r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9021
Expires: Tue, 06 Dec 2022 09:28:36 GMT
Date: Tue, 06 Dec 2022 06:58:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6374
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 06:58:15 GMT
Last-Modified: Tue, 06 Dec 2022 05:12:01 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9802
Expires: Tue, 06 Dec 2022 09:41:37 GMT
Date: Tue, 06 Dec 2022 06:58:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 06:18:36 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2379
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aYyfkZMQEzLKhto3kFF7GciHjAbIaq4HG+6DMILFaEpUax5FdkMGenpJ4997BpXrp7uY9ubfLpA=
x-amz-request-id: 80XCXXP5D3V6HCER
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 06:48:49 GMT
age: 566
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 06:58:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
safeway-sh.com/
125.65.113.54301 Moved Permanently 149 B IP 125.65.113.54:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 180ef2fcab7d6aabb5fde56d8115b0bc
86f7c8eee1a9e8ee44976a952c264b66f61aae92
89a7ae024f0a727fa693d4edc0a3a92450968fd993c677181e948bf976417c66
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 06 Dec 2022 06:58:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://www.safeway-sh.com/
Server: wts/1.6
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 06:11:20 GMT
cache-control: public,max-age=3600
age: 2815
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6362
Cache-Control: max-age=100478
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 06:58:16 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:52:54 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.162.50.16101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.50.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FtDiCLKZXNxdJ68boPQSVA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: g66/0Vi13b3RqmE83/xQwcw7aQ8=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10538
Expires: Tue, 06 Dec 2022 09:53:55 GMT
Date: Tue, 06 Dec 2022 06:58:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10538
Expires: Tue, 06 Dec 2022 09:53:55 GMT
Date: Tue, 06 Dec 2022 06:58:17 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10538
Expires: Tue, 06 Dec 2022 09:53:55 GMT
Date: Tue, 06 Dec 2022 06:58:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcb8fe0c4ba323ab2483fa290c291051
6706e02d6b95edc3a33c951f07d04b0fb7415b77
6be68deb3a330955027ec16eaca2cdf4e2776620ffb7cb995922664b24400f02
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8749
x-amzn-requestid: ee03c447-299b-45d5-b8c6-12d4d1dc436d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_spHdBIAMFywQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-0c9805c6112ec9ec6b9d1544;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tsL8hmcWaBeKYVG2b4g7ebl-sQ0Z5jZaexEfvldfzq9COcOdzqLhUA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:49 GMT
age: 32968
etag: "6706e02d6b95edc3a33c951f07d04b0fb7415b77"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9fda84db003d0cfc70d73dcb6a3763dd
5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4
f00aa6b88dd85164d8f6ee685937a3ca8039b98b442a2e6aede1c4c421b4fc4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8997
x-amzn-requestid: 54d7ed8c-119c-4583-929c-fd053524814c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csT_8F78IAMFY6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66cc-3d9816725e7e0b1b3404bc4a;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:46:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ScASzeq_stezoHeSOmqluKJimg3R6YD6yd6guTD2d5Mjl8F_vQP0rg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:06 GMT
age: 33071
etag: "5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4193f05dfd1de8bf795f433d4387243
b76ea6ae9df756f131ec16b01cdc7ab19b2d01be
b56231f3c788519751528b849a442d5c7ed828ea4ce3321fd629ca27440ea6e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6920
x-amzn-requestid: 05ec2698-a5ee-4046-be77-0036755f2946
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwaEd-IAMF_-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64cf-783b236b79b1e9ba22098cb2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:23 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RF_AmYN7VQghDpDX6kEyBEBZtvR8dfLpwuqk75bGpn8q2OMc46lVgA==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:31 GMT
age: 32986
etag: "b76ea6ae9df756f131ec16b01cdc7ab19b2d01be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73b9f329cd3a39d0756de62dd5f190b7
0f1c7567b89cc3de60196e47e37879296359bc78
e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4827
x-amzn-requestid: 26ac5a48-3e41-4638-88d6-c94ba8b7a6c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csS3nFxPoAMFcpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64fd-28f8cb92130706e3652eb971;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YUk1Nt1XioDColWXDiEZsL8BmFpyWaV5tRbsbmAiR6A2psM_Gx3j_A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:41:49 GMT
age: 33388
