express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
94.103.188.42301 Moved Permanently 162 B URL HTTP/1.1 express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
IP 94.103.188.42:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.info .gf Domain
GET /public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3 HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 03 Mar 2023 03:37:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a39c6b0123e56e5b89743a8ad25c746e
feb61559594a73b319532dec130f10068fdf1242
d1adf9c8c7e63c33674a6af4b4111fe0ce1092d362ca4bf7c7dd00e6b6034f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1ADF9C8C7E63C33674A6AF4B4111FE0CE1092D362CA4BF7C7DD00E6B6034F09"
Last-Modified: Thu, 02 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11297
Expires: Fri, 03 Mar 2023 06:45:44 GMT
Date: Fri, 03 Mar 2023 03:37:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 96abc4d0be3e74da1484937a66c5ff39
357520bead07e25b52d4ca0c0c69db60cfaa0d7c
32c544ef8b8a3faaf08bdb76f8a387510037dfc15a022fd59457cf45215a6ba8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C544EF8B8A3FAAF08BDB76F8A387510037DFC15A022FD59457CF45215A6BA8"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2559
Expires: Fri, 03 Mar 2023 04:20:06 GMT
Date: Fri, 03 Mar 2023 03:37:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Retry-After, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Mar 2023 03:08:14 GMT
content-type: application/json
age: 1753
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e4e8aac6a39cada76c87582702f7c378
0260b5087dc89bc06032583627bc84109646561e
de8102626e7960652e844be721ec8336927886d18957a52474e4bc31a7c1a83b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE8102626E7960652E844BE721EC8336927886D18957A52474E4BC31A7C1A83B"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14502
Expires: Fri, 03 Mar 2023 07:39:09 GMT
Date: Fri, 03 Mar 2023 03:37:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: F5UTxVCCbfKwz7AyzC+GvWD/hYQUW+NxxzeT3E0fEVHjHEiE7J/DrKHqDyDhmkeRmk69B3fyZgw=
x-amz-request-id: S3SAW3TWMJ9C1D0X
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Mar 2023 03:15:40 GMT
age: 1307
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:28 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 45df49d8e010551ad7fe94c806c3fef9
d75fc046dddf413ee3d2c16131013f68f4e8cf24
15c99f686298992972f6c6a087cbedfd58d08352f5948f0d4e41b608b1632914
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15C99F686298992972F6C6A087CBEDFD58D08352F5948F0D4E41B608B1632914"
Last-Modified: Wed, 01 Mar 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 03 Mar 2023 09:37:28 GMT
Date: Fri, 03 Mar 2023 03:37:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Retry-After, Alert, Content-Length, Backoff, ETag, Content-Type, Cache-Control, Last-Modified, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Mar 2023 03:03:36 GMT
age: 2032
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 51e95d61b93964116033d39ca29d8e87
f4b94d787ce49da21c28fe7853b1a85d2b9494dc
083c886afce548aad4f54caa7f7766e38d9376d55077d4072dbddbdafa086f85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "083C886AFCE548AAD4F54CAA7F7766E38D9376D55077D4072DBDDBDAFA086F85"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12607
Expires: Fri, 03 Mar 2023 07:07:35 GMT
Date: Fri, 03 Mar 2023 03:37:28 GMT
Connection: keep-alive
express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
94.103.188.42302 Found 737 B URL HTTP/2 express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
IP 94.103.188.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash eff44aa50b00482921014021140f9cec
094bc666ab3c3711c700db7df109262bc0c106f0
21af15c59956ccc224857e7384a2a68f9aac107cd76e4b6c8f4c0d3c428d560b
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.info .gf Domain
