jocivancontabil.com.br/shell.php?type=book
169.47.124.235301 Moved Permanently 173 B URL HTTP/1.1 jocivancontabil.com.br/shell.php?type=book
IP 169.47.124.235:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 32df2092b20965338b99ac8f0ad906c9
9f3198571a29c3a413423f37f1650fed43b98add
29cc1cd26f64a7111537a3505ae1bfd44247ee766dadcecd2d69198f39a18757
GET /shell.php?type=book HTTP/1.1
Host: jocivancontabil.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://jocivancontabil.com.br/shell.php?type=book
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 14 Mar 2023 08:07:22 GMT
Content-Length: 173
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6938
Expires: Tue, 14 Mar 2023 10:03:01 GMT
Date: Tue, 14 Mar 2023 08:07:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 405abd45d42535567c1ecb518f4bdb04
0505c27fe2921bfa89657173fb77ca7280f04772
bdef4e5edfe0bf3fefb4dc5625e41f3faeb23a0afd24c4e6255f40f757568c35
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDEF4E5EDFE0BF3FEFB4DC5625E41F3FAEB23A0AFD24C4E6255F40F757568C35"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6780
Expires: Tue, 14 Mar 2023 10:00:23 GMT
Date: Tue, 14 Mar 2023 08:07:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 14 Mar 2023 07:14:10 GMT
content-type: application/json
age: 3193
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae4d7bec26e013433e638f87260aa632
62384e39bc90d0b2ab92895220f0383e678669f4
b704031d560770485c9552dcf56b911b7b5ad45d8a3f73acd17dbbbeeff294f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B704031D560770485C9552DCF56B911B7B5AD45D8A3F73ACD17DBBBEEFF294F4"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7891
Expires: Tue, 14 Mar 2023 10:18:54 GMT
Date: Tue, 14 Mar 2023 08:07:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ViBYGFbWKgdSdY//60rGKvr6wQFGLwNwblFaf8JM+y2Dp5v638MN/vHNZBh5yExZ5ESQlcpbbEY=
x-amz-request-id: 1MFE01EDG4FD471R
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 14 Mar 2023 07:20:28 GMT
age: 2815
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 14 Mar 2023 08:07:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 14 Mar 2023 07:12:32 GMT
age: 3292
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0718c4801fb5d23d6ed178c554751a14
2f9b4a5e41977557d922a27e42c07140909d310e
f20124aee872170c5f0a432bd048aabbc0fb4980694bf4f169941cb5d89d82f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F20124AEE872170C5F0A432BD048AABBC0FB4980694BF4F169941CB5D89D82F2"
Last-Modified: Mon, 13 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21543
Expires: Tue, 14 Mar 2023 14:06:27 GMT
Date: Tue, 14 Mar 2023 08:07:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b426c61dbf49129b0554669c6666e025
6b329663868aac72e296a4c594d46b542f7003e7
6349d43a437729d91c0739616283458cbc123bd6d056522f68cd48b89364ea95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6349D43A437729D91C0739616283458CBC123BD6D056522F68CD48B89364EA95"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7582
Expires: Tue, 14 Mar 2023 10:13:46 GMT
Date: Tue, 14 Mar 2023 08:07:24 GMT
Connection: keep-alive
jocivancontabil.com.br/shell.php?type=book
169.47.124.235302 Found 216 B URL HTTP/1.1 jocivancontabil.com.br/shell.php?type=book
IP 169.47.124.235:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 359ac3fc9ac8ecd229f71b3bd1998c45
6b3d9aeba4d73f18f7d9fae0034dd978ee474b0a
0b485c2930c58efea3e63ee94505b4895557b8a8079924dcfe43b8753c837114
GET /shell.php?type=book HTTP/1.1
Host: jocivancontabil.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Location: https://continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
Server: Microsoft-IIS/8.5
X-Powered-By: PHP/7.4.11, ASP.NET
Date: Tue, 14 Mar 2023 08:07:23 GMT
Content-Length: 216
push.services.mozilla.com/
44.226.72.95101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.226.72.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ci4d0BO9jK6VI0ObwnCTbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: P0eVJ9o4EvDR5V1oVIyX5g2LkdI=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6302
