.php
185.178.208.182301 Moved Permanently 568 B URL HTTP/1.1 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login.php
IP 185.178.208.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
Analyzer Verdict Alert fortinet Phishing
GET /login.php HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Tue, 10 Jan 2023 11:56:54 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login.php
Content-Type: text/html; charset=utf8
Content-Length: 568
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 10 Jan 2023 11:17:24 GMT
age: 2370
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e27b4124f794627ffc58d3bf36850bf5
372a8cbc6b8c937fcef065ef2cf2e6232c698628
149aab496fb4146b96281ea5508e06852031e25816252cea36504873632e1330
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "149AAB496FB4146B96281EA5508E06852031E25816252CEA36504873632E1330"
Last-Modified: Tue, 10 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Tue, 10 Jan 2023 17:56:05 GMT
Date: Tue, 10 Jan 2023 11:56:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a831a999b5e598b4e9f4e31e8054ca7c
9971a4a806f48777ae6d9525085d16d0c6314c51
cdffa8dd48e75baa98670f82dfac2b3948667ca32dd93f469d2cd49d3a58581c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5565
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 10 Jan 2023 11:56:54 GMT
Last-Modified: Tue, 10 Jan 2023 10:24:09 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/externals/prototype.js?1671621766
185.178.208.182200 OK 35 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/externals/prototype.js?1671621766
IP 185.178.208.182:0
File type ASCII text, with very long lines (60984)
Hash c7b7d75eaeb614511bae0303d2ac4103
174d20a99189f8c64588ebbd35647104f7c6372a
0ff0a54a5623b4db49b1fd82473cd258cc601f236300ba46ced34177673245fa
Analyzer Verdict Alert fortinet Phishing
GET /cp/javascript/externals/prototype.js?1671621766 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:15:33 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 11:22:46 GMT
etag: W/"63a2ec86-17b8d"
content-encoding: gzip
x-powered-by: PleskLin
age: 9682
content-length: 35367
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/externals/require.js?1671621766
185.178.208.182200 OK 7.4 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/externals/require.js?1671621766
IP 185.178.208.182:0
File type ASCII text, with very long lines (17560)
Hash 2783e102bedffbe02433a5d66b9f892b
72426a5d9c9cc986f01466008a3557d3563d18b1
a297ffbb89c40e21fd2047c0a5c4207981a3116e0e884d4c36b29ba2d82bd7df
GET /cp/javascript/externals/require.js?1671621766 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:15:39 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 11:22:46 GMT
etag: W/"63a2ec86-4562"
content-encoding: gzip
x-powered-by: PleskLin
age: 9676
content-length: 7382
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/modules/notifier/global.js?1672773219
185.178.208.182200 OK 4.3 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/modules/notifier/global.js?1672773219
IP 185.178.208.182:0
File type ASCII text, with very long lines (15013), with no line terminators
Hash e746aef1e5cde49a50ee0ec7a3f3cfa9
6322e77bc07d7844e1586fb4c4602d27c82cbbc0
ccacd33949993052fc315f728591a6570cc32502714c7e3740fa56a0e4a59efb
Analyzer Verdict Alert fortinet Phishing
GET /modules/notifier/global.js?1672773219 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:15:41 GMT
content-type: application/javascript
last-modified: Tue, 03 Jan 2023 19:13:39 GMT
etag: W/"63b47e63-3aa5"
content-encoding: gzip
x-powered-by: PleskLin
age: 9675
content-length: 4268
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/modules/letsencrypt/global.js?1672773325
185.178.208.182200 OK 350 B URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/modules/letsencrypt/global.js?1672773325
IP 185.178.208.182:0
Hash 9dd70cbc68959644974623a33fe64e3d
f2b71e7b7245e499c79e78bc8aa249be362dfa76
e785cab652ed72a6c94c71b92bae72267f5efcbb97c7fdae2ee0fd93fd6783ae
Analyzer Verdict Alert fortinet Phishing
