detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 07 Sep 2022 16:37:23 GMT
Age: 57665
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11485
Expires: Thu, 08 Sep 2022 11:49:53 GMT
Date: Thu, 08 Sep 2022 08:38:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 69b2178640638b4eba96ce12799a69a5
38706b536d3425af21189f5a34475ad559b153b1
a7e485971a2d371fb4a9e9425c4199c8b0ecb6ba0a88e83ebb87688e42d18aef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A7E485971A2D371FB4A9E9425C4199C8B0ECB6BA0A88E83EBB87688E42D18AEF"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6036
Expires: Thu, 08 Sep 2022 10:19:04 GMT
Date: Thu, 08 Sep 2022 08:38:28 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 41 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash a3bb58595e81ac5cff6b9ce7e8d6999f
26bd22913c257b20c2aa2166b6fcc02f68814268
ab2ab8b902f5fb39057fed950960263ccff34553fcf254653fa173c63415f2c0
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA19-C1
x-amz-cf-id: KDcftt1z7FaWQww7-M0ihxQDKWE3hWVk3coYk7G0r2rjSS5vCxD1eg==
content-encoding: gzip
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 08:30:53 GMT
content-type: application/json
content-length: 40872
age: 455
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 48ca0beea419a9039591cf1aee5179e0
9e92629f505fcc07aab51221e8fe62197a23e307
630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Wed, 11 May 2022 19:51:39 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 01:22:06 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XbclOxpQIjINzv7CNVWcYaG2xOSKTzx2-kA0aYbQtbsYY-xmJ-6U1w==
age: 26183
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 08:05:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5iQHl3SIp_POvQjCTDNniXrZeGGMczrrRbmVID-r5tkDJ9_QMZy0bg==
Age: 1994
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c7551a3eebbdcbbd5a9814ae242284b6
69da6d84a896ab78bcb75d2d7d9603b134d1a115
8ccf55748ff0496439181367a4431f67eee69e930abeeea89a15a7f95621913e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 08:38:29 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Sep 2022 10:30:14 GMT
Expires: Wed, 14 Sep 2022 10:30:13 GMT
Etag: "69da6d84a896ab78bcb75d2d7d9603b134d1a115"
Cache-Control: max-age=524503,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74765e3f1bd5b524-OSL
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 08:38:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/
63.250.43.10302 Found 0 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/
IP 63.250.43.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish DHL Airways, Inc.
fortinet Phishing
GET /446GH/5104RGS4/cc/ HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Thu, 08 Sep 2022 08:38:29 GMT
content-type: text/html; charset=UTF-8
location: LoginServices/main/login.php?execution=e2s1
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
age: 0
x-cache: MISS
content-length: 0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 02f0434cd0169b15c2610d2db147a0c8
a374bdcb4c18ff7abefb16306afe910346e6be1b
7a70143ab3e753d64ecd44759ad60a0890bd493bec5cad983cd4557a26e0fec5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6429
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 08:38:29 GMT
Last-Modified: Thu, 08 Sep 2022 06:51:20 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 08 Sep 2022 08:38:18 GMT
Expires: Thu, 08 Sep 2022 09:06:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q0EoseMWdu0i9b_GO74h2-A3jl8Kuy6bLJmrjOymtrfCEDmVTsd2Dw==
Age: 11
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
52.35.120.198200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 52.35.120.198:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 08 Sep 2022 08:38:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a81b0f5b5d11bf95fc176833b2f6e808
5b194aa5a8bf3a6b0d117ccfd0f487f6db0587b5
8f6ae83f2b85db7174bbbc6553e2921617b5c8a401315e76082682949a0bd9cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5516
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 08:38:29 GMT