GET /public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3 HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Fri, 03 Mar 2023 03:37:28 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlNFeXlzdTZ4YmZEdWlvTWRVOUkzNmc9PSIsInZhbHVlIjoiU3ExOXhOS3ViMkcvcGJJQllySFZiTVdlZ3hjZHdqOXFvWmkrd0pUWnJSbG5ZWk45WVRBSWZpZ21vajd1OG84NG01R3VDQ2JnSHIwL0NocTJrbFZPSTFTd2NWME5YRFBWUXh3emNjZFFZNFh5Y1VCOXRmQkVmTWxmM1p5enE5WWkiLCJtYWMiOiI4Mzc3OWVlOGRlY2MyYzUxYWIwNjQyZjQwNzQ3YTAyYzQzNTE1ZDZkZmUxYWVmZGY0NTk4NThmYjNjYjRjZDU5IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:28 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IkFoZnlRZUhWQjBqYTg2Tk1RNk5xUXc9PSIsInZhbHVlIjoidWo5NEtLTFJ0S3RlYkxYSC9xNExGaFltakRoMDlZR3pLcElSeW9wQ0hzaWdjNDdsZDd6VTNPV2RCRzllbTJjSyttWTh6OEk2TG9qY1Bnb2pmd2ZjcDkvc0pnQ3VKL01CSlo2TlQ2cVR5RXY1ZGdVMkZjbnVuM2kvdnlONFhwT2oiLCJtYWMiOiJlZGRmNDM5OTM0NTVjM2ZiYWU5YjA1NzJlYjIwODk5Y2Y1MDIxMmY3ZTQ3OTRmMDY3Yjg2M2ZmZGIwNmZiMmU5IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
location: https://express-redelivery.info.gf/public
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.155.255.170101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.255.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PLCNjlHndEwiIu0o+ZGYbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 93R6gJ59ynLfP9VfoJtnvj1tqAk=
express-redelivery.info.gf/public/
94.103.188.42200 OK 348 B URL HTTP/2 express-redelivery.info.gf/public/
IP 94.103.188.42:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 3932cf39f61a1dd16496614bc0ef8eee
996cac7e8f5956ffc794fcdaf7c8e828d4a07c04
f2163d98e6428c6377aa84db44a3e80c4a95778cd5c93afc177d576fbaf1175a
Analyzer Verdict Alert fortinet Phishing
GET /public/ HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlNFeXlzdTZ4YmZEdWlvTWRVOUkzNmc9PSIsInZhbHVlIjoiU3ExOXhOS3ViMkcvcGJJQllySFZiTVdlZ3hjZHdqOXFvWmkrd0pUWnJSbG5ZWk45WVRBSWZpZ21vajd1OG84NG01R3VDQ2JnSHIwL0NocTJrbFZPSTFTd2NWME5YRFBWUXh3emNjZFFZNFh5Y1VCOXRmQkVmTWxmM1p5enE5WWkiLCJtYWMiOiI4Mzc3OWVlOGRlY2MyYzUxYWIwNjQyZjQwNzQ3YTAyYzQzNTE1ZDZkZmUxYWVmZGY0NTk4NThmYjNjYjRjZDU5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkFoZnlRZUhWQjBqYTg2Tk1RNk5xUXc9PSIsInZhbHVlIjoidWo5NEtLTFJ0S3RlYkxYSC9xNExGaFltakRoMDlZR3pLcElSeW9wQ0hzaWdjNDdsZDd6VTNPV2RCRzllbTJjSyttWTh6OEk2TG9qY1Bnb2pmd2ZjcDkvc0pnQ3VKL01CSlo2TlQ2cVR5RXY1ZGdVMkZjbnVuM2kvdnlONFhwT2oiLCJtYWMiOiJlZGRmNDM5OTM0NTVjM2ZiYWU5YjA1NzJlYjIwODk5Y2Y1MDIxMmY3ZTQ3OTRmMDY3Yjg2M2ZmZGIwNmZiMmU5IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:30 GMT
content-type: text/html; charset=UTF-8
content-length: 348
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlVSemhvdmNXWnBTcWVMTmNGNDg2cFE9PSIsInZhbHVlIjoiWGNaaFg3ZHRMaVBvVU1HM0xveHFMdXFVZC9Eak03Um1VcUhRNnUyYXFqaldKM3hxUmpTWE9ieUJwSlY5ZFlaNk1kWHNPMGRkUEJ0K2xMdS8zUG1DMjdOREVDeHFnV0g4cG1ZYjNJSk8zN3dWcytXTE55TmRwcFZUbm1ab2hyWXAiLCJtYWMiOiJlMDY4YjMzOGMwZDUxMTlmNmI4NGFjZjU2ZTk5OWI2MWJjMmI3OTgyZGU4NTI5NDA4MDM4OWU2MjQxMWUyNGUwIiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:30 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImUvZ2M1bUdFKzlXbXg0azhUcjV0NlE9PSIsInZhbHVlIjoiOU1tYzVkSTVwbmYvSWttSkdEcS9wWFVTWDhJcDZpRm5JTVJ6RG90Z0ErMWNpRTZVaXU2SktiamhKcDZiWHh0QVV2aVlVVzFrWFl6dW5IVkxkeWphMWZ2ZVJqREg1UktXamc2NVQzeUNHZzZrMng3WWlFWUtDNThKR28xOVZkWHYiLCJtYWMiOiI3ZjY0YzJmNmMzYjZhNGRlNmMzMmVkMTZkODYyNDRhYjMzNzM5ZDYxMmY5YTY1ZWU2ZTk5ZTFhY2M1YzY0ODgyIiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:30 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0434a796c70c1df5c82845eb5b19b8cb
0c84cf11487867cc6b9f955b12de4d6199804e4d
c43e2da686b91d44e8a619413c5439973246ce31722745d96c0a6a6286dad155
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9807