GET /modules/letsencrypt/global.js?1672773325 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:15:42 GMT
content-type: application/javascript
last-modified: Tue, 03 Jan 2023 19:15:25 GMT
etag: W/"63b47ecd-2d6"
content-encoding: gzip
x-powered-by: PleskLin
age: 9673
content-length: 350
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.25.208.227101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.25.208.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hwaKArYR7WfvXVDFXX497A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: f83RkfKq8pdqH5+29Ed3BdAkzA0=
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/plesk-ui-library.min.js?1671611340
185.178.208.182200 OK 169 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/plesk-ui-library.min.js?1671611340
IP 185.178.208.182:0
File type ASCII text, with very long lines (26393)
Size 169 kB (168734 bytes)
Hash cdc289456f7caa3a9cfc2ce8697ca64a
bd9353cac117d65bc49707fb36da5e1d68b9ab27
455bc0ac5728d34966691b9ff5b6a7e72590d59eb1e485558da974097bbcbd97
GET /ui-library/plesk-ui-library.min.js?1671611340 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:15:34 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: W/"63a2c3cc-76860"
content-encoding: gzip
x-powered-by: PleskLin
age: 9681
content-length: 168734
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/vendors.js?1671621766
185.178.208.182200 OK 445 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/vendors.js?1671621766
IP 185.178.208.182:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 445 kB (444903 bytes)
Hash 4c62877b750a7ed1e311a5a419b7c32c
2bab057be6f8657b591f1579da683ab07b21e5ee
ab79c6455c7a3cf3bedf0d34423da05c6bbbac8fa0bef3df368b05ef28282d4a
Analyzer Verdict Alert fortinet Phishing
GET /cp/javascript/vendors.js?1671621766 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:15:36 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 11:22:46 GMT
etag: W/"63a2ec86-151256"
content-encoding: gzip
x-powered-by: PleskLin
age: 9679
content-length: 444903
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/main.js?1673350201
185.178.208.182200 OK 153 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/javascript/main.js?1673350201
IP 185.178.208.182:0
Size 153 kB (153213 bytes)
Hash df2ce1169a1cf9e2b1ae1cbc35915c98
7f02bd7c34435d5cc7db3fcc74260fb00ea425d5
1e40d5b0da64495dcd3d14f1d10a52e19306ad1babd38fd71642b7f66ddbe4e6
Analyzer Verdict Alert fortinet Phishing
GET /cp/javascript/main.js?1673350201 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 11:56:55 GMT
content-type: application/javascript
last-modified: Tue, 10 Jan 2023 11:30:01 GMT
etag: W/"63bd4c39-981c7"
content-encoding: gzip
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2951
Expires: Tue, 10 Jan 2023 12:46:06 GMT
Date: Tue, 10 Jan 2023 11:56:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2951
Expires: Tue, 10 Jan 2023 12:46:06 GMT
Date: Tue, 10 Jan 2023 11:56:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2951
Expires: Tue, 10 Jan 2023 12:46:06 GMT
Date: Tue, 10 Jan 2023 11:56:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5baaafd-f833-443a-a6c5-25babba17c8e.webp
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5baaafd-f833-443a-a6c5-25babba17c8e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ada31257436a38d849b6c3221214315b
4bbc05288e8094911a9746aeaab6ecbc2a3736cc
b76868bb9a595d980717b8f0742bf68d3d9c83b6e0cfe312c95f2b8e07f60515
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5baaafd-f833-443a-a6c5-25babba17c8e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9512
x-amzn-requestid: 8884b424-9f4a-422a-867c-0d88caee6f98
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efoXBFp5IAMFQ9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc875f-4c0529e932781b57696f502d;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:30:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oikqQ0WtGUQ90yuh5VT4tC2gjG_WMOuV6v-Av-zqdr3eJqXBqUNJVg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 21:59:22 GMT
age: 50253
