Report - owl.li/oP7r30q0XZH

Report Overview

Submitted URL
owl.li/oP7r30q0XZH
IP
54.183.131.91
ASN
#16509 AMAZON-02
Submitted
2022-11-15 02:54:37
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ww1.hatshoes.com	unknown			2.8 kB	29 kB	199.59.243.222
afs.googleusercontent.com	12123	2013-05-06T21:11:00Z	2023-03-10T11:12:37Z	456 B	1.2 kB	142.250.74.33
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	401 B	1.3 kB	142.250.74.10
owl.li	unknown	2012-06-22T11:47:33Z	2023-03-09T22:45:35Z	349 B	374 B	54.183.132.164
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	52.39.126.109
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
hatshoes.com	unknown			474 B	370 B	81.17.18.197
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	64 kB	34.120.237.76
www.google.com	7	2015-05-10T13:11:19Z	2023-03-10T12:19:40Z	372 B	901 B	142.250.74.132
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
ow.ly	59831	2012-05-21T19:24:24Z	2023-03-10T14:21:52Z	348 B	403 B	54.183.132.164
partner.googleadservices.com	798	2012-10-03T03:04:21Z	2023-03-10T06:40:47Z	459 B	845 B	172.217.21.162
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T14:37:36Z	483 B	18 kB	172.217.21.163
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.4 kB	6.2 kB	23.36.77.32
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	3.8 kB	7.7 kB	142.250.74.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-15	medium	ww1.hatshoes.com/	Phishing
2022-11-15	medium	ww1.hatshoes.com/js/parking.2.100.2.js	Phishing
2022-11-15	medium	ww1.hatshoes.com/_fd	Phishing
2022-11-15	medium	ww1.hatshoes.com/_tr	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	ww1.hatshoes.com/	793 B	2023-03-11	2023-03-11
Pretty URL ww1.hatshoes.com/ IP 199.59.243.222 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 12:14:19 Last Seen2023-03-11 12:14:19 Times Seen1 Hash 85d95b3cfe56d8f2d09268b2a40b913e 311ce358653426cfd9312487cb8e8a2d90e2d5fd cd8aa4071bbc1f323282345391ec6a7ecbed6699383b38983e8340a77f81ab89 Loading...

	ww1.hatshoes.com/js/parking.2.100.2.js	69 kB	2023-03-08	2023-03-17
Pretty URL ww1.hatshoes.com/js/parking.2.100.2.js IP 199.59.243.222 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:43 Last Seen2023-03-17 22:46:33 Times Seen1 Hash 01d25e4072e7830d0e606fafadd109b9 8a56afc8c29d64dd8c85693c25aef87a05545330 8490a5c97164afd465474320a9b0d940fc66979e71a2686e59d38a7490d5124b Loading...

	www.google.com/adsense/domains/caf.js	147 kB	2023-03-11	2023-03-11
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:58:54 Last Seen2023-03-11 12:49:39 Times Seen1 Hash 32c44a91da711a5a562447c247d6775b 9be3f6e79364529839eb0fb367686d332cf28f1d 7fcdba940417d85835ee66f0d82a865442b53d91683d4de930b39573e3dc86bd Loading...

	partner.googleadservices.com/gampad/cookie.js?domain=ww1.hatshoes.com&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie	189 B	2023-03-11	2023-03-11
Pretty URL partner.googleadservices.com/gampad/cookie.js?domain=ww1.hatshoes.com&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie IP 172.217.21.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 12:14:19 Last Seen2023-03-11 12:14:19 Times Seen1 Hash 13aa4ae76c8c758642cee8e02a43c595 335f6e688d12d982fa8be3e6c21987a707f8edd3 d1e4ab7e5fd90669f6e22565b186a223f7198bb55512ed748d19e95726dffb13 Loading...