x-amzn-requestid: f855150d-9f03-40a3-a425-0704a4334db1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLC6uFzSoAMFzWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011844-3db631d0459704b904a0701a;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:42:28 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: dx5LohAarY33i0QOrqHSuzTOGoN5if6-pqPMn_8_FO3bMK-eCjJpDg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9c335c5f85533b11cbfd38dc7cc60c16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:14:40 GMT
age: 19370
etag: "0c84cf11487867cc6b9f955b12de4d6199804e4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57845ac1-459a-4836-9309-4bddb52714d4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57845ac1-459a-4836-9309-4bddb52714d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ac3b17d41f3f579f5494666b7326c4e
d9cceb1c8d1830f9630a8aaa12eb990156173612
7478afe0ecf23655253cfb105dac66c7bf1b9665ba994c4fc06d0bda5e655389
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57845ac1-459a-4836-9309-4bddb52714d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10228
x-amzn-requestid: dbe16993-4b2a-4cac-8c87-26d3bfbeb54a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLCytF24oAMFpkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011811-74326cba46f6b443699fc3dd;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:41:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: NjGvi4CqS2LdBg_jgSF0-EZHd4vnAwUmTS7FnP9T0pQ7RLq8Zmk11w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 21:58:13 GMT
age: 20357
etag: "d9cceb1c8d1830f9630a8aaa12eb990156173612"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F142afab8-245d-47f2-9375-00c43e953ed4.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F142afab8-245d-47f2-9375-00c43e953ed4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8e4c501c2aa0991ee38e25b6ff31c28
4adb2fda70cc5a6a57276d48e8b7607a6f3349dc
8e1afc626b922da51adeac343e97d11c63d77f34ec07b5de4e7ab9ea9f355de9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F142afab8-245d-47f2-9375-00c43e953ed4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: ad3801fa-e1ab-4c78-b5f7-b6c2e7403fd8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A0umvHAHIAMFoNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f82af7-4656fe5b0d3d721c4f1e145e;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 03:11:51 GMT
x-amz-cf-pop: YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: skP6kkFyhN_5LzOjpRMy-_Lnl-bQRmUbbD8R3MKsoRdMr2vzMShtDQ==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 f83d0d4febf7c22c3236bd42fa6dcd96.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:15:47 GMT
age: 19303
etag: "4adb2fda70cc5a6a57276d48e8b7607a6f3349dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c627140fb587a52035e07a0e4849aa4
0fda39fd9db63f210a73fe14d6cb445d877303f1
ef144a10c04afa87fe3ae0c30906495f42b87678d6a5bab9ac934e8425d8ced3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9043
x-amzn-requestid: b198e6ac-b731-4300-ba73-0dae7c426334
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLC6CHbBIAMF59w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6401183f-4e716af671ac66683937eaca;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:42:23 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: knLOY1TnJUV4G5JGbFN96KbF_HOGaLh_HbnHdh3FbIlZI-KUBitLZQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 7f5c6f79ed16052a7a2f78b6025bcf5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:15:58 GMT
age: 19292
etag: "0fda39fd9db63f210a73fe14d6cb445d877303f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81f41a1-e06f-48d1-b68e-4bb3d4b6e3e1.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81f41a1-e06f-48d1-b68e-4bb3d4b6e3e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23420af4376fc0c1e008c153be1f837e
eadec09293074d9ec43ed34f4eaeb2fc97a849a1
