Report - gifltdilscorsw.com/LT

Report Overview

Submitted URL
gifltdilscorsw.com/LT
IP
185.149.120.71
ASN
#0
Submitted
2022-12-01 17:41:58
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	700 B	142.250.74.131
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
discord.com	1053	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	45 kB	162.159.135.232
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	410 B	40 kB	142.250.74.106
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.165.41.15
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	54 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	7.0 kB	93.184.220.29
cdn.discordapp.com	2474	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	750 kB	162.159.134.233
gifltdilscorsw.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	124 kB	185.149.120.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	gifltdilscorsw.com/LT	Discord

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	gifltdilscorsw.com/4afl/script.js	Phishing
2022-12-01	medium	gifltdilscorsw.com/LT	Phishing
2022-12-01	medium	gifltdilscorsw.com/	Phishing
2022-12-01	medium	gifltdilscorsw.com/4afl/login/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	gifltdilscorsw.com/LT	104 B	2023-03-07	2024-03-31
Pretty URL gifltdilscorsw.com/LT IP 185.149.120.71 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:42 Last Seen2024-03-31 06:12:24 Times Seen199 Hash aa3cf285e47a1ba1f27d140bac2e49e9 9f756cac9c103f3f346e6e40a91e7e8c66bfc82e 99c0848540540bcded9ee53be5f86aa69ec8b5098f9db89e3400016f4c235179 Loading...

	gifltdilscorsw.com/LT	173 B	2023-03-11	2023-03-11
Pretty URL gifltdilscorsw.com/LT IP 185.149.120.71 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:43:47 Last Seen2023-03-11 23:43:47 Times Seen1 Hash 07539c5da85cfdf9aa3477f631ca9566 abcd8e2e38349d13d3ee94c12cbdb0baac740eb5 445290ad5388cdbadd4eeb30da4a6055c9d93b127c9d5eb338dc6c8f900407b8 Loading...

	gifltdilscorsw.com/4afl/script.js	30 kB	2023-03-11	2023-03-11
Pretty URL gifltdilscorsw.com/4afl/script.js IP 185.149.120.71 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:43:47 Last Seen2023-03-11 23:43:47 Times Seen1 Hash 9384e3258892084307ceac0dde130d4f f9c5782abc86644ed7f6c39a081253e37677d0af 90051dbb8efb3120d0c555b56269553825be8ad4a6be9384caa992ced95efa69 Loading...

	gifltdilscorsw.com/LT	68 B	2023-03-07	2024-03-04
Pretty URL gifltdilscorsw.com/LT IP 185.149.120.71 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:06:54 Last Seen2024-03-04 19:14:25 Times Seen7 Hash 9125c3f0b7a9a48174426f865ab323be d03c2c8cea9098b72a4642e8d38ca5bbca8c4511 38798e3bac949cb402ffcb2263f0c831435d4954802f67bc19c45dfbc4ebdf2a Loading...

	gifltdilscorsw.com/LT	72 B	2023-03-07	2024-03-04
Pretty URL gifltdilscorsw.com/LT IP 185.149.120.71 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:06:54 Last Seen2024-03-04 19:14:25 Times Seen9 Hash fb66ce5a8cc5e1b3b6f494684c637ebd 1c9ad116ca27259fbeeb33af1425be497f5d4f23 5863b501dbcab16cee6e29209a40b31a97342ae5b99119267775157755d131fa Loading...

HTTP Transactions (54)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8050
Expires: Thu, 01 Dec 2022 19:55:55 GMT
Date: Thu, 01 Dec 2022 17:41:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
03d89450d0d5d14298842475a88e44c3
44fa79bb8d481cec5371669a85715eab700837e8
fc18d400b3ef3f88ecf338b388ee74764577df13c4b52b542a75a4d0ca1eef11

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC18D400B3EF3F88ECF338B388EE74764577DF13C4B52B542A75A4D0CA1EEF11"
Last-Modified: Tue, 29 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2116
Expires: Thu, 01 Dec 2022 18:17:01 GMT
Date: Thu, 01 Dec 2022 17:41:45 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2388
Cache-Control: max-age=149355
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:45 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:11:00 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 17:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1319
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4260
Expires: Thu, 01 Dec 2022 18:52:45 GMT
Date: Thu, 01 Dec 2022 17:41:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: sWFCHFuLFEA0+H853UpY5/MFf+ldGTIm7v1v2EHPIr6z9zu35Pb29tX8ZENTEQbWYOPdiADqpIA=
x-amz-request-id: C7NGJ02V66HTY6GH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 16:46:20 GMT
age: 3325
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 17:41:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
049baacc1cf95c325025cab178492e27
dc8133bdbb7a0fb0e3c10839c9d4dc44e9ab5d86
bc841f914685305557917e26c7ce1ddd6111c757507d632c596aa7dcd51ccfdc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1951
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Last-Modified: Thu, 01 Dec 2022 17:09:15 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
049baacc1cf95c325025cab178492e27
dc8133bdbb7a0fb0e3c10839c9d4dc44e9ab5d86
bc841f914685305557917e26c7ce1ddd6111c757507d632c596aa7dcd51ccfdc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1951
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Last-Modified: Thu, 01 Dec 2022 17:09:15 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
dcf7f558f4cc3cc79f98134ef98baeee
3474357db337e445d0dd97085f5f6c62ff4dbf64
b88288ca23884a89d6b2de3bcf7e003be78997a8a3051b65b9ea429449869add