etag: "0f1c7567b89cc3de60196e47e37879296359bc78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f48f157-f5b1-44b8-91c0-da7927555031.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f48f157-f5b1-44b8-91c0-da7927555031.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17c7b7e3a4e6f3ad9ccf7f42c400749c
76432db96e8280e24da56670fba8f8f80a95ab31
f67d401ebc225c2a9dac5b4f98dc969e22f927455c2537df353ac86f046cc4c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f48f157-f5b1-44b8-91c0-da7927555031.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4905
x-amzn-requestid: c1a43d09-3653-422d-99a2-fe6469bc4bcc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzsG7BoAMF42Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e4-27f51f1e5f786838157d1ee5;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VkYlpfFF-t9c_vWc14oqmL9Z6o6lA1_TqgXk4VUtZmHTkZwuMT5C6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:06 GMT
age: 33071
etag: "76432db96e8280e24da56670fba8f8f80a95ab31"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:09:28 GMT
age: 31729
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.safeway-sh.com/
125.65.113.54200 OK 14 kB IP 125.65.113.54:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2362), with CRLF line terminators
Hash fa50709a008db6509a5dff43a0a0a9df
e53bd6b00e3243c6b5d6b33a94f8029008154772
0e812a1d5719466fc49a1e1db559256a47934ca0293667ecf25f62ce8d2d38b4
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13888
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=edge,chrome=1
X-Powered-By: PbootCMS
Set-Cookie: lg=cn; path=/
PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7; path=/; HttpOnly
Server: wts/1.6
www.safeway-sh.com/skin/css/css.css
125.65.113.54200 OK 1.2 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/css.css
IP 125.65.113.54:0
Hash 265a11d07475341f73e19f499b6873f1
8f169f8d198650be6c1a8744a94d8c1b86971ea4
4f472c407bcb1eb22560bea4d6fdcf1b212efcf703b7bc7488763d2e0554819b
GET /skin/css/css.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/css
Content-Length: 1237
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "793ba3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/nice-select.css
125.65.113.54200 OK 1.3 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/nice-select.css
IP 125.65.113.54:0
File type ASCII text, with CRLF line terminators
Hash 3403c987bbc423b39e88784f82ae4eac
7a1cc9fc0d1aff1303c8edbb0d4f66fcc1cfdd81
2b07bf04cbdfbf4fbd6968e2e87ef3dc1727b9e96be595ecfc1fc5b18ca8fd7e
GET /skin/css/nice-select.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/css
Content-Length: 1339
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "76a913a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/font-awesome.min.css
125.65.113.54200 OK 8.3 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/font-awesome.min.css
IP 125.65.113.54:0
File type ASCII text, with very long lines (30763)
Hash f355a1127340b7b52e0aaf5b3706b475
2b411f9f5a29cba62ab400ef7349f3a758d640c9
7cdda72a16502aee8f82befb236d4ab9b9fdd1790fa42229cf5f89d12f2a3070
GET /skin/css/font-awesome.min.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/css
Content-Length: 8300
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "1b3015a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/slicknav.min.css
125.65.113.54200 OK 959 B URL HTTP/1.1 www.safeway-sh.com/skin/css/slicknav.min.css
IP 125.65.113.54:0
File type ASCII text, with very long lines (2144), with CRLF line terminators
Hash 98e860ac2106c867ed89634e84a8cb5f
9e1905b986d44cc8d220053ecfa814e2e69c20d1
a77b8d65cb79ee31ca004138bef7c6a2fc750ab9f6b94f9c57ab46139a4d32ac
GET /skin/css/slicknav.min.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/css
Content-Length: 959
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "ca2719a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/bootstrap.min.css
125.65.113.54200 OK 33 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/bootstrap.min.css
IP 125.65.113.54:0
Hash d82b64c6e2f0c29e7aa7028d29107f69
dcc3580f838d1309a08fb0a3a1ee67243850aa4b
2bda52ef715279793e70dec89394d505fa8eb0b5b939d1cbc6cf7e1533fa9ec5
GET /skin/css/bootstrap.min.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/css
Content-Length: 33366
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "443413a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/owl-carousel.css
125.65.113.54200 OK 1.8 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/owl-carousel.css
IP 125.65.113.54:0
File type ASCII text, with CRLF line terminators
Hash 876d6eddf6b929f9c20ee9fd10cea491
1b85f19e06b4b3542cf599045cf329573a13d863
8ee47e79517e746d53b4e60d717d3b42ce187b2fef85e61954bfbbea967ecd5c
GET /skin/css/owl-carousel.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/css
Content-Length: 1830
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "cc419a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/datepicker.css
125.65.113.54200 OK 1.1 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/datepicker.css
IP 125.65.113.54:0
Hash b3557b327787fdd950e145be164f59bd
5e3e8089f760bd9834b999eda41d7edb328c4b04
da20d43f3b79ed6a2e30d8b8a523af6dd2f325ed7c7865a4f1a8d41e11d38ce5
GET /skin/css/datepicker.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: text/css
Content-Length: 1095