etag: "4bbc05288e8094911a9746aeaab6ecbc2a3736cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a23d61d610c7b55d943fcb2636a01b65
82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065
28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9539
x-amzn-requestid: 9f388939-cfb7-432e-a921-e9188736bb45
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eTw5QGZ6oAMFxQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7c83b-4f9d5bfc30e5ee126333d54e;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 07:05:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hYVWaQnzP-UnHWvrvXDoy_0YErGDaS7hVjDTVHWVoSKqAEjDIdG1Tg==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 01:31:23 GMT
age: 37532
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/fonts/open-sans-600.woff2?098c0a7547a49b0ce57658f41c897ecd
185.178.208.182200 OK 62 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/fonts/open-sans-600.woff2?098c0a7547a49b0ce57658f41c897ecd
IP 185.178.208.182:0
File type Web Open Font Format (Version 2), TrueType, length 61548, version 1.0\012- data
Hash e9681ca3d29d814a5621d4764dd1a11e
bbda68459fc0531b915bdf9e524ecc8f782db0aa
51f0bacf9e49a400a5a2947ef6b14127ef3241b0760d97721e0aedd7add66456
Analyzer Verdict Alert fortinet Phishing
GET /ui-library/fonts/open-sans-600.woff2?098c0a7547a49b0ce57658f41c897ecd HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 11:56:55 GMT
content-type: font/woff2
content-length: 61548
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: "63a2c3cc-f06c"
accept-ranges: bytes
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaa8f015-6153-411e-ba89-a5e40b12f27e.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaa8f015-6153-411e-ba89-a5e40b12f27e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1427567eaf5a33fbade40a49afb785eb
d36efd23bf0846e93cf459bc745ac65801ae7536
b865810ab68ec856e11596e68437368e8bbacf84623d2f7668a7154993a6caf1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcaa8f015-6153-411e-ba89-a5e40b12f27e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14830
x-amzn-requestid: 70cae51a-4d22-40d5-a96e-5b4fd2e73aa7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efoXvFXBoAMFyYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc8764-31043df63b816c8d7055bd67;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:30:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: huF1RWdeym0JBPVZzlAFGxBzQWVQGJrjwcZQ7GKMN1TbmiqLslnE8g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 22:04:51 GMT
age: 49924
etag: "d36efd23bf0846e93cf459bc745ac65801ae7536"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4753795f36012ff993f492314aa210ec
d5c8f6896fda40fc34dbc7554ce1ece173dd2d09
cbf28b1d51aae0e01fbe9228bfb1afead400ca7cc69875ffaef573f9e068a51f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F231b20e9-b883-4d22-a499-0edffa21d837.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9052
x-amzn-requestid: 51cb3d41-07e4-499a-b7a7-b4ee4963c587
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: efp7aGB-oAMF-0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bc89e2-7bb9960c3f0116240e5ba086;Sampled=0
x-amzn-remapped-date: Mon, 09 Jan 2023 21:40:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Uj03bFs1JcsW67nDiC001HBFPRKWTas3EFwGDpU5LnGIKDINZ3mqQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 22:01:08 GMT
age: 50147
etag: "d5c8f6896fda40fc34dbc7554ce1ece173dd2d09"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/fonts/open-sans-regular.woff2?e7777b3c2bb7ae4d50f3abe9ee4f1eb5
185.178.208.182200 OK 60 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/fonts/open-sans-regular.woff2?e7777b3c2bb7ae4d50f3abe9ee4f1eb5
IP 185.178.208.182:0
File type Web Open Font Format (Version 2), TrueType, length 59600, version 1.0\012- data
Hash e78dce533ecee30c5efd812bb23c248d
87d988c2f0343952ccded7c17b000e33db6f3d15
03e2544599e5a06566b2579f82ac6e445b724435fccb1f3e8988e58f45b1fc5e
GET /ui-library/fonts/open-sans-regular.woff2?e7777b3c2bb7ae4d50f3abe9ee4f1eb5 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 11:56:55 GMT
