Overview

URL leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php
IP159.203.14.96
ASNDIGITALOCEAN-ASN
Location Canada
Report completed2022-09-12 05:50:18 UTC
StatusLoading report..
urlquery Alerts Scam / Cryptowall detected
Scam / Fake AntiVirus


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (13)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-11 07:14:35 UTC 104.17.24.14
mnemonic passive DNS ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-09-12 04:51:36 UTC 142.250.74.3
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-12 04:57:45 UTC 142.250.74.72
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-12 00:08:37 UTC 93.184.220.29
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-12 00:26:25 UTC 143.204.55.27
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-12 04:51:47 UTC 95.101.11.115
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-11 04:58:07 UTC 34.117.237.239
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-12 04:40:21 UTC 52.36.24.174
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-11 04:57:20 UTC 34.120.237.76
mnemonic passive DNS maxcdn.bootstrapcdn.com (1) 724 2014-06-18 00:37:31 UTC 2022-09-11 16:16:52 UTC 104.18.11.207
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-12 04:47:11 UTC 143.204.55.35
mnemonic passive DNS leveragingbits.ml (12) 0 2022-09-12 02:41:39 UTC 2022-09-12 04:13:50 UTC 159.203.14.96 Unknown ranking
mnemonic passive DNS ajax.googleapis.com (1) 12905 2019-10-15 17:52:08 UTC 2022-09-12 03:08:57 UTC 142.250.74.106


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 159.203.14.96

Date UQ / IDS / BL URL IP
2022-09-12 13:43:18 +0000
0 - 0 - 1 leveragingbits.ml/ 159.203.14.96
2022-09-12 09:45:26 +0000
0 - 0 - 1 leveragingbits.ml/ 159.203.14.96
2022-09-12 05:50:18 +0000
8 - 0 - 0 leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7j (...) 159.203.14.96
2022-09-10 07:37:17 +0000
0 - 0 - 1 strategistsget.ga/ 159.203.14.96
2022-09-08 12:35:33 +0000
18 - 0 - 0 strategiesinsets.tk/nbtde8w-aoixd5d0ewo-sid0d (...) 159.203.14.96

Last 5 reports on ASN: DIGITALOCEAN-ASN

Date UQ / IDS / BL URL IP
2022-12-10 06:38:40 +0000
0 - 0 - 6 159.89.198.98/video/ogxgr2d/bangla-hot-xrated (...) 159.89.198.98
2022-12-10 06:35:15 +0000
8 - 0 - 4 docuware.duckdns.org/index/ 137.184.205.115
2022-12-10 06:22:09 +0000
0 - 0 - 2 android-update.club/v5.php 128.199.205.75
2022-12-10 06:20:50 +0000
0 - 0 - 19 cheapito.com/ 139.59.160.12
2022-12-10 06:17:49 +0000
0 - 0 - 12 mkkuei4kdsz.com/215/587.html 64.225.91.73

Last 3 reports on domain: leveragingbits.ml

Date UQ / IDS / BL URL IP
2022-09-12 13:43:18 +0000
0 - 0 - 1 leveragingbits.ml/ 159.203.14.96
2022-09-12 09:45:26 +0000
0 - 0 - 1 leveragingbits.ml/ 159.203.14.96
2022-09-12 05:50:18 +0000
8 - 0 - 0 leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7j (...) 159.203.14.96

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-02 09:00:25 +0000
39 - 0 - 0 connectoperator.tk/ndyh9e0wsd-freod4if-r8wosd (...) 138.68.153.111
2022-09-10 06:35:07 +0000
8 - 0 - 9 quesembedded.ml/cfrdf4ire9sf-fwo6sd-fpd3feosd (...) 206.189.138.188
2022-12-07 06:35:22 +0000
18 - 0 - 0 conversionubsoft.tk/igyhfr5ewosfr-0e3wo3sdfe6 (...) 138.68.153.111
2022-12-06 05:50:30 +0000
18 - 0 - 0 optimizepassion.cf/rkdcv3gre5osd-cvg5red7oci- (...) 138.68.153.111
2022-09-05 10:50:19 +0000
8 - 0 - 0 complexsolutions.ga/mnhws8fues-fres4dieosf-re (...) 206.189.138.188


