r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7893
Expires: Thu, 09 Feb 2023 13:53:49 GMT
Date: Thu, 09 Feb 2023 11:42:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9785
Expires: Thu, 09 Feb 2023 14:25:21 GMT
Date: Thu, 09 Feb 2023 11:42:16 GMT
Connection: keep-alive
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/index.html
3.5.160.117200 OK 1.3 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/index.html
IP 3.5.160.117:0
File type HTML document, ASCII text
Hash e32d357e49426ec042f2e60a94f97308
a6cde43b0f337829815871d1f9805ddbafed00d1
0ecfb55c78311412c8ad0390a7ff76ae05ffaa1dd6315433407232d8ea5691b5
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/index.html HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
x-amz-id-2: 3+cQ14fcjGu86G3+DUG2dZ36aZP1IYMPlMbRMwTKG5MH/sjHQStcUc9Qj8kC6ZTZwCtEBkP1ksNUo+5vDTTcgg==
x-amz-request-id: 4ZE0YX35F1VQ1ZCW
Date: Thu, 09 Feb 2023 11:42:17 GMT
Last-Modified: Thu, 09 Feb 2023 11:21:52 GMT
ETag: "e32d357e49426ec042f2e60a94f97308"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 1258
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 11:34:15 GMT
content-type: application/json
age: 481
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3026
Expires: Thu, 09 Feb 2023 12:32:42 GMT
Date: Thu, 09 Feb 2023 11:42:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: G4oR/b7MIKCnRBpC2ZEBZjI6fY14ywFicltjzU7lSLqaCNrVS1rCCD3AZIDn2KWHe46kQ0W82NfSfJiN9RR48Q==
x-amz-request-id: HVXQ6E65K995D6QM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 11:36:21 GMT
age: 355
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 11:42:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8ba328ca1dafc69ce7b7537cdc89616d
7ff4ddc85601ddb20d852b3b70e152ebb63e439d
27a975bedc82774262e4da67a21436afb618fc1ba3a9a29ca78401e812266929
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5119
Cache-Control: max-age=145930
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:17 GMT
Etag: "63e45f24-117"
Expires: Sat, 11 Feb 2023 04:14:27 GMT
Last-Modified: Thu, 09 Feb 2023 02:49:08 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4176
Cache-Control: max-age=121943
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:17 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 21:34:40 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5ffe2eb0e50b43feec0524680c7ae384
b9655f47efc2ff87dbd3eb1d413d148d6954c283
11be4a2592e47c488994b450e50b8f7fa7b351df788fa168ad6dd9d0649c8148
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5480
Cache-Control: max-age=112784
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:17 GMT
Etag: "63e3dc41-117"
Expires: Fri, 10 Feb 2023 19:02:01 GMT
Last-Modified: Wed, 08 Feb 2023 17:30:41 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
104.17.25.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (32180)
Hash b1e4b2a99336201b37fb8cea5d57abb9
d57980f0d0eaaf57ec33ddc9ed027274cfa86027
c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 11:42:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 21389725
expires: Tue, 30 Jan 2024 11:42:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gT1s72qecQuuQeHoAGIMYHXDo3UryXGuc5ZxgbK3rxEOO%2BWqka97nGK20lM%2FpwF%2FprzEWoufuCb0BxDVoPU4G9zBY6uAXnI6lW5%2B2272dahLtQg2RHRf6b9%2FJk8tN1xwxtFnL5T7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796c573ddf17b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
3.5.160.117200 OK 37 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
IP 3.5.160.117:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash b6401df09aeb6b3ca2b978f23e682c5a
a439902363e4cb82249dcb9ad24ee9c9fbd0a351
185e59c96996c2d0e4b2bbd04ecc06c0f45a657b3a78101a8a4eef1d2cd553a4
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/index.html
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
x-amz-id-2: FQG2X8UJvdxXg8boWHnS4l8DhbZb+mILY48uGf3uFlKWnqbQJbRdSUj4WTt9V0CM7/yj6bgNHat1b9Ll9bBmIQ==
x-amz-request-id: EP2CXFCBVQM3Z82V
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:52 GMT
ETag: "b6401df09aeb6b3ca2b978f23e682c5a"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 36666
www.googletagmanager.com/gtag/js?id=UA-93923346-3
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-93923346-3
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash ebcb84bca3d8ecbca04864b515e953ab
2f3e8d1a956d22f7ecfd32cd71d36a1f17746155
936924b539b68fba3155993f6e809c788897a74160a1638df6186b8ce5147dd7
GET /gtag/js?id=UA-93923346-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 11:42:17 GMT
expires: Thu, 09 Feb 2023 11:42:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45178
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4199
Cache-Control: max-age=121966
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:17 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 21:35:03 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
104.16.87.20200 OK 25 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 104.16.87.20:0
File type ASCII text, with very long lines (65326)
Hash 5a5d42310e2d19a275e373e5037daf29
6dd9c2f13d5b8c13f30fc74ef0e18bac17137e93
e88be94b28a7c513555303e5e0db813fd18c69fd3c32e7c83014d7c9d55f2492
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 11:42:17 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
x-served-by: cache-fra19138-FRA, cache-cdg20754-CDG
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 12399501
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDwO%2B0T9L8AkPh5dQPmuWxhGz6yCUvVxO5iX01NQUvOwaxC6vMmqnUJDj%2BiVEPPERuWSImvmfrjS1GW81aX7UugFlAVoLEVNjDen43yNERZFV3NIW4ohKVvib7Wv9D7UfLk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796c573defb8b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8ba328ca1dafc69ce7b7537cdc89616d
7ff4ddc85601ddb20d852b3b70e152ebb63e439d
27a975bedc82774262e4da67a21436afb618fc1ba3a9a29ca78401e812266929
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5119
Cache-Control: max-age=145930
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:17 GMT
Etag: "63e45f24-117"
Expires: Sat, 11 Feb 2023 04:14:27 GMT
Last-Modified: Thu, 09 Feb 2023 02:49:08 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.11.207200 OK 10 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (27303)
Hash dfa042223d2343b4d7eef352e1d923a7
168f23d0657d20366efee6e34f83c1da73e710a5
06ff3e354cbcb3165b9ddc0b9a056ee58ea0008db224600afa7c3f6729bd1a1a
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 11:42:17 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 21387185
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 796c573ddeffb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 10:51:21 GMT
age: 3056
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/main.css
3.5.160.117200 OK 12 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/main.css
IP 3.5.160.117:0
File type ASCII text, with CRLF line terminators
Hash 59485662ad8c31d0ce044d507ae1f9e1
0255cc6cc44f789e19f739c7ce097115cc0926c7
c9cbd7b75903aa6a60256e1b6d0303e292132c132b87b23864a16b293764fddd
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/main.css HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: 88uBNVtc4LdoMIDt8NklPEvEz0N4SzezzTsVeUaKogrW/9VX4hHHX81IDZS4xald2ThvWcoMPGfJR8vtHoUjBA==
x-amz-request-id: EP27T7FAAY5RK3RS
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:17 GMT
ETag: "59485662ad8c31d0ce044d507ae1f9e1"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 12081
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/before.js
3.5.160.117200 OK 366 B URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/before.js
IP 3.5.160.117:0
File type ASCII text, with CRLF line terminators
Hash 87c2dc3aeb373ca8445f7410ef387689
688f4be3cfb8688b4441f382724495a7b82b3f62
31681779c6f394370dad146169896e9ec2b8f7c716c4b1db78c459033e48bf95
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/before.js HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: 04w5TEfiIDjUwbQa8WVxcEhlGSrKfxx/6lMjZBXLgz4rQY/GHNqaskfRaaJAzCq5Qnwc1E1bF+SVIbhyGfqr5g==
x-amz-request-id: EP2CZ48WHHAPT1JT
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:56 GMT
ETag: "87c2dc3aeb373ca8445f7410ef387689"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 366
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/main.js
3.5.160.117200 OK 1.3 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/main.js
IP 3.5.160.117:0
File type ASCII text, with CRLF line terminators
Hash feee4ae71d078d42a5da82ab704f2238
79b33b7b11bb68db03ebbb2f0fbe4bfda5566c8c
8d5d7f0a7361ea45135e12c3f9b4a9249abd119d0df47d83c765c2389410c389
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/main.js HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: 3xwnREZhXBPIww0NfAAKzyRcbGOlgk7T0jiEQjNQBFLaS+z3HVQ+MHMTVVpEUdVci3bU/vCuAUWa1fVYYoG9YA==
x-amz-request-id: EP275M62ZS40EEQD
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:24 GMT
ETag: "feee4ae71d078d42a5da82ab704f2238"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 1290
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/fullscreen.js
3.5.160.117200 OK 245 B URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/fullscreen.js
IP 3.5.160.117:0
File type ASCII text, with CRLF line terminators
Hash 62f519fe72808a3ec681392b7ff47417
2ee16112e35feb9d6d48ae0f4e66187514dec811
43703d37b8fe2769cb2e12db7aa281dbcca175124d05ff4b0cc3d152534698a4
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/fullscreen.js HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: BDe/ruG4Lqslg9l9s2YWVFYlCT80nycHhU1JcdezTM8Nl4SBl1S0dPZP5Msl6fFjPTSj06hCnor0QitPOTCs5A==
x-amz-request-id: EP26EZR5WM4SY3PX
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:05 GMT
ETag: "62f519fe72808a3ec681392b7ff47417"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 245
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/light.js
3.5.160.117200 OK 503 B URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/light.js
IP 3.5.160.117:0
File type ASCII text, with CRLF line terminators
Hash cd6c33fbc221d0271c910af910e6ebed
9b52f24d6f10b885bb19db1c4b531469f96d2914
318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/light.js HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: cuCvmaiUzWRdHiex8bdKwt2zHhLjd1HaYehVcyP5+r8vgk+jpPm6cY3/hOcvMZEkRE6miu0Q3s2mmjpyTc7Inw==
x-amz-request-id: EP2DMHZKE86K5PVP
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:14 GMT
ETag: "cd6c33fbc221d0271c910af910e6ebed"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 503
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/setting.png
3.5.160.117200 OK 364 B URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/setting.png
IP 3.5.160.117:0
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/setting.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: god0Zx81mQJP+PGgD1uyyDxUBoKR7VIBFm3atvaTmUiD8flp1i48yabfuaoq4hY1Xv9HJNDyzZpGMJaDCHLuIQ==
x-amz-request-id: EP24MQDDXVT28MCR
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:04 GMT
ETag: "e144c3378090087c8ce129a30cb6cb4e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 364
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/pc.png
3.5.160.117200 OK 4.9 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/pc.png
IP 3.5.160.117:0
File type PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Hash cc5132b56ba46b03dd998aa1fe220106
403e007a0b17d76a9945fa5ec46a9d01733b3040
598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/pc.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: 5dEzVE98jBpn8xLBP7mO5AHAz4lFW5JOu6IPn2/xV0pqbfvElBwlAtkYPZ2vBzqlZxDXGqFVjS/BkS91xoy43A==
x-amz-request-id: EP28HJWN2RR63TJ6
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:28 GMT
ETag: "cc5132b56ba46b03dd998aa1fe220106"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4949
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/def.png
3.5.160.117200 OK 3.8 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/def.png
IP 3.5.160.117:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/def.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: M1YlPIw8mxYvXZnnrU7aG0zpjmd0ysX1ZEBd4o5WkPbgo2u4isf04k4/J5CPAYrgKcUjT5cbKbfAc18tCJYdOA==
x-amz-request-id: EP23SCG4B30R79N9
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:11 GMT
ETag: "77a2ffc5545f87551d74781201de9b3b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 3834
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2828
Expires: Thu, 09 Feb 2023 12:29:25 GMT
Date: Thu, 09 Feb 2023 11:42:17 GMT
Connection: keep-alive
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/minimize.jpeg
3.5.160.117200 OK 2.2 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/minimize.jpeg
IP 3.5.160.117:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data
Hash 1ba392dce74f8987dca48bf65d817c8f
db0b8444c46125105b52f272bd422a7f52da1f72
a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/minimize.jpeg HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: 8ydRJ0GcfVX28GkzXe7WDuQWaEojX0T9ph22JwWX/ur+5Q0pdMbZGnwcrxtQ7dhELM+dNdj+9zcGmn1AFLuBzw==
x-amz-request-id: EP29CSS8KNN6E13X
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:31 GMT
ETag: "1ba392dce74f8987dca48bf65d817c8f"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2247
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
104.16.87.20200 OK 31 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
IP 104.16.87.20:0
File type ASCII text, with very long lines (65299)
Hash 23fa3efa6a487a239103bacdf656e9e7
b2108e71e89c2aedb3b7cd509c67a5ddf1ca0170
6a4f87f61c38317b26933821bd1676735445b0a1b457a642256f60c02470faf3
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 11:42:17 GMT
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
x-served-by: cache-fra19128-FRA, cache-itm18834-ITM
x-cache: HIT, MISS
vary: Accept-Encoding
cf-cache-status: HIT
age: 4815342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CPk2wUMMtC8NL4%2BrqjMxtALEmXNmVpDtGJ84J9G16cZNGc82ra3M%2BfO9LqJs6F9Tn9TBd8%2BUQN9G7Y2%2BqMUfdRvtR3aBe8euclLXgEYNtEtTOOuVe%2Fo%2F5Rm5d1Ne1JyBlmI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796c573e485bb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/microsoft.png
3.5.160.117200 OK 1.0 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/microsoft.png
IP 3.5.160.117:0
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/microsoft.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: 5P8DCWE+GE0iP/IQLjYaTmptmLmiNsNxMsVsYRNqvUcyf9GXdleCnfzfOEgxoHrULJtZ6/tLcb/swTl6m3G0YQ==
x-amz-request-id: EP222KZDGRHEND4D
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:16 GMT
ETag: "bf2b460590fbb9d8e9611a6e9006b816"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1045
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/virus-images.png
3.5.160.117200 OK 33 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/virus-images.png
IP 3.5.160.117:0
File type PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Hash 68c7d1836cf921e767b980e8ce6d845b
395fc474214809b1282fc589e4a8f0be81b16adc
870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/virus-images.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: EbucbOcesf8mo73C/HObMuBKYqkCZ6G0Msw9GsKDaMX4k2BDeXulajEr5sHkR6M+bAZZctUAxPXjaOZpT3VIWg==
x-amz-request-id: EP2411T52TZXA8NW
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:47 GMT
ETag: "68c7d1836cf921e767b980e8ce6d845b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 33366
push.services.mozilla.com/
54.186.236.115101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.236.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +1hSAq7+n1bo1YCv0/kBIw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eu1FLx3bIYR6bFfn9EbPWN5I6mg=
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/cross.png
3.5.160.117200 OK 44 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/cross.png
IP 3.5.160.117:0
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Hash 4487a588bf2a07e3d1936d705c5ceefd
db193b3e2ab9fbee6eae99ced2366b1ef5f16971
3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/cross.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: eadvMKqBoChMclQ6+kimNqErtKqfWpF43tOCFKcD5ptvfp6Im2ucJwTDNQU7ehA1HGbfYhmSu2n9SUiEvOKRIA==
x-amz-request-id: EP2DS3P39ARTG5EM
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:30 GMT
ETag: "4487a588bf2a07e3d1936d705c5ceefd"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 44098
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/que.png
3.5.160.117200 OK 349 B URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/que.png
IP 3.5.160.117:0
File type PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Hash 7454c652e0733d92de6c920c2d646ae0
34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/que.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: IOzREf0w0kIib7IahD1vFe4LseRCyKiUEJ0Xk1S8owefjJMllZjkZdVJmjkY9oQBLMIqimhyF+/Pxe8rXtbOzg==
x-amz-request-id: EP24RRFJETWRXJ1X
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:51 GMT
ETag: "7454c652e0733d92de6c920c2d646ae0"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 349
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/bell.png
3.5.160.117200 OK 1.1 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/bell.png
IP 3.5.160.117:0
File type PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Hash a3555871399f1f67bfacaf437974b03a
b6337de87cd7a75a73cd804774651d14c83fe76a
2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/bell.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: ge9Zt4/GH5Fu5S55jYQ9M4VUgXZN8xOXCG3OFTNlLL/mbzbRCcEkEx++OkDDm6gcPbKt6Tzle9RgnHnIeN4jWQ==
x-amz-request-id: EP27WNC93QQTQB9R
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:52 GMT
ETag: "a3555871399f1f67bfacaf437974b03a"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1108
region1.google-analytics.com/g/collect?v=2&tid=G-7JSG9DFFFZ>m=45je3280&_p=769487112&cid=1741400412.1675942996&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675942996&sct=1&seg=0&dl=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2FAmC00FrdEr00d0FF808Err0r8Ami07%2Findex.html&dr=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2Findex.html&dt=Security-Center-Code0x268d3%20Services-Er00ffError0Amr07&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-7JSG9DFFFZ>m=45je3280&_p=769487112&cid=1741400412.1675942996&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675942996&sct=1&seg=0&dl=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2FAmC00FrdEr00d0FF808Err0r8Ami07%2Findex.html&dr=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2Findex.html&dt=Security-Center-Code0x268d3%20Services-Er00ffError0Amr07&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JSG9DFFFZ>m=45je3280&_p=769487112&cid=1741400412.1675942996&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675942996&sct=1&seg=0&dl=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2FAmC00FrdEr00d0FF808Err0r8Ami07%2Findex.html&dr=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2Findex.html&dt=Security-Center-Code0x268d3%20Services-Er00ffError0Amr07&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
date: Thu, 09 Feb 2023 11:42:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/virus-scan.png
3.5.160.117200 OK 26 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/virus-scan.png
IP 3.5.160.117:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 2c497dfff84bd8c5af9254c9d6278ce1
667e72e7ba6f00a54629e28133317022d4b59af6
b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/virus-scan.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: N06TvmIHxmoy3plb4/UZ0Mpp4w38OxG710674n7LU6I4TDmmhCEyGVofCkGBnEEpQcRg2Fi6WNzoPmzAY8QKUw==
x-amz-request-id: EP2F7R2Q8V6E09VQ
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:25 GMT
ETag: "2c497dfff84bd8c5af9254c9d6278ce1"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 25871
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 09 Feb 2023 09:44:09 GMT
expires: Thu, 09 Feb 2023 11:44:09 GMT
cache-control: public, max-age=7200
age: 7089
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=769487112&t=pageview&_s=1&dl=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2FAmC00FrdEr00d0FF808Err0r8Ami07%2Findex.html&ul=en-us&de=UTF-8&dt=Security-Center-Code0x268d3%20Services-Er00ffError0Amr07&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAUABAAAAACAAI~&jid=1894497933&gjid=1865086349&cid=1741400412.1675942996&tid=UA-93923346-3&_gid=340204748.1675942997&_r=1>m=457e3280&z=93214977
142.250.74.110200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=769487112&t=pageview&_s=1&dl=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2FAmC00FrdEr00d0FF808Err0r8Ami07%2Findex.html&ul=en-us&de=UTF-8&dt=Security-Center-Code0x268d3%20Services-Er00ffError0Amr07&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAUABAAAAACAAI~&jid=1894497933&gjid=1865086349&cid=1741400412.1675942996&tid=UA-93923346-3&_gid=340204748.1675942997&_r=1>m=457e3280&z=93214977
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j99&a=769487112&t=pageview&_s=1&dl=http%3A%2F%2Fhgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com%2FPT7445%2Bcopy%2B2%2FAmC00FrdEr00d0FF808Err0r8Ami07%2Findex.html&ul=en-us&de=UTF-8&dt=Security-Center-Code0x268d3%20Services-Er00ffError0Amr07&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YADAAUABAAAAACAAI~&jid=1894497933&gjid=1865086349&cid=1741400412.1675942996&tid=UA-93923346-3&_gid=340204748.1675942997&_r=1>m=457e3280&z=93214977 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
date: Thu, 09 Feb 2023 11:42:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/favicon.ico
3.5.160.117403 Forbidden 255 B URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/favicon.ico
IP 3.5.160.117:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 2b11aebce630095741bb5dd83de0e866
19e572f9ba937a24c689248bad42008bfb1935c5
190d632354be2d0c69438d97322a80f970128321496b6429ea0cb942581bad51
GET /favicon.ico HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
Cookie: _ga_7JSG9DFFFZ=GS1.1.1675942996.1.0.1675942996.0.0.0; _ga=GA1.1.1741400412.1675942996
HTTP/1.1 403 Forbidden
x-amz-request-id: R92M2PQGVD1FD785
x-amz-id-2: rgrj8qIgVaXby0MQnMlQseLSNCkAhFsskFqn3ynMMILgiR8VoMttqfgNbuSFmAAJIzE9Db+B3sebd4v25s+cRw==
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Thu, 09 Feb 2023 11:42:18 GMT
Server: AmazonS3
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-93923346-3&cid=1741400412.1675942996&jid=1894497933&gjid=1865086349&_gid=340204748.1675942997&_u=YADAAUAAAAAAACAAI~&z=892790066
64.233.165.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-93923346-3&cid=1741400412.1675942996&jid=1894497933&gjid=1865086349&_gid=340204748.1675942997&_u=YADAAUAAAAAAACAAI~&z=892790066
IP 64.233.165.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-93923346-3&cid=1741400412.1675942996&jid=1894497933&gjid=1865086349&_gid=340204748.1675942997&_u=YADAAUAAAAAAACAAI~&z=892790066 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 09 Feb 2023 11:42:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 11:42:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8507
Expires: Thu, 09 Feb 2023 14:04:06 GMT
Date: Thu, 09 Feb 2023 11:42:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8507
Expires: Thu, 09 Feb 2023 14:04:06 GMT
Date: Thu, 09 Feb 2023 11:42:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8507
Expires: Thu, 09 Feb 2023 14:04:06 GMT
Date: Thu, 09 Feb 2023 11:42:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c1f5626e7ff7e681468c3c5820f3633
a8bb267f929b734a53b3dab0283c717270f6eb43
38d81274cc9f71f149091f72494c74872d99909c69d612a595c930c4755c4da3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 1b0f88cf-460b-4ed2-8235-86c9e3e3ff93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffW2uG3LIAMF3cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d604f7-42e5c38315bdbd47615985b6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 05:32:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nfLYmz3SEBzBp32-FDPDF-rqh4-pAjLixYD4abVqF5fl3awttBNRUA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:47:56 GMT
age: 46463
etag: "a8bb267f929b734a53b3dab0283c717270f6eb43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 07:45:45 GMT
age: 14194
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee0a4c-d2ba-4c9d-8ba5-2b4c94c98035.png
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee0a4c-d2ba-4c9d-8ba5-2b4c94c98035.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5d772db4ded57c20c60afa587324afe
caaf5472af022dfc83c5cc7d0b304083f72b9a93
30b95ed40ca5da3155a6d25132d69956fb7be65aa001d993e581efc0a9044b7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee0a4c-d2ba-4c9d-8ba5-2b4c94c98035.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5878
x-amzn-requestid: a1edb6b2-0c7f-4f40-8eef-df9dbf08d568
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwCqJG3jIAMFqtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb173-20d3fbb92ec206647c246811;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: eOZ5iNdAnB7j0uVon7VG7FcOw1V8MjDbecd6_2trxcVN-id_hLZ84Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:12:24 GMT
age: 48595
etag: "caaf5472af022dfc83c5cc7d0b304083f72b9a93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc04429b-38db-4e0a-96bf-5a6d2bc7e8cf.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc04429b-38db-4e0a-96bf-5a6d2bc7e8cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b42802dc628e38e9631a01b6320040a
c83355f0828815ecbff47d8195d2deed8077e368
d0f093b1769b568a5d68ada359eadfd1ab3360488a20e1deeb99b0a51b649441
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc04429b-38db-4e0a-96bf-5a6d2bc7e8cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11256
x-amzn-requestid: fc079b98-a94a-4945-8e51-9b5941fda799
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8SEOMIAMFomA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb381-72b83330325d280821ecf4c1;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tlIxKyJ3tqYVM667Uz4n2OHk2eiLer2Nc7bnFKqJUZcYDoPqjRlagQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 19:24:56 GMT
age: 58643
etag: "c83355f0828815ecbff47d8195d2deed8077e368"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10fd2f55fa0cfb8616ded6ddc2bb511a
996ed68f1b9770a19a97f6c8d359e338b8c8b3ca
e552d31a5e531386b9830bb58486f09bfcb3400676f726f93fdbea08336a09da
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3599
x-amzn-requestid: 658f8678-b67d-4f98-b728-cf9cbad3aa86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ABI38GUpIAMFY0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e38832-2ab19d0f2345fc7515775298;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 11:32:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oBM94J-bP0KLv3VUKHBQcndevBxzLc1rQ27Mc4Z_C-CGOyCH_FlKDw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:14:59 GMT
age: 48440
etag: "996ed68f1b9770a19a97f6c8d359e338b8c8b3ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82ed633b05ccadc8b87e83413641f1ef
aafed39990cf6a3391d53355085d816167a500fa
c9202e36b231d0a9a9cba1ff8f570e5b0fbba215eb6b28e3989fd442ee7f5835
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8717
x-amzn-requestid: dbb8b5a2-d3f6-42e2-8778-da19de081cb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f2c0LHaiIAMF5cA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63df41b4-309b6b1f651f68453dd52f55;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 05:42:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hBfl0rPzn_iOD9xRlc236_IEvyGlK5WteH1y4cd0aYxlFzd3RVfgkQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:47 GMT
age: 50372
etag: "aafed39990cf6a3391d53355085d816167a500fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/background.png
3.5.160.117200 OK 838 kB URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/background.png
IP 3.5.160.117:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 838 kB (838375 bytes)
Hash 400502ee2726928f1b2314404b53dafa
bda6258ea064b64735ec156340f95ce97fac2df8
ee94f46aecf6fbed409cc7575ec3beca259bc1d8863401fe9325959426e0d270
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/background.png HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
HTTP/1.1 200 OK
x-amz-id-2: H/SxwZPzv6OINFR8TRCJpiVuYzIAl+v4++fdj8yWS0oj4iXZFsSwIBB49syUfgradztFq1ZTMxAePNPUHXh51w==
x-amz-request-id: EP2B6C8NF9FFASCE
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:21 GMT
ETag: "400502ee2726928f1b2314404b53dafa"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 838375
hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/wa0lDErtm0s.mp3
3.5.160.117206 Partial Content 0 B URL HTTP/1.1 hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/wa0lDErtm0s.mp3
IP 3.5.160.117:0
GET /PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/wa0lDErtm0s.mp3 HTTP/1.1
Host: hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://hgdfhgdf7dgjhfdgh.s3.us-west-1.amazonaws.com/PT7445+copy+2/AmC00FrdEr00d0FF808Err0r8Ami07/index.html
Cookie: _ga_7JSG9DFFFZ=GS1.1.1675942996.1.0.1675942996.0.0.0; _ga=GA1.1.1741400412.1675942996
HTTP/1.1 206 Partial Content
x-amz-id-2: zHqzvpufDlkggo3uGX0mywnzoiOnsCZG2wpd59k85Nn+NDzLD9YPwNr6D9Nr9QoNhui0/3d69NKWmapM0VHwbA==
x-amz-request-id: EP2EMC1Y8617XWMT
Date: Thu, 09 Feb 2023 11:42:18 GMT
Last-Modified: Thu, 09 Feb 2023 10:31:49 GMT
ETag: "19f5b9fcf0900f805db26b3fca54318c"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Range: bytes 0-86444/86445
Content-Type: audio/mp3
Server: AmazonS3
Content-Length: 86445