content-type: font/woff2
content-length: 59600
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: "63a2c3cc-e8d0"
accept-ranges: bytes
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/theme/css/main.css?1672774963
185.178.208.182200 OK 85 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/cp/theme/css/main.css?1672774963
IP 185.178.208.182:0
Hash c7491cba700ef751b732dfd0a17becc7
f5467ba73a647ac5e193de0c416b7774432c77d1
a02a66c939bee74ea4a59a74798a8127e034389053473a634169c46549de4885
Analyzer Verdict Alert fortinet Phishing
GET /cp/theme/css/main.css?1672774963 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 11:56:55 GMT
content-type: text/css
last-modified: Tue, 03 Jan 2023 19:42:43 GMT
etag: W/"63b48533-4eccc"
content-encoding: gzip
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8bd889ec-302d-44e9-a290-89266ee38381.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8bd889ec-302d-44e9-a290-89266ee38381.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db3c7aaa80c366124e52b9da9aa710e2
ac50f2b47dd387175f838d4606e33fb91fec37b1
d4e19635e7ad010d0bc8eb1c34084e9174026df4e36e9a972318b9f6b7957834
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8bd889ec-302d-44e9-a290-89266ee38381.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7981
x-amzn-requestid: aef01bcd-4752-4435-a6a8-a33c78cb7d42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ1FIFQVIAMFTmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3553-2d2e650374cb35a322f96153;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:15:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qB9_IbgBxOPhMFxZzxb5k2c32_TW4MTYKyOCwZZ07dqnmGP7sDl9cw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 03:49:54 GMT
age: 29221
etag: "ac50f2b47dd387175f838d4606e33fb91fec37b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
185.178.208.182200 OK 37 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
IP 185.178.208.182:0
Hash 1266a63df6ef910cf920d740ee85daac
dd42c34d6b64a67a34322d0b6ad8a07c44c6fb6e
55f42c27906f83b4d357bc5e90f9b18f509ba1686587b2e5b7476f93fcaa3c6e
GET /ui-library/plesk-ui-library.css?1671611340 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 11:56:55 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: W/"63a2c3cc-2ceab"
content-encoding: gzip
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/images/apple-touch-icon.png?1671621766
185.178.208.182200 OK 4.5 kB URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/images/apple-touch-icon.png?1671621766
IP 185.178.208.182:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash ebbd61fb584cc8ae62ffa726070c952f
7aefbffc866e859207b23f736faeac97f51414e6
b23ec702f16e22329aa8d8a74cede38c886e609acd467517a004439cbbb1da1c
Analyzer Verdict Alert fortinet Phishing
GET /images/apple-touch-icon.png?1671621766 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:30:57 GMT
content-type: image/png
content-length: 4528
last-modified: Wed, 21 Dec 2022 11:22:46 GMT
etag: "63a2ec86-11b0"
accept-ranges: bytes
x-powered-by: PleskLin
age: 8759
ddg-cache-status: HIT,MISS
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash f93ac3f3ad3cd4ec2f1ccaf310df240a
994126a4939c417f72d4e7ad612c381a3af1e4da
d043b5aae87747aa10ed8365fcf12da3a83f7bb7f99b62af86e4af4f10f67a2b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 10 Jan 2023 11:56:56 GMT
Last-Modified: Tue, 10 Jan 2023 10:24:50 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: F3n5ormuDwc88R-iALk5EhTyp2Emxakd7TpqSZJiFozr9YpzU28tlg==
Age: 5526
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash f93ac3f3ad3cd4ec2f1ccaf310df240a
994126a4939c417f72d4e7ad612c381a3af1e4da
d043b5aae87747aa10ed8365fcf12da3a83f7bb7f99b62af86e4af4f10f67a2b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154942
Date: Tue, 10 Jan 2023 11:56:56 GMT
Etag: "63bcf827-1d7"
Expires: Thu, 12 Jan 2023 06:59:18 GMT
Last-Modified: Tue, 10 Jan 2023 05:31:19 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0K4LfRG-4Blj4KFECbf9j_aZAn_9ps6M5dqE1ycOOMbn7QQ03Hv9gQ==
Age: 5279
firehose.us-west-2.amazonaws.com/