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "2e121aa3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/icofont.css
125.65.113.54200 OK 20 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/icofont.css
IP 125.65.113.54:0
File type ASCII text, with very long lines (65364)
Hash e28b5153faf386b708246c7b13171118
36e064005d65ee36344f99ff28607811342dc6fe
db5216242295ae0630e317c1c012e34adc20a40d4636deaff018d7ddd1534778
GET /skin/css/icofont.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:20 GMT
Content-Type: text/css
Content-Length: 20050
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "a9d918a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/animate.min.css
125.65.113.54200 OK 3.5 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/animate.min.css
IP 125.65.113.54:0
File type ASCII text, with very long lines (16755)
Hash 4bdcd9f501642a8a274b06acb2816ec5
0e4afe44752dee4d08ab069ac7fc967aa4a52c92
7bb6d9ce79c2b39ae58efd3255bb3f806bd46f3ac569527b53ae050e7127a6b7
GET /skin/css/animate.min.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: text/css
Content-Length: 3542
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "91fc1aa3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/magnific-popup.css
125.65.113.54200 OK 2.3 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/magnific-popup.css
IP 125.65.113.54:0
Hash e6a050d2e329edeade1aba57374b3cac
16cd306b02a963efa1389fe790b217d67823aa94
5471ab32464923458deaf0d579246eb16ed5359ef53f9ceeca68d249c1035613
GET /skin/css/magnific-popup.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: text/css
Content-Length: 2257
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "d3981ba3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/normalize.css
125.65.113.54200 OK 5.9 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/normalize.css
IP 125.65.113.54:0
Hash 520ed4d5fd5f748f12f38863026beec5
a99294df414697b11a66c18275bf565986565682
e22e2e410b39ce406077c8bbc766067c193e8b6461f4f02a586adba87c2f8a30
GET /skin/css/normalize.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: text/css
Content-Length: 5899
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 04 Nov 2021 05:58:51 GMT
Accept-Ranges: bytes
ETag: "809f80a41d1d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/responsive.css
125.65.113.54200 OK 6.1 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/responsive.css
IP 125.65.113.54:0
File type ASCII text, with CRLF line terminators
Hash 37bcfa4ebbd1a0476a7f3f09489df30c
8d7f98c51e6e58b964537e126faaf04033c246ef
8c6ca7a31827ade3d62fa5a562c795555ee450acfb57e7ce4ab6e642646f2ef8
GET /skin/css/responsive.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: text/css
Content-Length: 6108
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:05:09 GMT
Accept-Ranges: bytes
ETag: "80584b668f66d81:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/jquery-migrate-3.0.0.js
125.65.113.54200 OK 3.2 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/jquery-migrate-3.0.0.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (6986), with CRLF line terminators
Hash 8ab8a232dc96265f7f13a3c52caf38d0
f7d24c2df93c9f67eff369786aa36cf1b47767d3
b4e35593356a3173ed9d8b2a8ad31376c9157d4b15864620a91c065271484652
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/jquery-migrate-3.0.0.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: application/javascript
Content-Length: 3234
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "e3e5cea3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/easing.js
125.65.113.54200 OK 1.0 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/easing.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (2280), with CRLF line terminators
Hash d16ce86ecb8ea300b43b4a8077b5dd92
a7967e1e0365621f490d2847730e78a19522effa
8d9093baf527d1dc947c446b9900a6796aef03ddec2cb2ca5943d088bccccfea
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/easing.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: application/javascript
Content-Length: 1013
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "d3becea3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/jquery-ui.min.js
125.65.113.54200 OK 11 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/jquery-ui.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (30728), with CRLF line terminators
Hash b41a1f9914c5a8ed5d571bbcc6e5faa0
6b40c91c08f5da6473cd7b680f342e5aecbb2890
9062e02b9f2c39000cec847b3cb46e1131716d2398b5fb33b0341398c21000ab
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/jquery-ui.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: application/javascript
Content-Length: 11094
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "33353a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/css/style.css
125.65.113.54200 OK 19 kB URL HTTP/1.1 www.safeway-sh.com/skin/css/style.css
IP 125.65.113.54:0
Hash c3f1002f340b9d887e22ac7efea6573e
be35aa1c96bee5bfcf904e6fb468d33bc418127e
a75c2c8c9f077bc071d034a6ae8f992dd9fcd3df62d18503732e6e95f24067a5
GET /skin/css/style.css HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: text/css
Content-Length: 18804
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 19 May 2022 02:26:00 GMT
Accept-Ranges: bytes
ETag: "0ac5bc7276bd81:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/colors.js
125.65.113.54200 OK 402 B URL HTTP/1.1 www.safeway-sh.com/skin/js/colors.js
IP 125.65.113.54:0
File type ASCII text, with CRLF line terminators
Hash 9aadcadc5b6c73115df2f65be08d604d
ad50e07a74776c950f03c3e3448182e7df08427b
320c9dae4afc473297520cc0816d20f0ae7c828a2b104df7d778908a50d49f04
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/colors.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: application/javascript
Content-Length: 402
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "392ebfa3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/popper.min.js
125.65.113.54200 OK 8.5 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/popper.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (19063), with CRLF line terminators
Hash 51e146abde88f204b9ee37a46072a36c
7e925f1548df89268de1ce8597a484da3d3ebdec
1c1bdffc9f6e4c3e417755b470b064fa0a68d83105890d22a3556e9137daebe9
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/popper.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: application/javascript
Content-Length: 8456
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "9af014a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/jquery.nav.js
125.65.113.54200 OK 2.3 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/jquery.nav.js
IP 125.65.113.54:0
Hash 442f373d447322cdebf90935447d9f7b
0933577b4b1b079961e6c58a23e0f5413f5450e7
95cc9af6941845b48b5df336d5df997bc313a5b4ca4cf0d863b938e10fc3f054
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/jquery.nav.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: application/javascript
Content-Length: 2255
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "d488da3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/slicknav.min.js
125.65.113.54200 OK 3.1 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/slicknav.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (8316), with CRLF line terminators
Hash 524912469b810d4fd2d967052029fa94
554d7c26d4426e98146d68ea7c42570ba0d97960
b0fba3fb3d1d436ea887c059e69699a7f5f423b0cacaeb1d8ea84e2da97afe10
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/slicknav.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: application/javascript
Content-Length: 3129
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "145a53a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/jquery.scrollup.min.js
125.65.113.54200 OK 1.2 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/jquery.scrollup.min.js
IP 125.65.113.54:0
File type Unicode text, UTF-8 text, with very long lines (1872)
Hash b9f2df0dd4e5cfdf8c5ea04c6f9a545a
04d3002aaa2063b7b65d806244db188dc0213755
2dd28c90ff3395d95545f8be6e95b9bd1b5729c5c9ac15511bc41964980b3721
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/jquery.scrollup.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/javascript
Content-Length: 1153
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "373da5a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/niceselect.js
125.65.113.54200 OK 1.3 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/niceselect.js
IP 125.65.113.54:0
File type Unicode text, UTF-8 text, with very long lines (2822), with CRLF line terminators
Hash 2abf26d44f7e8eb6c7b8efaf1f04ec86
154221f444a176731d0ff0a0f10a754ecb81be52
204df6939c25f3928d6b00fdb0a9646f65dc0a5e44208d86d1759ebd2512783d
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/niceselect.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/javascript
Content-Length: 1294
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "2cdaca4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 88ada4cbd9705ede681ddf730db573e8
addbbb50f6119b2e458ee7d772a1dbafc5052950
94be8e474bb9a3333ec4a1de2671346f728a6956fcffd0bf32a8d00044d9e4fd
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 10 Dec 2022 05:37:20 GMT
ETag: "addbbb50f6119b2e458ee7d772a1dbafc5052950"
Last-Modified: Tue, 06 Dec 2022 05:37:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1883
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775321fc3e68b518-OSL
www.safeway-sh.com/skin/js/jquery.min.js
125.65.113.54200 OK 39 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/jquery.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (32058), with CRLF line terminators
Hash 03d850a327d882cd28e47b1e22e739bc
d64a174bf8103f94b59f7cd7e54b14622be53d30
05e47d1f3b120b61b0160f6d8468ef9f1e06ffc52bcb305de45c70afdb96d7d1
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/jquery.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/javascript
Content-Length: 38740
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "6132bda3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/bootstrap-datepicker.js
125.65.113.54200 OK 4.9 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/bootstrap-datepicker.js
IP 125.65.113.54:0
File type assembler source, ASCII text
Hash 0cd1100caa9df575ed5f46c8c0198b7a
c28f79b7d4357d752b80116465176d38dd4e3384
b117c1e80186524eee5d2d70d58f7a2923c29c0a5fd62c2dcef2f50e152f909e
