Report - employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2

Report Overview

Submitted URL
employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2
IP
45.33.20.235
ASN
#63949 Linode, LLC
Submitted
2023-03-29 16:52:26
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T18:24:36Z	413 B	5.9 kB	34.160.144.191
employeepaperless.com	unknown	2015-11-18T03:49:25Z	2023-03-29T18:52:09Z	3.1 kB	24 kB	45.33.30.197
partner.googleadservices.com	798	2012-10-03T03:04:21Z	2023-03-29T18:12:45Z	485 B	794 B	216.58.207.226
www42.employeepaperless.com	unknown	2023-01-09T17:51:26Z	2023-01-09T17:51:26Z	1.2 kB	4.9 kB	35.186.238.101
img1.wsimg.com	9893	2012-06-20T16:42:31Z	2023-03-29T20:51:58Z	1.2 kB	201 kB	95.101.10.131
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-29T18:12:02Z	2.4 kB	4.2 kB	142.250.74.131
afs.googleusercontent.com	12123	2013-05-06T21:11:00Z	2023-03-29T18:29:48Z	885 B	56 kB	142.250.74.97
api.aws.parking.godaddy.com	36127	2020-03-23T22:33:37Z	2023-03-29T15:58:03Z	2.2 kB	3.5 kB	18.235.167.98
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T22:30:19Z	3.2 kB	54 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T18:12:03Z	3.0 kB	8.0 kB	23.36.77.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T18:13:46Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T18:37:20Z	606 B	238 B	34.117.65.55
ocsp.godaddy.com	698	2012-05-20T21:28:57Z	2023-03-29T18:14:34Z	340 B	2.3 kB	192.124.249.22
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T18:14:38Z	782 B	2.4 kB	35.241.9.150
www.google.com	7	2015-05-10T13:11:19Z	2023-03-29T23:33:41Z	389 B	56 kB	216.58.207.228
postback.trafficmotor.com	96726	2019-11-09T14:35:40Z	2023-03-29T12:52:46Z	982 B	644 B	45.79.38.145

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-29	medium	employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2	Malware
2023-03-29	medium	www42.employeepaperless.com/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	www42.employeepaperless.com/	14 B	2023-03-13	2023-10-27
Pretty URL www42.employeepaperless.com/ IP 35.186.238.101 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 23:06:48 Last Seen2023-10-27 14:34:41 Times Seen5037 Hash 61efebe7a2e2a748a9733d120e9a6e8f db96a95f1a5e8bfd9b8d24b0e48f063162f38602 cc8e37cc21d25c3b205d6218eeb41c3728cbcdb0c430402d66e6114b8645d2aa Loading...

	img1.wsimg.com/parking-lander/static/js/main.727544c3.chunk.js	5.0 kB	2023-03-13	2023-04-26
Pretty URL img1.wsimg.com/parking-lander/static/js/main.727544c3.chunk.js IP 95.101.10.131 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 23:06:48 Last Seen2023-04-26 22:15:13 Times Seen6624 Hash 5fdf5d5d4c43969c55a42e692b95b2c9 519f1b7eaf76225c158147a13c06f16415d6e58e a71d4333476d9de0eb823e8f8a8c89d9a57f149661a8723b539e010b84d08708 Loading...

	employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2	295 B	2023-03-12	2023-04-17
Pretty URL employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2 IP 45.33.30.197 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:33:38 Last Seen2023-04-17 10:54:20 Times Seen995 Hash 55d924c46ca242980c8747a74666a082 6b4b5690848f934e34660ae22e61699ca0baf731 cb76393cfbb49fafe6d4bab97eca2cdfc435132b387247d2eb972e8acb5d8803 Loading...

	img1.wsimg.com/parking-lander/static/js/1.3fa140ef.chunk.js	271 kB	2023-03-13	2023-04-26
Pretty URL img1.wsimg.com/parking-lander/static/js/1.3fa140ef.chunk.js IP 95.101.10.131 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 23:20:11 Last Seen2023-04-26 22:15:13 Times Seen5287 Hash 06166eb9b942e7c63d8ee1eba5b3de68 26bb2d87cd0a7f132cffeabfffe2c233543c452a e78594877ba5c99a27233b27d5b843c7bd83d5ec16f675a8f39291d419136142 Loading...

	www.google.com/afs/ads?adsafe=low&adtest=off&psid=9841729664&pcsa=false&channel=08233&domain_name=employeepaperless.com&client=dp-namemedia08_3ph&r=m&rpbu=http%3A%2F%2Fwww42.employeepaperless.com%2F&type=3&uiopt=true&swp=as-drid-2936449213187913&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=5751680108761654&num=0&output=afd_ads&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1680108761655&u_w=1280&u_h=1024&biw=1268&bih=939&psw=1268&psh=939&frm=0&cl=518347065&uio=-&cont=relatedLinks&jsid=caf&jsv=518347065&rurl=http%3A%2F%2Fwww42.employeepaperless.com%2F&referer=http%3A%2F%2Femployeepaperless.com%2F&adbw=master-1%3A500	5.3 kB	2023-03-29	2023-03-29
Pretty URL www.google.com/afs/ads?adsafe=low&adtest=off&psid=9841729664&pcsa=false&channel=08233&domain_name=employeepaperless.com&client=dp-namemedia08_3ph&r=m&rpbu=http%3A%2F%2Fwww42.employeepaperless.com%2F&type=3&uiopt=true&swp=as-drid-2936449213187913&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3&nocache=5751680108761654&num=0&output=afd_ads&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1680108761655&u_w=1280&u_h=1024&biw=1268&bih=939&psw=1268&psh=939&frm=0&cl=518347065&uio=-&cont=relatedLinks&jsid=caf&jsv=518347065&rurl=http%3A%2F%2Fwww42.employeepaperless.com%2F&referer=http%3A%2F%2Femployeepaperless.com%2F&adbw=master-1%3A500 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:58:52 Last Seen2023-03-29 23:58:52 Times Seen1 Hash 25edad656b45754fb7750d8d4eb5a13a e6a5c8bd6a65635e182d46724dc4fb3d5509bfb4 e2cef2dfd126f191e2994cbc5769368aef1f8ed265dbff7589e40547dce2200c Loading...

	employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2	57 kB	2023-03-26	2023-04-05
Pretty URL employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2 IP 45.33.30.197 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:26:09 Last Seen2023-04-05 02:09:32 Times Seen564 Hash 36fb3545b5f0190993fa3889f1f5fc1a 32e227691d1859dcba3ae6715eb4387fc122e388 a563f8d3c9a4c33ae6e6e6e69872f9c2143c9280ff4c6de2f8ce8bf50aa20f20 Loading...

	www.google.com/adsense/domains/caf.js?abp=1	148 kB	2023-03-29	2023-04-03
Pretty URL www.google.com/adsense/domains/caf.js?abp=1 IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:36:43 Last Seen2023-04-03 23:55:31 Times Seen1240 Hash 0c5b4721e6541e3bc709392e548a5de6 65c656511fa7f56bd0637d222ae061a27f06bc0c df656d0490300ae7f9ed9c6a7f4664d7d202f0e048108a9e93445363de65f6b2 Loading...

	www42.employeepaperless.com/	25 B	2023-03-07	2023-04-05
Pretty URL www42.employeepaperless.com/ IP 35.186.238.101 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2023-04-05 02:09:32 Times Seen1220 Hash 396983b43a97ac40197e7d22399b707b 9c54ff4c30658fd6a7e94eaaae5072b3ed2ec1dc de4e0ef840a4a74223bb4637d128d0fd8894ac9f95bf604576e8c5280c768442 Loading...

	www42.employeepaperless.com/px.js?ch=1&abp=1	476 B	2023-03-13	2024-04-28
Pretty URL www42.employeepaperless.com/px.js?ch=1&abp=1 IP 35.186.238.101 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:28:57 Last Seen2024-04-28 09:23:39 Times Seen80003 Hash d2183968f9080b37babfeba3ccf10df2 24b9cf589ee6789e567fac3ae5acfc25826d00c6 4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc Loading...

	www42.employeepaperless.com/	1.6 kB	2023-03-13	2023-07-20
Pretty URL www42.employeepaperless.com/ IP 35.186.238.101 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:28:57 Last Seen2023-07-20 02:49:41 Times Seen4390 Hash c8041b2772880cdeb213f9ea29a01b7e f7e83ea582cc2ab250a4a0379475a95578db4896 c187e78df010dddf9087e827839f182af174eece8c4bf7ad7ab8359c3b0d1e16 Loading...

	unknown	0 B	2023-03-07	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 00:24:02 Times Seen37422408 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	partner.googleadservices.com/gampad/cookie.js?domain=www42.employeepaperless.com&client=dp-namemedia08_3ph&product=SAS&callback=__sasCookie	382 B	2023-03-29	2023-03-29
Pretty URL partner.googleadservices.com/gampad/cookie.js?domain=www42.employeepaperless.com&client=dp-namemedia08_3ph&product=SAS&callback=__sasCookie IP 216.58.207.226 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:58:52 Last Seen2023-03-29 23:58:52 Times Seen1 Hash f90f67663bc61ea0476418b441bde31c 3e530670b4f8a610a88bdf29981898e5e7e3de3c aca22ff6578cb5b3c950ce4cd180927d048149669c273caa9ab3a0ad54dde686 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-03-29	2023-04-03
Pretty URL www.google.com/adsense/domains/caf.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:38:33 Last Seen2023-04-03 23:55:15 Times Seen929 Hash 6591a1e094c342158029459910e325de 19f03675eb2895d61a73835787fe28d67e0c562e f1ab77d9666a40ec601258f5c73cf3c25914f576913ebd860197be89f5c00087 Loading...

	employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2	2.1 kB	2023-03-29	2023-03-29
Pretty URL employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2 IP 45.33.30.197 ASN #63949 Linode, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:58:52 Last Seen2023-03-29 23:58:52 Times Seen1 Hash d438851a15c76944d6a1310b5bbd04f6 21684e29636eb22a10426293278c43a4642dbf77 97d6dc16d8c9e602157e437b054a149151ff1f2ee806ec9cddb8132fc05e2f5b Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13524
Expires: Wed, 29 Mar 2023 20:37:39 GMT
Date: Wed, 29 Mar 2023 16:52:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2700
Expires: Wed, 29 Mar 2023 17:37:15 GMT
Date: Wed, 29 Mar 2023 16:52:15 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Retry-After, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 16:28:10 GMT
content-type: application/json
age: 1445
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5ad3eec59bebbf969f175627757507c1
b176af3a70db378c9e1f219bab24d9d446070d6f
704fa284035b4c9aa487331b516f5f11c324e204756ae2503bad2606ed34f25e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "704FA284035B4C9AA487331B516F5F11C324E204756AE2503BAD2606ED34F25E"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9603
Expires: Wed, 29 Mar 2023 19:32:19 GMT
Date: Wed, 29 Mar 2023 16:52:16 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: nRaKQVvl+Y0HQGQT6avnfiwDoziYmFpFJewrWnAXspmNVfy2c0y83Ud5xn83R8jAUz3O64O0648pRtalOFNnJA==
x-amz-request-id: PVP6QVQYPBCGNGVV
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 16:02:34 GMT
age: 2982
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 16:52:16 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae064c74a3769d42109473ad05d56fb9
d48029ab8568cee6ab7416d3b476ed792d780a56
9852216f395a42f7b4792e852f9f9fa83e07d917a979237d5d7406a1d74edc4f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9852216F395A42F7B4792E852F9F9FA83E07D917A979237D5D7406A1D74EDC4F"
Last-Modified: Wed, 29 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17517
Expires: Wed, 29 Mar 2023 21:44:13 GMT
Date: Wed, 29 Mar 2023 16:52:16 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Backoff, Cache-Control, Last-Modified, Content-Length, Retry-After, Pragma, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 16:14:36 GMT
age: 2260
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cUNocNsNGON3jCqTOFpDPA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pOEOfZQk8t2+KyUDjU7vmeo0ybA=
Date: Wed, 29 Mar 2023 16:52:16 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2

45.33.30.197

200 OK

23 kB

URL HTTP/1.1
employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2
IP
45.33.30.197:0
ASN
#63949 Linode, LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (57175)
Size
23 kB (23043 bytes)
Hash
af1584b94b50ef1b5284a4e4ede3865d
681913ccb61d755f4ca14ea0d419a48fed5cc24b
5ebcc9c63487dd35f26232e0fa48c862dde61a8b3603cfcbf0818f2a95f17fad