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1219
Cache-Control: max-age=149602
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Etag: "638887f9-118"
Expires: Sat, 03 Dec 2022 11:15:08 GMT
Last-Modified: Thu, 01 Dec 2022 10:54:49 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
049baacc1cf95c325025cab178492e27
dc8133bdbb7a0fb0e3c10839c9d4dc44e9ab5d86
bc841f914685305557917e26c7ce1ddd6111c757507d632c596aa7dcd51ccfdc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1875
Cache-Control: max-age=125066
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Etag: "63882591-117"
Expires: Sat, 03 Dec 2022 04:26:12 GMT
Last-Modified: Thu, 01 Dec 2022 03:54:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

cdn.discordapp.com/attachments/818120722869911602/884000156729630780/11.png

162.159.134.233

200 OK

6.5 kB

URL HTTP/2
cdn.discordapp.com/attachments/818120722869911602/884000156729630780/11.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 177 x 97, 8-bit/color RGBA, non-interlaced\012- data
Size
6.5 kB (6452 bytes)
Hash
dfc8ae4a47d9c2c611137ab2ba0d72cc
23d7a322bda0fa808d9d0cbfbe1dc0c4ca49b6c0
3978ebf7a0aaecceaf4bd64ac52812d43c6b88aeba593c383c4a3aef10f3b11b

HTTP Headers

GET /attachments/818120722869911602/884000156729630780/11.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: image/png
content-length: 6452
cf-ray: 772d9d92eaf20b59-OSL
accept-ranges: bytes
age: 43646
cache-control: public, max-age=31536000
etag: "dfc8ae4a47d9c2c611137ab2ba0d72cc"
expires: Fri, 01 Dec 2023 17:41:46 GMT
last-modified: Sun, 05 Sep 2021 09:01:01 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1630832461344425
x-goog-hash: crc32c=LFggdw==, md5=38iuSkfZwsYRE3qyug1yzA==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6452
x-guploader-uploadid: ADPycdsGtGr8ONWc3fgo1J40VV-7f_3Fjnz2iieo4qSbyBLJPWnv5RIyV4DtZ010u2gQg1tuvpYKk7ZJGsNwdlJBvvRPCQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zb83wO2crYDr3HX08tTlPpLLVE2OzjGgCp5UNZ0gULU96k4%2FtyMe5ynJqqhmW4Kq10y8AYpCdUz7Rxw8Or7TAacWRc7yL4l%2BLWKxX3ALYtbk5vvP%2BJshJZcw9Iw%2BblZpSV24Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/818120722869911602/884000187708747836/33.png

162.159.134.233

200 OK

5.0 kB

URL HTTP/2
cdn.discordapp.com/attachments/818120722869911602/884000187708747836/33.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 193 x 113, 8-bit/color RGBA, non-interlaced\012- data
Size
5.0 kB (5006 bytes)
Hash
b95b182cbb45def7e9d738a6b1cb7f52
0108ef451205142b295649426db473843bb5857e
7a0e9b77119af13449fe59ded26ab577de8b03d1aaaded707f1b79ed0e26ed6c

HTTP Headers

GET /attachments/818120722869911602/884000187708747836/33.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: image/png
content-length: 5006
cf-ray: 772d9d92eaed0b59-OSL
accept-ranges: bytes
age: 43646
cache-control: public, max-age=31536000
etag: "b95b182cbb45def7e9d738a6b1cb7f52"
expires: Fri, 01 Dec 2023 17:41:46 GMT
last-modified: Sun, 05 Sep 2021 09:01:08 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1630832468728311
x-goog-hash: crc32c=6iXUlg==, md5=uVsYLLtF3vfp1zimsct/Ug==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5006
x-guploader-uploadid: ADPycdvnPzzoKKJr4QwaA5ysgV5-XkTcSnKzroGbyxMeLgYms8v5rdSUGg0IrWdBCCwYzGIQCEx_gBCP1_7Di-aEFXg_UA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kA5H5OkQnPNP64vS9tiViMUQ36hrjq9qiX3QHYiZW2NpiI0CeVCvXgV6LaRc3h%2BkN5lIh%2F6LavvoWzjeb3Q%2Beu0jdPfbbo24vzdGT961DOI%2FRMqd39QoEj65zZFU670p%2FBoeaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

gifltdilscorsw.com/4afl/script.js

185.149.120.71

200 OK

13 kB

URL HTTP/2
gifltdilscorsw.com/4afl/script.js
IP
185.149.120.71:0
ASN
#0

File type
ASCII text, with very long lines (30411), with no line terminators
Size
13 kB (12937 bytes)
Hash
38620e7a5877a18a032f8d6ac48e88d0
ccaa5e76b64734e1d04f451131ee8d1802ba2f0b
9dc07ebc007f4cc3f4617810ebda55d14335fb8889caa4c90796eabef3e2ba48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /4afl/script.js HTTP/1.1
Host: gifltdilscorsw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/LT
Cookie: __ddg1_=ICdXrwlMUhWKDJXBm0ZR; session=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaW5rSUQiOjcwOTM3LCJvd25lciI6ODIyLCJkb21haW5JRCI6MTMwMDgsImRvbWFpbiI6ImdpZmx0ZGlsc2NvcnN3LmNvbSIsInBhdGgiOiJMVCIsInJlYWxJcCI6IjkxLjkwLjQyLjE1NCIsImlhdCI6MTY2OTkxNjUwNX0.l1nPo0RpANQCf8MSNTl_qdW8PH3BDCTF0VeMUP3Ua_s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Thu, 01 Dec 2022 17:41:45 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

gifltdilscorsw.com/LT

185.149.120.71

200 OK

105 kB

URL HTTP/2
gifltdilscorsw.com/LT
IP
185.149.120.71:0
ASN
#0

File type
data
Size
105 kB (104606 bytes)
Hash
4f0660a3177f7e32655646d63d8526cf
d60d62dae6f748d826c1aae637d19bcd5c5808a4
dfa7d7c8a0f33eaf604b3f28cfdce0770c42514072418840f59b435a5ce826bf

Detections

Analyzer	Verdict	Alert
openphish	Discord
fortinet	Phishing

HTTP Headers

GET /LT HTTP/1.1
Host: gifltdilscorsw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: ddos-guard
date: Thu, 01 Dec 2022 17:41:45 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
set-cookie: __ddg1_=ICdXrwlMUhWKDJXBm0ZR; Domain=.gifltdilscorsw.com; HttpOnly; Path=/; Expires=Fri, 01-Dec-2023 17:41:45 GMT
session=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaW5rSUQiOjcwOTM3LCJvd25lciI6ODIyLCJkb21haW5JRCI6MTMwMDgsImRvbWFpbiI6ImdpZmx0ZGlsc2NvcnN3LmNvbSIsInBhdGgiOiJMVCIsInJlYWxJcCI6IjkxLjkwLjQyLjE1NCIsImlhdCI6MTY2OTkxNjUwNX0.l1nPo0RpANQCf8MSNTl_qdW8PH3BDCTF0VeMUP3Ua_s; Path=/
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/818120722869911602/884001809654484993/e6d6b255259ac878d00819a9555072ad.png

162.159.134.233

200 OK

288 B

URL HTTP/2
cdn.discordapp.com/attachments/818120722869911602/884001809654484993/e6d6b255259ac878d00819a9555072ad.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 70 x 47, 8-bit/color RGBA, non-interlaced\012- data
Size
288 B (288 bytes)
Hash
e6d6b255259ac878d00819a9555072ad
6beb12d36acbad79743495aef581891a1ff4f5f5
21d34772ed80c8be7ab9e7338498bdfe2f66c77b61542cc48e103fd77ecd7f60

HTTP Headers

GET /attachments/818120722869911602/884001809654484993/e6d6b255259ac878d00819a9555072ad.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: image/png
content-length: 288
cf-ray: 772d9d92eaf50b59-OSL
accept-ranges: bytes
age: 43646
cache-control: public, max-age=31536000
etag: "e6d6b255259ac878d00819a9555072ad"
expires: Fri, 01 Dec 2023 17:41:46 GMT
last-modified: Sun, 05 Sep 2021 09:07:35 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1630832855435973
x-goog-hash: crc32c=jKAAYA==, md5=5tayVSWayHjQCBmpVVByrQ==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 288
x-guploader-uploadid: ADPycdsuTHjS05j06XjiVqEjj4NQ3InSxyk-Yvlv1Ed5u4hGDrZiiblzTcjG7sJcO9UOJbyhJRugRJZmPxhuTdPrCKw3cz6aO5M_
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUVD8upj873uebfkfk6xFq%2BtrnUqVQq%2BXJNDxfIiVPnohqxGbXE3BCj7h1NOPRkHx9tBSJLtfp%2B0rQN6JHzBnshzpu2bAyxgqWOmsN191swcfCdqzzOG1sPhvK3SUqaect1hqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/818120722869911602/884000199557677076/44.png

162.159.134.233

200 OK

5.1 kB

URL HTTP/2
cdn.discordapp.com/attachments/818120722869911602/884000199557677076/44.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 193 x 113, 8-bit/color RGBA, non-interlaced\012- data
Size
5.1 kB (5095 bytes)
Hash
65018bc94629ba373792d102edc9ddd2
e3bcd1933781ba3c407d726b9a879ed648cc7f8d
47c1a7587b8b43d15e190669cb87d689c41c6ada64d4791a4368894902c93aaf

HTTP Headers

GET /attachments/818120722869911602/884000199557677076/44.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: image/png
content-length: 5095
cf-ray: 772d9d92eaef0b59-OSL
accept-ranges: bytes
age: 43646
cache-control: public, max-age=31536000
etag: "65018bc94629ba373792d102edc9ddd2"
expires: Fri, 01 Dec 2023 17:41:46 GMT
last-modified: Sun, 05 Sep 2021 09:01:11 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1630832471538039
x-goog-hash: crc32c=0puVng==, md5=ZQGLyUYpujc3ktEC7cnd0g==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5095
x-guploader-uploadid: ADPycdsyu86-mO9sGllwzYFQqQGPGtiGESriFOBwx3U2AAhahYOBYVGRAf8AAyDLM2do02lNe9-au1oK3mTkK-dpIyBlng
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BT%2BgVerUh%2BRA%2FS9%2FoVGoVxq%2Fy6WKmnS6y3EEELxVV%2BtlFvGooRXN7dbJoILy6yryUud%2ForzWg6MEGiAbZI1IBCg03WBNo87A1zxWoyL6h4Kxf8xyn9QFikgj%2F8KWl2pANNMH6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/818120722869911602/883999740071657542/nitro.png

162.159.134.233

200 OK

7.0 kB

URL HTTP/2
cdn.discordapp.com/attachments/818120722869911602/883999740071657542/nitro.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 122, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7036 bytes)
Hash
203a6b5fb33e009a7b1a8ede2b995552
fc7848c80aa4e1e90fe9c6c156f1f550b0114899
8c89c4f3023d02b04197a30ca20f42ca7eb2634e1432ffff7b9d641a1f71a066

HTTP Headers

GET /attachments/818120722869911602/883999740071657542/nitro.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: image/png
content-length: 7036
cf-ray: 772d9d92eaf10b59-OSL
accept-ranges: bytes
age: 82209
cache-control: public, max-age=31536000
etag: "203a6b5fb33e009a7b1a8ede2b995552"
expires: Fri, 01 Dec 2023 17:41:46 GMT
last-modified: Sun, 05 Sep 2021 08:59:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1630832361995283
x-goog-hash: crc32c=/XhSjA==, md5=IDprX7M+AJp7Go7eK5lVUg==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7036
x-guploader-uploadid: ADPycdvyWD6aSwRW1d6lTPpQud3yd32QZ7eg_GiJrVQ8gENel_gF4zJx-GCD_yeXvXEf_EKMocnRjW5xyjBU8M_OztEdJQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BmfK6t2LU7V68qsF4EX0mE3Xdf5KVbUxr0EkaukURDTWQmpGDXwgcm112x48ANJK3kp6VkkZoThsN73rASiI6qCnWapxesfAur7Hwm3d6lxQf20ktwjdWPJ6TFaFDY51RjfVVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/818120722869911602/884000234466869299/66.png

162.159.134.233

200 OK

358 kB

URL HTTP/2
cdn.discordapp.com/attachments/818120722869911602/884000234466869299/66.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 708 x 464, 8-bit/color RGBA, non-interlaced\012- data
Size
358 kB (357891 bytes)
Hash
1f3804a68918996481e867f30dc0df05
65ee0c18aa74294884c4fe5edfb9406f3a567187
818637899615c4100981db44740795fc42d9163bc436c8596d384304fd8f2caa

HTTP Headers

GET /attachments/818120722869911602/884000234466869299/66.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: image/png
content-length: 357891
cf-ray: 772d9d92eaf40b59-OSL
accept-ranges: bytes
age: 43646
cache-control: public, max-age=31536000
etag: "1f3804a68918996481e867f30dc0df05"
expires: Fri, 01 Dec 2023 17:41:46 GMT
last-modified: Sun, 05 Sep 2021 09:01:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1630832479872659
x-goog-hash: crc32c=PgvrCA==, md5=HzgEpokYmWSB6GfzDcDfBQ==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 357891
x-guploader-uploadid: ADPycdvAAMa9z-acErIB9ULpk-gqGPjw450GpI_BV5fEIM_BholTDZ9Du3z_qqcdgijjX5XKsSbDBKx313PQidsDPEZgaw
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuLWZGbDXRalgK5wnoviHkLTVY9U90R7vLHDe3hWXqtH%2FGdGtToHp0Ddo0Y5ZpXQaXC2esxBSxpNFfPbznqcwjwfYw%2BUFgNHFEOV5AgTPtY0fklhKuyrMdW70BhaX2nyg%2F5AUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/818120722869911602/884000214405496832/55.png

162.159.134.233

200 OK

357 kB

URL HTTP/2
cdn.discordapp.com/attachments/818120722869911602/884000214405496832/55.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 708 x 448, 8-bit/color RGBA, non-interlaced\012- data
Size
357 kB (357275 bytes)
Hash
52fad5e8c8138689b6a5fad2e79cc63f
36f43d633257152492f931be7efa37d6007974aa
2ce3da00b8194687cc9ccc2732560e47bb79b2a825f51212bf87a0f7d200aa05

HTTP Headers

GET /attachments/818120722869911602/884000214405496832/55.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: image/png
content-length: 357275
cf-ray: 772d9d92eaf00b59-OSL
accept-ranges: bytes
age: 43646
cache-control: public, max-age=31536000
etag: "52fad5e8c8138689b6a5fad2e79cc63f"
expires: Fri, 01 Dec 2023 17:41:46 GMT
last-modified: Sun, 05 Sep 2021 09:01:15 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1630832475088091
x-goog-hash: crc32c=S8hpnQ==, md5=UvrV6MgThom2pfrS55zGPw==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 357275
x-guploader-uploadid: ADPycdu1OHUGzuEg7epMAz8OTRDwT-fjh6Z80ZRAeMrZapV5bCRiityl__zk703v8EkeK0vqAAm5AgBPfCY3Xy8k6rgsvA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqNLnZRtipSBzjKpYH6EKM6A00h85%2FQwwu0QS2NAK8f0kz3x0ALy0T25mYKj6yzSWwVpmrBAfij5eJlPXqiHHM7kqgpg8TPKaraSQRkRH44%2F7slWpLGD9ZNLRl4cw3WeQYiwKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
dcf7f558f4cc3cc79f98134ef98baeee
3474357db337e445d0dd97085f5f6c62ff4dbf64
b88288ca23884a89d6b2de3bcf7e003be78997a8a3051b65b9ea429449869add

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1219
Cache-Control: max-age=149602
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Etag: "638887f9-118"
Expires: Sat, 03 Dec 2022 11:15:08 GMT
Last-Modified: Thu, 01 Dec 2022 10:54:49 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
dcf7f558f4cc3cc79f98134ef98baeee
3474357db337e445d0dd97085f5f6c62ff4dbf64
b88288ca23884a89d6b2de3bcf7e003be78997a8a3051b65b9ea429449869add

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1352
Cache-Control: max-age=149735
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Etag: "638887f9-118"
Expires: Sat, 03 Dec 2022 11:17:21 GMT
Last-Modified: Thu, 01 Dec 2022 10:54:49 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
049baacc1cf95c325025cab178492e27
dc8133bdbb7a0fb0e3c10839c9d4dc44e9ab5d86
bc841f914685305557917e26c7ce1ddd6111c757507d632c596aa7dcd51ccfdc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1951
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Last-Modified: Thu, 01 Dec 2022 17:09:15 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
dcf7f558f4cc3cc79f98134ef98baeee
3474357db337e445d0dd97085f5f6c62ff4dbf64
b88288ca23884a89d6b2de3bcf7e003be78997a8a3051b65b9ea429449869add

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1219
Cache-Control: max-age=149602
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Etag: "638887f9-118"
Expires: Sat, 03 Dec 2022 11:15:08 GMT
Last-Modified: Thu, 01 Dec 2022 10:54:49 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280

discord.com/assets/be0060dafb7a0e31d2a1ca17c0708636.woff

162.159.135.232

403 Forbidden

4.9 kB

URL HTTP/2
discord.com/assets/be0060dafb7a0e31d2a1ca17c0708636.woff
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (531)
Size
4.9 kB (4918 bytes)
Hash
38c7f6d3bebd07e2f6276957ad1c9fcb
12ea62db88db28c842c33653c44fc6b95a07040a
01c2d64472a85c512bfc2162e0cfa5ac3fbb90324d24b9cfc26165d0dcc3da55

HTTP Headers

GET /assets/be0060dafb7a0e31d2a1ca17c0708636.woff HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gifltdilscorsw.com
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
content-length: 4918
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHuD%2BnXFEmuemQ7ah4Gffsq3MtHlun6Mj26t5Deh0umC88%2FaIzThOPhUk%2FsXVD9CPl0qZ5Scpuh4HTa71v1ySoUUawKhxKaDUbUdn8uwATMFhgrNIiW8dqrvtR4g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d93cff3b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

discord.com/assets/3bdef1251a424500c1b3a78dea9b7e57.woff

162.159.135.232

403 Forbidden

4.9 kB

URL HTTP/2
discord.com/assets/3bdef1251a424500c1b3a78dea9b7e57.woff
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (531)
Size
4.9 kB (4918 bytes)
Hash
987b9a366506a0290208dcfb244a5e6c
9c79c5b3d6e88b7db2594f80027ed3f83449f680
7812fa3f32cf5d2c06af479e1124a3d55ef06b93438b28986a967fb060bfdb7b

HTTP Headers

GET /assets/3bdef1251a424500c1b3a78dea9b7e57.woff HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gifltdilscorsw.com
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
content-length: 4918
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbi58IEv8Ee9K8s%2BrvFQZRp83I40LEJ6r9WiHdQarBFJNerHfCTLhLnyafwA9JpbXY7nL6BfMyQOKmMFdjqP6eHzXo5ZpHhoTHQzJQGbaf83%2Bs1bmiykti0hLtMY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d93cff5b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

discord.com/assets/0.1fafb1729b3e11fa547c.css

162.159.135.232

403 Forbidden

6.5 kB

URL HTTP/2
discord.com/assets/0.1fafb1729b3e11fa547c.css
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (531)
Size
6.5 kB (6529 bytes)
Hash
f69421fe7ac547dfb791f66a588ca3dc
08a29a1fbcfec2b882c3c2254a698605aec9d68e
74f213c71bf83a96d460554a11e8935731bf599d546650affe6b6b309efab33e

HTTP Headers

GET /assets/0.1fafb1729b3e11fa547c.css HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4n1ZLRoyudmAqfUB0X4LYbR%2BvluILaBK%2FO9GqHNvuS%2BnJQXEdT4uw5pSeJd%2FwMELy5mKbeoCIwdOGUZOoq%2BnUFP6p7YAi%2Bgb5kqG8OEzvQR9bWIcV%2B2EjFDOq4Ps"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d937f90b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

discord.com/assets/ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2

162.159.135.232

403 Forbidden

4.9 kB

URL HTTP/2
discord.com/assets/ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (531)
Size
4.9 kB (4918 bytes)
Hash
3dcbaeefaffc99d2018d5cd56eac5ac7
856226033be0423cac4adc3d7e4089f210d11d66
88eb615a4a2fb811240b5dc995fe87daa4ba3107feb38f0cf1b0da08e08f13b8

HTTP Headers

GET /assets/ae7c84783ad48b6d1c8e2bfbe707e0d4.woff2 HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gifltdilscorsw.com
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
content-length: 4918
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSTT%2Bf9%2BUV7d6%2BZNky7WX6pz5uwRILChvWNb%2BUsm0Cz8i46G0B%2FFM3Iy1s9iSj5ATB4%2FalnQjPlT31%2F5ECJC94bYJgCbPXvsxYlyANBpchbvTCGyhb9kQ%2FSMUIgR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d93d81fb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gifltdilscorsw.com/

185.149.120.71

200 OK

5.0 kB

URL HTTP/2
gifltdilscorsw.com/
IP
185.149.120.71:0
ASN
#0

File type
data
Size
5.0 kB (4954 bytes)
Hash
70ff48a997486f30cac145ad085dd16f
8e97724f0ee54e8469118d187d45ec3719640ef2
64558baa5759587f2a20191fcfd7f991c657d07efa689fb4ffebbf78d5a3d731

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST / HTTP/1.1
Host: gifltdilscorsw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gifltdilscorsw.com/LT
Content-Type: application/json
Origin: https://gifltdilscorsw.com
Content-Length: 21
Connection: keep-alive
Cookie: __ddg1_=ICdXrwlMUhWKDJXBm0ZR; session=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaW5rSUQiOjcwOTM3LCJvd25lciI6ODIyLCJkb21haW5JRCI6MTMwMDgsImRvbWFpbiI6ImdpZmx0ZGlsc2NvcnN3LmNvbSIsInBhdGgiOiJMVCIsInJlYWxJcCI6IjkxLjkwLjQyLjE1NCIsImlhdCI6MTY2OTkxNjUwNX0.l1nPo0RpANQCf8MSNTl_qdW8PH3BDCTF0VeMUP3Ua_s
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
set-cookie: session=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaW5rSUQiOjcwOTM3LCJvd25lciI6ODIyLCJkb21haW5JRCI6MTMwMDgsImRvbWFpbiI6ImdpZmx0ZGlsc2NvcnN3LmNvbSIsInBhdGgiOiJMVCIsInJlYWxJcCI6IjkxLjkwLjQyLjE1NCIsImlhdCI6MTY2OTkxNjUwNSwiZmFrZV92aXNpdCI6dHJ1ZX0.oGScXodMPxwrxXrVCJHTYEISr3iXw0Pxq_ZEoakFnvU; Path=/
etag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0ea87db59dce85a59e0cb6456fb593e7
d2d4307d2c444a2c14a280995b185f2d6d96539b
bea3c2ac6b37c6d3ebc7e5c4825d3f6c32dd4ef82c526ff6277cbcc4f8048f91

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2133
Cache-Control: max-age=115994
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Etag: "6388011f-1d7"
Expires: Sat, 03 Dec 2022 01:55:00 GMT
Last-Modified: Thu, 01 Dec 2022 01:19:27 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

fonts.googleapis.com/css?family=Press%20+%20Start%20+%202p

142.250.74.106

400 Bad Request

39 kB

URL HTTP/2
fonts.googleapis.com/css?family=Press%20+%20Start%20+%202p
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
39 kB (39330 bytes)
Hash
ef7a4d65ebff3d81389d527652498945
df631382ac28a1ade1713515772fda161374f9d6
ecfc952f812dd61917731b36212b0fccfa133663b8307d3647a9f60d737d14b9

HTTP Headers

GET /css?family=Press%20+%20Start%20+%202p HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 400 Bad Request
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 01 Dec 2022 17:41:46 GMT
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/880449376957390941/889581462108639263/pososi_mudila.webm

162.159.134.233

403 Forbidden

298 B

URL HTTP/2
cdn.discordapp.com/attachments/880449376957390941/889581462108639263/pososi_mudila.webm
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type
XML 1.0 document text\012- XML document, ASCII text, with no line terminators
Size
298 B (298 bytes)
Hash
3861a3795095fe81fcb8382d2b9066bd
2cef2af9a35d636c3af48902c20891ec49a8e791
b19463cb9b847bdfc7dbf8133d9702d0a0ecc4175335c4a75db211e0196f84b3

HTTP Headers

GET /attachments/880449376957390941/889581462108639263/pososi_mudila.webm HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: application/xml; charset=UTF-8
content-length: 298
cf-ray: 772d9d939b8f0b59-OSL
cache-control: private, max-age=0
content-disposition: attachment
expires: Thu, 01 Dec 2022 17:41:46 GMT
vary: Accept-Encoding
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-guploader-uploadid: ADPycdsIDPIhXB7wiRCldgXgzsCdSn0oYe8LE2UaGLVD0MvJJL4Klpgwx8w09nprXUqrGpK4j-BwQrk2cagK1VayJ4tEnA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pJ1zi1hWmqOFDVL3I56dhjuQQdv34U3BblENGDoHsPyUPylCRX%2BfEadkLHyf8U%2B42ER6eYfrZ4tgHRpdACrJsusgppeQuRA7P%2FQJC439fl8%2BOxscjPFhbP88pDjmMLMN0sH5Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 17:08:56 GMT
cache-control: public,max-age=3600
age: 1970
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2433
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 17:41:46 GMT
Last-Modified: Thu, 01 Dec 2022 17:01:13 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.165.41.15

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.165.41.15:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3jzozsNXMbCY/AAzzMVe9A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fcaztyQi0AXpfw/Lo/Xvz/t74xs=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8372
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 17:41:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8372
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 17:41:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8372
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 17:41:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8372
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 17:41:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8372
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 17:41:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 4823cf63-98eb-40d3-bb8b-e09cd2262f36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7SqHjYIAMF8xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c10-316b213c33ce9bc2355c0900;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tK4wl-g5kcUhVFE3iZGILhZhZSsaMzQD9JTBHj1JXV95yXs_e3gMGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 12:31:43 GMT
age: 18605
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

discord.com/assets/c8d1fec4ad144f280f54.js

162.159.135.232

403 Forbidden

14 kB

URL HTTP/2
discord.com/assets/c8d1fec4ad144f280f54.js
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (531)
Size
14 kB (14507 bytes)
Hash
6fa62b45b955f0a9a96f737383367ae3
296464dc50cbab1433835623ce0072731213992f
446dc39725cf8a927c2757538991bd49837781f6ee0f5f92d32c9cc741825af3

HTTP Headers

GET /assets/c8d1fec4ad144f280f54.js HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2F8KcCFvMHPWz%2B344rxSCX6fuPWSf5CcK7MW7kgYWM9%2Bby4g6jmBnJFS7jsCCG54BbF%2BNsXwaA7sgZAEQ2EQed%2BaoUCY%2FB32kG%2FnT1SJqqPyuzBM7wUTbFSNhuQE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d937f95b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:44:47 GMT
age: 71821
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9459 bytes)
Hash
e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: c08f55b2-7ac6-4dec-b53c-fd3f4533f9c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpBiGoHIAMFR2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bba3-69c2c2d05e55fd745caf1dce;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:09:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w_Mb-0pBwp-pUyU2bdJ8MhrGHkk6VQgJmcGV9MfHwj_yGUMIYZkyrg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 10:48:24 GMT
age: 24804
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16038 bytes)
Hash
ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 71775
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4762 bytes)
Hash
d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: b7c0e28a-de0d-443d-8bf4-900a964bf110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uSFcMoAMF2CQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc1-7abade3a670201cf1906b79f;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gZSkafSw8cXo9AChLOTVJW7r_hHLW8kaHlA-ED2_zFJwuUk1uS3VRw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 13:29:36 GMT
age: 15132
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

discord.com/assets/220d6edab61258b8bec9.js

162.159.135.232

403 Forbidden

0 B

URL HTTP/2
discord.com/assets/220d6edab61258b8bec9.js
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/220d6edab61258b8bec9.js HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4xhwIhLexFXIeowCG%2FPPsaJfTySMZ57Qusx4xqqbcIb5B7FwUQ%2FyrnRK%2Bf3cIkSMfHlKN44OW%2FE1XwLkMC2ayaXsUjMCO1ChCqG87ZEinm2%2FJmh6n3j1ivLiup2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d937f96b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

discord.com/assets/00a0131a221e58790dd0.js

162.159.135.232

403 Forbidden

0 B

URL HTTP/2
discord.com/assets/00a0131a221e58790dd0.js
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/00a0131a221e58790dd0.js HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R4xDwNRIcmdjFWE92fwvYWkVujiURWGFVN9SlRhTLgg5ZxWhZGAbUAcRazpUrWQmrjf2Oo5F4bZrAWo7koa4Yh0jmk2Mua3DWLVoKFPsoiNLmLDpUp0jMBcO%2FuJX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d937f91b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

discord.com/assets/41b19499e43362e694db.js

162.159.135.232

403 Forbidden

0 B

URL HTTP/2
discord.com/assets/41b19499e43362e694db.js
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/41b19499e43362e694db.js HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7Rnmi7KAj9rWDF9vj9YsjKrJN%2BhQ%2BHIzHgeyknoPpBbyY9Z1WZKwgJUnAg%2F0yUTvIBGaLwyAROaJzbuVp%2BRBxVdzL5SON8p3OIWEkJ08070HXEmK2AcqfuYo1Fu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d937f94b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

discord.com/assets/91a561ed8fe1c491df40.js

162.159.135.232

403 Forbidden

0 B

URL HTTP/2
discord.com/assets/91a561ed8fe1c491df40.js
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/91a561ed8fe1c491df40.js HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqD1ImcWHwYQJZzNs8ndZyMRoICvYWlck4VS4%2FgVXqR1Hyn5DkTdWNbnCO%2BHYwEWG%2BfN4eL%2BlMEc6HHyDgHnZKwWZWEqIX1IgjmXXc1K0%2Bper9cbuuzvlkwygEli"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d939fc1b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

discord.com/assets/5c9406522a805df295db.js

162.159.135.232

403 Forbidden

0 B

URL HTTP/2
discord.com/assets/5c9406522a805df295db.js
IP
162.159.135.232:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/5c9406522a805df295db.js HTTP/1.1
Host: discord.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lJgU1IFVFL13XmqtuPslD5MjEFqWnJLcNsC79HWVZNQOAA4SCSWjqgS647uomnbxL7M8cVXKPPvX9QwrAQLCOfzIAJLK%2FR9PgiRwRK1REjmCK9XORPz0DXFVTAU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 772d9d939fc6b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/880449376957390941/880495556596744252/779a770c34fcb823a598a7277301adaf.png

162.159.134.233

403 Forbidden

0 B

URL HTTP/2
cdn.discordapp.com/attachments/880449376957390941/880495556596744252/779a770c34fcb823a598a7277301adaf.png
IP
162.159.134.233:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /attachments/880449376957390941/880495556596744252/779a770c34fcb823a598a7277301adaf.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gifltdilscorsw.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: application/xml; charset=UTF-8
cf-ray: 772d9d92eaea0b59-OSL
cache-control: private, max-age=0
content-disposition: attachment
expires: Thu, 01 Dec 2022 17:41:46 GMT
vary: Accept-Encoding
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-guploader-uploadid: ADPycdsAW-ODwjnwV4UtMQvxCb9SmIoCVT6_Zuj9H23JOdSauNt37bGyV8v2Uhhrb9obhOuLZz0anQ9AlYEoUxiWjE_M8A
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7uERvq4f%2FCzhyhea1sQi1B0n59365tFh7egefYPdprYEgDrRpYnfhnmXmaQz%2F7eAVTMxgZnoNUZ%2Byo5yngQXa1inSaa8PqFeicktxPzrPvy7lHJe%2BomiiGsh9%2Bp9yw8p3UDGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

gifltdilscorsw.com/4afl/login/

185.149.120.71

200 OK

0 B

URL HTTP/2
gifltdilscorsw.com/4afl/login/
IP
185.149.120.71:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /4afl/login/ HTTP/1.1
Host: gifltdilscorsw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gifltdilscorsw.com/LT
Connection: keep-alive
Cookie: __ddg1_=ICdXrwlMUhWKDJXBm0ZR; session=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsaW5rSUQiOjcwOTM3LCJvd25lciI6ODIyLCJkb21haW5JRCI6MTMwMDgsImRvbWFpbiI6ImdpZmx0ZGlsc2NvcnN3LmNvbSIsInBhdGgiOiJMVCIsInJlYWxJcCI6IjkxLjkwLjQyLjE1NCIsImlhdCI6MTY2OTkxNjUwNX0.l1nPo0RpANQCf8MSNTl_qdW8PH3BDCTF0VeMUP3Ua_s
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Thu, 01 Dec 2022 17:41:46 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
etag: W/"ccd8-UuyFAbJ/SIgoQvxhitsBXSj7/o8"
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (54)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size