Last-Modified: Thu, 08 Sep 2022 07:06:34 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.162.35.244101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.35.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vj04Fneu9v5XdUsfzQD4Ew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HBv2squRwT9/OHJO225dhr86ZSM=
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221662620235219%22
143.204.55.115200 OK 4.7 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221662620235219%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (22383), with no line terminators
Hash b919d65ccac99478f3a3b91c84ea51b7
c7dea1bcd381a78a8ace03c191bf8d91644670db
f4ba8ba4a04ab629dbc6b11f116031cbd32e0c8e4d000e72b781866687c8a5e2
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221662620235219%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 08 Sep 2022 06:57:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Thu, 08 Sep 2022 08:01:56 GMT
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 08:01:56 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iUVONXof_xgElYf69c2N1_cIqFzOk8RRlbyMcdjqgSAIbx6rAmMAfg==
Age: 2194
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1662554243287&_since=%221653914271178%22
143.204.55.115200 OK 13 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1662554243287&_since=%221653914271178%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 05d9a78a8a2b88cb2692fb833bd62894
25f176efa4515d892e632d95571267bbc8f0a92e
1a82e2608106af8001b72ae71df56b492bf16221e9dc64195113c3a1ba6a1a08
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1662554243287&_since=%221653914271178%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 07 Sep 2022 12:37:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 08 Sep 2022 07:43:00 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _0VX5MUFnnDYetRwuwJ_n6DEUeWZcJvIEWEPK5PabEEBARIzrhHdpg==
Age: 3484
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LKNFharBRpaLopoRhi3oHrGAW2iUz8FfLRia6zQYoDA6IWmjWWGzkg==
age: 17516
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 08:05:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ytd0dUZez7jSu_5NRUHZN7lXsFoGmLxLiDxnzr7SwKAgOPF_FEf4xg==
Age: 1996
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/67600448-6fc2-4f40-bd4a-8687d731734f.bin
143.204.55.5200 OK 796 kB URL HTTP/1.1 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/67600448-6fc2-4f40-bd4a-8687d731734f.bin
IP 143.204.55.5:0
Size 796 kB (795699 bytes)
Hash 9b95765b0e26af76116a95a966d61354
3f7c1b40fc999b83f3696f455402e49ab484b027
34f969c8e082310785ec4262e2d5b58c919d4de856ffc64b3467507f83ac9571
GET /staging/addons-bloomfilters/67600448-6fc2-4f40-bd4a-8687d731734f.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 795699
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 12:39:11 GMT
x-amz-version-id: 9np1boOrxtHVWzMczpbX1a.N_ewQWHDF
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 08 Sep 2022 02:16:06 GMT
ETag: "9b95765b0e26af76116a95a966d61354"
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1JLi8rxKFqHx200T-6yy9DeVKL3g2sLTL5TqRxbaFWmlscgflySjoQ==
Age: 26369
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1662595265893&_since=%221654732864402%22
143.204.55.115200 OK 12 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1662595265893&_since=%221654732864402%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (59437), with no line terminators
Hash 560aed9b73a92e921124c87033ed8aaf
0e98248b1797a143777a2e2e181527eb6a76655c
fbc2af995e8fc188d4fe6e2f239528ee98d944b173f1ab171b1d9b00cf719af7
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1662595265893&_since=%221654732864402%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 08 Sep 2022 00:01:05 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Thu, 08 Sep 2022 08:15:06 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9ToJWwxmnw8bwghrcOPUqamgdIexFA3V9ZfxT4XZinXNvw82DkpjVQ==
Age: 1777
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/login.php?execution=e2s1
63.250.43.10302 Found 0 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/login.php?execution=e2s1
IP 63.250.43.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish DHL Airways, Inc.
fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/login.php?execution=e2s1 HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 08 Sep 2022 08:38:30 GMT
content-type: text/html; charset=UTF-8
location: payment.html
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
age: 0
x-cache: MISS
content-length: 0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 07 Sep 2022 16:37:23 GMT
Age: 57667
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1659924409785&_since=%221652712410939%22
143.204.55.115200 OK 779 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1659924409785&_since=%221652712410939%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (1392), with no line terminators
Hash feb548016d67969c8408dc4afd03a12e
9449c0b40446e2fff553406270b879b40c8bbd2a
4384cca875647f7bf975f9ac51298bbe5e632e54597284d0a6a49971bc8f2798
GET /v1/buckets/main/collections/password-rules/changeset?_expected=1659924409785&_since=%221652712410939%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 08 Aug 2022 02:06:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Thu, 08 Sep 2022 08:07:50 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EEukKqKxIEuMMQklc66kwO0Vaz5faSC0lrKx_z2s4oeht4jdKl3cEQ==
Age: 1855
firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1659924446436&_since=%221650898092205%22
143.204.55.115200 OK 3.1 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1659924446436&_since=%221650898092205%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (8682), with no line terminators
Hash cb546ddfc075945fc3edcc0a08714230
d0c184b28768e0b60712ebfb2a1d7efed49ec5e7
1140ff372948c06d0577eb7a7299c2d95c87b4d47839defef7307486f9f7ea21
GET /v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1659924446436&_since=%221650898092205%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 08 Aug 2022 02:07:26 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Thu, 08 Sep 2022 07:39:10 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IBseH1niakTctiCU4uXNPNW96_MA3bap8PaSNOlyaP-4HbhHeVb1mQ==
Age: 3571
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1661199949574&_since=%221648132005528%22
143.204.55.115200 OK 3.4 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1661199949574&_since=%221648132005528%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (14030), with no line terminators
Hash 9498433bbbcad841ef1b67c31e9e19f7
bc89dbd1261594949ebc09eb0978e22d14fb5c3f
01a250849ba7c6b099e5e2e85059f7657041d3997a5a0118b85aea782aa408b2
GET /v1/buckets/main/collections/search-config/changeset?_expected=1661199949574&_since=%221648132005528%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 22 Aug 2022 20:25:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 08 Sep 2022 08:01:47 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lgF_kNIQLXxVEBpivkjYXT1nKwT6__e-pR4Ypey7jUuiHnJmr4kYDA==
Age: 2226
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
143.204.55.115200 OK 681 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Hash 747f384efea12ce5dab98117b84a36d8
3bfa87d8ca19bf259e1b28f5d8484560bc4aa59f
674580bbd668da2fccee5bd78cd11bdb237a800ec945160353537b15c3e924f2
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 681
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, ETag, Last-Modified, Backoff, Cache-Control, Retry-After, Expires, Pragma, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Sat, 03 Sep 2022 16:36:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 08 Sep 2022 08:11:25 GMT
Cache-Control: no-cache, no-store
ETag: "1662223014803"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _FKCTGxKeQPvlEwDYy4t09B6Ctg0AtIp8usYrSLfC0uQkETX8nPn3w==
Age: 1626
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1656585893704&_since=%221649762862679%22
143.204.55.115200 OK 897 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1656585893704&_since=%221649762862679%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (1710), with no line terminators
Hash 2ef700623eb0b783e8a583fb14fcbb80
c6b6cbb847d3a5e5c6d991c8d6dce6e9b9c902cf
b2a5ecbd87cc70c34c20d9470de54751cc1f48c8945e2239f12874ed35839983
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1656585893704&_since=%221649762862679%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 30 Jun 2022 10:44:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Thu, 08 Sep 2022 08:04:14 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ap2jCGzdUwjqF529iyb6pVPY8PoNaI51ury6-QUiY8BoGdTEOGBs5A==
Age: 2060
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1657747510534&_since=%221654266643527%22
143.204.55.115200 OK 1.1 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1657747510534&_since=%221654266643527%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (2195), with no line terminators
Hash ea7be8630c2ab64565dcf909ddd6b1e9
99b5c68aea2e5c3f498290bca5affa8c4d5ccaee
46a7bd4666db075b42064484105f0381c5cd8ff11ce5a9a555711ad03f83b38c
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1657747510534&_since=%221654266643527%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 13 Jul 2022 21:25:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 08 Sep 2022 08:21:14 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AT8M9wX7HzRFp5Kp1ait0rlMVlVNnoKRDoAkT76aZqwP5jt5JP_aMA==
Age: 1039
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1659547595259&_since=%221653578606314%22
143.204.55.115200 OK 1.4 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1659547595259&_since=%221653578606314%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (3677), with no line terminators
Hash 7c2cf5e6216dc47511f819acd70197a5
f8f556d7600b3e74941bc4d3100463e054879170
0b13a9837661102f8e1ee4647007e78ddff90738b62eeb2df69713ed0c2be6bd
GET /v1/buckets/main/collections/cfr/changeset?_expected=1659547595259&_since=%221653578606314%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 03 Aug 2022 17:26:35 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Thu, 08 Sep 2022 08:01:14 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GJKHLbDDyxNXT_B-14TVTldX9_v1yT4CLhhkjFHVTy6Slxfqvm4adA==
Age: 2286
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1662120887268&_since=%221654636467710%22
143.204.55.115200 OK 6.0 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1662120887268&_since=%221654636467710%22
IP 143.204.55.115:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash dba03ddf7851da36cdc2b05131cbf872
ca311ba9d7961eebf6a3ea78f65a692a19124763
db58fb0ad9aa163d76fb200f682e260173e9226a2d9e22d9b8b6aa740239d4bd
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1662120887268&_since=%221654636467710%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 02 Sep 2022 12:14:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 08 Sep 2022 08:15:43 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PmD1FzZKS9vkD6Xdzz9zqCLEN7zY95WvUJGBHC9grBMOg2M1xwWGiA==
Age: 1396
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
63.250.43.10200 OK 31 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
IP 63.250.43.10:0
File type PHP script text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (23535)
Hash 72efbecc3f71578e02f283c11699efd2
5c1fb94fdb0de8517b41189f320232058b756758
bf309b3076d0d17be526dce2f06b3624f405f7539aaaf66486c170ff9287d082
Analyzer Verdict Alert openphish DHL Airways, Inc.
fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment.html HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-3fe69"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 31071
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1662044085942&_since=%221622732735407%22
143.204.55.115200 OK 5.5 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1662044085942&_since=%221622732735407%22
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (20424), with no line terminators
Hash 4aeeb7e3b8bbe13f0e937ff570f20777
3d30e1983d6ce6126fef50acaae4a41d579b1c09
3f016c7fbcd505500620db2169b0f39282087dc89ba805e479a8ef53d45f10b7
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1662044085942&_since=%221622732735407%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 01 Sep 2022 14:54:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Thu, 08 Sep 2022 08:01:48 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: K5pnh1EJ40NRKHi9HjmU_Q3W79WyFDiP8mt16knZ9yEsFNYRMTLFpQ==
Age: 2225
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32767)
Hash 045079643269515f6ffbe053eba2050e
9546dd8b24e1bd7013c02841004f2caf24386ecf
b68968314ff9e0ecc57a2874d496c07233be5fba22dadcc81da0a3a8dd289112
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12243
expires: Thu, 08 Sep 2022 09:38:31 GMT
date: Thu, 08 Sep 2022 08:38:31 GMT
cache-control: no-cache
access-control-allow-origin: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement
63.250.43.10200 OK 22 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.10:0
File type ASCII text, with very long lines (21656)
Hash feb0bfcbff24183c313aed535b9547e0
4c1124366ec93025ca031eafd3413d9c0b63415b
a2c340dd3914586acfd9e644e15964cb976c43d5d05dd4db674cf70271cac1ed
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-5499"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 21657
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15161
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 08:38:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15161
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 08:38:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15161
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 08:38:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15161
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 08:38:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15161
Expires: Thu, 08 Sep 2022 12:51:12 GMT
Date: Thu, 08 Sep 2022 08:38:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 124a0c0a970006aa660031b5e0ec70d9
3dcd7b5ca2cc9ab604df554b341d1e08bffaa3d7
14c5c6aaf110c123037eb860ecc9d386d46af55fe54cb50f9d1ad430f7e0c516
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74f48f7-6138-4042-9b4c-f63bb036324f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11972