09c55f94f17c4ed54c46db00d5a11c1d4bc0671158590a1df23a7bae20ef98a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81f41a1-e06f-48d1-b68e-4bb3d4b6e3e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 138931ad-921b-43a0-a746-138ee9b0db11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A73tPFeqoAMF5Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fb0654-6c0ce78f2d71ec3d3979d835;Sampled=0
x-amzn-remapped-date: Sun, 26 Feb 2023 07:12:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: cSeX4WngFD92UkAxPE4HYJyzbJ1aEIhxZY0T8r7XraUMcL499vs4ng==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Mar 2023 03:12:47 GMT
age: 1483
etag: "eadec09293074d9ec43ed34f4eaeb2fc97a849a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d266afb-8a75-4202-9be6-099d0b7c3d7b.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d266afb-8a75-4202-9be6-099d0b7c3d7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c287adc5d1a8a0815f7b13ed61bb0159
53dff0f2d0e809291262e966b40d98d55dc7749e
be1b80ac8e61b83e1a13a6b3930596ce77a34dddff6ddbf1dd457454715bdb0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d266afb-8a75-4202-9be6-099d0b7c3d7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9716
x-amzn-requestid: 1d7b2352-5780-483d-90a0-13bf511712fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLCyuHC-IAMFiHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011811-65e7831a6c1516231009dc51;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:41:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: v4cjcZlw3GA9Ccm0Vo24kPJPkUrgqqUtB4YP4ytbqNSap1X0CAt9Rw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 21:58:13 GMT
etag: "53dff0f2d0e809291262e966b40d98d55dc7749e"
content-type: image/jpeg
age: 20357
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
express-redelivery.info.gf/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR/
94.103.188.42301 Moved Permanently 359 B URL HTTP/2 express-redelivery.info.gf/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR/
IP 94.103.188.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash acb7cdd67668cd7d081d114810e38b26
85cfd60ea779b19f329143c9cae8406efe52fb27
d429d961810718d376a8c921e67a25b98620f0995b2d71b2af07221b4e3a0095
Analyzer Verdict Alert fortinet Phishing
GET /PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR/ HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/
Cookie: XSRF-TOKEN=eyJpdiI6IlVSemhvdmNXWnBTcWVMTmNGNDg2cFE9PSIsInZhbHVlIjoiWGNaaFg3ZHRMaVBvVU1HM0xveHFMdXFVZC9Eak03Um1VcUhRNnUyYXFqaldKM3hxUmpTWE9ieUJwSlY5ZFlaNk1kWHNPMGRkUEJ0K2xMdS8zUG1DMjdOREVDeHFnV0g4cG1ZYjNJSk8zN3dWcytXTE55TmRwcFZUbm1ab2hyWXAiLCJtYWMiOiJlMDY4YjMzOGMwZDUxMTlmNmI4NGFjZjU2ZTk5OWI2MWJjMmI3OTgyZGU4NTI5NDA4MDM4OWU2MjQxMWUyNGUwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImUvZ2M1bUdFKzlXbXg0azhUcjV0NlE9PSIsInZhbHVlIjoiOU1tYzVkSTVwbmYvSWttSkdEcS9wWFVTWDhJcDZpRm5JTVJ6RG90Z0ErMWNpRTZVaXU2SktiamhKcDZiWHh0QVV2aVlVVzFrWFl6dW5IVkxkeWphMWZ2ZVJqREg1UktXamc2NVQzeUNHZzZrMng3WWlFWUtDNThKR28xOVZkWHYiLCJtYWMiOiI3ZjY0YzJmNmMzYjZhNGRlNmMzMmVkMTZkODYyNDRhYjMzNzM5ZDYxMmY5YTY1ZWU2ZTk5ZTFhY2M1YzY0ODgyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 03 Mar 2023 03:37:30 GMT
content-type: text/html; charset=iso-8859-1
content-length: 359
location: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
x-powered-by: PleskLin
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.25.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 214329
expires: Wed, 21 Feb 2024 03:37:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Wr9QGVtTOJs25lTLnph7ioZ3cLk5NDmvs0BPw3cd8lmq5%2F1IdLTSBu9x3m2luo66kydS1Yx40TiBTNgtjoLhU4A9yr8TyDuaWerXy9bgprwYV9AONnAN5vhyxePbXL7aYdGW%2Bzu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7a1ed76389e8b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
94.103.188.42200 OK 15 kB URL HTTP/2 express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
IP 94.103.188.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- assembler source text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (39884)