Expires: Tue, 14 Mar 2023 09:52:27 GMT
Date: Tue, 14 Mar 2023 08:07:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6302
Expires: Tue, 14 Mar 2023 09:52:27 GMT
Date: Tue, 14 Mar 2023 08:07:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6302
Expires: Tue, 14 Mar 2023 09:52:27 GMT
Date: Tue, 14 Mar 2023 08:07:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6302
Expires: Tue, 14 Mar 2023 09:52:27 GMT
Date: Tue, 14 Mar 2023 08:07:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd8a4e29260d209803408596cb286f8f
20f6796c0c7064542cc8eefe138076d16d66e8d8
54a328e054b23ddbf531b69a7c5bb817704c0dd98bc7625c9571df19df982a17
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8091
x-amzn-requestid: 7e6e055a-de20-4f2f-8f76-2fe57747ed08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgDFEMoAMFXIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-1e932e3a10bd39d630310c65;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 8PtI7M0lBQx0BzzkLgbxlRJU-tGNlPtAI-lv-8TLbh7XKMbMOAAw9Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
age: 37116
etag: "20f6796c0c7064542cc8eefe138076d16d66e8d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78453ba98b72eff3879ef163b59c86ed
80519bb3726ee1f9f211344cd433cefaed3a7f2e
61adfeff11af9583355ac7d1500e8a8d97357b2846f151f2421001994fb06655
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10338
x-amzn-requestid: 9f880b5b-056c-44bb-a811-36ea27c232aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFGENoAMFuVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-2318d444248f7610300c658f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: kKDBY_dsQIw--1CfTas615lAVqWWUFWGzI2XjjignvOcHii-v5Xh3Q==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
age: 37116
etag: "80519bb3726ee1f9f211344cd433cefaed3a7f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fe07d17b76df5f6a86937338665de2c
d32dfeb309fcbbd04e13057ef3bcca577e9abf46
7b12520ec1d30e17e43edb9cb050c2492743907909faa4f2f5696288228d3054
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd84fda2e-81f7-4336-adf1-ea7c9e499a73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11519
x-amzn-requestid: cb8f2b42-356c-417a-9562-10dc60b6d38e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSwdHReoAMFnHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9802-356031197266d0f57441f22b;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:39:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 3_7QybUMHflcIawKkhWCoYG-cf8XmYfk539A1O3ShngfMdL2IjxBYg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:04:18 GMT
age: 36187
etag: "d32dfeb309fcbbd04e13057ef3bcca577e9abf46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7576ea71a52cc84be114c4ca5c1a101
ba18fe39a596c12cafa2aaaa16c65061a4ecb55f
6d1171e21c14d5827c495ab63d2fd14f573aad8cfdfa45b81e646052cb8d819d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07347a5f-4c35-4f53-a77d-4ca5883b42b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8798
x-amzn-requestid: a76ce81a-fe2c-4fb5-89f5-8a466ee83256
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSwnG0sIAMFmFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9803-2af4e3026224b91f556feec3;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:39:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UkD87MvAJrPqVef87nqeb9gRC5i1lsKB4A7qeYBFrK0QQnDFe3a-Vw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:59 GMT
age: 37106
etag: "ba18fe39a596c12cafa2aaaa16c65061a4ecb55f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e8e9701-a57f-4522-bde2-320bdc61b99d.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e8e9701-a57f-4522-bde2-320bdc61b99d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c141c009229ab838859ced0d8611755b
f87fbe94df1b371b1ccbc01c7506c9ae1083bb2a