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/bootstrap-datepicker.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/javascript
Content-Length: 4881
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "8f5767a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/images/slider2.jpg
125.65.113.54200 OK 96 kB URL HTTP/1.1 www.safeway-sh.com/skin/images/slider2.jpg
IP 125.65.113.54:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=836, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], progressive, precision 8, 1600x830, components 3\012- data
Hash 38313722ecd80014a41ebe6e21602832
9badb614d1b067b4595ab56ace7dbaf3884e0644
c39733a6c3f761a324f6d50c31a32cee06aa69f197eac1420bdd60ef1af67e95
GET /skin/images/slider2.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: image/jpeg
Content-Length: 96065
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "f56a8fa3d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/skin/images/slider.jpg
125.65.113.54200 OK 100 kB URL HTTP/1.1 www.safeway-sh.com/skin/images/slider.jpg
IP 125.65.113.54:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=836, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], progressive, precision 8, 1600x830, components 3\012- data
Hash 6bbc56cf5eeeb5ff588c4fed666e9d6a
4da325d2551975b88aedee30d343a7dc6ab37033
5b467fe16b91971bdb6bc3993b03ed7dbcbdf48f427a86d2a25394c3a729e0be
GET /skin/images/slider.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: image/jpeg
Content-Length: 99780
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "65624fa4d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/skin/js/tilt.jquery.min.js
125.65.113.54200 OK 2.1 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/tilt.jquery.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (5318), with no line terminators
Hash 3670adc0ade2c2d698624eadb1e8df7a
0ba456bbc732a3a220bf3a3cbc2100d568aa8591
78f0b37a3d3757a1c6c872050ced6e79d1b2965e6f49efb82cd411f5721142cd
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/tilt.jquery.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/javascript
Content-Length: 2108
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "345af5a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/images/slider3.jpg
125.65.113.54200 OK 86 kB URL HTTP/1.1 www.safeway-sh.com/skin/images/slider3.jpg
IP 125.65.113.54:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=836, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], progressive, precision 8, 1600x830, components 3\012- data
Hash 4d2eab34496864457fc1153c05e8cd45
4cd07b3a85503ec63639a18749d067204741ee24
a96032388408b690ac15096cd6d28cb7f7e5e5711254b4d03d22e223fc7f0de8
GET /skin/images/slider3.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:21 GMT
Content-Type: image/jpeg
Content-Length: 86328
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "2716a5a3d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/skin/js/owl-carousel.js
125.65.113.54200 OK 16 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/owl-carousel.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (1559), with CRLF line terminators
Hash 5a14283596aa9f98b315febaa7df6c01
a1f34848c9ecb749de50f9064b579c7bc95955e0
eca23d8c94c6c8ce5471fe8c10d05bf283046bfafedca954d65b01cf841d2f10
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/owl-carousel.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/javascript
Content-Length: 15974
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "63a74aa4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/jquery.counterup.min.js
125.65.113.54200 OK 756 B URL HTTP/1.1 www.safeway-sh.com/skin/js/jquery.counterup.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (917)
Hash c63cf71ec726f01aba5e9b45cfaa8993
0026dec98cfd45722edd1d27b4c4f322e7fbdea4
f87c8b81ea50670331c51046a8e49ccff7f4468a507507231a11ad5270a55dbe
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/jquery.counterup.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:22 GMT
Content-Type: application/javascript
Content-Length: 756
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "bfb41ea4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/steller.js
125.65.113.54200 OK 6.4 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/steller.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (310), with CRLF line terminators
Hash 4fd8728b089cd27c2d5708167d2d2c11
41c314c98e0cb274e7981864a1f978e943768ff6
fd066ee7d8782e42367faf9e43cca7a23dca28a92fd21993b1e08f92aef40b93
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/steller.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 6352
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:55 GMT
Accept-Ranges: bytes
ETag: "32af52a3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/wow.min.js
125.65.113.54200 OK 3.3 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/wow.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (8152), with CRLF line terminators
Hash 6673733728c659430ed9e02ce924f556
29768205f66b00456efdbd6d9f294f9d057a4b48
c3486ca29d9f9a4001dfd4af78e1d26590e983d75fee11c8f56ca3fca906f473
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/wow.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 3281
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "c297cea3d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/jquery.magnific-popup.min.js
125.65.113.54200 OK 9.0 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/jquery.magnific-popup.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (20092)
Hash 817c5d96413404c7547d7ab1936ee34a
860739b067e7808c022c1043b16779016cad3117
4b0ea68d4c11f99870f9f12894032f7a350156204b22d44f05e1016f39ff20c7
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/jquery.magnific-popup.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 9028
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "6e967a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/waypoints.min.js
125.65.113.54200 OK 3.1 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/waypoints.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (7808)
Hash fa7b7d49873f672e72d1a90832a5cc6c
9765feeb68a9f43bedf9da512971db71ecc0d5ab
773cff049e4b7235d7612a4342ce03159180aee6852e73250c1aa66309ee015a
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/waypoints.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 3148
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "92a641a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/bootstrap.min.js
125.65.113.54200 OK 23 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/bootstrap.min.js
IP 125.65.113.54:0
File type ASCII text, with very long lines (509)
Hash 4ec01e4a10ee7864ca0f7874d6a57ea6
a3aa0e04f34ed74ccde11cc7825f4250fb0b4754
9663ccb4db9f8fb8a90664afe5d90f8ae5d9936f0eb516ddc59b79e109aad90b
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/bootstrap.min.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 23129
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "817f41a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/js/main.js
125.65.113.54200 OK 2.4 kB URL HTTP/1.1 www.safeway-sh.com/skin/js/main.js
IP 125.65.113.54:0
File type ASCII text, with CRLF line terminators
Hash f0adb8fd137b9e7320a27b3af27121e1
b3683407126b169c50c52926bedc0511112ba008
68ffcbe799878bc5bb3c718a38fdd64d259484d8116cdca9c874a082f8b0fd38
Analyzer Verdict Alert fortinet Phishing
GET /skin/js/main.js HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 2383
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "34b739a4d0c0d71:0"
Vary: Accept-Encoding
Server: wts/1.6
www.safeway-sh.com/skin/fonts/pxibyp8kv8jhgfvrlgt9z1xlfq.woff2
125.65.113.54200 OK 7.8 kB URL HTTP/1.1 www.safeway-sh.com/skin/fonts/pxibyp8kv8jhgfvrlgt9z1xlfq.woff2
IP 125.65.113.54:0
File type Web Open Font Format (Version 2), TrueType, length 7776, version 1.0\012- data
Hash 84780596e268aa0cb2be48af2ed5c375
d67ccd32f8c790a746d64d06145882a2f7b06560
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
Analyzer Verdict Alert fortinet Phishing
GET /skin/fonts/pxibyp8kv8jhgfvrlgt9z1xlfq.woff2 HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.safeway-sh.com/skin/css/css.css
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/font-woff2
Content-Length: 7776
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "ecf98ca3d0c0d71:0"
Server: wts/1.6
hm.baidu.com/hm.js?f1bbe917caf59505311f982ed00c235c
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?f1bbe917caf59505311f982ed00c235c
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (624)
Hash d1daf7e1cc652bfc2df12db27e6c5557
3a962f83b9a413a24e8c622a2541157c42d9905e
8e9f9f519f81093f0b6e6f549e7fb3b36a929d2bfb0e6c10d84272bb0b9a2d4c
GET /hm.js?f1bbe917caf59505311f982ed00c235c HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11262
Content-Type: application/javascript
Date: Tue, 06 Dec 2022 06:58:23 GMT
Etag: fb00b2772b2efe6fd6e9bdba04e2be08
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B701891BCA60BE78; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.safeway-sh.com/skin/fonts/pxieyp8kv8jhgfvrjjfecg.woff2
125.65.113.54200 OK 7.9 kB URL HTTP/1.1 www.safeway-sh.com/skin/fonts/pxieyp8kv8jhgfvrjjfecg.woff2
IP 125.65.113.54:0
File type Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Hash 9ed361bba8488aeb2797b82befda20f1
6f80d965a066aff81c0a344d4b7297bd009cc099
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
Analyzer Verdict Alert fortinet Phishing
GET /skin/fonts/pxieyp8kv8jhgfvrjjfecg.woff2 HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.safeway-sh.com/skin/css/css.css
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/font-woff2
Content-Length: 7900
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "389ae9a3d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/skin/fonts/pxibyp8kv8jhgfvrlej6z1xlfq.woff2
125.65.113.54200 OK 8.0 kB URL HTTP/1.1 www.safeway-sh.com/skin/fonts/pxibyp8kv8jhgfvrlej6z1xlfq.woff2
IP 125.65.113.54:0
File type Web Open Font Format (Version 2), TrueType, length 7988, version 1.0\012- data
Hash 087457026965f98466618a478c4b1b07
00b024ccb35e3694de662d180d6ea7f56de6d654
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
Analyzer Verdict Alert fortinet Phishing
GET /skin/fonts/pxibyp8kv8jhgfvrlej6z1xlfq.woff2 HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.safeway-sh.com/skin/css/css.css
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/font-woff2
Content-Length: 7988
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "472d14a4d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/skin/fonts/pxibyp8kv8jhgfvrlcz7z1xlfq.woff2
125.65.113.54200 OK 7.8 kB URL HTTP/1.1 www.safeway-sh.com/skin/fonts/pxibyp8kv8jhgfvrlcz7z1xlfq.woff2
IP 125.65.113.54:0
File type Web Open Font Format (Version 2), TrueType, length 7832, version 1.0\012- data
Hash f4f17fd53c7d040e56f91a3ecb692b22
1b51342175762634835645ba2f99cd3ab0ac615c
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
Analyzer Verdict Alert fortinet Phishing
GET /skin/fonts/pxibyp8kv8jhgfvrlcz7z1xlfq.woff2 HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.safeway-sh.com/skin/css/css.css
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/font-woff2
Content-Length: 7832
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "b66a4ba4d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/static/upload/image/20220113/1642038722989635.png
125.65.113.54200 OK 38 kB URL HTTP/1.1 www.safeway-sh.com/static/upload/image/20220113/1642038722989635.png
IP 125.65.113.54:0
File type PNG image data, 1000 x 282, 8-bit/color RGBA, non-interlaced\012- data
Hash 129d2e2ea4bffca5316bd66ba7fcb5e9
8ac23dd5251db86df7426a34ed1998616fd34d51
9103d5d88b37fb68a5c712c32df279098d9accfa9149f557622603a3f9b6c6da
GET /static/upload/image/20220113/1642038722989635.png HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: image/png
Content-Length: 37567
Connection: keep-alive
Last-Modified: Thu, 13 Jan 2022 01:52:02 GMT
Accept-Ranges: bytes
ETag: "f95c1b29208d81:0"
Server: wts/1.6
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1276679910&si=f1bbe917caf59505311f982ed00c235c&v=1.3.0&lv=1&sn=19356&r=0&ww=1280&u=http%3A%2F%2Fwww.safeway-sh.com%2F&tt=%E5%AE%89%E5%85%A8%E8%B4%A7%E6%9E%B6%7C%E8%B4%A7%E6%9E%B6%E5%AE%89%E8%A3%85%7C%E8%B4%A7%E6%9E%B6%E7%9B%91%E6%B5%8B%7C%E8%B4%A7%E6%9E%B6%E9%98%B2%E6%8A%A4-%E5%A8%81%E8%B5%9B%E5%AD%9A%E7%89%A9%E6%B5%81%E5%B7%A5%E7%A8%8B%E6%8A%80%E6%9C%AF%EF%BC%88%E4%B8%8A%E6%B5%B7%EF%BC%89%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1276679910&si=f1bbe917caf59505311f982ed00c235c&v=1.3.0&lv=1&sn=19356&r=0&ww=1280&u=http%3A%2F%2Fwww.safeway-sh.com%2F&tt=%E5%AE%89%E5%85%A8%E8%B4%A7%E6%9E%B6%7C%E8%B4%A7%E6%9E%B6%E5%AE%89%E8%A3%85%7C%E8%B4%A7%E6%9E%B6%E7%9B%91%E6%B5%8B%7C%E8%B4%A7%E6%9E%B6%E9%98%B2%E6%8A%A4-%E5%A8%81%E8%B5%9B%E5%AD%9A%E7%89%A9%E6%B5%81%E5%B7%A5%E7%A8%8B%E6%8A%80%E6%9C%AF%EF%BC%88%E4%B8%8A%E6%B5%B7%EF%BC%89%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1276679910&si=f1bbe917caf59505311f982ed00c235c&v=1.3.0&lv=1&sn=19356&r=0&ww=1280&u=http%3A%2F%2Fwww.safeway-sh.com%2F&tt=%E5%AE%89%E5%85%A8%E8%B4%A7%E6%9E%B6%7C%E8%B4%A7%E6%9E%B6%E5%AE%89%E8%A3%85%7C%E8%B4%A7%E6%9E%B6%E7%9B%91%E6%B5%8B%7C%E8%B4%A7%E6%9E%B6%E9%98%B2%E6%8A%A4-%E5%A8%81%E8%B5%9B%E5%AD%9A%E7%89%A9%E6%B5%81%E5%B7%A5%E7%A8%8B%E6%8A%80%E6%9C%AF%EF%BC%88%E4%B8%8A%E6%B5%B7%EF%BC%89%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 06 Dec 2022 06:58:23 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F3E7F1570C26C4D1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.safeway-sh.com/skin/fonts/fontawesome-webfont.woff2
125.65.113.54200 OK 77 kB URL HTTP/1.1 www.safeway-sh.com/skin/fonts/fontawesome-webfont.woff2
IP 125.65.113.54:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Phishing
GET /skin/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.safeway-sh.com/skin/css/font-awesome.min.css
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/font-woff2
Content-Length: 77160
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "92702ca4d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/skin/images/call-bg.jpg
125.65.113.54200 OK 195 kB URL HTTP/1.1 www.safeway-sh.com/skin/images/call-bg.jpg
IP 125.65.113.54:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=13, height=928, bps=0, PhotometricIntepretation=RGB, description=Double exposure image of many business people conference group meeting on city office building in background showing partnershi, orientation=upper-left, width=1920], progressive, precision 8, 1920x900, components 3\012- data
Size 195 kB (195416 bytes)
Hash 816ac97bacdbd4bf8a9bdc52844d49bd
4ef5a1270723b914faf4874c11145d50ed04b33b
64e7a91793f93ca33fc0517c981cd34beb11e8ee47d45c6a2eb5b6e21f004bcd
GET /skin/images/call-bg.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/skin/css/style.css
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: image/jpeg
Content-Length: 195416
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:57 GMT
Accept-Ranges: bytes
ETag: "7ac943a4d0c0d71:0"
Server: wts/1.6
www.safeway-sh.com/static/upload/image/20220425/1650872643627418.jpg
125.65.113.54200 OK 53 kB URL HTTP/1.1 www.safeway-sh.com/static/upload/image/20220425/1650872643627418.jpg
IP 125.65.113.54:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 800x500, components 3\012- data
Hash 51d7ca4ca19d6871468b3cfcf805fd56
730c806f594655f11fd650f5880180835b8c4899
f905429231b26fa99d0fd0624bbb75f58932096e12a8a285ba0e0cef0f4ff40b
GET /static/upload/image/20220425/1650872643627418.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:24 GMT
Content-Type: image/jpeg
Content-Length: 52836
Connection: keep-alive
Last-Modified: Mon, 25 Apr 2022 07:44:03 GMT
Accept-Ranges: bytes
ETag: "5d8ad03b7858d81:0"
Server: wts/1.6
www.safeway-sh.com/static/upload/image/20220425/1650872408762892.jpg
125.65.113.54200 OK 68 kB URL HTTP/1.1 www.safeway-sh.com/static/upload/image/20220425/1650872408762892.jpg
IP 125.65.113.54:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 800x500, components 3\012- data
Hash 706aab2034a4c43e401125924ca36d2a
4175f1fe4e84c44a8daca974a00d42c3ce0b51be
bcfadf486d58486ec22c971bc77a3483e0569b045409bdd1ec33504c8851e695
GET /static/upload/image/20220425/1650872408762892.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:24 GMT
Content-Type: image/jpeg
Content-Length: 67789
Connection: keep-alive
Last-Modified: Mon, 25 Apr 2022 07:40:08 GMT
Accept-Ranges: bytes
ETag: "cbe417b07758d81:0"
Server: wts/1.6
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53afd826523f4c18bf968764818d7ca7
9a26884875abb0652c568c50438b65f801779f9a
4f9dfeda67a040fef9c6987a7c334a91c993c84f694fa91771fcf7fd1d2e4937
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12293
x-amzn-requestid: 49891ceb-3f74-4e83-8064-f54fc8b30961
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyGHPOIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-651e4e0c55257bcc553cd176;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4f0QQ4-21m-DiP4oUtIG75_vremc835laqhfDerlqCuW-WyKClvc9Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:20 GMT
age: 32644
etag: "9a26884875abb0652c568c50438b65f801779f9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.safeway-sh.com/static/upload/image/20211103/1635929363871652.jpg
125.65.113.54200 OK 41 kB URL HTTP/1.1 www.safeway-sh.com/static/upload/image/20211103/1635929363871652.jpg
IP 125.65.113.54:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 430x430, components 3\012- data
Hash 2091240be7c7b09ce2279c47e0a0d801
57b94cb1e506b41ba5ee027186259c87f57e2167
a9c9fc83122a824ea8ef4271902a76d0c05a3f686185fe74d5733b19d919b148
GET /static/upload/image/20211103/1635929363871652.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:24 GMT
Content-Type: image/jpeg
Content-Length: 41446
Connection: keep-alive
Last-Modified: Wed, 03 Nov 2021 08:49:23 GMT
Accept-Ranges: bytes
ETag: "af616b38fd0d71:0"
Server: wts/1.6
www.safeway-sh.com/static/upload/image/20220425/1650875357998574.jpg
125.65.113.54200 OK 162 kB URL HTTP/1.1 www.safeway-sh.com/static/upload/image/20220425/1650875357998574.jpg
IP 125.65.113.54:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=www.meitu.com, datetime=2022:04:01 17:12:56], baseline, precision 8, 800x500, components 3\012- data
Size 162 kB (161642 bytes)
Hash f6dae12f6305ef4ac9078872aba64bb0
307ef053bb3bb0d602e874326d88ff888e5220e4
4c67a0247d2b43b610cdfa56a52fc4c92f47373a67b3e976a1a2103be2430593
GET /static/upload/image/20220425/1650875357998574.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:24 GMT
Content-Type: image/jpeg
Content-Length: 161642
Connection: keep-alive
Last-Modified: Mon, 25 Apr 2022 08:29:17 GMT
Accept-Ranges: bytes
ETag: "5539818d7e58d81:0"
Server: wts/1.6
www.safeway-sh.com/skin/images/yujingyufang1.jpg
125.65.113.54200 OK 220 kB URL HTTP/1.1 www.safeway-sh.com/skin/images/yujingyufang1.jpg
IP 125.65.113.54:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1124, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1500], baseline, precision 8, 878x569, components 3\012- data
Size 220 kB (219922 bytes)
Hash 09300e10f90a81013147e25f332708fb
32007097e30e001921fac41b9c9d2299c781af6b
d6e57de48c0319a2ffa9d475c2fe9b71078378b39cd0500b06e4be745a560af6
GET /skin/images/yujingyufang1.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: image/jpeg
Content-Length: 219922
Connection: keep-alive
Last-Modified: Fri, 13 May 2022 06:49:18 GMT
Accept-Ranges: bytes
ETag: "0ab38919566d81:0"
Server: wts/1.6
www.safeway-sh.com/static/upload/image/20220905/1662347132258015.jpg
125.65.113.54200 OK 0 B URL HTTP/1.1 www.safeway-sh.com/static/upload/image/20220905/1662347132258015.jpg
IP 125.65.113.54:0
GET /static/upload/image/20220905/1662347132258015.jpg HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.safeway-sh.com/
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:24 GMT
Content-Type: image/jpeg
Content-Length: 86232
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 03:05:32 GMT
Accept-Ranges: bytes
ETag: "cc63635cd4c0d81:0"
Server: wts/1.6
www.safeway-sh.com/skin/fonts/icofont.woff2
125.65.113.54200 OK 0 B URL HTTP/1.1 www.safeway-sh.com/skin/fonts/icofont.woff2
IP 125.65.113.54:0
Analyzer Verdict Alert fortinet Phishing
GET /skin/fonts/icofont.woff2 HTTP/1.1
Host: www.safeway-sh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.safeway-sh.com/skin/css/icofont.css
Cookie: lg=cn; PbootSystem=ct46q06mkfvfi2vas6tu7kh1m7
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 06:58:23 GMT
Content-Type: application/font-woff2
Content-Length: 537868
Connection: keep-alive
Last-Modified: Thu, 14 Oct 2021 07:53:56 GMT
Accept-Ranges: bytes
ETag: "df7eaba3d0c0d71:0"
Server: wts/1.6