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2 HTTP/1.1
Host: employeepaperless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 29 Mar 2023 16:52:16 GMT
content-type: text/html
transfer-encoding: chunked
content-encoding: gzip
connection: close

employeepaperless.com/mtm/direct/%E6%94%AE%E7%A1%8A%E7%A4%B1%E4%95%AB%E4%85%8B%E4%95%AA%E6%A1%8D%E4%9D%A5%E5%A8%B7%E6%B5%84%E6%A5%97%E7%8D%95%E3%A1%A4%E7%9D%93%E5%8D%93%E5%8D%B2%E6%91%86%E7%89%A8%E4%8D%94%E3%8D%82%E7%95%85%E7%91%B8%E4%8D%A4%E3%9D%B5%E3%A4%AD%E6%A5%9F%E3%A1%A5%E4%85%8E%E4%8D%8D%E4%85%B9%E4%A5%85%E3%85%8C%E5%90%B1%E5%BD%B9%E4%AD%AC%E7%95%B9%E6%A9%B2%E5%84%B2%E4%8D%AD%E4%A9%B9%E4%AD%98%E3%85%97%E4%99%AA%E4%B1%A8%E7%9D%97%E3%8D%B2%E7%8D%90%E5%9D%96%E7%85%88%E5%9D%98%E7%88%B7%E5%91%86%E3%99%9A%E3%A5%94%E4%B5%84%E4%AD%A2%E4%85%99%E4%B8%AD%E6%B5%A8%E7%A5%8B%E5%85%97%E4%A5%83%E5%89%AC%E4%B0%B7%E5%99%A3%E7%A5%A8%E5%A9%A6%E6%91%BA%E3%8C%AD%E7%80%B1%E3%A5%8F%E4%B9%9F%E5%80%AD%E5%A5%AF%E7%81%8A%E3%A0%B2%E3%91%A4%E5%95%90%E4%91%87%E7%8D%A7%E6%90%B7%E3%A9%B7%E7%80%B1%E3%95%86%E4%8D%81%E5%A0%BA%E6%B1%B3%E4%A8%B4%E6%85%89%E5%89%BA%E5%A9%8A%E7%85%85%E6%B5%94%E5%A5%88%E6%89%9A%E7%95%A4%E5%84%B5%E7%9C%B4%E6%8D%91/2?gp=1&js=1&uuid=1680108736.0082225236&other_args=eyJ1cmkiOiAiL210bS9kaXJlY3QvXHU2NTJlXHU3ODRhXHU3OTMxXHU0NTZiXHU0MTRiXHU0NTZhXHU2ODRkXHU0NzY1XHU1YTM3XHU2ZDQ0XHU2OTU3XHU3MzU1XHUzODY0XHU3NzUzXHU1MzUzXHU1MzcyXHU2NDQ2XHU3MjY4XHU0MzU0XHUzMzQyXHU3NTQ1XHU3NDc4XHU0MzY0XHUzNzc1XHUzOTJkXHU2OTVmXHUzODY1XHU0MTRlXHU0MzRkXHU0MTc5XHU0OTQ1XHUzMTRjXHU1NDMxXHU1Zjc5XHU0YjZjXHU3NTc5XHU2YTcyXHU1MTMyXHU0MzZkXHU0YTc5XHU0YjU4XHUzMTU3XHU0NjZhXHU0YzY4XHU3NzU3XHUzMzcyXHU3MzUwXHU1NzU2XHU3MTQ4XHU1NzU4XHU3MjM3XHU1NDQ2XHUzNjVhXHUzOTU0XHU0ZDQ0XHU0YjYyXHU0MTU5XHU0ZTJkXHU2ZDY4XHU3OTRiXHU1MTU3XHU0OTQzXHU1MjZjXHU0YzM3XHU1NjYzXHU3OTY4XHU1YTY2XHU2NDdhXHUzMzJkXHU3MDMxXHUzOTRmXHU0ZTVmXHU1MDJkXHU1OTZmXHU3MDRhXHUzODMyXHUzNDY0XHU1NTUwXHU0NDQ3XHU3MzY3XHU2NDM3XHUzYTc3XHU3MDMxXHUzNTQ2XHU0MzQxXHU1ODNhXHU2YzczXHU0YTM0XHU2MTQ5XHU1MjdhXHU1YTRhXHU3MTQ1XHU2ZDU0XHU1OTQ4XHU2MjVhXHU3NTY0XHU1MTM1XHU3NzM0XHU2MzUxLzIiLCAiYXJncyI6ICIiLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgifQ==