5192e0e26c5cfb2f08e15cd4019e91c2d1e02b672673c0ccaa6f5047120198f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e8e9701-a57f-4522-bde2-320bdc61b99d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5226
x-amzn-requestid: fe24a37d-9184-43fc-b8ef-640af0ed18b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSpAEdTIAMFuqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f97d2-75d6b61f5642096248235982;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:38:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: iNX_jVUDqcMZj1eRYcShzyNWzDOz960eiDxDBBLoLKhvoUdkhvhjgQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:57 GMT
age: 37108
etag: "f87fbe94df1b371b1ccbc01c7506c9ae1083bb2a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd77e8bbd-dfef-4fa7-8970-2a0cee002291.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd77e8bbd-dfef-4fa7-8970-2a0cee002291.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26edda8e996b81d924d0f7dc8770ef8b
d37fc7b1c58304f2657852f38b2332b2509c44d3
d09ffe587d99cc1ccda94edfc933ea81bf6e594cf30424c8bcd3de5c8120209c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd77e8bbd-dfef-4fa7-8970-2a0cee002291.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5839
x-amzn-requestid: 817b3c27-5464-4368-850f-8c962128728f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgEHoIoAMF9hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-110a9a2f285fc3b130215b66;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: GwCyYlUH1ZWgu1eyuCOzrJgQqoF6m3_vAqNjRY8ouynBewmrJ8kMqA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
age: 37116
etag: "d37fc7b1c58304f2657852f38b2332b2509c44d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
69.48.153.82200 OK 1.5 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
IP 69.48.153.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2972), with no line terminators
Hash 78ed4d9ea9be81b588bc22649838a92d
49e01857c7741bfac65aa7271d363986f4ee7940
e1bd1a6ce528f1c8cdfe0dbfb10e63fee1b658953091c72019236bb29cb2d1bb
Analyzer Verdict Alert quad9 Sinkholed
GET /?sign?info=&vid=64102b3c8650e03fbf050911 HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
set-cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; expires=Tue, 14-Mar-2023 09:07:26 GMT; Max-Age=3600; path=/
language=en; expires=Tue, 14-Mar-2023 09:07:27 GMT; Max-Age=3600; path=/
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
cache-control: max-age=3600
expires: Tue, 14 Mar 2023 09:07:24 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 1527
content-type: text/html; charset=UTF-8
date: Tue, 14 Mar 2023 08:07:24 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/css/main.73d44648.chunk.css
69.48.153.82200 OK 23 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/css/main.73d44648.chunk.css
IP 69.48.153.82:0
File type ASCII text, with very long lines (57703)
Hash 4827e59b52c0916985020198435b5ecf
d512f6817f3718263f92d591a43b591fd93a826b
f634b814f704e1c51e04b24f5c9ab60e24e72daf44098a0a2a9f5a888c1a2783
Analyzer Verdict Alert quad9 Sinkholed
GET /static/css/main.73d44648.chunk.css HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
cache-control: max-age=2592000, public
expires: Wed, 13 Mar 2024 08:07:27 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 23059
content-type: text/css
date: Tue, 14 Mar 2023 08:07:27 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/js/main.f4e7df85.chunk.js
69.48.153.82200 OK 18 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/js/main.f4e7df85.chunk.js
IP 69.48.153.82:0
File type ASCII text, with very long lines (57670), with no line terminators
Hash 82a0299a717f841606c7b1c150f8fa4f
31ec8d4351c07ee9bbeadd823a13a9ef07dc27bb
1312fbdf8f6ec7305497ad5c30aea4a5e0ec1ceaa7bf335f53f53061598aca54
Analyzer Verdict Alert quad9 Sinkholed
GET /static/js/main.f4e7df85.chunk.js HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
cache-control: max-age=2592000, public
expires: Wed, 13 Mar 2024 08:07:27 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 18472