	www.google.com/afs/ads?adtest=off&psid=7049491253&pcsa=false&channel=pid-bodis-gcontrol56%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol302%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol411&client=dp-bodis30_3ph&r=m&hl=en&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301099&format=r3&nocache=3001668480868665&num=0&output=afd_ads&domain_name=ww1.hatshoes.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1668480868666&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1264&psh=79&frm=0&cl=486644749&uio=-&cont=rs&jsid=caf&jsv=486644749&rurl=http%3A%2F%2Fww1.hatshoes.com%2F&adbw=master-1%3A1264	5.2 kB	2023-03-11	2023-03-11
Pretty URL www.google.com/afs/ads?adtest=off&psid=7049491253&pcsa=false&channel=pid-bodis-gcontrol56%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol302%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol411&client=dp-bodis30_3ph&r=m&hl=en&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2298147197369106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301099&format=r3&nocache=3001668480868665&num=0&output=afd_ads&domain_name=ww1.hatshoes.com&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1668480868666&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1264&psh=79&frm=0&cl=486644749&uio=-&cont=rs&jsid=caf&jsv=486644749&rurl=http%3A%2F%2Fww1.hatshoes.com%2F&adbw=master-1%3A1264 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 12:14:19 Last Seen2023-03-11 12:14:19 Times Seen1 Hash 902e2003f9d5f2bea5f889680a217fe3 bd6939b302265d3efb708ba88eb0aacd5a51faa2 fb2424b0e9190586c8ad4cb876bf16da2e540dfbbbffdbf15003d65f851f0780 Loading...

		Size	First Seen	Last Seen
	#1 Eval - a94ea4aead77bc4c29a0dd662a752a93	793 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:03:05 Last Seen2023-03-17 22:46:33 Times Seen1 Hash a94ea4aead77bc4c29a0dd662a752a93 c2f95136ce8ad93ef8847eef22222dede0065310 5aff05f856534d1387fcda6210fe7ef655b932e2d9cfcf180158e8fa03f4279f Loading...

HTTP Transactions (46)

URL IP Response Size

owl.li/oP7r30q0XZH

54.183.132.164

301 Moved Permanently

0 B

URL HTTP/1.1
owl.li/oP7r30q0XZH
IP
54.183.132.164:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /oP7r30q0XZH HTTP/1.1
Host: owl.li
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Location: http://ow.ly/oP7r30q0XZH
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Tue, 15 Nov 2022 02:54:27 GMT
Connection: close
Content-Length: 0
X-Pool: owly_web

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7786cd9bd97e024b3a1d16215defaad2
786ddbb74b0b6bd9270622dbe0258d6caee407c1
9c297ccfd178eec7e472fb64a6b2e34d4c7a6dec32870f49982353e590196ba0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C297CCFD178EEC7E472FB64A6B2E34D4C7A6DEC32870F49982353E590196BA0"
Last-Modified: Mon, 14 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6625
Expires: Tue, 15 Nov 2022 04:44:52 GMT
Date: Tue, 15 Nov 2022 02:54:27 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
832aecaba9f06ee2d39d4d4bea65f13c
7195d6ffadfdbc6fc8e92c63ae28d4a3038a72dc
a437509314a97065de6c7b9e5e2b4b61f0234b45f5f5bf2649cbdf499577bfd3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5193
Cache-Control: max-age=119003
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:27 GMT
Etag: "637218f5-1d7"
Expires: Wed, 16 Nov 2022 11:57:50 GMT
Last-Modified: Mon, 14 Nov 2022 10:31:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 15 Nov 2022 02:44:37 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 590
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c15cef160d1514fc977ed4c4e97086c
ffe4ce3199658a1fc7a45d1607df40ef3911621d
db1a82d8a2bacc0257b87efec0c365c1b769700fa27ce928321e082505f1d72a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB1A82D8A2BACC0257B87EFEC0C365C1B769700FA27CE928321E082505F1D72A"
Last-Modified: Sun, 13 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15893
Expires: Tue, 15 Nov 2022 07:19:20 GMT
Date: Tue, 15 Nov 2022 02:54:27 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: C3sgixS+VShJ1ERPfs891cr0UgD48GX8vXnyJr+eH85+hhLLzAznZr7aelVRg+aWMce7slNIb2Y=
x-amz-request-id: 19BG32CNQZVE60TV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 15 Nov 2022 02:51:23 GMT
age: 184
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 15 Nov 2022 02:54:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ow.ly/oP7r30q0XZH