35.89.72.5200 OK 20 B URL HTTP/1.1 firehose.us-west-2.amazonaws.com/
IP 35.89.72.5:0
Hash 3970e82605c7d109bb348fc94e9eecc0
e03849ea786b9f7b28a35c17949e85a93eb1cff1
f5d031af01f137ae07fa71720fab94d16cc8a2a59868766002918b7c240f3967
OPTIONS / HTTP/1.1
Host: firehose.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/
Origin: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amzn-RequestId: f3aea671-1ca8-75af-af99-f2b904bd98dc
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Access-Control-Allow-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Allow-Methods: POST
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Access-Control-Max-Age: 172800
Content-Length: 20
Date: Tue, 10 Jan 2023 11:56:56 GMT
firehose.us-west-2.amazonaws.com/
35.89.72.5200 OK 246 B URL HTTP/1.1 firehose.us-west-2.amazonaws.com/
IP 35.89.72.5:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 676fce87930e1a95a5a72f5b8e1b1f42
efb0d663ec8463493b88477bf1c0b730f6047128
640b51d70f436f886d811e3b4d984e8f6986c0cf515c225a82eb36da03b79888
POST / HTTP/1.1
Host: firehose.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Amz-User-Agent: aws-sdk-js/2.1267.0 callback
Content-Type: application/x-amz-json-1.1
X-Amz-Target: Firehose_20150804.PutRecord
X-Amz-Content-Sha256: 55e47593d225b1c2388d2e0ae0d6d0f4fe81f9e9133073a5465ace97d2ef2aa1
X-Amz-Date: 20230110T115642Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAR4YEYRJLZOCG766Q/20230110/us-west-2/firehose/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-target;x-amz-user-agent, Signature=3e34142b5d655c3da56a138340c896a0b11a20ae4af05b81179028b562739f58
Content-Length: 294
Origin: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amzn-RequestId: d95f27f4-8e93-c3c0-8568-733d96862eb3
Access-Control-Allow-Origin: *
Content-Encoding: gzip
x-amz-id-2: KRmOtkRsJI/+ym96ZJ+4rEmLqjxK02bUT1O+B3QJSC4Oxfz7q2u5rlMfbcskKCHn6iTrJzv/KkiTViJ+lM7hu+j04goQEWrR
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Content-Type: application/x-amz-json-1.1
Content-Length: 246
Date: Tue, 10 Jan 2023 11:56:56 GMT
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login.php
185.178.208.182303 See Other 0 B URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login.php
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /login.php HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 303 See Other
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m; Domain=.uyduportal.net; HttpOnly; Path=/; Expires=Wed, 10-Jan-2024 11:56:54 GMT
date: Tue, 10 Jan 2023 11:56:54 GMT
content-type: text/html; charset=utf-8
expires: Fri, 28 May 1999 00:00:00 GMT
last-modified: Tue, 10 Jan 2023 11:56:54 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
p3p: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
location: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
x-powered-by: PleskLin
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
185.178.208.182200 OK 0 B URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /login_up.php HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 11:56:54 GMT
content-type: text/html; charset=utf-8
expires: Fri, 28 May 1999 00:00:00 GMT
last-modified: Tue, 10 Jan 2023 11:56:54 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
p3p: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/images/favicon.svg?1671621766
185.178.208.182200 OK 0 B URL HTTP/2 exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/images/favicon.svg?1671621766
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /images/favicon.svg?1671621766 HTTP/1.1
Host: exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exclusifvoyages.com.voyagecadeau.blog.smtpseguro.uyduportal.net/login_up.php
Cookie: __ddg1_=JGkBuuZKGAqtQ98ZiW8m
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Jan 2023 09:30:57 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Dec 2022 11:22:46 GMT
etag: W/"63a2ec86-27a"
accept-ranges: bytes
x-powered-by: PleskLin
age: 8759
ddg-cache-status: HIT,MISS
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2