content-type: application/javascript
date: Tue, 14 Mar 2023 08:07:27 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/api/supply
69.48.153.82200 OK 661 B URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/api/supply
IP 69.48.153.82:0
File type JSON data\012- , ASCII text, with very long lines (1326), with no line terminators
Hash 82167388ab925ec185ea905f4851ed10
87db19d2b5b80fd3fc35a98571de1a6b8bc3bc91
347cbf26b8df7be2d3ba0eb33772526e5055aa65b258af1a5c2a3bcf3ecadd7a
Analyzer Verdict Alert quad9 Sinkholed
POST /api/supply HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://continue.signamzn.id.4zirl53wzprf53.buzz
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
cache-control: max-age=3600
expires: Tue, 14 Mar 2023 09:07:27 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 661
content-type: text/html; charset=UTF-8
date: Tue, 14 Mar 2023 08:07:27 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/media/pDxWAF1pBB0dzGB.2c1d70d6.woff2
69.48.153.82200 OK 17 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/media/pDxWAF1pBB0dzGB.2c1d70d6.woff2
IP 69.48.153.82:0
File type Web Open Font Format (Version 2), TrueType, length 16616, version 1.655\012- data
Hash 4afcd3b79b78d33386f497877a29c518
cc7ebaa05a2cd3b02c0929ac0475a44ab30b7efa
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821
Analyzer Verdict Alert urlquery phishing Phishing - Amazon
quad9 Sinkholed
GET /static/media/pDxWAF1pBB0dzGB.2c1d70d6.woff2 HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/static/css/main.73d44648.chunk.css
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
content-length: 16616
cache-control: max-age=2592000
expires: Thu, 13 Apr 2023 08:07:27 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
vary: User-Agent,Accept-Encoding
content-type: font/woff2
date: Tue, 14 Mar 2023 08:07:27 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/js/13.e325257e.chunk.js
69.48.153.82200 OK 3.0 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/js/13.e325257e.chunk.js
IP 69.48.153.82:0
File type ASCII text, with very long lines (12618), with no line terminators
Hash ffc5c251ae91a48f44634bb9ff48fb7a
c705421bfe4b3f59f73a78b5475cc6e158ea62e5
5e85f7ecefc639f894f6a199b3536b8f218ff13b636c1f06f9f09914db6bab96
Analyzer Verdict Alert quad9 Sinkholed
GET /static/js/13.e325257e.chunk.js HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/ap/signin?session=bwfqnlv0pbessuclikdtu556amvooss1xjckzwmmfepcjw6u3ub9q2ig9qnoiphk
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
cache-control: max-age=2592000, public
expires: Wed, 13 Mar 2024 08:07:28 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 2951
content-type: application/javascript
date: Tue, 14 Mar 2023 08:07:28 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/js/0.0765e55b.chunk.js
69.48.153.82200 OK 7.5 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/js/0.0765e55b.chunk.js
IP 69.48.153.82:0
File type ASCII text, with very long lines (22085), with no line terminators
Hash 589a25cae2400591fa0e987369d3af24
6af1e389c994369b8ebcc568eaaf88c8403ffe5c
0f378286447050bacc1eceb0c3bcc1393de48d1e5f56b894e15c9f5801ab0fd8
Analyzer Verdict Alert quad9 Sinkholed
GET /static/js/0.0765e55b.chunk.js HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/ap/signin?session=bwfqnlv0pbessuclikdtu556amvooss1xjckzwmmfepcjw6u3ub9q2ig9qnoiphk
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
cache-control: max-age=2592000, public
expires: Wed, 13 Mar 2024 08:07:28 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 7522
content-type: application/javascript
date: Tue, 14 Mar 2023 08:07:28 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/api/ping
69.48.153.82200 OK 22 B URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/api/ping
IP 69.48.153.82:0
File type ASCII text, with no line terminators
Hash 3795d923b466ac8266a43ef97e964e05