Hash 723cdf73a2a0c3bac2fbc728e6678831
cc236e3bc90395cd8a33e081a8b88621116b9716
18febced39f924b3290f1a2c642a69e1d1f2bf84a45116764cdb30a0f7732c18
Analyzer Verdict Alert fortinet Phishing
GET /public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/public/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlVSemhvdmNXWnBTcWVMTmNGNDg2cFE9PSIsInZhbHVlIjoiWGNaaFg3ZHRMaVBvVU1HM0xveHFMdXFVZC9Eak03Um1VcUhRNnUyYXFqaldKM3hxUmpTWE9ieUJwSlY5ZFlaNk1kWHNPMGRkUEJ0K2xMdS8zUG1DMjdOREVDeHFnV0g4cG1ZYjNJSk8zN3dWcytXTE55TmRwcFZUbm1ab2hyWXAiLCJtYWMiOiJlMDY4YjMzOGMwZDUxMTlmNmI4NGFjZjU2ZTk5OWI2MWJjMmI3OTgyZGU4NTI5NDA4MDM4OWU2MjQxMWUyNGUwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImUvZ2M1bUdFKzlXbXg0azhUcjV0NlE9PSIsInZhbHVlIjoiOU1tYzVkSTVwbmYvSWttSkdEcS9wWFVTWDhJcDZpRm5JTVJ6RG90Z0ErMWNpRTZVaXU2SktiamhKcDZiWHh0QVV2aVlVVzFrWFl6dW5IVkxkeWphMWZ2ZVJqREg1UktXamc2NVQzeUNHZzZrMng3WWlFWUtDNThKR28xOVZkWHYiLCJtYWMiOiI3ZjY0YzJmNmMzYjZhNGRlNmMzMmVkMTZkODYyNDRhYjMzNzM5ZDYxMmY5YTY1ZWU2ZTk5ZTFhY2M1YzY0ODgyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/html; charset=UTF-8
content-length: 14624
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:31 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 279 B IP 192.229.221.95:0
Hash c2ffb22b48527928fe42bdadb4701841
ce132c720988eae117c448b24a9846c9cf792b85
b936f7b76ee2d66db9aaba6342a46cf214f4415ef589d4576c8464ed2c4f1cb3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 32881
Cache-Control: max-age=156322
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "6400aaac-117"
Expires: Sat, 04 Mar 2023 23:02:53 GMT
Last-Modified: Thu, 02 Mar 2023 13:54:52 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 48608
Cache-Control: max-age=86402
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 03:37:33 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119491
Cache-Control: max-age=157285
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 23:18:56 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 280
express-redelivery.info.gf/images/all.png
94.103.188.42200 OK 12 kB URL HTTP/2 express-redelivery.info.gf/images/all.png
IP 94.103.188.42:0
File type PNG image data, 123 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb0b7f615faf2deb9ec6f53d3149a3b
694a2c881c83e2ab86365bf1d16302ac5b9d500f
c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
GET /images/all.png HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: image/png
content-length: 12499
last-modified: Sun, 17 Apr 2022 13:24:34 GMT
etag: "30d3-5dcd99081e880"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
express-redelivery.info.gf/images/logo.png
94.103.188.42200 OK 2.0 kB URL HTTP/2 express-redelivery.info.gf/images/logo.png
IP 94.103.188.42:0
File type PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 5d14ab93691604e826e1319d53599eb9
78724360e9d25da584445b851e37bca05abe6b85
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
GET /images/logo.png HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: image/png
content-length: 1998
last-modified: Sun, 17 Apr 2022 13:24:00 GMT
etag: "7ce-5dcd98e7b1c00"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119491
Cache-Control: max-age=157285
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 23:18:56 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 48608
Cache-Control: max-age=86402
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 03:37:33 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
192.229.221.95200 OK 278 B IP 192.229.221.95:0
Hash 298a27a3e793eeac30c90afb35f1a30c
03d7229818bf2aaee1350c449a073d955a93c1ce
5f52c3a142c0ae2c9ec6b5b289861b3f6dfbc60ea7972086ba197d77101988e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119524
Cache-Control: max-age=156566
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff592d-116"
Expires: Sat, 04 Mar 2023 23:06:57 GMT