x-amzn-requestid: e71daf97-7463-492d-b55a-0eab022d8b05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0nI2G1tIAMFk2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311b89e-7d6c6d1769649d371c505453;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 08:02:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fOWoYZ9FyUKt55cLxVvwCBhX0DzsF2yPaX2Y6USE6OZcNFe3lWyOHA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 04:58:50 GMT
age: 13181
etag: "3dcd7b5ca2cc9ab604df554b341d1e08bffaa3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c870cb13eb9cbc6e3cb66814dc06a157
b469f24dbfe01ee68650ef1b0abd6badb83e3325
d4dc98f6d2d86a94c85056797a4efd9ab938651fb06bf421c661b78a5c9d9319
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F703333f6-0141-4f21-97c4-c72f35090252.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4570
x-amzn-requestid: c8acc548-6455-4951-9ca0-245a1c3bdf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VYGwEoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f55-58f59c61714ed9761d39c8b4;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UiG7UKRQy_MGckOpAsfoV4PUZZ2o8ko7Q6hqeYlzo5XS0874Cf2gxQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
etag: "b469f24dbfe01ee68650ef1b0abd6badb83e3325"
content-type: image/jpeg
age: 36325
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 675756a44be6f9bbe341fa4c866c941b
6502050805e53baeb44d82e55d4b15b82e34d2eb
cd1d16b5feefddfd89ac4bfcff21e80c49f07b0428aa57e8de365974f813e755
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faea8d298-d4be-46a2-9c14-670bdae204cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8820
x-amzn-requestid: e2c909d0-f781-48e6-805e-a43940e67c4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG_LpG1OIAMF_8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6319124a-37f3458a2905bd947cf01f93;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:51:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: xZfSJCNKiAOumLXDwm496KBZqoY1FtqF6T6GkMAdHCJ3Ikq0brbdjw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:51:13 GMT
age: 38838
etag: "6502050805e53baeb44d82e55d4b15b82e34d2eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cd778a615e9a4ca3a25119790398434
d6daca74fc85d39274b3c7536f34528bef93ae97
e6b5a7a525e314e09c30985b22da7c34806df09cbe98ad52b00dcbf93a0dc054
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7251
x-amzn-requestid: 26b2021a-4440-47ce-8dba-d971cae60cc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bmHcmoAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-5471edce7de2374c3b8af888;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: d3MrDEyDFDylQKyfxONQ12_7IBvRAg8o0rSZ64WNRGNvDHqQyDmqJA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:16:27 GMT
age: 37324
etag: "d6daca74fc85d39274b3c7536f34528bef93ae97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 036db462684c81e3906433a0d2929eb8
7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d
a252f30f9239f6a343b23c9d3e1d1b7460c5ee5a592d3372bf124760baa6e657
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8246
x-amzn-requestid: d1a11f7f-22b7-4fc1-b33d-402e5bc3af33
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgEx4oAMF-pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7305dd7653fe38c9445e02a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: INlZ1UklE6G7_1AYLBLEjbENrWoRgkYHLiL4w_QVx7tRA3jepd_eXQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d"
content-type: image/jpeg
age: 38996
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca5b5d4ac26d97b5729a30ecdc688bc
3e633bc6c4ab9adfe84899e5209d73bef1d097eb
2c8275d1819d933f86df9685b76aea030842ba5a341c59ea88ffd2da99a5a3d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7885
x-amzn-requestid: 305dc6b7-eb3d-40ad-af89-8b60be935637
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThE3DIAMFRtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7c0b58644e26de7f27c5b388;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ry2D03udnweYHan_7KhC9IDhT01g9_73G40Fa10BdIX21tgK0Cgjiw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "3e633bc6c4ab9adfe84899e5209d73bef1d097eb"
content-type: image/jpeg
age: 38996
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
63.250.43.10200 OK 64 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
IP 63.250.43.10:0
File type ASCII text, with very long lines (1073)
Hash b789b66072966d4e2bf3a08672cb7642
471665d13b325d1cc6e0fbbb942e7c12f76f1b7e
ff31c0119b662b5a86d4b2eb946540720b776896dbe1957458bfbac33afb7a18
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-88e83"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 63451
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Thu, 08 Sep 2022 09:38:31 GMT
date: Thu, 08 Sep 2022 08:38:31 GMT
cache-control: no-cache
access-control-allow-origin: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Thu, 08 Sep 2022 09:38:31 GMT
date: Thu, 08 Sep 2022 08:38:31 GMT
cache-control: no-cache
access-control-allow-origin: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Thu, 08 Sep 2022 09:38:31 GMT
date: Thu, 08 Sep 2022 08:38:31 GMT
cache-control: no-cache
access-control-allow-origin: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Thu, 08 Sep 2022 09:38:31 GMT
date: Thu, 08 Sep 2022 08:38:31 GMT
cache-control: no-cache
access-control-allow-origin: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/erkennen.css
63.250.43.10200 OK 5.6 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/erkennen.css
IP 63.250.43.10:0
File type ASCII text, with very long lines (2457)
Hash 26558f04a6c7e9053e0da71e58cda103
9f807600b7addb860461fa00d203f31068396803
53f0d5d976b921a8224c5a57403ab10df9f32f19461dc02dfffccd724b30f03f
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/erkennen.css HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-53f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 5631
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/translateelement.css
63.250.43.10200 OK 3.7 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/translateelement.css
IP 63.250.43.10:0
File type ASCII text, with very long lines (18670)
Hash 3d3127a7ab9410ff525f50ba7c06ed99
c241bd61f31f77955718b3ce17e29ace70f7d872
634410d55e741e42df8153f697c7b19e29a5471f4086834c4cff519bcac82a1b
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/translateelement.css HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-4924"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 3655
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
63.250.43.10200 OK 424 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.10:0
Hash fdce384554b54fc84cf5a6e63c5400b5
19ad5cdca72ca135dc4570263fb108a777c05d9f
69737963f9075b7507ac38ef01bb14fe4d31346c2e3c6ed5d9113227d06c2ffc
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-1a8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 424
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/priv-app.min.css
63.250.43.10200 OK 14 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/priv-app.min.css
IP 63.250.43.10:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c18a74da7bfbd64228d0e40b3663acbb
8b264088dee610b86540d7c48302d16b9af2f264
ef14fb994147c63dade55223777545386ed5e1c893da050b4451bf6589042e8d
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/priv-app.min.css HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-1c206"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 13543
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/rating-play-store.svg
63.250.43.10200 OK 352 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/rating-play-store.svg
IP 63.250.43.10:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (512)
Hash a985b92e3e641067165f2eb78ea718ba
7a729c1e3783f9c1a5c7749e4d4c37a9425e6825
81f4d7446d13d36b1e800ea4a27b6bd7c416e8d9f3f1c71992bca10029cee732
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/rating-play-store.svg HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-388"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/svg+xml
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 352
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/dhl-official.svg
63.250.43.10200 OK 729 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/dhl-official.svg
IP 63.250.43.10:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2040), with no line terminators
Hash 9cccd6be17d0f07106cb82bbf2f4e5d5
36edea421a0998700cb5e477c9d799db82f4b58c
47e4312df8c95c39415069608eea358cfcb6037c1ca20621b86fb39b5a906b76
Analyzer Verdict Alert urlquery Phishing - DHL
fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/dhl-official.svg HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-7f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/svg+xml
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 729
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement
63.250.43.10200 OK 1.2 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.10:0
File type ASCII text, with very long lines (1069)
Hash c7e37321f2007e9d4fa2ced810a759fe
b746a175e31aecae3e43d732e843e659d504f69a
eeccbba85ac9c53063db157f07849f8c9cbd34cab10468c849a96e1ca6aca4f7
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-4c0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 1216
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/dhl-group.svg
63.250.43.10200 OK 3.2 kB URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/dhl-group.svg
IP 63.250.43.10:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (724)
Hash 6caf160a09ea5de713e872ff5faf67a3
7b0e6b7fb3f394f3335e64992c46ee4c7baa515b
73a6af918932de87dd2eeb7672c37fcba95b5d2bc56d6852083b1c38a0410e8e
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/dhl-group.svg HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-220b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/svg+xml
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 3240
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg
63.250.43.10404 Not Found 146 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg
IP 63.250.43.10:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 08:38:31 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2
63.250.43.10404 Not Found 146 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2
IP 63.250.43.10:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2 HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 08:38:31 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2
63.250.43.10404 Not Found 146 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2
IP 63.250.43.10:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2 HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 08:38:31 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff2
63.250.43.10404 Not Found 146 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff2
IP 63.250.43.10:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff2 HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 08:38:31 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png
23.14.14.78200 OK 1.1 kB URL HTTP/2 www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png
IP 23.14.14.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f40dea218a7cd4ed03b5daadb04b7d36
548c19b793a4af9adc647206a9e5a34866067e73
97d10bb1dd52bf50f217b414913db126771d4d2cb96439054891d0b0e08667ac
GET /etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png HTTP/1.1
Host: www.dhl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 14:04:05 GMT
server: Akamai Image Manager
x-serial: 1409
x-check-cacheable: YES
content-length: 1130
content-type: image/webp
cache-control: private, no-transform, max-age=43200
expires: Thu, 08 Sep 2022 20:38:32 GMT
date: Thu, 08 Sep 2022 08:38:32 GMT
set-cookie: akaalb_wwwdhldealb=~op=www_dhl_de_alb:wwwdhlde|~rv=84~m=wwwdhlde:0|~os=06f548fb0da0a4ee62020bebc018f01f~id=bc9db68993a09cde79b1dae1f00f6cac; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png
23.14.14.78200 OK 128 B URL HTTP/2 www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png
IP 23.14.14.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 16x16, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 08ccdeda510b580a3756d7b8c6cbd09a
30bb5c6b60d96da7a33f585b8498993a796381dd
f7ce4c35e81a5cd1ea2fa5c2d0d4fa47735f33d88812bb5af0b9c8e0d8f2355d
GET /etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png HTTP/1.1
Host: www.dhl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 14:04:07 GMT
server: Akamai Image Manager
content-length: 128
content-type: image/webp
cache-control: private, no-transform, max-age=43200
expires: Thu, 08 Sep 2022 20:38:32 GMT
date: Thu, 08 Sep 2022 08:38:32 GMT
set-cookie: akaalb_wwwdhldealb=~op=www_dhl_de_alb:wwwdhlde|~rv=68~m=wwwdhlde:0|~os=06f548fb0da0a4ee62020bebc018f01f~id=20a9b59250663c68b4a9f4303b437310; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff
63.250.43.10404 Not Found 146 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff
IP 63.250.43.10:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 08:38:32 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff
63.250.43.10404 Not Found 146 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff
IP 63.250.43.10:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 08:38:32 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff
63.250.43.10404 Not Found 146 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff
IP 63.250.43.10:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Sep 2022 08:38:32 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
63.250.43.10200 OK 0 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
IP 63.250.43.10:0
Analyzer Verdict Alert openphish DHL Airways, Inc.
fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment.html HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-3fe69"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
content-length: 31071
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement
63.250.43.10200 OK 0 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.10:0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-5d44b"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 382027
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement
63.250.43.10200 OK 0 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.10:0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 07:26:40 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-8405"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 33797
x-cacheable: YES
age: 4310
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement
63.250.43.10200 OK 0 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.10:0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-1e086"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 123014
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
63.250.43.10200 OK 0 B URL HTTP/2 azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.10:0
Analyzer Verdict Alert fortinet Phishing
GET /446GH/5104RGS4/cc/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azt0l0fl0balst0r0ck-baca12.ingress-baronn.ewp.live/446GH/5104RGS4/cc/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 04:11:18 GMT
last-modified: Tue, 06 Sep 2022 16:36:49 GMT
etag: "63177721-54617"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 345623
x-cacheable: YES
age: 16032
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2