JavaScript

Executed Scripts (14)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (36)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 05:08:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oUAeRIPVcvVIP1M1vqDDMRF7LyIDOZWBowG3IexfZ-_mYqWFAbAbTw==
Age: 2517


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16312
Expires: Mon, 12 Sep 2022 10:21:59 GMT
Date: Mon, 12 Sep 2022 05:50:07 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Aw83L4pZPH87dbGtvgFCBNtIocmh38AYbM6GcM5HExspnLOcOl8VXw==
age: 81175
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (59460), with CRLF line terminators
Size:   46900
Md5:    18cf87fd7e231746ffc44864dc91fb92
Sha1:   3e7cb48bfb800969a45b2cbb7f804c2f6cf9d602
Sha256: 2d9eb4af90c90be1ac47df0505492a6ced304bcea86db11c7174fde5d0a437cf

Alerts:
  urlquery:
    - Scam / Cryptowall detected
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 12 Sep 2022 05:50:07 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://leveragingbits.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 12 Sep 2022 05:50:07 GMT
content-length: 27433
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-1538f"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 307209
expires: Sat, 02 Sep 2023 05:50:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YRKakm3kNhbPP7AgIfUDhTU6FXESWPshD0HJn2w7T1JHV9O2QSpzQVY2cSJxpVB9dQvylKXlZ%2B5LoxYWoG%2F33Vczo4S6TlJLy0E41nrNU52ODoshlyq1DDc4eqg1AKSNcmdLwkYj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74965d230d9f0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   27433
Md5:    77bd61b98f7b67af56639229724f8dd4
Sha1:   f04f07dd8ff53e58c32b738f81b71a014bca441d
Sha256: 8ce54c3b77bf31899b27b29188ff4936b580f2bd2b3222d43dda2851ba272e24
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 12 Sep 2022 05:50:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 12 Sep 2022 05:50:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://leveragingbits.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 08:20:49 GMT
expires: Mon, 11 Sep 2023 08:20:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 77358
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30399
Md5:    0f83cadc148d2ad7e53c91f6c4ee05bb
Sha1:   90035c5fffedf4b0f099465f6b929a030b46c92b
Sha256: 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
                                        
                                            GET /gtag/js?id=UA-147750537-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://leveragingbits.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 Sep 2022 05:50:07 GMT
expires: Mon, 12 Sep 2022 05:50:07 GMT
cache-control: private, max-age=900
last-modified: Mon, 12 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41969
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1615)
Size:   41969
Md5:    3afc4c42d16d2cf357974851fcb7866b
Sha1:   0bee441ef710c2140c47e291675881b869830c0a
Sha256: 499696b62601cb0b3a68e690d45c64d762865bdaf6f35fb6a106d86867ecb6ce
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 12 Sep 2022 05:50:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 12 Sep 2022 05:50:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-microsoft.svg HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:07 GMT
Content-Length: 910
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Connection: keep-alive
ETag: "631eb238-38e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   910
Md5:    daa0616eebdbac385aa89ec955b42722
Sha1:   aea7c13e8a93d9ec265e6844d2f00256f61121cc
Sha256: 3e2a093c02f30c7844ad6cd04b64ff1af1ea0e94428ed8a00436983f2ce6efa9

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-search.svg HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"631eb1ce-592"
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   723
Md5:    8dd0f619c791ccac90e1ca2b581be593
Sha1:   4a3d3704efa14ddae731d19c8be7bd8bfaf209b6
Sha256: 4752e690526d4db74dacfd6110f3a2cf7565af1c7e813e8278c62ffc62762c10
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-windows1.svg HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"631eb238-665"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   584
Md5:    d9cea610540514385e80f4331be9df61
Sha1:   466b4aebb809f57cc05ad7f1b72434cf644b42c7
Sha256: dced387deebadd96b84c0bdcb3cd99f56c235e01f77f3ab33156d535969d901c
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-globe.png HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Content-Length: 415
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Connection: keep-alive
ETag: "631eb238-19f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size:   415
Md5:    bc181b70a8d52e06c9ccb04b2a9fe147
Sha1:   3fb9cb80d8afd5aa025c0495bac701f3b3dc1a57
Sha256: 1d4cf5cb57bee349763adb7ee1de861d85a0d0c78f602f587b8b4a902d730e19

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-ie.svg HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"631eb238-6ae"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   958
Md5:    73207d24da77572454154054543076a0
Sha1:   956195c0918d4db258aa65f22b55e7cdf5fa8700
Sha256: 5b54da4fd7c4f964f075efa2777bf03fc50f62cf088d30501f3667571c3f567b
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-store.svg HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"631eb238-4c6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   715
Md5:    98d5b38f66a23e7adcd4b01aeeb93214
Sha1:   d9fd5a1181d7459ca01c3b07b66a3816591a951a
Sha256: 7f662cdcba5be07b8c9c30cec143bdb4926def7cf23c8261620cccc32cbcb392
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-light.svg HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"631eb238-981"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   1121
Md5:    525ae2477eb7c69fecdbd23b36356352
Sha1:   23a158c0cfbb15dc90929c4194bb2de58e191267
Sha256: 31c5a4f2b45c6d611baca810baa4c8a7cf8bad57daf4cc8888ce62b3f77a1733
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/xe-window.svg HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Content-Length: 771
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Connection: keep-alive
ETag: "631eb238-303"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   771
Md5:    326ebe1065072c0ba036aae5254ace56
Sha1:   c18e11d46e64421609d94a5c16c846a9196318a3
Sha256: 691b9a4d45d56a82dd8492aae256df392895d47a3e593479e9eb0d0f54a660bc
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/beep.mp3 HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Content-Length: 8405
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Connection: keep-alive
ETag: "631eb238-20d5"
Content-Range: bytes 0-8404/8405


--- Additional Info ---
Magic:  Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data
Size:   8405
Md5:    8618fbb0911e3b8fc96725dee8bfd81f
Sha1:   1bbcb78922946d0cf18fbf3a9e092e36453eb767
Sha256: 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 12 Sep 2022 04:56:07 GMT
Cache-Control: max-age=3600
Expires: Mon, 12 Sep 2022 05:41:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JJ3T5ddPy9GGSUfvIgQpM0c7yCaMGViB-mPTpT-yuelFS5H6nkTvBQ==
Age: 3241


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/err.mp3 HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:08 GMT
Content-Length: 216738
Last-Modified: Mon, 12 Sep 2022 04:14:48 GMT
Connection: keep-alive
ETag: "631eb238-34ea2"
Content-Range: bytes 0-216737/216738


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural\012- data
Size:   216738
Md5:    ad3c67e65cfbf03afd470bed1bdb9378
Sha1:   3870c610421afcddda9b40d9be0040c89856ca5d
Sha256: 7164b6a37f95632ffc6dbeda413b2a204c7c8619ab9840e4398bdb8c5758b5a7

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 807
Cache-Control: 'max-age=158059'
Date: Mon, 12 Sep 2022 05:50:08 GMT
Last-Modified: Mon, 12 Sep 2022 05:36:41 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wLd9ChyUOV/it3vdj3jJUA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.36.24.174
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4ooBJDYej/ELxfzLJzMZ+KQFWXI=

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: leveragingbits.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://leveragingbits.ml/skd4jfdr0eo5idews-dfe6wsk7jdueis-frew7skdd-ewsi3ufewsd-fedie5sodf-resjhu6wsdyres4jd6sdfr-ew7ew8idwsd-esdi3uwsd-0ewsdu4asdew6sduw-sd0ew3s-mhjdusjfsqa3167/001/iecx/index.php

                                         
                                         159.203.14.96
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 12 Sep 2022 05:50:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"631eb1ce-592"
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   723
Md5:    8dd0f619c791ccac90e1ca2b581be593
Sha1:   4a3d3704efa14ddae731d19c8be7bd8bfaf209b6
Sha256: 4752e690526d4db74dacfd6110f3a2cf7565af1c7e813e8278c62ffc62762c10
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11548
Expires: Mon, 12 Sep 2022 09:02:38 GMT
Date: Mon, 12 Sep 2022 05:50:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11548
Expires: Mon, 12 Sep 2022 09:02:38 GMT
Date: Mon, 12 Sep 2022 05:50:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11548
Expires: Mon, 12 Sep 2022 09:02:38 GMT
Date: Mon, 12 Sep 2022 05:50:10 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 29299
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8799
Md5:    c14088c4ca0d576e087feed41b7f1565
Sha1:   172b23f2ef39b6c3fdebb5441b10a95712206d0a
Sha256: 2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NKM6RRhJ5AuRF4NKSyBO6-KMkd1UGaw3DuZBkBao_8fzzpkMeDrn0w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:55:40 GMT
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
age: 28470
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9815
Md5:    239262b6ab17cb19414c35cd4f761092
Sha1:   48eddcf9838e980e67cc8f9cbb05b475df2f0331
Sha256: cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13568
x-amzn-requestid: ad06f499-3e04-414a-8a3f-6daa9e0124ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yN1F2BIAMFoqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fd8b-3a17f11440d2f37b23ac7f6a;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:08:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iNRnq8nMhoTo9oY379Ynb6uPW0vNyf3dNufU_HpXNfzxvhrAEKEzJQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 14:06:07 GMT
age: 56643
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13568
Md5:    8625e0707046e7a3715a8dbb40b1cae2
Sha1:   0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
Sha256: abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b5d084-5c6a-4cec-9577-bb8c3a155234.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10363
x-amzn-requestid: ce8239d7-9838-4fd9-9a2a-d788b2d4205b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUKcpGepIAMFvuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e5783-38cb8ddf79347e4e7fbb1041;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:47:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cms2j1USzEq1FpNcXq9W_i3WirZXI0ElxYjQYEznccjmNhGDblVVbw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:55:55 GMT
age: 28455
etag: "3df316da4ed46403a50a0cdc688613cb1334da0b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10363
Md5:    5bdaf9b909a8b8fd2f02eeb8930e2d19
Sha1:   3df316da4ed46403a50a0cdc688613cb1334da0b
Sha256: 177e68bddbfdafe455c5aa1aad9c0654c83ab91500043cbc366d1397aea53e22
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: u_jETr8miiFyuhq7R09yb0lAP-hUv_6eTRV81Xzd9gSqU31VXwC9CQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 03:15:48 GMT
age: 9262
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9466
Md5:    6174529fff57758e958da5432344962f
Sha1:   05ec2076b32398d60ee77fab8c14345bc7dfe647
Sha256: 65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9126
x-amzn-requestid: 86fd10d3-f2bb-4191-93b0-3a416000fd68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUJHeGMqoAMFnwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e5562-1f8b12e10d7212353f050f3f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WcMMN48JT7YRvUBGR6oAes5EwusRcdgrWT60xJffsOfsbkJ4_XyALg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 29299
etag: "cf5ec3650282d05c082eb0534f1b70a59f9f4bbe"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9126
Md5:    beca122055c554548ca6ef68a66a4e2e
Sha1:   cf5ec3650282d05c082eb0534f1b70a59f9f4bbe
Sha256: a9cf7ef5dfb6a58c66bc29b2a280c2253e56a28ce317d8271273ddae2008d9d5
                                        
                                            GET /bootstrap/3.4.0/js/bootstrap.min.js HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://leveragingbits.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.11.207
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 12 Sep 2022 05:50:07 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 2021-04-23 06:53:05
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 82949e3a4ffefb0b3980b7d96ff76a06
cdn-cache: HIT
cf-cache-status: HIT
age: 11072114
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74965d230fa7b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---