f319f08fac5d86c5a442c2b0141d3a59b69c8368
6b2b6ef22229a35d49a19d9744d2b77707cf04028e31da2505ed4a5aa984c79b
Analyzer Verdict Alert quad9 Sinkholed
POST /api/ping HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 17155
Origin: https://continue.signamzn.id.4zirl53wzprf53.buzz
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/ap/signin?session=bwfqnlv0pbessuclikdtu556amvooss1xjckzwmmfepcjw6u3ub9q2ig9qnoiphk
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
cache-control: max-age=3600
expires: Tue, 14 Mar 2023 09:07:28 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 22
content-type: text/html; charset=UTF-8
date: Tue, 14 Mar 2023 08:07:28 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/media/main.d33128ec.png
69.48.153.82200 OK 62 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/media/main.d33128ec.png
IP 69.48.153.82:0
File type PNG image data, 800 x 1500, 8-bit colormap, non-interlaced\012- data
Hash 820b853d957fbe00c08050dd5f919708
a3d92a134e6afaec4974bceac0812b73d0b635c1
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
Analyzer Verdict Alert quad9 Sinkholed
GET /static/media/main.d33128ec.png HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/static/css/main.73d44648.chunk.css
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
content-length: 61917
cache-control: max-age=2592000, public
expires: Thu, 13 Apr 2023 08:07:28 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-type: image/png
date: Tue, 14 Mar 2023 08:07:28 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/media/KFPk-9IF4FqAqY-.4de52a40.woff2
69.48.153.82200 OK 16 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/media/KFPk-9IF4FqAqY-.4de52a40.woff2
IP 69.48.153.82:0
File type Web Open Font Format (Version 2), TrueType, length 16460, version 1.655\012- data
Hash 15e17f26c664ee0518f82972282e6ff3
46b91bda68161c14e554a779643ef4957431987b
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89
Analyzer Verdict Alert quad9 Sinkholed
GET /static/media/KFPk-9IF4FqAqY-.4de52a40.woff2 HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/static/css/main.73d44648.chunk.css
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
content-length: 16460
cache-control: max-age=2592000
expires: Thu, 13 Apr 2023 08:07:28 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
vary: User-Agent,Accept-Encoding
content-type: font/woff2
date: Tue, 14 Mar 2023 08:07:28 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/favicon.ico
69.48.153.82200 OK 2.5 kB URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/favicon.ico
IP 69.48.153.82:0
File type MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash f4b340c862d53557a370a90bd62a5a39
f4dff7ffc2716cf9b8269acc82d0c10168fa8313
5f1d79fd902804b5a3f0e33f15d8e685b18f3833a7064386bf16287f42fc43bc
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
cache-control: max-age=2592000, public
expires: Tue, 21 Mar 2023 08:07:28 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 2480
content-type: image/x-icon
date: Tue, 14 Mar 2023 08:07:28 GMT
server: Apache
X-Firefox-Spdy: h2
continue.signamzn.id.4zirl53wzprf53.buzz/static/js/3.9e09460a.chunk.js
69.48.153.82200 OK 0 B URL HTTP/2 continue.signamzn.id.4zirl53wzprf53.buzz/static/js/3.9e09460a.chunk.js
IP 69.48.153.82:0
Analyzer Verdict Alert quad9 Sinkholed
GET /static/js/3.9e09460a.chunk.js HTTP/1.1
Host: continue.signamzn.id.4zirl53wzprf53.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://continue.signamzn.id.4zirl53wzprf53.buzz/?sign?info=&vid=64102b3c8650e03fbf050911
Cookie: session=8EX0vHo6ddZJ7xH3eI4zL4WAZYuMm7Y7; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN, DENY
last-modified: Wed, 08 Mar 2023 19:28:24 GMT
accept-ranges: bytes
cache-control: max-age=2592000, public
expires: Wed, 13 Mar 2024 08:07:27 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-type: application/javascript
date: Tue, 14 Mar 2023 08:07:27 GMT
server: Apache
X-Firefox-Spdy: h2