Last-Modified: Wed, 01 Mar 2023 13:54:53 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119491
Cache-Control: max-age=157285
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 23:18:56 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 280
express-redelivery.info.gf/public/css/app.css
94.103.188.42200 OK 127 kB URL HTTP/2 express-redelivery.info.gf/public/css/app.css
IP 94.103.188.42:0
Size 127 kB (126906 bytes)
Hash 343fb26bdee83716e51cec481d5ba44a
a166efe2f980b901bb2e1669add30e81dd73b4bc
7979a2ea01d67303dafc6737c9714ba2f93576d413466b0392d233e62ee0c6e9
GET /public/css/app.css HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
last-modified: Tue, 29 Mar 2022 20:11:08 GMT
etag: W/"624367dc-6b56a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ca2b0e31faf294adc9ccc876ce8f82b6
5231196892fa25384eb8a5e22fd72dea20d2d231
cfbb074cf84a9bd1c06b3ec07ba8fed0545622acb26d1188e11edf4abccc527d
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 03:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Mar 2023 02:00:07 GMT
Expires: Wed, 08 Mar 2023 02:00:06 GMT
Etag: "5231196892fa25384eb8a5e22fd72dea20d2d231"
Cache-Control: max-age=601672,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1422
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a1ed7687e7a1c0a-OSL
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
52.0.113.204101 Switching Protocols 0 B URL HTTP/1.1 ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP 52.0.113.204:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://express-redelivery.info.gf
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Bj/fFrgdtdRUikgDkPIsjg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Fri, 03 Mar 2023 03:37:32 GMT
Connection: upgrade
Server: nginx/1.17.7
Upgrade: websocket
Sec-WebSocket-Accept: jY8ndxZlD9Y/HMg0TgFGH3F2Ph4=
express-redelivery.info.gf/images/favicon.gif
94.103.188.42200 OK 2.2 kB URL HTTP/2 express-redelivery.info.gf/images/favicon.gif
IP 94.103.188.42:0
File type MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data
Hash a6f1af8e79a11829ba9a66474b06bb97
d99e3ec7747c865033a8dfad43c9f49634404bc1
b0dbd00f3650fa6b931e678a9d8f79a405d23c7adf111ab91b1a01a0e7109807
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
GET /images/favicon.gif HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-44d7ccdb-ae94-4d7f-8712-d9d8e12fe305%22%2C%22lastActivity%22:1677814651176}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1677814651177}; _lr_uf_-mnnzup=d2c11da0-312b-40c3-b0d7-76f3c87ac834
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:32 GMT
content-type: image/gif
content-length: 2238
last-modified: Sun, 17 Apr 2022 13:25:28 GMT
etag: "8be-5dcd993b9e200"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2895475.js?sv=6
143.204.55.37200 OK 72 kB URL HTTP/2 static.hotjar.com/c/hotjar-2895475.js?sv=6
IP 143.204.55.37:0
File type ASCII text, with very long lines (7699)
Hash 4fd481d24e83b9e26a1d9b7b44448a68
d7ef294e14e722492554cd025e46c1e8ff7f3c2e
fd425486a4c162623e93b38268c9da2b72539ab3af4e8bf932ccacb196c9f508
GET /c/hotjar-2895475.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Fri, 03 Mar 2023 03:37:09 GMT
cache-control: max-age=60
etag: W/686ab4333d3a396e6f00b0fdba2b7e0e
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PvKqGLcqAb243bfpuIMJjd1EiMekikU_dl1x6IV6-R6CqUmCM5OnZQ==
age: 23
X-Firefox-Spdy: h2
express-redelivery.info.gf/public/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c
94.103.188.42404 Not Found 163 kB URL HTTP/2 express-redelivery.info.gf/public/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c
IP 94.103.188.42:0
Size 163 kB (163114 bytes)
Hash f9534d881b87a0ede045dc958c172555
9ad4e418e9d96c42e0c58b5acbcc3c30fce4ad91
b5c83e3fa948a5c0e43c423e519545bbf711a6dc3fdc8150379417a8fd9a0f0d
Analyzer Verdict Alert fortinet Phishing
GET /public/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:33 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 05f74bf403dbe16f48d86469e7b19b5d
b2d3e40a840d5d9644edfbfbc6e14cf21be76778
365ff492a72cc87c521612612d7156a1367d3b051b067002d822dc75fd8ab4a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "365FF492A72CC87C521612612D7156A1367D3B051B067002D822DC75FD8AB4A9"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14320
Expires: Fri, 03 Mar 2023 07:36:15 GMT
Date: Fri, 03 Mar 2023 03:37:35 GMT
Connection: keep-alive
express-redelivery.info.gf/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775
94.103.188.42404 Not Found 115 kB URL HTTP/2 express-redelivery.info.gf/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775
IP 94.103.188.42:0
Size 115 kB (114609 bytes)
Hash 3eff71b8401d241bd69b37668823955e
f23aa1bab036eae936e968ba62332486a5f8f732
02fd7ca5a88ef87f86ca5242b5de2b49fa51fca1cb0116a89c3832d4906822ed
Analyzer Verdict Alert fortinet Phishing
GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775 HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-44d7ccdb-ae94-4d7f-8712-d9d8e12fe305%22%2C%22lastActivity%22:1677814651176}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1677814651177}; _lr_uf_-mnnzup=d2c11da0-312b-40c3-b0d7-76f3c87ac834; _hjSessionUser_2895475=eyJpZCI6IjVlZDQzNjJmLWEzNTAtNTYwYS1hODQyLTRlYTdmMjhhY2NkOSIsImNyZWF0ZWQiOjE2Nzc4MTQ2NTIxMjMsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2895475=1; _hjSession_2895475=eyJpZCI6IjRkN2I4NzEzLTc0MmYtNDVjZi1hNjA3LWEyYWRmNDMwNjA4NCIsImNyZWF0ZWQiOjE2Nzc4MTQ2NTIxMjgsImluU2FtcGxlIjp0cnVlfQ==; _hjAbsoluteSessionInProgress=0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:34 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
X-Firefox-Spdy: h2
express-redelivery.info.gf/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
94.103.188.42404 Not Found 15 kB URL HTTP/2 express-redelivery.info.gf/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
IP 94.103.188.42:0
Hash ab0971cc8f749d3c48ab5565601ace3d
6cd572177a962fa739246b88249cf364cb60356b
b0e48a2fd6c1fbda094e15dec350d5c7833a8dddfb725d1aa2593c2bdc611e8f
Analyzer Verdict Alert fortinet Phishing
GET /fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
X-Firefox-Spdy: h2
express-redelivery.info.gf/images/foo.png
94.103.188.42404 Not Found 0 B URL HTTP/2 express-redelivery.info.gf/images/foo.png
IP 94.103.188.42:0
GET /images/foo.png HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
content-encoding: br
X-Firefox-Spdy: h2
files.killbot.org/.cdn-cgi/killbot-security.js
104.21.11.160404 Not Found 0 B URL HTTP/2 files.killbot.org/.cdn-cgi/killbot-security.js
IP 104.21.11.160:0
GET /.cdn-cgi/killbot-security.js HTTP/1.1
Host: files.killbot.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 03 Mar 2023 03:37:30 GMT
content-type: text/html
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
cache-control: max-age=14400
cf-cache-status: HIT
age: 147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0ath6O1O%2BMoa14CbpzlOZXOGKoHvvQM7kJ6hKyXd%2B7%2BIXELwDLq7fiQH3leYFYQHBZpAQQ1VMQGAibLxnFYvt4%2Bk09JRfcZzs42oP2iIvnLDINf%2BEkE332Qv47thmf4A%2FQsNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1ed75b7c89b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kit.fontawesome.com/f7165dd215.js
104.18.22.52200 OK 0 B URL HTTP/2 kit.fontawesome.com/f7165dd215.js
IP 104.18.22.52:0
GET /f7165dd215.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F0bepz-18lWyeBEOZB6C
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7a1ed7638827b500-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.lr-in.com/logger-1.min.js
104.21.234.145200 OK 0 B URL HTTP/2 cdn.lr-in.com/logger-1.min.js
IP 104.21.234.145:0
GET /logger-1.min.js HTTP/1.1
Host: cdn.lr-in.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"676c86e1f9ed4a2c83563a20d066e06ddd8ded615bfa75d736dfa88908ec6f4b"
last-modified: Thu, 02 Mar 2023 21:04:25 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-fra-eddf8230079-FRA
x-cache: HIT
x-cache-hits: 1
x-timer: S1677791296.539257,VS0,VE1
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 92
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeEPTi2XX2busxYi%2FuVbqn8CotP71yBGupq2HDWuvVXLdnN0g%2FvoVBxceZsP9BvNCCsE%2FMmV4KBYF75gb2sFLTScw6NVBZYntDR3zdb66FzpMbun0JHpVTgjZLl7Wl9f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a1ed7641bc775b9-LHR
content-encoding: br
X-Firefox-Spdy: h2
express-redelivery.info.gf/public/js/app.js
94.103.188.42200 OK 0 B URL HTTP/2 express-redelivery.info.gf/public/js/app.js
IP 94.103.188.42:0
Analyzer Verdict Alert fortinet Phishing
GET /public/js/app.js HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: application/javascript
last-modified: Tue, 29 Mar 2022 19:35:56 GMT
etag: W/"62435f9c-189fee"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-font-face.min.css?token=f7165dd215
172.64.168.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-font-face.min.css?token=f7165dd215
IP 172.64.168.22:0
GET /releases/v6.3.0/css/free-v4-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"00bb3d26f3fee308e5747eb9f5760b48"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5be6fa1c94cc85be06674c97f5d719d8.cloudfront.net (CloudFront)
x-amz-cf-pop: ATH50-C1
x-amz-cf-id: Xjeqr-6XJlIav3yuZndxSeHcZHX6Pr7GmbWhi_bq2p692g6Th1T__Q==
age: 50619
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KpvKM%2F7OcxtthLoJhmHUaCA0jLQ1pU5zxqCNtunLcHUVLsPgXBQypkMNabb1Uva9p8i%2FAKib7YCSG3bxSK3cY9YbRDQFziLHXuaNwKTN%2Fzmc9B8J9AQ5%2BlJ4jHJxCkVPdzT3PBfegQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a1ed764bbe40635-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v6.3.0/css/free-v5-font-face.min.css?token=f7165dd215
172.64.168.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v6.3.0/css/free-v5-font-face.min.css?token=f7165dd215
IP 172.64.168.22:0
GET /releases/v6.3.0/css/free-v5-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"fdedb74e19e1bffdcab908079cabd49a"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 94c165dd7b9a9d68d15ef70552eaba76.cloudfront.net (CloudFront)
x-amz-cf-pop: ATH50-C1
x-amz-cf-id: 2s2wZ2N5lgTUow9bPvEckJ4bYuWj-EkQYYo3xwjnASFkW9hu_gB9vQ==
age: 50619
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hW0DVhV1fVjqVWfqTx6ObyjrQ95hMb8y9a1f0%2BmgyLeq%2BPWm9%2FBUpWvx3lNmLVFeevZrGgRRupyYfdw28KsIWfUjkpxQz05ac33GQ2WPYGtWXS0Yvmzy4mpHNrXlq7HduImgihT7mg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1ed7648bd80635-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-shims.min.css?token=f7165dd215
172.64.168.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-shims.min.css?token=f7165dd215
IP 172.64.168.22:0
GET /releases/v6.3.0/css/free-v4-shims.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"3a57f9df341838cc106903c71730d13b"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 681f9d1841b09d340072c749d4b22f0e.cloudfront.net (CloudFront)
x-amz-cf-pop: ATH50-C1
x-amz-cf-id: dzST7gjnCDh6pIBSg2khoar9be2Im5K3LT18V30Jt8tOvkbgxXl3Xw==
age: 50619
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APFfEDVenJaVaqwGzKudm8DFeJVmBoUqjCK0BdrytNUF%2FGeFvtnnjzzL3arJo453L4NQpBTPRgO0JpralI6QZL4I1pjRrG91kTsThPE7Ua3hFfAhd2cZcYenO7vOEERAKdVBYJYhVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a1ed764bbe20635-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
express-redelivery.info.gf/public/js/session-recorder.js
94.103.188.42200 OK 0 B URL HTTP/2 express-redelivery.info.gf/public/js/session-recorder.js
IP 94.103.188.42:0
Analyzer Verdict Alert fortinet Phishing
GET /public/js/session-recorder.js HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: application/javascript
last-modified: Tue, 29 Mar 2022 19:35:56 GMT
etag: W/"62435f9c-b00a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2