54.183.132.164

301 Moved Permanently

0 B

URL HTTP/1.1
ow.ly/oP7r30q0XZH
IP
54.183.132.164:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /oP7r30q0XZH HTTP/1.1
Host: ow.ly
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Location: https://hatshoes.com/?a=1246&oc=10948&c=31891&m=3&s1=
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Tue, 15 Nov 2022 02:54:27 GMT
Connection: close
Content-Length: 0
X-Pool: owly_web

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 15 Nov 2022 02:25:01 GMT
cache-control: public,max-age=3600
age: 1766
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3200044057cb585f1a435c0efece61c8
8305d5b5891288aa9996b4b4ca6fce2265413194
df45704534a24928e7659a6d8cd1b5ac9ffa9b224b02b34a2d6aed5ef69fd586

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3609
Cache-Control: max-age=112363
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:27 GMT
Etag: "63720535-1d7"
Expires: Wed, 16 Nov 2022 10:07:10 GMT
Last-Modified: Mon, 14 Nov 2022 09:07:01 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
17087b2dba70280956625cd95fe83731
f537285d420102ac9c5b6736902a8f8e034bee90
9d9edcfef195b738eacda564d13b1ff5843b06dbe6eb11a2d2aff86bf44aaa0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D9EDCFEF195B738EACDA564D13B1FF5843B06DBE6EB11A2D2AFF86BF44AAA0F"
Last-Modified: Tue, 15 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21536
Expires: Tue, 15 Nov 2022 08:53:23 GMT
Date: Tue, 15 Nov 2022 02:54:27 GMT
Connection: keep-alive

hatshoes.com/?a=1246&oc=10948&c=31891&m=3&s1=

81.17.18.197

302 Found

11 B

URL HTTP/2
hatshoes.com/?a=1246&oc=10948&c=31891&m=3&s1=
IP
81.17.18.197:0
ASN
#51852 Private Layer INC

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /?a=1246&oc=10948&c=31891&m=3&s1= HTTP/1.1
Host: hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Tue, 15 Nov 2022 02:54:27 GMT
location: http://ww1.hatshoes.com
server: Cowboy
set-cookie: sid=d1fbb4da-6490-11ed-bb15-db2c1a8969f6; path=/; domain=.hatshoes.com; expires=Sun, 03 Dec 2090 06:08:34 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.39.126.109

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.126.109:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: g7TdZGtwXrjeyXg57OVV7w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oi08N/4/P8k2zHglHXck4NQ4jYo=

ww1.hatshoes.com/

199.59.243.222

200 OK

1.0 kB

URL HTTP/1.1
ww1.hatshoes.com/
IP
199.59.243.222:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1416), with no line terminators
Size
1.0 kB (1029 bytes)
Hash
01bf7e4faf728f9a62be9e54dd54e137
2710464506afa441d5ddddc6f12e29ef5d2da82e
1eddb2fa67d08c0eb1987af460c49757282ad0b779ad29c3c6d60047d6cc85af

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: ww1.hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 15 Nov 2022 02:54:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636; expires=Tue, 15-Nov-2022 03:09:28 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sDxpNv82LCEAD32RlWqaRiu3upAA5mCpM3H4Rx2Am7cx4YxynKTZx642umKKPKsohqU8OnzLcHX0YQ3QvkJ0kw==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww1.hatshoes.com/js/parking.2.100.2.js

199.59.243.222

200 OK

22 kB

URL HTTP/1.1
ww1.hatshoes.com/js/parking.2.100.2.js
IP
199.59.243.222:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22285 bytes)
Hash
239c79e8ead12ade233b4b98f3a1d68d
ebb33fbc73ffa07c517270874bef61576c7aecf6
148cf1738ec4c4800fa6e1fa02ea75d6cc76c5d0096b11dc1af4b47ffbcf2d0b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/parking.2.100.2.js HTTP/1.1
Host: ww1.hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.hatshoes.com/
Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 15 Nov 2022 02:54:28 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 14 Nov 2022 17:46:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww1.hatshoes.com/_fd

199.59.243.222

200 OK

2.6 kB

URL HTTP/1.1
ww1.hatshoes.com/_fd
IP
199.59.243.222:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5165), with no line terminators
Size
2.6 kB (2559 bytes)
Hash
f1e5654bc103f8b077542c48a5a622e3
8909f0e82303a426ad14b67fe759a334af29e562
861f34fac97b2baefd1309bc1ee7ff911de33e58de4040041b0f5c6ce0c36e13

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_fd HTTP/1.1
Host: ww1.hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.hatshoes.com/
Content-Type: application/json
Origin: http://ww1.hatshoes.com
Connection: keep-alive
Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636
Content-Length: 0

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 15 Nov 2022 02:54:28 GMT
X-Version: 2.100.2
Set-Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636; expires=Tue, 15-Nov-2022 03:09:28 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww1.hatshoes.com/px.gif?ch=1&rn=6.157379196821326

199.59.243.222

200 OK

42 B

URL HTTP/1.1
ww1.hatshoes.com/px.gif?ch=1&rn=6.157379196821326
IP
199.59.243.222:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /px.gif?ch=1&rn=6.157379196821326 HTTP/1.1
Host: ww1.hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.hatshoes.com/
Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 15 Nov 2022 02:54:28 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ww1.hatshoes.com/px.gif?ch=2&rn=6.157379196821326

199.59.243.222

200 OK

42 B

URL HTTP/1.1
ww1.hatshoes.com/px.gif?ch=2&rn=6.157379196821326
IP
199.59.243.222:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /px.gif?ch=2&rn=6.157379196821326 HTTP/1.1
Host: ww1.hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.hatshoes.com/
Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 15 Nov 2022 02:54:28 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8094f6d66cd067b92b99cc3c1ec916c6
cdb6d27ace38846e7a770dafce189f90a30db886
f07248933eddbab19c1153daaece5a2c3bcb421598bfab2c4b0f4c547d75e817

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww1.hatshoes.com/favicon.ico

199.59.243.222

200 OK

0 B

URL HTTP/1.1
ww1.hatshoes.com/favicon.ico
IP
199.59.243.222:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww1.hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.hatshoes.com/
Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636

HTTP/1.1 200 OK
Server: openresty
Date: Tue, 15 Nov 2022 02:54:28 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-121.ec2.internal
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
96c9e6a333b1f0fddf32f24e7b965151
647fee1eb0d6839e30115edebe8d0840e6152cdb
a2ac4ddc863a9d641d91d504db389e0116cf1699322d2391f17d5785bf5bc538

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f155cafc1dce1994f8c5a9c7b43ffcd
53668173c273daf9540e7c5a0aadc11ef246a01e
05a8dd620eac5d494de75b51fc371fb86959551edfcaf87b4eb8ef15df563ccf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

partner.googleadservices.com/gampad/cookie.js?domain=ww1.hatshoes.com&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie

172.217.21.162

200 OK

182 B

URL HTTP/2
partner.googleadservices.com/gampad/cookie.js?domain=ww1.hatshoes.com&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie
IP
172.217.21.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
86a217a367fbae807b815b85a2edae73
5857beea8c5a9b6a8c1e0bed33ad309065c3f327
c64bc6d1bf6c40d9a0af8198056999692e126603af574ea6c8d6be1147793c21

HTTP Headers

GET /gampad/cookie.js?domain=ww1.hatshoes.com&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.hatshoes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 15 Nov 2022 02:54:28 GMT
server: cafe
cache-control: private
content-length: 182
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f155cafc1dce1994f8c5a9c7b43ffcd
53668173c273daf9540e7c5a0aadc11ef246a01e
05a8dd620eac5d494de75b51fc371fb86959551edfcaf87b4eb8ef15df563ccf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b2d6aeeb303eaefc4cc6900e30da3b1b
4c3c027013211aa1b987006d0eb6c72f18c6a657
f542eab7c032d6c5f59710ee8993a01537e0fa2bf3882a6a699de85bba020999

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b2d6aeeb303eaefc4cc6900e30da3b1b
4c3c027013211aa1b987006d0eb6c72f18c6a657
f542eab7c032d6c5f59710ee8993a01537e0fa2bf3882a6a699de85bba020999

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c3304327b77a6a8e6b9ee69f63c5c81f
20f2dc91fc2fbd013d9fa40806c2061b50262cd0
7e069ab5b61bfec87f840bf474e68373b749c3bd1d514cd2ade049efd9129d46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c3304327b77a6a8e6b9ee69f63c5c81f
20f2dc91fc2fbd013d9fa40806c2061b50262cd0
7e069ab5b61bfec87f840bf474e68373b749c3bd1d514cd2ade049efd9129d46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
35ad471bf7f157abedbe322e59bb00ae
6f8c57f1c20377b6a1f74fd06849705a6370e291
b51251f347677a52f08a4a7c0d9ff0effed121992b6dc7fa709e33c400042e63

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.33

200 OK

278 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.33:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Size
278 B (278 bytes)
Hash
bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 16:43:24 GMT
expires: Tue, 15 Nov 2022 15:43:24 GMT
cache-control: public, max-age=82800
age: 36665
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Michroma&display=swap

142.250.74.10

200 OK

552 B

URL HTTP/2
fonts.googleapis.com/css?family=Michroma&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (390)
Size
552 B (552 bytes)
Hash
3ae821533645aa6e503e21990703c050
7f98fde15e93e75afad6c3b8738e9d6ae7e53e46
2cad3d8109f565218b15713f3c3992b8301f949fc73dd8b28b8bb2a41887350f

HTTP Headers

GET /css?family=Michroma&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 15 Nov 2022 02:54:28 GMT
date: Tue, 15 Nov 2022 02:54:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2

172.217.21.163

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2
IP
172.217.21.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Size
17 kB (17156 bytes)
Hash
402cbe860d64ae2e13145e34cbc7889c
7af4691dc306b7583365b9ff2ead0c1f6db017c5
da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa

HTTP Headers

GET /s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 21:54:10 GMT
expires: Fri, 10 Nov 2023 21:54:10 GMT
cache-control: public, max-age=31536000
age: 363619
last-modified: Tue, 26 Apr 2022 14:38:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6ea606a3c83b6b14b9375c84e37870d8
d73a898c2f3eba8e71d6d4f675c47107df0a5795
0dc0268899f946356be887d4ee84b411136f373200ce90464b331697b6cd9487

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c3304327b77a6a8e6b9ee69f63c5c81f
20f2dc91fc2fbd013d9fa40806c2061b50262cd0
7e069ab5b61bfec87f840bf474e68373b749c3bd1d514cd2ade049efd9129d46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 15 Nov 2022 02:54:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww1.hatshoes.com/_tr

199.59.243.222

200 OK

22 B

URL HTTP/1.1
ww1.hatshoes.com/_tr
IP
199.59.243.222:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_tr HTTP/1.1
Host: ww1.hatshoes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.hatshoes.com/
Content-Type: application/json
Origin: http://ww1.hatshoes.com
Content-Length: 2069
Connection: keep-alive
Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636; __gsas=ID=3f7901e4703fa062:T=1668480868:S=ALNI_MZPGw0DNJR-KNJHLPLYhCuKNz5k9g

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 15 Nov 2022 02:54:29 GMT
X-Version: 2.100.2
Set-Cookie: parking_session=395af2db-180e-b653-ce9b-b162d0e3c636; expires=Tue, 15-Nov-2022 03:09:29 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12290
Expires: Tue, 15 Nov 2022 06:19:19 GMT
Date: Tue, 15 Nov 2022 02:54:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12290
Expires: Tue, 15 Nov 2022 06:19:19 GMT
Date: Tue, 15 Nov 2022 02:54:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12290
Expires: Tue, 15 Nov 2022 06:19:19 GMT
Date: Tue, 15 Nov 2022 02:54:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12290
Expires: Tue, 15 Nov 2022 06:19:19 GMT
Date: Tue, 15 Nov 2022 02:54:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2600ea13-5799-4002-b4c4-17346e546f28.jpeg

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2600ea13-5799-4002-b4c4-17346e546f28.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7086 bytes)
Hash
cd518be3073897688dda8b3e1fe3ec4a
ff06053f1c335644228a81b6caaae5a3e6f749fc
25e9e36eca5fe29b7b37b6cd506c38c6a684f5c37d7c859d45d286a089315619

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2600ea13-5799-4002-b4c4-17346e546f28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7086
x-amzn-requestid: b38b60d9-78ed-449e-9549-89ec04332e12
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bOA1oE3HIAMF2Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6368ae8a-43dc43062e6d5cad5ef4ffa5;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 07:06:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7kVtivZWvWnMU-gl8Kl-EmdIujRdKuQivxkaHoUI-giAdSV3LhaJEw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 21:51:33 GMT
age: 18176
etag: "ff06053f1c335644228a81b6caaae5a3e6f749fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4cc31a8-ba2e-4cc0-bf6e-0daaf01962d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7504 bytes)
Hash
9459d8c5ec4b22476e1470e5476f70f7
78118517bfffe997c85f08bd9b7b7ac9270d9b02
647d0898ed6a38191ff91ca316e90a72d9a5ce563c3602a8d4c477c64f096be4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4cc31a8-ba2e-4cc0-bf6e-0daaf01962d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7504
x-amzn-requestid: 553a2ee3-9dcb-44ac-b0e1-e8ea660eedcc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bOAmqGAyoAMFv5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6368ae2a-7af9fba56c5ae9ca5f513668;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 07:05:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rRrM6hW5gFH8bLxrzQv5emBacEQrqldwEfD1M0YycB4XphG-XXwRuA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 03:32:33 GMT
age: 84116
etag: "78118517bfffe997c85f08bd9b7b7ac9270d9b02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b12e479-a09c-431c-aecf-6e63c60a01f1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5882 bytes)
Hash
fe4f5dc12e097182fed4de0161bc5b8a
746804d683bea55f44d5f6456a7e69d0048e4f58
d8a2095cd57455bab301ae68b7478997f3db056039886d85301eb85d7d196cf4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b12e479-a09c-431c-aecf-6e63c60a01f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5882
x-amzn-requestid: a9d913e4-c9c1-4054-a9ff-c5ff5287c854
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bhQZ2H2loAMFsmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370610b-63cf663851f2e04b7f2cb70a;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 03:14:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 0DjdK2du8K9O1d0rcWaDO6yqWBuHYSSiEJmscryUraTH73vwcwubNg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 03:32:26 GMT
age: 84123
etag: "746804d683bea55f44d5f6456a7e69d0048e4f58"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdf53960-f239-44a8-b66a-ca2ce9268f98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (15206 bytes)
Hash
962f43862a852bfa6766b9a2d8bfb99d
a5283e68020826f085fb4f06e3dcd36cef9eb067
7eee8aa0f5c6bce04a86fa16fb5d3e632d54792d79c550b044a40a6f070b89d4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdf53960-f239-44a8-b66a-ca2ce9268f98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15206
x-amzn-requestid: a04dc971-de49-4dc4-8bc2-2d3244d33ace
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bnEhpEJkoAMFV9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6372b470-632efaa725c2b959692e9e77;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 21:34:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _ucLWmapHlWoKDoeb_ff2qbZOKGJLLQuq6RoP9mpFWOCVAJ70t13yw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 21:45:53 GMT
age: 18516
etag: "a5283e68020826f085fb4f06e3dcd36cef9eb067"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dd31c5-7b83-42d7-b534-fb8391ac7086.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10594 bytes)
Hash
e02b1cef4506be68e4a6fb309a88698c
7da0425161b8c34ccf9837a56bf77d498cdb65ad
c886c7d128895c62a8ecde5202f4383d22555298d78ef91d63b5d3ebedf448a7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dd31c5-7b83-42d7-b534-fb8391ac7086.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10594
x-amzn-requestid: 528e9b30-ba34-4aef-b5b0-71cad9580bd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKuo_EXhoAMFtEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63675e39-71222ac908406eeb061848f2;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 07:11:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vjOM-57TBG0yPsmFlS2ch7_ylKWffHpajgmCM7A7dVxQetoKYPXo6w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 21:47:57 GMT
age: 18392
etag: "7da0425161b8c34ccf9837a56bf77d498cdb65ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11715 bytes)
Hash
cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Lp5eW92D8SbFtcQLk-LRSaSKNMNFYCW7XTALdNdrJxN6ebgdH8_1Dw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 14 Nov 2022 21:52:43 GMT
age: 18106
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.google.com/adsense/domains/caf.js

142.250.74.132

200 OK

0 B

URL HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.hatshoes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Tue, 15 Nov 2022 02:54:28 GMT
expires: Tue, 15 Nov 2022 02:54:28 GMT
cache-control: private, max-age=3600
etag: "13069622175935549103"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (46)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN