Report - cpanel.millvalley.com/

Report Overview

Submitted URL
cpanel.millvalley.com/
IP
67.225.141.27
ASN
#32244 LIQUIDWEB
Submitted
2023-01-08 05:08:20
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
cpanel.millvalley.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	152 kB	67.225.141.27
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.38.186.64
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	73 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-08	medium	cpanel.millvalley.com/	Malware
2023-01-08	medium	cpanel.millvalley.com/	Malware
2023-01-08	medium	cpanel.millvalley.com/cPanel_magic_revision_1488234320/unprotected/cpanel/images/cpanel-logo.svg	Malware
2023-01-08	medium	cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff	Malware
2023-01-08	medium	cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff	Malware
2023-01-08	medium	cpanel.millvalley.com/cPanel_magic_revision_1488234320/unprotected/cpanel/images/cp-logo.svg	Malware
2023-01-08	medium	cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-SemiboldItalic-webfont.woff	Malware
2023-01-08	medium	cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	cpanel.millvalley.com/	84 B	2023-03-07	2024-04-24
Pretty URL cpanel.millvalley.com/ IP 67.225.141.27 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-04-24 14:18:05 Times Seen1354 Hash f88baf75b8e07dd7ec741e96546bc4f7 a74b22312f7ce6ea751190a32f188b305f2e71e3 1e5f5c8697f7a5934a4e88d298805feb7272c5ae7b1a357b44ec0b5289b60a50 Loading...

	cpanel.millvalley.com/	19 kB	2023-03-07	2023-03-26
Pretty URL cpanel.millvalley.com/ IP 67.225.141.27 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:44 Last Seen2023-03-26 13:57:13 Times Seen2 Hash daabac1541e3b81e94aea5dfff7942c9 f7dd4f386da35d30e42436342033ce5537c1b0af 53458cb19e44d029869e11b263b5ca10b00483ab437b8de2133eb53cf80de6f0 Loading...

HTTP Transactions (35)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b782882bdabaf3b08e64120922b4a4b7
2035ed7fc9fb5b6ee9715601ba43de5f94d0c0e9
3fe7d1a9a55b86ec25d02634749ccfae11f3477033ba8cd7ac4131b7948ba619

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FE7D1A9A55B86EC25D02634749CCFAE11F3477033BA8CD7AC4131B7948BA619"
Last-Modified: Sat, 07 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18516
Expires: Sun, 08 Jan 2023 10:16:45 GMT
Date: Sun, 08 Jan 2023 05:08:09 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e4bdd77c0369662aa71ce2d01fd3edab
0ab1c5857e200e7e7946424c2c844537bfbb9775
a163c19fcc8fcf985e8df6ad4bd7ce73912b3df892d8236c70f9bc80820b26da

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A163C19FCC8FCF985E8DF6AD4BD7CE73912B3DF892D8236C70F9BC80820B26DA"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19993
Expires: Sun, 08 Jan 2023 10:41:22 GMT
Date: Sun, 08 Jan 2023 05:08:09 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
75f0037a1d53a9a5321a796206ec3e24
70d42c9bf1334f20e1cea4ce3c8212e0e780ee77
80ec1e61f9563e799c9f44ea31e616c37daea1b9670091fbbc6efc39ebafe3d3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80EC1E61F9563E799C9F44EA31E616C37DAEA1B9670091FBBC6EFC39EBAFE3D3"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8986
Expires: Sun, 08 Jan 2023 07:37:55 GMT
Date: Sun, 08 Jan 2023 05:08:09 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 08 Jan 2023 04:48:15 GMT
content-type: application/json
age: 1194
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: kxBqNqZKhAv979iJ823Dbo3NFZbcdl9+owC/EgmgZTnTgZ0iOepA+OOsgHjBorEqPF12k64Re0plb8DsLxDV7Q==
x-amz-request-id: MWAXZYEK0E69FX1T
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 08 Jan 2023 05:00:41 GMT
age: 448
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

cpanel.millvalley.com/

67.225.141.27

301 Moved

114 B

URL HTTP/1.1
cpanel.millvalley.com/
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document, ASCII text
Size
114 B (114 bytes)
Hash
bd7ca604a96cc69ba44066b3cecee01b
2a987101b7ff104fda8486fc35f5e46a042a5aff
27c97888efb8e1a525f755d95c7a9a551183928a662b34d8723d04e5bd634df6

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved
Date: Sun, 08 Jan 2023 05:08:09 GMT
Server: Apache
Content-length: 114
Location: https://cpanel.millvalley.com/
Content-type: text/html; charset="utf-8"
Cache-Control: no-cache, no-store, must-revalidate, private
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 08 Jan 2023 05:08:10 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 08 Jan 2023 04:33:42 GMT
age: 2068
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

cpanel.millvalley.com/

67.225.141.27

200 OK

12 kB

URL HTTP/1.1
cpanel.millvalley.com/
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10609)
Size
12 kB (12425 bytes)
Hash
b678051971a6189fd67c19e4b1b513f9
d41a0ba23744776e2f3dc44f11680ab40a967a1e
57b0e115663f390d99b2a51cb7ee871c955856c2f5abdcb383a904092a02abfb

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:10 GMT
Server: Apache
Content-Type: text/html; charset="utf-8"
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, private, no-cache, no-store, must-revalidate, private
Content-Encoding: gzip
Content-Length: 12425
Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1; HttpOnly; path=/; port=443; secure
roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
roundcube_sessauth=expired; HttpOnly; domain=cpanel.millvalley.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; domain=.cpanel.millvalley.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
horde_secret_key=expired; HttpOnly; domain=.cpanel.millvalley.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=443; secure
PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
imp_key=expired; HttpOnly; domain=cpanel.millvalley.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
Horde=expired; HttpOnly; domain=.cpanel.millvalley.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443
horde_secret_key=expired; HttpOnly; domain=.cpanel.millvalley.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8589b6a84dd5a09ec546aff38bbd2515
1c3a3d8a69ae7a3ebda64292caf0e0f5968e81f7
f013da155203f0509d56e8174c2ae5ed23aad413b4391f276efd388519743b17

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6245
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 05:08:10 GMT
Last-Modified: Sun, 08 Jan 2023 03:24:05 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css

67.225.141.27

200 OK

521 B

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (6358), with no line terminators
Size
521 B (521 bytes)
Hash
6f55851881328736c8fbc2f3ce8ae62b
9a9f2d6408ed56f2385411db1a8078cc0b5f89d0
c49a412cba46b3997102384428ff08dd6c54c93a367794e2a017065dae5056b9

HTTP Headers

GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:10 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:10 GMT
Content-Encoding: gzip
Content-Length: 521
Keep-Alive: timeout=2, max=149
Connection: Keep-Alive

push.services.mozilla.com/

52.38.186.64

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.186.64:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dwzc4UrTPJyc2xE0R1i9Ow==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aM1mFmoUTWtbt1EZ/0h/bVeSCSs=

cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css

67.225.141.27

200 OK

33 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (35968)
Size
33 kB (32598 bytes)
Hash
4af8b5fca423eec5d4fdb4d970e539d2
baa9d9e7a826a0b4aefb3b821844a1d76ab999c4
60a65ceaabd224a634236a459b17e29383930c143089dbc27efc87c10eb17c61

HTTP Headers

GET /cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:10 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Wed, 25 Aug 2021 20:36:22 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:10 GMT
Content-Encoding: gzip
Content-Length: 32598
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234320/unprotected/cpanel/images/cpanel-logo.svg

67.225.141.27

200 OK

2.6 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234320/unprotected/cpanel/images/cpanel-logo.svg
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5616)
Size
2.6 kB (2632 bytes)
Hash
e9f6d68f9450940229a6f903477dfa8e
bf73c2601e27f9f7e1fa59f1bda5c1a8ac75d601
ae5e805f431d16cc82140f60767b411f13c39acfaf0d10108e9e4bb6c28a8ef0

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cPanel_magic_revision_1488234320/unprotected/cpanel/images/cpanel-logo.svg HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/svg+xml
Last-Modified: Mon, 27 Feb 2017 22:25:20 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Encoding: gzip
Content-Length: 2632
Keep-Alive: timeout=2, max=148
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-error.png

67.225.141.27

200 OK

1.0 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-error.png
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1026 bytes)
Hash
a3265cc598ae28633c060889e790f80c
57530d6996c8f36711ef05681474b8f63d4184b3
bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd

HTTP Headers

GET /cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-error.png HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Mon, 27 Feb 2017 22:25:19 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 1026
Keep-Alive: timeout=2, max=149
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/icon-username.png

67.225.141.27

200 OK

320 B

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/icon-username.png
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
320 B (320 bytes)
Hash
07ff84f8c855e5fe9d510ff5c9a4b1e4
11c262053e2b9be57d1dba7cb3d916ef041a0e50
05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e

HTTP Headers

GET /cPanel_magic_revision_1488234319/unprotected/cpanel/images/icon-username.png HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Mon, 27 Feb 2017 22:25:19 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 320
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff

67.225.141.27

200 OK

23 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
Web Open Font Format, TrueType, length 22908, version 1.0\012- data
Size
23 kB (22908 bytes)
Hash
697574b47bcfdd2c45e3e63c7380dd67
4590722b795938e0b6ff1b99701d1abe37aeabef
26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 22908
Keep-Alive: timeout=2, max=148
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/or-separator-line.png

67.225.141.27

200 OK

205 B

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/or-separator-line.png
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 285 x 2, 8-bit/color RGBA, non-interlaced\012- data
Size
205 B (205 bytes)
Hash
a518412ecda61722edb4379efcdcd5ca
9460f62209b24f5981fd1cb2eba6881fdd7d859c
12b2ce87d28ac817f630e9e51b80cf90716eb848c5ff94a3b3f8a22cb4c8b6a6

HTTP Headers

GET /cPanel_magic_revision_1488234319/unprotected/cpanel/images/or-separator-line.png HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Mon, 27 Feb 2017 22:25:19 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 205
Keep-Alive: timeout=2, max=149
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff

67.225.141.27

200 OK

23 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
Web Open Font Format, TrueType, length 22660, version 1.0\012- data
Size
23 kB (22660 bytes)
Hash
79515ad0788973c533405f7012dfeccd
5092881fad2caffdc6bf71bdab1ea547b73d3564
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 22660
Keep-Alive: timeout=2, max=147
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234320/unprotected/cpanel/images/cp-logo.svg

67.225.141.27

200 OK

900 B

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234320/unprotected/cpanel/images/cp-logo.svg
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1681)
Size
900 B (900 bytes)
Hash
a52385aa6006f01cab0d57c1f2e38713
dc460ce66211b3f5c6aacd25d1868988cad4e2bb
2810eff0668e9dedc3856355a82a25f86aef286d344780f72078c81f6da7dbea

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cPanel_magic_revision_1488234320/unprotected/cpanel/images/cp-logo.svg HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/svg+xml
Last-Modified: Mon, 27 Feb 2017 22:25:20 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Encoding: gzip
Content-Length: 900
Keep-Alive: timeout=2, max=147
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/icon-password.png

67.225.141.27

200 OK

450 B

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/icon-password.png
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
450 B (450 bytes)
Hash
7ac1cefcb7eab93c6d6981ecde6c1635
1523f8cb80ab19108549d0b7db31a58b71c05d39
a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053

HTTP Headers

GET /cPanel_magic_revision_1488234319/unprotected/cpanel/images/icon-password.png HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Mon, 27 Feb 2017 22:25:19 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 450
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-info.png

67.225.141.27

200 OK

976 B

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-info.png
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
976 B (976 bytes)
Hash
14146cf832470d9beca95a708a1d6f8d
d4b506f92876baea69409f3a78c4718757a53b33
95f8a142dd96c310afeb75329ef504f162ab3102a81fc07f20b268361990f526

HTTP Headers

GET /cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-info.png HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Mon, 27 Feb 2017 22:25:19 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 976
Keep-Alive: timeout=2, max=148
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-success.png

67.225.141.27

200 OK

962 B

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-success.png
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
962 B (962 bytes)
Hash
0a0ec2a6468d4d1aa3fc2baa70271ac8
a31fb01790aca8dc1976450e4234cb6ccc328956
cafbe3036533fe094931f5745f8cb9962a34409522e93d63ac8427acb9a02c79

HTTP Headers

GET /cPanel_magic_revision_1488234319/unprotected/cpanel/images/notice-success.png HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Mon, 27 Feb 2017 22:25:19 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 962
Keep-Alive: timeout=2, max=146
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-SemiboldItalic-webfont.woff

67.225.141.27

200 OK

24 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-SemiboldItalic-webfont.woff
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
Web Open Font Format, TrueType, length 23764, version 1.0\012- data
Size
24 kB (23764 bytes)
Hash
719f7321a8366f4ee609737026432113
dd28f1787743e333bf59ca8fa5bd068782ef18e7
bb7bba640412aaea13f91fd8fa0c3a3bb94dfa46670e6c77a16377542152df0d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-SemiboldItalic-webfont.woff HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 23764
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff

67.225.141.27

200 OK

22 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
Web Open Font Format, TrueType, length 22432, version 1.0\012- data
Size
22 kB (22432 bytes)
Hash
2e90d5152ce92858b62ba053c7b9d2cb
8cf65f42a2a8c349ccd6ab63b6cbd17c96fd665c
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1616517441/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 22432
Keep-Alive: timeout=2, max=150
Connection: Keep-Alive

cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/warning.png

67.225.141.27

200 OK

1.1 kB

URL HTTP/1.1
cpanel.millvalley.com/cPanel_magic_revision_1488234319/unprotected/cpanel/images/warning.png
IP
67.225.141.27:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1060 bytes)
Hash
a64b8c7407bf94cc4448cb210bb882e7
a526cf52b2c5b6c2d0409b886de4aa968000fcd8
7ecb82019606d891c5197d2f8ba24ec323d9b10a089facc82d089ff1ec3d399b

HTTP Headers

GET /cPanel_magic_revision_1488234319/unprotected/cpanel/images/warning.png HTTP/1.1
Host: cpanel.millvalley.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cpanel.millvalley.com/cPanel_magic_revision_1629923782/unprotected/cpanel/style_v2_optimized.css
Cookie: cpsession=%3aIjhrJCTE2FWAeSJO%2c3ded208b0af54ed8e9d6a42870b38db1; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 05:08:11 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Mon, 27 Feb 2017 22:25:19 GMT
Cache-Control: max-age=5184000, public
Expires: Thu, 09 Mar 2023 05:08:11 GMT
Content-Length: 1060
Keep-Alive: timeout=2, max=146
Connection: Keep-Alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18466
Expires: Sun, 08 Jan 2023 10:15:58 GMT
Date: Sun, 08 Jan 2023 05:08:12 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18466
Expires: Sun, 08 Jan 2023 10:15:58 GMT
Date: Sun, 08 Jan 2023 05:08:12 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
11aea3c23fce2f77cadf7a551f4e8b17
4963aafedcf3fc5f28f1b4a6b0212abfd5526702
d2ada7d592878b58921cd0568efa62abefd7423d40bec16133886e2c67a791b3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2ADA7D592878B58921CD0568EFA62ABEFD7423D40BEC16133886E2C67A791B3"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18466
Expires: Sun, 08 Jan 2023 10:15:58 GMT
Date: Sun, 08 Jan 2023 05:08:12 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facf2ac81-adf8-49be-856e-9b8af1161086.jpeg

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facf2ac81-adf8-49be-856e-9b8af1161086.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8127 bytes)
Hash
0546bef00f303b12de4354291c504cad
2c8e60803dee7d21b198a92aa187b23a4dce2f43
736bad079c239fa69fab918c209ba3b2a8b7b15616a49871e527d5694670df67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facf2ac81-adf8-49be-856e-9b8af1161086.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8127
x-amzn-requestid: 8111f713-0a7a-4b10-ade5-1c7aa6e06677
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDvCE_ooAMF7gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e660-2b422a7d2dc4a28b24125d1e;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GFANyQVbYkFcVTnvUq5ELpsTsgAFaYXhZGUPHWVWixXrnsH6jBavrA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 21:46:52 GMT
etag: "2c8e60803dee7d21b198a92aa187b23a4dce2f43"
content-type: image/jpeg
age: 26480
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faafe891a-901c-4e0b-9808-251ce90eb5b4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8941 bytes)
Hash
896ae4e771bb618dcf00a6f6ec183e31
ba9e0427998a33688ddcb1239fde0b1f4ed38e0d
6d2358274acf14c7d3c9445e93309f4724b7c05c6e6a8fb158ae33508a2dff71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faafe891a-901c-4e0b-9808-251ce90eb5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8941
x-amzn-requestid: 10aefec4-a4e1-4413-b4a7-8a56ea89f298
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eX-5nGrSIAMF9qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9783d-7706663a64a72ba135e25491;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 13:48:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d3IRozG_-XH1u_PHH7CDK57h00CwYvfIDGRk7DnqYuduBnimIH6_rw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 03:31:33 GMT
age: 5799
etag: "ba9e0427998a33688ddcb1239fde0b1f4ed38e0d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4c877ef-76ec-4130-a623-3cfe6579a770.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13787 bytes)
Hash
30c53ae078b112f7186e910c38898233
d3c58c28f0734f98bed64a26ede077464c3ad3f2
8f7dd1cf9f1472468a7caaf67a8f9c15bfe8836badcfb3249a9a8a7a6c3c0533

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4c877ef-76ec-4130-a623-3cfe6579a770.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13787
x-amzn-requestid: 2598b4fe-a032-47d7-8e6c-cfdcfbe9d64a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDvYE35IAMF1Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e662-574eb7370aac63dd531d6b75;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cd50TSdgJPa-oMD9VpvWgVF9DMls8TmQqVUNNj5d6BPlVnN1_3vTUA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 22:05:52 GMT
age: 25340
etag: "d3c58c28f0734f98bed64a26ede077464c3ad3f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9dc47a4-a4c6-419a-a3a4-8f9104d7903d.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10285 bytes)
Hash
aa7c2273cc951c105b70b0609924ba61
4e6b0302f3aa61553128d453e4c9fed886773500
320f73b9188e0d59868a47bb60c5fabf45d4f754fd934cb5082ef6ef98d4cc57

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9dc47a4-a4c6-419a-a3a4-8f9104d7903d.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10285
x-amzn-requestid: 720699b5-142f-40e8-b42f-ebf8b0fac767
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDuqGP8IAMFhtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e65d-480527ba582bb5a458ce1b24;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hacziPAK6XADBjc0ewKd4EUwY49f3xDpl6r3xzJMsYPGuJQe4hBfFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 21:44:28 GMT
age: 26624
etag: "4e6b0302f3aa61553128d453e4c9fed886773500"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13626 bytes)
Hash
afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 407fef75-2217-4da7-8ea8-b5ede48a0615
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eNKshEEvoAMFkMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b524b6-72ca4e7b3034e7ac1f3fa1ed;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 07:03:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xOpZDrVh8MsfFqh0HuJJIWFvlgIm0jUE73p9MpgRA1PO_VAv0vP2nw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 16:43:14 GMT
age: 44698
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11629 bytes)
Hash
073554b46cc8ac731a6ae967ff367f70
d1a8816ad1296220be03d2191f6505f4b9fe6837
918e2a1addecb099a2b00ac33288ec1b7cd8d2a1ea9a9f90c5f1d2c54367cef1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11629
x-amzn-requestid: f284312f-cc21-4148-bc52-13f52fae1190
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eT5KkHRQIAMFVOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7d576-7ee3d3fd4afbfcfc4faa613b;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 08:01:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTxyVFQ59QCjs_0CD-nzFgyMsFKeU77l75dzWNYLJYmYZpxs6tGfHQ==
via: 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 03:57:57 GMT
age: 4215
etag: "d1a8816ad1296220be03d2191f6505f4b9fe6837"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (35)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size