45.33.30.197

302 Found

0 B

URL HTTP/1.1
employeepaperless.com/mtm/direct/%E6%94%AE%E7%A1%8A%E7%A4%B1%E4%95%AB%E4%85%8B%E4%95%AA%E6%A1%8D%E4%9D%A5%E5%A8%B7%E6%B5%84%E6%A5%97%E7%8D%95%E3%A1%A4%E7%9D%93%E5%8D%93%E5%8D%B2%E6%91%86%E7%89%A8%E4%8D%94%E3%8D%82%E7%95%85%E7%91%B8%E4%8D%A4%E3%9D%B5%E3%A4%AD%E6%A5%9F%E3%A1%A5%E4%85%8E%E4%8D%8D%E4%85%B9%E4%A5%85%E3%85%8C%E5%90%B1%E5%BD%B9%E4%AD%AC%E7%95%B9%E6%A9%B2%E5%84%B2%E4%8D%AD%E4%A9%B9%E4%AD%98%E3%85%97%E4%99%AA%E4%B1%A8%E7%9D%97%E3%8D%B2%E7%8D%90%E5%9D%96%E7%85%88%E5%9D%98%E7%88%B7%E5%91%86%E3%99%9A%E3%A5%94%E4%B5%84%E4%AD%A2%E4%85%99%E4%B8%AD%E6%B5%A8%E7%A5%8B%E5%85%97%E4%A5%83%E5%89%AC%E4%B0%B7%E5%99%A3%E7%A5%A8%E5%A9%A6%E6%91%BA%E3%8C%AD%E7%80%B1%E3%A5%8F%E4%B9%9F%E5%80%AD%E5%A5%AF%E7%81%8A%E3%A0%B2%E3%91%A4%E5%95%90%E4%91%87%E7%8D%A7%E6%90%B7%E3%A9%B7%E7%80%B1%E3%95%86%E4%8D%81%E5%A0%BA%E6%B1%B3%E4%A8%B4%E6%85%89%E5%89%BA%E5%A9%8A%E7%85%85%E6%B5%94%E5%A5%88%E6%89%9A%E7%95%A4%E5%84%B5%E7%9C%B4%E6%8D%91/2?gp=1&js=1&uuid=1680108736.0082225236&other_args=eyJ1cmkiOiAiL210bS9kaXJlY3QvXHU2NTJlXHU3ODRhXHU3OTMxXHU0NTZiXHU0MTRiXHU0NTZhXHU2ODRkXHU0NzY1XHU1YTM3XHU2ZDQ0XHU2OTU3XHU3MzU1XHUzODY0XHU3NzUzXHU1MzUzXHU1MzcyXHU2NDQ2XHU3MjY4XHU0MzU0XHUzMzQyXHU3NTQ1XHU3NDc4XHU0MzY0XHUzNzc1XHUzOTJkXHU2OTVmXHUzODY1XHU0MTRlXHU0MzRkXHU0MTc5XHU0OTQ1XHUzMTRjXHU1NDMxXHU1Zjc5XHU0YjZjXHU3NTc5XHU2YTcyXHU1MTMyXHU0MzZkXHU0YTc5XHU0YjU4XHUzMTU3XHU0NjZhXHU0YzY4XHU3NzU3XHUzMzcyXHU3MzUwXHU1NzU2XHU3MTQ4XHU1NzU4XHU3MjM3XHU1NDQ2XHUzNjVhXHUzOTU0XHU0ZDQ0XHU0YjYyXHU0MTU5XHU0ZTJkXHU2ZDY4XHU3OTRiXHU1MTU3XHU0OTQzXHU1MjZjXHU0YzM3XHU1NjYzXHU3OTY4XHU1YTY2XHU2NDdhXHUzMzJkXHU3MDMxXHUzOTRmXHU0ZTVmXHU1MDJkXHU1OTZmXHU3MDRhXHUzODMyXHUzNDY0XHU1NTUwXHU0NDQ3XHU3MzY3XHU2NDM3XHUzYTc3XHU3MDMxXHUzNTQ2XHU0MzQxXHU1ODNhXHU2YzczXHU0YTM0XHU2MTQ5XHU1MjdhXHU1YTRhXHU3MTQ1XHU2ZDU0XHU1OTQ4XHU2MjVhXHU3NTY0XHU1MTM1XHU3NzM0XHU2MzUxLzIiLCAiYXJncyI6ICIiLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgifQ==
IP
45.33.30.197:0
ASN
#63949 Linode, LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mtm/direct/%E6%94%AE%E7%A1%8A%E7%A4%B1%E4%95%AB%E4%85%8B%E4%95%AA%E6%A1%8D%E4%9D%A5%E5%A8%B7%E6%B5%84%E6%A5%97%E7%8D%95%E3%A1%A4%E7%9D%93%E5%8D%93%E5%8D%B2%E6%91%86%E7%89%A8%E4%8D%94%E3%8D%82%E7%95%85%E7%91%B8%E4%8D%A4%E3%9D%B5%E3%A4%AD%E6%A5%9F%E3%A1%A5%E4%85%8E%E4%8D%8D%E4%85%B9%E4%A5%85%E3%85%8C%E5%90%B1%E5%BD%B9%E4%AD%AC%E7%95%B9%E6%A9%B2%E5%84%B2%E4%8D%AD%E4%A9%B9%E4%AD%98%E3%85%97%E4%99%AA%E4%B1%A8%E7%9D%97%E3%8D%B2%E7%8D%90%E5%9D%96%E7%85%88%E5%9D%98%E7%88%B7%E5%91%86%E3%99%9A%E3%A5%94%E4%B5%84%E4%AD%A2%E4%85%99%E4%B8%AD%E6%B5%A8%E7%A5%8B%E5%85%97%E4%A5%83%E5%89%AC%E4%B0%B7%E5%99%A3%E7%A5%A8%E5%A9%A6%E6%91%BA%E3%8C%AD%E7%80%B1%E3%A5%8F%E4%B9%9F%E5%80%AD%E5%A5%AF%E7%81%8A%E3%A0%B2%E3%91%A4%E5%95%90%E4%91%87%E7%8D%A7%E6%90%B7%E3%A9%B7%E7%80%B1%E3%95%86%E4%8D%81%E5%A0%BA%E6%B1%B3%E4%A8%B4%E6%85%89%E5%89%BA%E5%A9%8A%E7%85%85%E6%B5%94%E5%A5%88%E6%89%9A%E7%95%A4%E5%84%B5%E7%9C%B4%E6%8D%91/2?gp=1&js=1&uuid=1680108736.0082225236&other_args=eyJ1cmkiOiAiL210bS9kaXJlY3QvXHU2NTJlXHU3ODRhXHU3OTMxXHU0NTZiXHU0MTRiXHU0NTZhXHU2ODRkXHU0NzY1XHU1YTM3XHU2ZDQ0XHU2OTU3XHU3MzU1XHUzODY0XHU3NzUzXHU1MzUzXHU1MzcyXHU2NDQ2XHU3MjY4XHU0MzU0XHUzMzQyXHU3NTQ1XHU3NDc4XHU0MzY0XHUzNzc1XHUzOTJkXHU2OTVmXHUzODY1XHU0MTRlXHU0MzRkXHU0MTc5XHU0OTQ1XHUzMTRjXHU1NDMxXHU1Zjc5XHU0YjZjXHU3NTc5XHU2YTcyXHU1MTMyXHU0MzZkXHU0YTc5XHU0YjU4XHUzMTU3XHU0NjZhXHU0YzY4XHU3NzU3XHUzMzcyXHU3MzUwXHU1NzU2XHU3MTQ4XHU1NzU4XHU3MjM3XHU1NDQ2XHUzNjVhXHUzOTU0XHU0ZDQ0XHU0YjYyXHU0MTU5XHU0ZTJkXHU2ZDY4XHU3OTRiXHU1MTU3XHU0OTQzXHU1MjZjXHU0YzM3XHU1NjYzXHU3OTY4XHU1YTY2XHU2NDdhXHUzMzJkXHU3MDMxXHUzOTRmXHU0ZTVmXHU1MDJkXHU1OTZmXHU3MDRhXHUzODMyXHUzNDY0XHU1NTUwXHU0NDQ3XHU3MzY3XHU2NDM3XHUzYTc3XHU3MDMxXHUzNTQ2XHU0MzQxXHU1ODNhXHU2YzczXHU0YTM0XHU2MTQ5XHU1MjdhXHU1YTRhXHU3MTQ1XHU2ZDU0XHU1OTQ4XHU2MjVhXHU3NTY0XHU1MTM1XHU3NzM0XHU2MzUxLzIiLCAiYXJncyI6ICIiLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCwqLyo7cT0wLjgifQ== HTTP/1.1
Host: employeepaperless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://employeepaperless.com/mtm/direct/.eJx1ykEKAjEMheG7ZDmWiUsd8SwSSrSFdhrTCB3EuxtdCu7-9_ie8NAMCyAEIL11Ty_lKyurj2QmCyJXKW1jFhLWwr3PsVWHqXW7rFTZ6T9DMbKYA-NhmKyWQCIlR7LcVhyfZzd-31pO9_N-PoYJp28d4PUGDgs7dw:1pF5AC:Xsl4JIazRJZEqTmHYZbdu5Q4wQc/2
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
server: openresty/1.13.6.1
date: Wed, 29 Mar 2023 16:52:16 GMT
content-type: text/html; charset=utf-8
content-length: 0
location: http://www42.employeepaperless.com
vary: Accept-Language
content-language: en
connection: close

www42.employeepaperless.com/

35.186.238.101

200 OK

2.8 kB

URL HTTP/1.1
www42.employeepaperless.com/
IP
35.186.238.101:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2830), with no line terminators
Size
2.8 kB (2830 bytes)
Hash
6cfbffcfabf6c7813aadd15f3870ead4
55afaa49568d6f3278a388d96b8672ccbcb1ae70
1b1252c0c6fe647290b76cb491806bc26f1083f7e3ae8962fc7cf1886b71d313

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: www42.employeepaperless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://employeepaperless.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 29 Mar 2023 16:52:17 GMT
Content-Type: text/html
Content-Length: 2830
Last-Modified: Tue, 14 Feb 2023 15:45:25 GMT
ETag: "63ebac95-b0e"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_GaVy05FNwXwoI6ItUhLwNAcRZiHGANW8PDWDtW0K+vDe+2RReEMds3AmdjmUTYhoZCkwCXreOUM3g2qOJfN5eQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google

img1.wsimg.com/parking-lander/static/js/main.727544c3.chunk.js

95.101.10.131

200 OK

1.8 kB

URL HTTP/2
img1.wsimg.com/parking-lander/static/js/main.727544c3.chunk.js
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (4918)
Size
1.8 kB (1827 bytes)
Hash
4765833f8aa1de1e75804851ab0449f3
b56fc269f045d73338c8dd55f638aa633de28e7d
c42908523310021f78e7a1c65746224723cda12e89730b0efeb24430b84dac1c

HTTP Headers

GET /parking-lander/static/js/main.727544c3.chunk.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www42.employeepaperless.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: gHF1Yvo8/cxTyoQC84dmlVS5mf9KoU9UOio8fKGM04b6tT3hHeepKPJbI0nnYbEqKsKoE1CDzJI=
x-amz-request-id: KYVXY6SA6XMQKW2X
last-modified: Tue, 14 Feb 2023 15:44:39 GMT
etag: "5fdf5d5d4c43969c55a42e692b95b2c9"
x-amz-server-side-encryption: AES256
x-amz-version-id: K0T3Ca3fAhPnHOiGo0Ai9_inM.KjDWrk
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
content-length: 1827
cache-control: max-age=31536000
expires: Thu, 28 Mar 2024 16:52:17 GMT
date: Wed, 29 Mar 2023 16:52:17 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/parking-lander/static/js/0.40743286.chunk.js

95.101.10.131

200 OK

140 kB

URL HTTP/2
img1.wsimg.com/parking-lander/static/js/0.40743286.chunk.js
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65462)
Size
140 kB (139862 bytes)
Hash
86e3cfb33222003b0db28f9a3dd97c0b
be2be171a4e55332472ee32fd73f5a1b5dcb952f
24f9d9e26c29c25042fe573f938d08afd365f83a1f5e32853c26d2f72df65411

HTTP Headers

GET /parking-lander/static/js/0.40743286.chunk.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www42.employeepaperless.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Yjp2p5icxHsMOxSknZnibrWHAIi8aWv8v3sWFfa3zMa2WGtY4YthIzDk/XN1vRuZ2P5UiteClEM=
x-amz-request-id: KYVS66V07FS8XKWK
last-modified: Tue, 14 Feb 2023 15:44:39 GMT
etag: "b068012e619429e22f89192c5175a1e0"
x-amz-server-side-encryption: AES256
x-amz-version-id: gYg2nrvw6dt8CWezF3ZJ_Af3PN3NBmJj
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
content-length: 139862
cache-control: max-age=31536000
expires: Thu, 28 Mar 2024 16:52:17 GMT
date: Wed, 29 Mar 2023 16:52:17 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/parking-lander/static/js/1.3fa140ef.chunk.js

95.101.10.131

200 OK

57 kB

URL HTTP/2
img1.wsimg.com/parking-lander/static/js/1.3fa140ef.chunk.js
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
57 kB (57353 bytes)
Hash
b1a9331d6c0e8a1b66863c6ca8477641
90dfe8b3d4571613ed3e04e53d2503d58684dc03
d21e9a17b3f1a8d15dff4aee534040b740009c16ef74c4185eb151ca52ba1c66

HTTP Headers

GET /parking-lander/static/js/1.3fa140ef.chunk.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www42.employeepaperless.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: HW0NHA3Albod6oFCRnw2R42BhD1x+OewPFFE7QMmup1HaYjfgVsTJtbd4VgddMdlqCfwsn5eH/jSfMC4T/NyNw==
x-amz-request-id: KYVREEGDGP4XS8VQ
last-modified: Tue, 14 Feb 2023 15:44:40 GMT
etag: "06166eb9b942e7c63d8ee1eba5b3de68"
x-amz-server-side-encryption: AES256
x-amz-version-id: Qm3JNw36qGFoIyTVwvXuxJRglKzwn3oO
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
content-length: 57353
cache-control: max-age=31536000
expires: Thu, 28 Mar 2024 16:52:17 GMT
date: Wed, 29 Mar 2023 16:52:17 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

www42.employeepaperless.com/px.js?ch=1&abp=1

35.186.238.101

200 OK

476 B

URL HTTP/1.1
www42.employeepaperless.com/px.js?ch=1&abp=1
IP
35.186.238.101:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
476 B (476 bytes)
Hash
d2183968f9080b37babfeba3ccf10df2
24b9cf589ee6789e567fac3ae5acfc25826d00c6
4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

HTTP Headers

GET /px.js?ch=1&abp=1 HTTP/1.1
Host: www42.employeepaperless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www42.employeepaperless.com/
Cookie: caf_ipaddr=91.90.42.154; country=NO; city=""; expiry_partner=

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 29 Mar 2023 16:52:17 GMT
Content-Type: application/javascript
Content-Length: 476
Last-Modified: Tue, 14 Feb 2023 15:45:53 GMT
ETag: "63ebacb1-1dc"
Accept-Ranges: bytes
Via: 1.1 google

www42.employeepaperless.com/px.js?ch=2&abp=1

35.186.238.101

200 OK

476 B

URL HTTP/1.1
www42.employeepaperless.com/px.js?ch=2&abp=1
IP
35.186.238.101:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
476 B (476 bytes)
Hash
d2183968f9080b37babfeba3ccf10df2
24b9cf589ee6789e567fac3ae5acfc25826d00c6
4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

HTTP Headers

GET /px.js?ch=2&abp=1 HTTP/1.1
Host: www42.employeepaperless.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www42.employeepaperless.com/
Cookie: caf_ipaddr=91.90.42.154; country=NO; city=""; expiry_partner=

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 29 Mar 2023 16:52:17 GMT
Content-Type: application/javascript
Content-Length: 476
Last-Modified: Tue, 14 Feb 2023 15:45:53 GMT
ETag: "63ebacb1-1dc"
Accept-Ranges: bytes
Via: 1.1 google

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
dc0cf0275c44e5495e8f323c00b9d588
f7f19e521a439f85915f7582797a060629b879c6
abc856a823e0d89a87f6a4d3b2a48f5dcb99cdd94ce5d3b8cb8d51e665a74c4e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 16:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
1872835304b6285f4ddd3209179b78c0
cf4800abdfd7698f002664424bc01dab24d5301b
ba99a3afdabcc437962a81ed5d16d2de73db59d43837e5b9342d2d5cad62e6ee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 29 Mar 2023 16:52:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 28 Mar 2023 20:51:52 GMT
Expires: Wed, 29 Mar 2023 20:51:52 GMT
ETag: "cf4800abdfd7698f002664424bc01dab24d5301b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

www.google.com/adsense/domains/caf.js?abp=1

216.58.207.228

200 OK

56 kB

URL HTTP/2
www.google.com/adsense/domains/caf.js?abp=1
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
data
Size
56 kB (55706 bytes)
Hash
ea2950fa7b1125e5d12dc86a29284a76
7679281252616bf2231e46202826472475607955
5f8b716d72a992c32bcd5d8a1a36d50d8d251f3af4fb99d40a1472cd67965db8

HTTP Headers

GET /adsense/domains/caf.js?abp=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www42.employeepaperless.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 29 Mar 2023 16:52:17 GMT
expires: Wed, 29 Mar 2023 16:52:17 GMT
cache-control: private, max-age=3600
etag: "15648507436981654811"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.aws.parking.godaddy.com/v1/domains/domain?domain=www42.employeepaperless.com&portfolioId=&abp=1

18.235.167.98

200 OK

0 B

URL HTTP/2
api.aws.parking.godaddy.com/v1/domains/domain?domain=www42.employeepaperless.com&portfolioId=&abp=1
IP
18.235.167.98:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /v1/domains/domain?domain=www42.employeepaperless.com&portfolioId=&abp=1 HTTP/1.1
Host: api.aws.parking.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-request-id
Referer: http://www42.employeepaperless.com/
Origin: http://www42.employeepaperless.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 29 Mar 2023 16:52:17 GMT
content-length: 0
set-cookie: AWSALB=WeD0SPHuySJOGKd4o8sWPrlccLyXDN9oA6CcOYe6D0lKd2D/gBEYG1a1Pcr9XiEeCnD0EpOqqXyqHB283YfUQEAITyK/5QbJSQVV7vJvsP+pSINcuv0sRGFLAv4N; Expires=Wed, 05 Apr 2023 16:52:17 GMT; Path=/
AWSALBCORS=WeD0SPHuySJOGKd4o8sWPrlccLyXDN9oA6CcOYe6D0lKd2D/gBEYG1a1Pcr9XiEeCnD0EpOqqXyqHB283YfUQEAITyK/5QbJSQVV7vJvsP+pSINcuv0sRGFLAv4N; Expires=Wed, 05 Apr 2023 16:52:17 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: X-Request-Id
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: http://www42.employeepaperless.com
access-control-max-age: 600
x-request-id: 7GpBjC9X
X-Firefox-Spdy: h2

api.aws.parking.godaddy.com/v1/domains/domain?domain=www42.employeepaperless.com&portfolioId=&abp=1

18.235.167.98

200 OK

839 B

URL HTTP/2
api.aws.parking.godaddy.com/v1/domains/domain?domain=www42.employeepaperless.com&portfolioId=&abp=1
IP
18.235.167.98:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text, with very long lines (838)
Size
839 B (839 bytes)
Hash
70cc2f8fe698cf2324eb5f8ef9f313a6
7cf046f64542a3c88ce00feebb31cb5bea15f091
137084476776ce4375866448a79360472755cb462e547f72fc47a71cd38d65b9

HTTP Headers

GET /v1/domains/domain?domain=www42.employeepaperless.com&portfolioId=&abp=1 HTTP/1.1
Host: api.aws.parking.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www42.employeepaperless.com/
X-Request-Id: 9180755f-b799-48ea-bc03-f8be5ab45127
Origin: http://www42.employeepaperless.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 29 Mar 2023 16:52:18 GMT
content-type: application/json
content-length: 839
set-cookie: AWSALB=zkBjcLuGj79cJVIzwmzIT+LHqMsmPEudb8xq3k7WIXDaBTYtSt9u5u9gvJ84JVXLiiL+d7gk3dJG5Lvlqh9h05jydRX1nAz9V/9Iyc6d1R1fnxkC4bGCpYkdw29b; Expires=Wed, 05 Apr 2023 16:52:18 GMT; Path=/
AWSALBCORS=zkBjcLuGj79cJVIzwmzIT+LHqMsmPEudb8xq3k7WIXDaBTYtSt9u5u9gvJ84JVXLiiL+d7gk3dJG5Lvlqh9h05jydRX1nAz9V/9Iyc6d1R1fnxkC4bGCpYkdw29b; Expires=Wed, 05 Apr 2023 16:52:18 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-origin: http://www42.employeepaperless.com
access-control-max-age: 600
x-request-id: 9180755f-b799-48ea-bc03-f8be5ab45127
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980037790ada70c8073ba9a8d5cc825e
6346559da4cce00710525b8c51e5e22d0dde4693
d399e83b9fb36a722e729da0685e3bdbd744ad826f05fe8a1d62e546fc67d42f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 16:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2470
Expires: Wed, 29 Mar 2023 17:33:28 GMT
Date: Wed, 29 Mar 2023 16:52:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2470
Expires: Wed, 29 Mar 2023 17:33:28 GMT
Date: Wed, 29 Mar 2023 16:52:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2470
Expires: Wed, 29 Mar 2023 17:33:28 GMT
Date: Wed, 29 Mar 2023 16:52:18 GMT
Connection: keep-alive

partner.googleadservices.com/gampad/cookie.js?domain=www42.employeepaperless.com&client=dp-namemedia08_3ph&product=SAS&callback=__sasCookie

216.58.207.226

200 OK

247 B

URL HTTP/2
partner.googleadservices.com/gampad/cookie.js?domain=www42.employeepaperless.com&client=dp-namemedia08_3ph&product=SAS&callback=__sasCookie
IP
216.58.207.226:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (382), with no line terminators
Size
247 B (247 bytes)
Hash
69b5c0e1bbbdaa2bdbe3fe0780620edb
92145a40259c900eee7f9dd624540cddd0a8c116
86569cdf4f63ee123a1ac353c6c5c6734e4b8fae230f9cdb5488f9b23f186689

HTTP Headers

GET /gampad/cookie.js?domain=www42.employeepaperless.com&client=dp-namemedia08_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www42.employeepaperless.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 29 Mar 2023 16:52:18 GMT
server: cafe
cache-control: private
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6609d61-a455-4bc2-a81d-336103e2014f.jpeg

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6609d61-a455-4bc2-a81d-336103e2014f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6436 bytes)
Hash
bc44b850199ae52dbc7b9235276fd0fe
4e9fb59adb74ad8c012009daf21c40d14dc18053
f67756ff9dcc47eb9f2c62384c84301e053f21501e75e1d04606b2b385886a31

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6609d61-a455-4bc2-a81d-336103e2014f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6436
x-amzn-requestid: bed01179-5c55-4cfa-8bc9-55ba1eb0a2a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CbbYHHEvoAMFc_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64213f66-515d553b76a57f395134e28d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 07:01:58 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: e3DoD1qto6PeZUbVhhXy2gF-P2e0K10jhaeVLLdPDgbizByskHICUw==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 07:22:38 GMT
age: 34180
etag: "4e9fb59adb74ad8c012009daf21c40d14dc18053"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6049 bytes)
Hash
253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: -XwoHom5AT8j5yHNvfnYQ-9xIqVpsyDffwFM0d_ESJicJvL8pTcABg==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:50:28 GMT
age: 68510
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7605 bytes)
Hash
fd1bc71c7e9eed7c086d752ea8b4b992
02a74cf88501d65b3dfcceb5adc79fd93ce785ed
a9a423d347533322d4d3ba90ee5fca5ca32f8d540f744ea2621deeda46df89f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7605
x-amzn-requestid: b7628073-4eb3-4ef6-b7d0-0224e0a75601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GFPoAMFebQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-445041c74356c54053f772a1;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 2LLHDcPZsSP1XPxH7agC7FhVwQQXfrWq3CEOSz0mBTjGykXxNQIq9Q==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:56:00 GMT
age: 68178
etag: "02a74cf88501d65b3dfcceb5adc79fd93ce785ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11894 bytes)
Hash
ee9c83faa5fdb77ba988a41207800b0e
4ac4c600767de39c5134cb97f78fcb29a681ee18
9039f7232ada16ae6d8a447225a15ef949c705a6f9e7aa20b367d001cd88c94f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb43b8abf-1aec-420b-bc1c-ccfbe765332e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11894
x-amzn-requestid: 8b0857c4-1333-45b7-84de-cf3ea7a3240e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdburGzXoAMF2Cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220cc4-005cc42d48948a3e0ef56b08;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:38:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: fw1M0poEZrxuB51jVwizwBuvn_JY1jaEFXGsRor3wj-OSCfU-lUuIQ==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 22:06:08 GMT
age: 67570
etag: "4ac4c600767de39c5134cb97f78fcb29a681ee18"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8745 bytes)
Hash
ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: FHONNj6M7I5oVTKAKYspq0ZAJMYohURXs5ufSL-r--zCSdjuSvrpSA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:51:37 GMT
age: 68441
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67889522-c6ea-4b17-93f3-ac6e2b4777c1.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6722 bytes)
Hash
d0a85ec27ed4f7910e26b4ff023ab1fb
f35a6c0c18a7c25a5f644ed9bebef0d38f8c6ac0
fc31409ba6db565d4861a35ee6f74b7436eea5e5169bc1283f63cf6dfdb03764

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67889522-c6ea-4b17-93f3-ac6e2b4777c1.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: a6de82bd-5b03-4ffd-90dd-9bd03331d123
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GG2IAMFuzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-7cb1c8187fe3d2b0283fb3a0;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: y5vKgCZTlgD6ji-loyjRA9cPpJWpdR7yDH60LL0bRa1b8DtG4WsX9g==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:51:37 GMT
age: 68441
etag: "f35a6c0c18a7c25a5f644ed9bebef0d38f8c6ac0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980037790ada70c8073ba9a8d5cc825e
6346559da4cce00710525b8c51e5e22d0dde4693
d399e83b9fb36a722e729da0685e3bdbd744ad826f05fe8a1d62e546fc67d42f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 16:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
443af0b9411c9518ba61aca878cb6a56
e9c0bb70f0acf1208bef95c661cd0aac2d51e105
7cf2cfd8c4244cebb536055a42972473359b8eedc41629b4cda38b822c79eda6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 16:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2

142.250.74.97

200 OK

54 kB

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2193)
Size
54 kB (54177 bytes)
Hash
2ab3ebfb4ee97ca0876f7b1a6715c008
46034103be96dfb8ea5cc5aec6b79729826b6e88
6775174769eea2193203c4fe3f99b82325877991eb7ef6558d532b215d2acf57

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 29 Mar 2023 11:05:33 GMT
expires: Thu, 30 Mar 2023 10:05:33 GMT
cache-control: public, max-age=82800
age: 20805
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
443af0b9411c9518ba61aca878cb6a56
e9c0bb70f0acf1208bef95c661cd0aac2d51e105
7cf2cfd8c4244cebb536055a42972473359b8eedc41629b4cda38b822c79eda6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 16:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.74.97

200 OK

174 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 29 Mar 2023 10:27:21 GMT
expires: Thu, 30 Mar 2023 09:27:21 GMT
cache-control: public, max-age=82800
age: 23097
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
443af0b9411c9518ba61aca878cb6a56
e9c0bb70f0acf1208bef95c661cd0aac2d51e105
7cf2cfd8c4244cebb536055a42972473359b8eedc41629b4cda38b822c79eda6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 16:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.aws.parking.godaddy.com/v1/parkingEvents?abp=1

18.235.167.98

200 OK

0 B

URL HTTP/2
api.aws.parking.godaddy.com/v1/parkingEvents?abp=1
IP
18.235.167.98:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /v1/parkingEvents?abp=1 HTTP/1.1
Host: api.aws.parking.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://www42.employeepaperless.com/
Origin: http://www42.employeepaperless.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 29 Mar 2023 16:52:18 GMT
content-type: text/plain
content-length: 0
set-cookie: AWSALB=NMyr2MuM/AnNY2zI6E8OTOla69b+mM7+cMG5IyvN3GpNarM5McC2FzewHc84Hix/BWBoGr1wqXpRlcWhNfFytOwwP0O612V+EBbzoPQf2KwYXKaXwFHeoMTh3PjI; Expires=Wed, 05 Apr 2023 16:52:18 GMT; Path=/
AWSALBCORS=NMyr2MuM/AnNY2zI6E8OTOla69b+mM7+cMG5IyvN3GpNarM5McC2FzewHc84Hix/BWBoGr1wqXpRlcWhNfFytOwwP0O612V+EBbzoPQf2KwYXKaXwFHeoMTh3PjI; Expires=Wed, 05 Apr 2023 16:52:18 GMT; Path=/; SameSite=None; Secure
access-control-allow-methods: POST
access-control-allow-headers: content-type
access-control-allow-origin: *
X-Firefox-Spdy: h2

api.aws.parking.godaddy.com/v1/parkingEvents?abp=1

18.235.167.98

200 OK

0 B

URL HTTP/2
api.aws.parking.godaddy.com/v1/parkingEvents?abp=1
IP
18.235.167.98:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v1/parkingEvents?abp=1 HTTP/1.1
Host: api.aws.parking.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www42.employeepaperless.com/
Content-Type: application/json
Origin: http://www42.employeepaperless.com
Content-Length: 759
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 29 Mar 2023 16:52:18 GMT
content-type: text/plain
content-length: 0
set-cookie: AWSALB=Er07voVEASONCCI79JznzNwb0z2KPQOJvOXpO3E5PLyQtt258fAo7FVx8RqEXszrYPB/Wt955paY1Wcf9nQR8liVER+G75yBipMr6pU8MdHBjXfODLiTjLx29X6h; Expires=Wed, 05 Apr 2023 16:52:18 GMT; Path=/
AWSALBCORS=Er07voVEASONCCI79JznzNwb0z2KPQOJvOXpO3E5PLyQtt258fAo7FVx8RqEXszrYPB/Wt955paY1Wcf9nQR8liVER+G75yBipMr6pU8MdHBjXfODLiTjLx29X6h; Expires=Wed, 05 Apr 2023 16:52:18 GMT; Path=/; SameSite=None; Secure
access-control-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfccae4f3e65b40eb1222e188d0305c8
94d4155aab692c4f43725e2352a7902f15dda978
b816e438b72a43550c2830da0ccfc53dce84ae987dcfd9808c00d0bd035baca1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B816E438B72A43550C2830DA0CCFC53DCE84AE987DCFD9808C00D0BD035BACA1"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11735
Expires: Wed, 29 Mar 2023 20:07:53 GMT
Date: Wed, 29 Mar 2023 16:52:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfccae4f3e65b40eb1222e188d0305c8
94d4155aab692c4f43725e2352a7902f15dda978
b816e438b72a43550c2830da0ccfc53dce84ae987dcfd9808c00d0bd035baca1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B816E438B72A43550C2830DA0CCFC53DCE84AE987DCFD9808C00D0BD035BACA1"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11735
Expires: Wed, 29 Mar 2023 20:07:53 GMT
Date: Wed, 29 Mar 2023 16:52:18 GMT
Connection: keep-alive

postback.trafficmotor.com/sn/?abp=1

45.79.38.145

200 OK

0 B

URL HTTP/1.1
postback.trafficmotor.com/sn/?abp=1
IP
45.79.38.145:0
ASN
#63949 Linode, LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sn/?abp=1 HTTP/1.1
Host: postback.trafficmotor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://www42.employeepaperless.com/
Origin: http://www42.employeepaperless.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty/1.13.6.1
Date: Wed, 29 Mar 2023 16:52:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: close
Allow: HEAD, GET, POST, OPTIONS
Access-Control-Allow-Origin: http://www42.employeepaperless.com
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
Vary: Origin
Access-Control-Allow-Headers: content-type

postback.trafficmotor.com/sn/?abp=1

45.79.38.145

200 OK

20 B

URL HTTP/1.1
postback.trafficmotor.com/sn/?abp=1
IP
45.79.38.145:0
ASN
#63949 Linode, LLC

File type
JSON data\012- , ASCII text
Size
20 B (20 bytes)
Hash
91444b880b310abd999d67bcb0c0cd7b
163408872b37dae43586a163c52f6399911a110d
76f29e35cbb677c7aeb7edcc9072913e19a50c41bcb7adae72cc8591afc7c63f

HTTP Headers

POST /sn/?abp=1 HTTP/1.1
Host: postback.trafficmotor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www42.employeepaperless.com/
Content-Type: application/json
Origin: http://www42.employeepaperless.com
Content-Length: 83
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty/1.13.6.1
Date: Wed, 29 Mar 2023 16:52:19 GMT
Content-Type: application/json
Content-Length: 20
Connection: close
Access-Control-Allow-Origin: http://www42.employeepaperless.com
Vary: Origin

ocsp.pki.goog/gts1c3

0 B

URL
ocsp.pki.goog/gts1c3
IP
:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML